[Cryptography] [cryptography] Boing Boing pushing an RSA Conference boycott
Bill Stewart
bill.stewart at pobox.com
Wed Jan 15 20:11:31 EST 2014
>On 01/15/2014 10:38 AM, Steve Furlong wrote:
>>On Wed, Jan 15, 2014 at 9:15 AM, Kent Borg
>><<mailto:kentborg at borg.org>kentborg at borg.org> wrote:
>> > OTP has always ranged from difficult to impractical to securely
>> deploy, and
>> > the larger system where OTP is used will offer targets for attack, but
>> > one-time-pads themselves are compromised??
>>
>>Compromised PRNGs.
If you have a PRNG or DRBG, compromised or not, you don't have a OTP,
you have a stream cypher of whatever quality level, subject to
mathematical attack. Maybe it's a good stream cypher, like BBS with
a seed you protected well, maybe it's the random() function in your
ROM's BASIC interpreter, maybe you're doing good tradecraft to handle
distribution and use of the pseudorandom bits or maybe you're not,
but it's not a one-time pad.
Compromised on-chip hardware randomness generators, giving you a
stream that claims to be thermal noise but is actually
DES(clock,NSAkey)? Yeah, that's something you thought was a
legitimate OTP, just like you thought the pad you generated by
flipping coins (not knowing there was a KGB Ceiling Cat Camera
Watching You) was a legitimate OTP. But for that attack you blame
Intel, not RSA.
More information about the cryptography
mailing list