thoughts on one time pads

John Denker jsd at
Sat Jan 28 13:39:14 EST 2006

Anne & Lynn Wheeler wrote:

> is there any more reason to destroy a daily key after it as been used
> than before it has been used?

That's quite an amusing turn of phrase.  There are two ways to
interpret it:

*) If taken literally, the idea of destroying a key _before_ it is
  used is truly an ingenious way to ensure security.  Alas there is
  some degradation of functionality, but isn't that always the case?
  Also the cost of key distribution goes way down once you decide you
  will only distribute already-destroyed keys.

*) Perhaps the intent was to speak about _protecting_ keys before and
  after use.  That's somewhat trickier to do securely, and is more
  dependent on the threat model ... but offers vastly greater functionality.

  -- The best way to _protect_ a key after it has been used is to destroy

  -- For keys that have yet been used, a sufficient scheme (not the only
   scheme) for many purposes is to package the keys in a way that is
   tamper-resistant and verrry tamper-evident.

   The package must be tamper-evident in order to be secure. If there are
   signs of tampering, don't use the keys.

   The package must be at least somewhat tamper-resistant in order to
   protect the functionality against a too-easy DoS attack, i.e.
   superficial tampering.

> one of the attacks on the stored-value gift cards has been to skim the
> cards in the racks (before they've been activated) ... and check back
> later to see which cards are gone.

That indicates a gross lack of tamper-evident packaging, as discussed
above.  The store should never have activated a card that came from a
package that had been tampered with.

Travis H. wrote:

>> What about degaussing?

That's even funnier.  Most CDs and DVDs are totally non-magnetic to begin
with.  Degaussing them is not going to have much effect.

There are, of course, NSA-approved degaussers for magnetic media, but
heretofore this thread hasn't been about magnetic media.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list