semi-preditcable OTPs
Steven M. Bellovin
smb at cs.columbia.edu
Tue Oct 25 18:39:47 EDT 2005
In message <d4f1333a0510242331p1df78455l6247c35a239b834c at mail.gmail.com>, "Trav
is H." writes:
>I recall reading somewhere that the NSA got ahold of some KGB numeric
>OTPs (in the standard five-digit groups). They found that they
>contained corrections, typos, and showed definite non-random
>characteristics. Specifically, they had a definite left-hand
>right-hand alternation, and tended to not have enough repeated digits,
>as though typists had been told to type random numbers. Despite this,
>the NSA wasn't able to crack any messages.
>
>My question is, why? I think I know the reason, and that is that any
>predictability in a symbol of the OTP correlated to a predictability
>in only one plaintext symbol. In other words, there was no "leverage"
>whereby that plaintext could then be used to derive other symbols.
>Can anyone explain this better (or more accurately)? Is this lack of
>diffusion? Or does it have something to do with the unicity distance?
Another possible answer is that it didn't matter because of how it was
used.
If you read the NSA monograph on Venona -- I posted a link a few weeks
ago -- you'll see that the OTP in that case was used to superencipher a
codebook, by adding the 5-digit OTP number to the 5-digit code value.
Non-random digits in such a setting are more or less irrelevant, unless
there is enough of a pattern that it helps you strip off the
superencipherment.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list