A Modern Reappraisal of the One-Time Pad Cipher.
in [Cryptography]
|
Prev: A Randomness Hypothesis.
Next: How cool is this?
From: Greg Rose on 5 May 2010 13:05 In article <F6mdnaHtItjX4nzWnZ2dnUVZ8mGdnZ2d(a)supernews.com>, Andrew Haley <andrew29(a)littlepinkcloud.invalid> wrote: >Simon Johnson <simon.johnson(a)gmail.com> wrote: >>> It depends. I send to a customer quite a lot of encrypted emails, but >>> altogether they make maybe one GB per year. I could have gone there >>> five years ago and have personally brought them a DVD, and we could be >>> using OTP for the whole time. >> >> Tom attacked this on the grounds of the key distribution problem but >> there is another problem of equal magnitude, in my view. >> >> How do you know that your random number generator (RNG) gave you pad >> bits are actually random? >> >> Sure, we have a series of engineering techniques that can produce a >> large series of random bits in *theory*. But that's quite a different >> than building an actual device that captures those bits accurately, >> without introducing bias. [1] > >But that problem was solved by von Neumann in 1951, for any source >that generates independent bits. Wow, this is pretty naive. von Neuman did exactly what you say, but how many sources have biased but independent bits? In practice, there are higher order correlations or biases that come in to play. Interestingly, one of the good ways to discover these higher order correlations is to first use von Neuman's method to preprocess the stream and then run statistical methods on the output of *that*. Greg. --
From: J.D. on 5 May 2010 13:12 On May 5, 12:40 pm, MrD <mrdemean...(a)jackpot.invalid> wrote: > J.D. wrote: > >> Or you waive the right to a jury either of your own free will or > >> by coercion, > > > Out of curiosity, what specific case do you know of where a person > > waived his or her right to a jury trial because of coercion?* > > Preferably a case where the judge was then less fair than a jury > > would have been... > > In the UK it is quite routine for suspects to opt for summary trial (by > a magistrate without a jury), because conviction in a Crown Court is > likely to carry a heavier penalty. I think that's a form of coercion. > > > > > * I suppose it is coercive to say "we'll let you have a jury trial, > > but if you lose you have to pay all the additional costs that > > entails", but for criminal matters that is only (to my knowledge) the > > case for trivial offenses (like traffic tickets) where States are > > not required to give you a jury trial at all. > > >> or if there is a suspicion (real or imagined) of jury tampering you > >> may be heard without a jury. > > > When did this happen? That would be Unconstitutional. > > The UK has no proper constitution; our first such case was heard last year.http://en.wikipedia.org/wiki/Jury_tampering > > > > >> In any case, what the judge thinks is relevant as he may decide > >> what evidence is in or out and he may instruct the jury what weight > >> to give a piece of evidence or how to interpret it or even throw > >> out a verdict as having no basis in law (and all of these have > >> happened in US courts). > > > Judges can only throw out guilty verdicts. They cannot set aside > > acquittals on any grounds -- to do so would violate double jeopardy. > > On 11 September 2006, William Dunlop became the first person [in the UK] > to be convicted of murder after previously being acquitted.http://en.wikipedia.org/wiki/Double_jeopardy > > As someone said, the courts are far from simple! > > -- > MrD. Hmm, interesting. And surprising that the UK would revoke rights that have been part of their legal system since the Magna Carta. Fortunately here in the US judges are more restricted. So I guess you should try to avoid being caught with potentially incriminating encrypted files while in the UK. Come to the US to do your dirty encrypted shenanigans...if you can get past our nosy border-guards, who have the right to confiscate your computer, demand your password, and then body-cavity search you for no reason other than that they are bored and you have a "real purty mouth".
From: Pubkeybreaker on 5 May 2010 13:36 On May 5, 12:59 pm, Kristian Gjøsteen <kristiag+n...(a)math.ntnu.no> wrote: > nemo_outis <a...(a)xyz.com> wrote: > > What I'm talking about is a backup plan for when the > >outer walls have been breached and the citadel is in danger of > >falling. > > Pretending to be stupid might work for some. I'd dial back the paranoia > and rhetoric, then focus on some practical scheme instead. > > Identify the threat you are trying to protect against. This is a > moderately interested forensic investigator. You want to create a > plausible alternate scenario to explain a file containing ciphertext, a > file that will be regularily updated. > > One possibility: an abandoned project (one of many!) that as a by-product > produces moderately large, random-looking files. Discrete event simulations that need a source of good, repeatable, random numbers. Or: a repeatable source of random numbers used as data to test statistical software. Even if you encrypted a file with AES, and even if an investigator insists that you hand over the key, you can always hand over a OTP key that decrypts the file into something harmless. They may be suspicious, but they have no way of proving that you did not hand over the correct key.
From: nemo_outis on 5 May 2010 13:48 Kristian Gj�steen <kristiag+news(a)math.ntnu.no> wrote in news:hrs868$tkp$1(a)orkan.itea.ntnu.no: > nemo_outis <abc(a)xyz.com> wrote: >> What I'm talking about is a backup plan for when the >>outer walls have been breached and the citadel is in danger >>of falling. > Pretending to be stupid might work for some. I'd dial back > the paranoia and rhetoric, then focus on some practical > scheme instead. 1) For many stupidity is not a pretence :-) 2) Even paranoiacs have enemies. 3) Rhetoric is the art of using language to communicate effectively. > Identify the threat you are trying to protect against. > This is a moderately interested forensic investigator. You > want to create a plausible alternate scenario to explain a > file containing ciphertext, a file that will be regularily > updated. No, the threat I am trying to protect against is NOT a moderately interested forensic investigator - he is a mere intermediary, a functionary. (1) I'm concerned with the organ-grinder, not the monkey. > One possibility: an abandoned project (one of many!) that > as a by-product produces moderately large, random-looking > files. Once again, you're back to mere housekeeping - an explanation for the existence of one (or more) random files. None of this is incompatible with my proposed method. Concoct elaborate explanations to your heart's content. You have all your eggs in one basket - plausible deniability; you're just weaving a fancier basket. But my method goes further should this ploy fail. It provides defence-in-depth and avoids a catastrophic single-point-of- failure: denying that a random file is an encrypted file. And, of course, I have any number of other stratagems - I spoke of this particular one, the badly-done one-time-pad, because it is consonant with the topic of the thread. > By the way. Don't discuss this topic in public. Ah, yes. Another variant on, "If you would fear no man, do right; if you would fear no woman, don't write." Regards, (1) No matter how skilled he is or how suspicious and mistrustful.
From: nemo_outis on 5 May 2010 14:55
"nemo_outis" <abc(a)xyz.com> wrote in news:Xns9D6F6DE893DC9pqwertyu(a)69.16.185.247: Although it has nothing to do with one-time-pads here's another strategem from my toolbox: 1) Keep all your "critical data" on an Ironkey USB stick (FIPS 140-2 Level 3; irrecoverable data & key destruct after 10 wrong passwords) 2) If the authorities (or other adversaries) demand you decrypt, enter (or give them) a wrong password. But, you say, they will know it's a wrong password, and they will "roast your nuts" to make sure the next one is correct (if not literal rubber-hose, then the judicial equivalent: say a year for contempt with each additional wrong password considered as another separate instance of the offence of contempt). But there's a remedy (although an unpalatable one): Immediately after every working session with the Ironkey you always enter a wrong password 9 times! Only one try left. This is the real trick (and I'm "pissing in the soup" again by revealing it here) Then, if you are ever coerced, you produce (at your discretion as to whether disclosure or the penalty is worse) the right (or wrong) password. Your adversaries are in a quandary: they must enter the password blindly (1). If you've given them the wrong one and they enter it, not even God can retrieve that data. This does not make you coercion-proof (judicially or otherwise) but it does leave you with considerable discretion to choose, even in extreme circumstances (e.g., torture). Regards, (1) Or spend six months at a focussed-ion-beam station :-) PS It very likely won't wash :-( but you can do some theatre before and/or after revealing your wrong password to, say, UK authorities, claiming you're so nervous you can't exactly remember the password. This (exceedingly lame) excuse may (well, you can hope, and it doesn't hurt to try) get you a lighter sentence when the password turns out to be wrong. If you adopt this method I suggest that the wrong password have some "plausible" explanation, such as the simple transposition of two digits. |