Welcome to European Tribune. It's gone a bit quiet around here these days, but it's still going.
Been thinking about this, and I am coming to the conclusion that the difficulties of one time pads are bloody well overstated.

Who here has a USBdongle from their bank? A code card? Some physical item supposed to help with the security of your ebanking needs? That item might as well be a read-once memory stick. Heck, if I am reading traffic use right, you could encode your world of warcraft account in this way with approximately the same amount of hassle as is currently expended protecting those accounts. Except this would be guaranteed to actually work against all hacking strategies short of "Break into your place, steal your hardware".

by Thomas on Fri Aug 16th, 2013 at 03:58:13 PM EST
[ Parent ]
Three requirements for One Time Pads are:

  1.  Truly Random Key
  2.  Key as long as the message
  3.  Key is never used again

Assuming the three part computer system I described above (for operational security) the only problem is the first.  Turns out it's only possible to derive an algorithm capable of computing a pseudo-random number, at some point every algorithm cycles back to the beginning. Thus, any practical implementation is not mathematically 'complete' but it doesn't really matter.  Practical systems use a pseudo-random seed value - say the current barometric pressure divided by the current temperature times the second through ninth numbers in the mantissa of the current time - fed into a Good Enough pseudo-random number generator for the key.  

She believed in nothing; only her skepticism kept her from being an atheist. -- Jean-Paul Sartre
by ATinNM on Sat Aug 17th, 2013 at 11:27:16 AM EST
[ Parent ]
No. So much no.
by Colman (colman at eurotrib.com) on Sat Aug 17th, 2013 at 02:53:37 PM EST
[ Parent ]
... take an Geiger counter. point it at a rock.  Pseudo-random number generators are for people scared of soldering wire.
by Thomas on Sat Aug 17th, 2013 at 03:00:31 PM EST
[ Parent ]
If the NSA cracks that, they deserve a nobel for proving the simulation hypothesis.
by Thomas on Sat Aug 17th, 2013 at 03:02:27 PM EST
[ Parent ]
but the problem is even then key delivery isn't trivial. you may have generated the perfect random key, but yoy still have to get it to both ends of the chain, without it being intercepted

Any idiot can face a crisis - it's day to day living that wears you out.
by ceebs (ceebs (at) eurotrib (dot) com) on Sat Aug 17th, 2013 at 09:20:30 PM EST
[ Parent ]
That's where covert and indirect methods are so useful.

You can hide information in anything - Tweets, Amazon feedback, EBay bids, blog comments, lolcat pics, videos, porn, banner ads, the time a given IP address reloads a web page.


You don't even have to use steganography. Like email, it just happens to be convenient.

As long as you can agree a code, you can exchange your key using pretty much any traffic on the Internet.

by ThatBritGuy (thatbritguy (at) googlemail.com) on Sat Aug 17th, 2013 at 10:18:32 PM EST
[ Parent ]
For any common purpose key delivery is trivial. This is the electronic era - there is no reason not to make the pad very large, and at some point in time you are very, very likely to have met anyone you wish to communicate securely with in meat-space. Ebanking? pick it up when you set up your account. Corporate networks? HR can hand it over when you are hired/promoted. It isnt like you have to constantly get new keys! A single memory stick pair will cover all your traffic needs for life.. or at least until you forget to take it out of your pockets before washing.
by Thomas on Sun Aug 18th, 2013 at 07:02:57 AM EST
[ Parent ]
Sending a key over the net would be very stupid, however. The entire point is that you do not let anyone see the key twice. Which means delivery has to be physical.
by Thomas on Sun Aug 18th, 2013 at 07:04:47 AM EST
[ Parent ]
Fine, but if I deal with people all over the world, do I have to visit all of them? am I going to end up with a memory stick from every one? I'm sure it would fail on Practicality

Any idiot can face a crisis - it's day to day living that wears you out.
by ceebs (ceebs (at) eurotrib (dot) com) on Mon Aug 19th, 2013 at 07:57:50 AM EST
[ Parent ]
oh, that is easy, also. Oldest known security trick will work for this.
Take USB stick. Mold a clay figure or tablet around it. Sunbake it. -it does not have to be a pretty figurine - in fact, it kind of helps if it is not, harder to copy.  Mail it. Email a photo. Have the recipient compare before smashing. But yhea, you will need a pad for everyone you want secure communications with.
by Thomas on Mon Aug 19th, 2013 at 02:19:38 PM EST
[ Parent ]
Point of this isnt that a clay figurine could not be duplicated. The point is that it would take long enough to do so with sufficient accuracy that the recipient should notice the delay.
by Thomas on Mon Aug 19th, 2013 at 02:22:35 PM EST
[ Parent ]
I know you live in Denmark, so I am forced to assume that it has been a while since you last sent anything in the mail...

- Jake

Friends come and go. Enemies accumulate.

by JakeS (JangoSierra 'at' gmail 'dot' com) on Mon Aug 19th, 2013 at 04:28:33 PM EST
[ Parent ]
Take USB stick. Mold a clay figure or tablet around it. Sunbake it.

This assumes that no packages are X-rayed. But a hollow metal object with an opening that looks like a mold mark might work. Insert data stick, fill remainder of cavity with a metal filled clay, solder the opening shut, grind and polish that surface and glue felt over it as a base. Just don't use a falcon.

A cast or formed metal brass or pewter decorative paper weight would do fine -- unless the authorities became suspicious of the sender or recipient, as acoustic or even more sophisticated inspection might be used. A Dremel tool would suffice to open the base in the appropriate place. If one desired to reuse the object just have a back piece that is soldered around the entire bottom edge. But this is getting to be non trivial.  

"It is not necessary to have hope in order to persevere."

by ARGeezer (ARGeezer a in a circle eurotrib daught com) on Mon Aug 19th, 2013 at 05:51:20 PM EST
[ Parent ]
perhaps deep down it's a government scheme to get people using the post again to drive the price up for privatisation

Any idiot can face a crisis - it's day to day living that wears you out.
by ceebs (ceebs (at) eurotrib (dot) com) on Mon Aug 19th, 2013 at 07:12:47 PM EST
[ Parent ]
The other two are also trivial - Again, assuming you do not have a strange hardon for securely encrypted video chat or life logging, a read-once memory stick covering decades of use would cost pocket change.

.. If you insist on securely locked down lifelogs (.. and the police and security might have good uses for that) it is still trivial, only now you have to actually get new keys once a month or so.

by Thomas on Sat Aug 17th, 2013 at 03:07:34 PM EST
[ Parent ]


Top Diaries

Occasional Series