thoughts on one time pads

Peter Fairbrother zenadsl6186 at
Sat Jan 28 14:34:15 EST 2006

Peter Gutmann wrote:

> Jonathan Thornburg <jthorn at> writes:
>> Melting the CD should work... but in practice that takes a specialized "oven"
>> (I seriously doubt my home oven gets hot enough), and is likely to produce
>> toxic fumes, and leave behind a sticky mess (stuck to the surface of the
>> specialized oven).
> For no adequately explored reason I've tried various ways of physically
> destroying CDs:

Does a microwave oven do anything? I've been reading too much Tom Clancy ...

It does get rid of the stuff on the top, leaving a surface that a bit of
sanding would make irretrievable, and some flakes that could be burned

Another possibility might be to n-of-n [1] split the data up so you need to
have a whole disk rotation's worth in order to reconstruct any of it - that
might well make assured destruction a lot easier.

The repeatedly applied hammer would probably work well then, I doubt it's
that hard to destroy ~2^100 bits with a few blows to one track.

but the hot fiery furnace in the basement is probably still the best. :)

It used to be a fashion to have key signing parties when crypto people
gathered - and at several ones over the last few years I have seen CD's of
OTP data swapped instead. And DVD's are about the same price as CDs now.

I'm talking about the kind of careful people who get the message and do the
xor themselves, probably in shell script. No "applications".

They can easily change to using symmetric keys to save OTP material (using
some of the otp for the symmetric key) when large files are sent - "Here's
the porneo.mpg of Hillary Clinton [2], encrypted in AES with this key:

Often doubly encrypted, typically using both Blowfish and AES with different
keys, in case one of those ciphers has been covertly broken.

Hey, why not? It costs nothing.

Peter Fairbrother

[1] the crypto variety of m-of-n splitting, but where m=n so you need all of
the pieces to reconstruct any of the whole - not the RAID variety of m-of-n
splitting, where you only need as much data as the original data.

[2] Anne Widdecombe?

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list