[Cryptography] crypto hygiene for keys, pads, et cetera

John Denker jsd at av8n.com
Sat Dec 12 14:06:55 EST 2015

On 12/04/2015 08:35 AM, Henry Baker wrote:
> Dear Mr. Comey, Mr. Vance, Ms. May, at al:
> The one-time pad is approximately 100 years old,
> and provides perfect secrecy 

In a sense that's entirely true, but in another sense it is profoundly 

> (so long as you don't reuse the key material).

That's an important proviso, but not the only proviso.  Much depends
on details of the threat model.
 -- Stand-off attacks against the communication channel only?
 -- Attacks that capture the pad (and the user)?

> Here's the program [....]

Here's problem #1: If you were to use that program "as-is", it would 
flunk the silk-or-cyanide test.  It implements the encode and decode
functionality, but fails to implement the /one-time/ property.

Here's problem #2: It is quite nontrivial to fix problem #1.

As the saying goes, encryption is easy, but security is hard.  The
XOR program is fine if all you need is encryption/decryption, but
it is vastly harder to implement a true OTP system that ensures
that the pad is used only once.

Here is a discussion of what can go wrong ... plus some possibly-
constructive suggestions on how to obliterate information stored
on flash memory chips.

On 12/11/2015 10:03 AM, Henry Baker wrote:

> I'm going to be giving a technical talk on
> crypto to non-crypto people. [....] Any advice?

I would start with the point mentioned above:  Encryption is easy, 
but security is hard.  Real security depends on mathematics, physics, 
electrical engineering, computer programming, human factors, et cetera.
This should be flattering to the multidisciplinary audience.

> Diffie Hellman

For a general audience, one might consider presenting Merkle Puzzles
rather than full-blown DH.  It requires a lot less mathematics.

More information about the cryptography mailing list