[Cryptography] retro crypto
John Denker
jsd at av8n.com
Sun Jan 12 01:32:56 EST 2020
On 1/11/20 10:44 PM, Ben Laurie wrote:
> Are you assuming the contents of the EPROM is secret? If so, why not use it
> as a OTP?
It's not a one-time pad. It's meant to be a few-time pad.
A true OTP requires that no byte of the pad ever gets
reused. In contrast, in a rotor-like machine, the
various bytes do get reused, but in a key-dependent
pseudo-random order that the adversary cannot easily
figure out.
This means the combined length of all messages sent
by all users of this system can greatly exceed the
amount of randomness stored in the EPROMs, while
still maintaining some decent security.
> If not, then surely this construction is trivially insecure?
Not quite so trivial. The S-boxes in DES are not
secret, yet triple-DES is not trivial to break,
because there is still some security that comes
from the key. You need the key-space to be big
enough to foil brute-force searching.
I still strongly recommend that the EPROMs be kept
secret. However, the key space is large enough to
make life unpleasant for the attacker, even if one
or two of the EPROMs were compromised.
Add a few more rounds it you think it would help.
More information about the cryptography
mailing list