[Cryptography] one-time pads

Bill Cox waywardgeek at gmail.com
Mon Jan 20 17:14:34 EST 2014 

I built a OTP system fun in the late 1990's.  My Dad and I both had
CDs that I filled with identical copies 600MB of true random data.  My
father's data started at 0 and increased as he sent mail, and I
started at 600MB and went down.  Each email said what range was needed
to decrypt it, so we just kept track of how much we had used (it was
of course automated).  I wrote a cute little Windows email program
that worked like a regular email program, except it used the
one-time-pad.  It even supported attachments.  It complained if the CD
was not inserted in the drive.  However, it was attached to a Windows
machine on the Internet, so I'm sure glad I didn't have anything
valuable in those messages.  The provable security of one-time-pads is
really no comfort.

People dump on OTPs, but compare that flow to using the latest and
greatest public key system.  Instead of handing my Dad a thumb drive
full of OTP data next time I see him, we would more likely email our
public keys to each other, and maybe even follow it up with a phone
call to convince each other we've got the right ones.  In the process,
we may tip off Eve that we're up to something (I hear she's really hot
by the way - hope she's not reading this post...).  If I really wanted
to communicate secretly, I would hand my Dad a thumb drive with a true
random 256-bit shared AES-256 key, and never let it touch any device
attached to the Internet.  We might play with stenography, embedding
our secret messages in pictures.

I protect my car (worth maybe $15,000) with a physical key I keep in
my pocket.  If an attacker wanted my car, he might be able to get it,
but it's tricky.  He has to be physically present, know what he's
doing, and not get caught while doing it.  In reality, I've never had
a car stolen.  Physical keys work pretty well.

If I protect $1 worth of e-money with the best open-source crypto
system available, I sure wouldn't want to depend on that $1 being
there tomorrow.  That's why I sold all my BitCoins (all 20-something
of them last spring for $23 each).  When they were worth < $50 total,
I didn't care if they were stolen.  Once they hit $500, I got them the
heck off my computer.

Electronic keys don't work very well when used on anything connected
to the Internet.  If they did, we'd all love voting over the Internet.
 My point is that fancy crypto is fun and all, but for real security,
you have to have some physical device that never touches the Internet.
 Once you already carry around a physical key, how different is the
experience than using OTPs?

I think the main reason for the death of OTPs is that we've convinced
ourselves that shared private key crypto works, and it's simply a
better solution.  It's frightening how often we've been wrong, though!

Bill

More information about the cryptography mailing list