A Modern Reappraisal of the One-Time Pad Cipher.
in [Cryptography]
|
Prev: A Randomness Hypothesis.
Next: How cool is this?
From: Simon Johnson on 5 May 2010 05:00 > It depends. I send to a customer quite a lot of encrypted emails, but > altogether they make maybe one GB per year. I could have gone there > five years ago and have personally brought them a DVD, and we could be > using OTP for the whole time. Tom attacked this on the grounds of the key distribution problem but there is another problem of equal magnitude, in my view. How do you know that your random number generator (RNG) gave you pad bits are actually random? Sure, we have a series of engineering techniques that can produce a large series of random bits in *theory*. But that's quite a different than building an actual device that captures those bits accurately, without introducing bias. [1] And since you're generating several billion bits, you're talking about engineering tolerances to within a billionth of a bit if you want perfect one-time pad (OTP) generation. It is unclear what level of bias is fatal to an OTP. But over a billion bits, even a bias on the order of one in a million could lead to some sort of compromise (telling Hebrew from Arabic, for example). If you compare this to the situation in conventional cryptography then a bias of one in a million is not a big deal. It makes exhaustive key search very slightly easier but not enough to compromise any information about the plain-text. As such, conventional cryptosystems, by seeking to reduce the amount of entropy required for security, are robust against a partial RNG failure. This is not true in OTP systems, and their derivatives. This is just one aspect in which conventional cryptosystems are superior. Tom mentions another very good reason: key distribution is much simpler. A third reason might be that the secrets are smaller and thus easier to protect. The long and short of it is that the crypto-systems are engineered the way they are for a reason. Yes, we could do things in a less flexible, more fault prone way, but why bother when we have much more robust constructions? [1] - As the adage goes: "In theory, theory and practice are the same. In practice, they are not."
From: George Orwell on 5 May 2010 06:28 unruh <unruh(a)wormhole.physics.ubc.ca> wrote: > > This is not his job. The judge must proof him guilty, not the other > > way round. At least in theory. > > Yes, it is his job of deciding if you are lying or not. No it's not. That's the jury's job. The judge's job is to ride herd on the jury. A babysitter in black robes, as it were. > >> > Unfortunately, judges are usually not idiots. > >> > >> Unfortunately, judges are indeed usually idiots. Worse, they often > >>have an agenda contrary to law and their oath of office. > > > > Agreed. > > Most (not all) judges try to apply the law. They also know that many > people who come before them lie (just as you are advocating doing). That's a fine example of horseshit. A judge is paid by the government and his loyalty is to his employers. Can you say "conflict of interest" boys and girls? He's not impartial, his job is to fill prisons, regardless of innocence, to keep the Incarceration Nation going strong. In turn, more people are employed as wardens and police and parole officers, giving a much needed boost to the economy. Then those police can go out and arrest more innocent people and ultimately add them to the millions of other detainees. A fine example of a system that will ultimately destroy civilization. I don't know who you were accusing of lying, my only point was saying judges are usually not idiots is false. I don't advocate lying, but I also don't advocate being stupid or incriminating oneself. There is no such obligation. Il mittente di questo messaggio|The sender address of this non corrisponde ad un utente |message is not related to a real reale ma all'indirizzo fittizio|person but to a fake address of an di un sistema anonimizzatore |anonymous system Per maggiori informazioni |For more info https://www.mixmaster.it
From: starwars on 5 May 2010 06:47 David Eather <eather(a)tpg.com.au> wrote: > The "courts" are not so simple as it may seem. They are, you only have to be able to distinguish between a court and a kangaroo court. Unfortunately, there are damnned few of the former and all too many of the latter nowadays.
From: David Eather on 5 May 2010 08:11 On 5/05/2010 8:47 PM, starwars wrote: > David Eather<eather(a)tpg.com.au> wrote: > >> The "courts" are not so simple as it may seem. > > They are, you only have to be able to distinguish between a court and a > kangaroo court. Unfortunately, there are damnned few of the former and all > too many of the latter nowadays. > But you may get no choice in which one you end up in
From: David Eather on 5 May 2010 08:16
On 5/05/2010 5:22 PM, MrD wrote: > David Eather wrote: >> On 5/05/2010 1:35 PM, J.D. wrote: >>> On May 4, 10:01 pm, David Eather<eat...(a)tpg.com.au> wrote: >>> >>>> >>>>>>>> This is not his job. The judge must proof him guilty, not the other >>>>>>>> way round. At least in theory. >>>> >>>>>>> Yes, it is his job of deciding if you are lying or not. >>>> >>>>>> He must either *proof* me lying or let it be. At least in theory. >>>> >>>>> No, just "beyond a reasonable doubt" if it is criminal case in a >>>>> common >>>>> law jurisdiction. That is not mathematical proof. >>>> >>>> It's even worse than that. A judge only has to satisfy *themselves* >>>> that >>>> you are *probably* lying. A jury has to satisfy itself either *beyond >>>> reasonable doubt* or *on the balance of probability* from the evidence >>>> *of the entire case* of which your otp will be only one small part, >>>> considered amongst many other parts at best. (sorry for all the >>>> asterisks) >>>> >>> >>> I don't know about other countries, but in American (and I think >>> English) courts this is not quite correct: >>> >>> First off, in criminal trials the defendant always has the right to a >>> jury (except possibly where the maximum penalty is just a fine or a >>> very short prison sentence) >> >> or it is decided that the case may involve matters of national >> security - in which case anything from a star chamber to a military >> court might be the process (what ever happened in gitmo?) . > > Gitmo is not a common law jurisdiction (AIUI). > I'm sure that is a comfort to those locked up there, as I am sure it is to those who were threatened into a confession by being told they would have an extended Caribbean holiday at the government's expense, and also a comfort to those who simply vanished into Polish or Egyptian secret prisons. |