[Cryptography] crypto hygiene for keys, pads, et cetera
Henry Baker
hbaker1 at pipeline.com
Sat Dec 12 20:52:11 EST 2015
At 11:06 AM 12/12/2015, John Denker wrote:
>On 12/04/2015 08:35 AM, Henry Baker wrote:
>> The one-time pad is approximately 100 years old,
>> and provides perfect secrecy
>
>In a sense that's entirely true, but in another sense it is profoundly
>wrong.
>
>> (so long as you don't reuse the key material).
>
>That's an important proviso, but not the only proviso. Much depends
>on details of the threat model.
> -- Stand-off attacks against the communication channel only?
> -- Attacks that capture the pad (and the user)?
>
>> Here's the program [....]
>
>Here's problem #1: If you were to use that program "as-is", it would
>flunk the silk-or-cyanide test. It implements the encode and decode
>functionality, but fails to implement the /one-time/ property.
>
>Here's problem #2: It is quite nontrivial to fix problem #1.
>
>As the saying goes, encryption is easy, but security is hard. The
>XOR program is fine if all you need is encryption/decryption, but
>it is vastly harder to implement a true OTP system that ensures
>that the pad is used only once.
>
>Here is a discussion of what can go wrong ... plus some possibly-
>constructive suggestions on how to obliterate information stored
>on flash memory chips.
> https://www.av8n.com/security/private-data-storage.htm
Re reuse:
1x pads were designed with pages that could be torn off & destroyed -- e.g., by fire.
Doing the equivalent on a computer would involve having a large number of message-length files of random bytes; pick the "next" file to use for your encryption; use it; then "securely delete" it.
Yes, you are right, the "securely delete" task is essentially impossible for flash memory, except by grinding it to a fine dust. But flash memory is now insanely cheap...
Generating the large number of message-length files of random bytes is also quite difficult to do correctly, but it can be done.
---
Soviet agents used 1x pads & were successful until some of the pads were re-used.
https://en.wikipedia.org/wiki/Venona_project
1x pads have been successfully used by agents using only pencil-and-paper, prior to the existence of computers.
BTW, I heard on the radio yesterday that the FBI had divers looking for hard drives and/or SD/uSD cards in Lake Seccombe in San Bernardino. I suspect that the rental car GPS log showed that the car stopped near this lake at a particular point in time.
The KFI (L.A.) radio program indicated that they were looking for a uSD card, which is the size of your pinky fingernail. The FBI considered draining the lake (it isn't very large -- a couple of city blocks perhaps), but were worried that the mere process of draining would carry away the evidence they were looking for. This tells me that they were looking for SD cards or smaller, as I would guess that a typical hard drive would sink to the bottom & stay there. (Does a modern laptop 1.8" hard drive float? I've never tried it!)
It's conceivable, although unlikely, that the San Bernardino pair may have used a 1x pad.
FBI, ATF Divers Resume Searching Lake In San Bernardino For Digital Evidence
http://losangeles.cbslocal.com/2015/12/11/fbi-atf-divers-continue-to-search-lake-in-san-bernardino-for-digital-evidence/
More information about the cryptography
mailing list