theory: unconditional security
Arnold G. Reinhold
reinhold at world.std.com
Wed Feb 27 21:22:47 EST 2002
At 12:50 AM -0800 2/27/02, Lucky Green wrote:
>Carl wrote:
>> I suspect you find little written about OTP work because people have
>> always assumed the keys were impractical to distribute, store and
>> use.
>
>While distribution of OTP's has become feasible amongst tightly-knit groups
>of non-governmental actors, the rate at which OTP's can be generated has
>fallen behind the rate at which data needs to be communicated between the
>nodes. To give an example, creating OTP's to encrypt messages along the
>lines of "the attack will take place at dawn on Thursday" was easy with WWII
>technology and is even easier now. However, the sheer volume of data
>transmitted between even small nodes today requires vastly larger OTP's than
>was required for military or diplomatic communications in the past.
>
>I am not aware of any RNG design in the open literature that would even come
>close to generating the sheer volume of random numbers required by current
>civilian communication patterns. I trust that I don't need to elucidate on
>this list as to why a "solution" that would require the sender to limit the
>use of OTPs to sending critical data while other data would be encrypted
>using a different system will invariably lead to COMSEC failures.
>
I don't think that's quite fair. Pretty much any organization that
wishes to protect sensitive information needs to be able to segregate
it from other data that is not protected or enjoys a lower level of
protection. Most PGP users only encrypt critical data. And given the
best security system imaginable, there will be COMSEC failures due to
human error (q.v. the John Deutch case).
Generating enough random information to fill a CD should take a few
hours using a sound card and a hardware noise generator, running
FIPS-140 tests along the way and whitening so as to assume only 3 or
4 bits of entropy per digitization. That CD would be enough to
protect all the text e-mail I'lI ever want to exchange with another
person. An unconditionally secure text link between two people could
be considered useful.
I suspect a video input device connected to a TV set tuned to an
empty channel would be copious enough for most uses, but some real
world testing should be done. Unconditional security is sounding a
lot better in the post-Bernstein era.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list