semi-preditcable OTPs

Steven M. Bellovin smb at
Tue Oct 25 18:39:47 EDT 2005

In message <d4f1333a0510242331p1df78455l6247c35a239b834c at>, "Trav
is H." writes:
>I recall reading somewhere that the NSA got ahold of some KGB numeric
>OTPs (in the standard five-digit groups).  They found that they
>contained corrections, typos, and showed definite non-random
>characteristics.  Specifically, they had a definite left-hand
>right-hand alternation, and tended to not have enough repeated digits,
>as though typists had been told to type random numbers.  Despite this,
>the NSA wasn't able to crack any messages.
>My question is, why?   I think I know the reason, and that is that any
>predictability in a symbol of the OTP correlated to a predictability
>in only one plaintext symbol.  In other words, there was no "leverage"
>whereby that plaintext could then be used to derive other symbols. 
>Can anyone explain this better (or more accurately)?  Is this lack of
>diffusion?  Or does it have something to do with the unicity distance?

Another possible answer is that it didn't matter because of how it was 

If you read the NSA monograph on Venona -- I posted a link a few weeks 
ago -- you'll see that the OTP in that case was used to superencipher a 
codebook, by adding the 5-digit OTP number to the 5-digit code value.  
Non-random digits in such a setting are more or less irrelevant, unless 
there is enough of a pattern that it helps you strip off the 

		--Steven M. Bellovin,

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list