[Cryptography] Boing Boing pushing an RSA Conference boycott
Tom Mitchell
mitch at niftyegg.com
Fri Jan 17 17:03:50 EST 2014
On Thursday, January 16, 2014, Bear <bear at sonic.net> wrote:
> On Wed, 2014-01-15 at 10:38 -0500, Steve Furlong wrote:
> > On Wed, Jan 15, 2014 at 9:15 AM, Kent Borg <kentborg at borg.org<javascript:;>>
> wrote:
> > > Huh? How can this be?
> > > one-time-pads themselves are compromised??
> >
> > Compromised PRNGs.
> >
>
> PRNG's have nothing to do with one-time pads. Compromised PRNG's
> affect stream ciphers, but one time pads do not use PRNG's.
>
> Bear
>
But it is possible to use any bit/ number generator to fill in a one time
pad (OTP).
I can imagine someone sharing a PRNG and seed so the far side of a
conversation could generate their copy of a digital OTP pad.
Subsiquent communication would "look" like a OTP conversation.
The advantage is transporting the digital pad is unnecessary.
The disadvantages are obvious.
Another bootstrap exchange might be a URL that reflects random bits from
the likes of lavarand and caches the bits against a web cookie now known to
two players. Thus shared entropy into a shared PRNG could bootstrap
communications that look like OTP communications. Cookie data is the
key.... in this case. Cascading JS sources muddy the traffic.
The challenge for listening is to discern PRNG-OTP from rand-noise-OTP
messages.
--
I be mobile, excuse my tipping!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140117/5b3f23b0/attachment.html>
More information about the cryptography
mailing list