A Modern Reappraisal of the One-Time Pad Cipher.
in [Cryptography]
|
Prev: A Randomness Hypothesis.
Next: How cool is this?
From: nemo_outis on 5 May 2010 15:21 "J.D." <degolyer181(a)yahoo.com> wrote in news:10f6e2b3-0202-429e-bcef-9d2944f78b37(a)p17g2000vbe.googlegr oups.com: .... > Hmm, interesting. And surprising that the UK would revoke > rights that have been part of their legal system since the > Magna Carta. Fortunately here in the US judges are more > restricted. So I guess you should try to avoid being > caught with potentially incriminating encrypted files while > in the UK. The best approach is to keep the files offshore (re UK) and never repatriate them there. This can be as simple as Rapidshare (which does create a window of vulnerability during the periods the files are stored locally and worked on before being re-uploaded). More elaborate schemes will use a VPN/RealVNC tunnel (through Tor for the ultra-paranoid) to work directly on the files offshore, etc. > Come to the US to do your dirty encrypted > shenanigans...if you can get past our nosy border-guards, > who have the right to confiscate your computer, demand your > password, and then body-cavity search you for no reason > other than that they are bored and you have a "real purty > mouth". A number of methods are used by business travellers (although they could be used by tourists, etc. as well) 1) An encrypted laptop is brought in through US customs but the traveller does NOT know the password. If asked by customs, the traveller explains that the password is kept at offshore headquarters and will only be given to the traveller when he reaches his final US destination (typically by phone). Customs officers can confirm this arrangement by calling the traveller's offshore headquarters. 2) An unencrypted laptop (with no important data) is brought through customs and the important data is downloaded later (from offshore headquarters, Rapidshare, etc.) when the traveller reaches his final US destination. Methods 1 & 2 protect the data but leave the laptop itself vulnerable to seizure by customs (although this would be a very arbitrary seizure for case 2). That's why there's method 3: 3) The traveller comes through US customs without a laptop. A laptop is purchased at the final US destination (we can be talking as little as $500 or so for a fair amount of power). Important data is then downloaded (from headquarters, rapidshare, etc). Prior to leaving the US any changes to the important data are re-uploaded offshore and the laptop is scrubbed and sold (eBay, etc.) - or even discarded. Regards,
From: nemo_outis on 5 May 2010 15:48 "nemo_outis" <abc(a)xyz.com> wrote in news:Xns9D6F7DC94CC44pqwertyu(a)69.16.185.247: Addenda: 1) If the volume of data makes downloading at the US destination impractical/inconvenient then it can travel separately from the traveller by mail/courier, etc and be picked up at his US destination. It is rare for DVDs and such to be seized by customs (and one can send multiple copies by alternate routes, couriers, etc if paranoia runs rampant). Needless to say, the DVDs should be encrypted, and one can even do the "password only known offshore" drill as well. The risk of data exposure is nil. 2) If time pressures, etc. make it impractical before leaving the US to sell a laptop (on eBay etc.) that was bought there, then the laptop can be returned separately (mail, courier, etc.) to the traveller's home jurisdiction for disposal there (e.g., to sell on offshore eBay). It is very rare for US customs to seize an outgoing laptop sent as a package (and one will be no worse off than my cases 1 & 2 if this unlikely event happens). Since that outgoing laptop has been scrubbed there is no risk of data exposure, no matter what US customs does. In short, while slightly inconvenient, it is trivial to thwart these idiotic US customs policies. They are simply harassment - or, only slightly more charitably, security theatre. Regards,
From: Andrew Haley on 7 May 2010 06:10 Greg Rose <ggr(a)nope.ucsd.edu> wrote: > In article <F6mdnaHtItjX4nzWnZ2dnUVZ8mGdnZ2d(a)supernews.com>, > Andrew Haley <andrew29(a)littlepinkcloud.invalid> wrote: >>Simon Johnson <simon.johnson(a)gmail.com> wrote: >>>> It depends. I send to a customer quite a lot of encrypted emails, but >>>> altogether they make maybe one GB per year. I could have gone there >>>> five years ago and have personally brought them a DVD, and we could be >>>> using OTP for the whole time. >>> >>> Tom attacked this on the grounds of the key distribution problem but >>> there is another problem of equal magnitude, in my view. >>> >>> How do you know that your random number generator (RNG) gave you pad >>> bits are actually random? >>> >>> Sure, we have a series of engineering techniques that can produce a >>> large series of random bits in *theory*. But that's quite a different >>> than building an actual device that captures those bits accurately, >>> without introducing bias. [1] >> >>But that problem was solved by von Neumann in 1951, for any source >>that generates independent bits. > > Wow, this is pretty naive. von Neuman did exactly what you say, but > how many sources have biased but independent bits? In practice, > there are higher order correlations or biases that come in to play. Sure, but for this one specific problem -- removing bias -- the problem can be solved. And that was the point I was making. It doesn't remove other correlations. As for the rest of the problem, there's a nice paper, with a good list of references, at http://www.wisdom.weizmann.ac.il/~tromer/papers/rng.pdf Andrew.
From: Spinner on 9 May 2010 04:20 Andrew Haley <andrew29(a)littlepinkcloud.invalid> wrote: >Greg Rose <ggr(a)nope.ucsd.edu> wrote: >> In article <F6mdnaHtItjX4nzWnZ2dnUVZ8mGdnZ2d(a)supernews.com>, >> Andrew Haley <andrew29(a)littlepinkcloud.invalid> wrote: >>>Simon Johnson <simon.johnson(a)gmail.com> wrote: >>>>> It depends. I send to a customer quite a lot of encrypted emails, but >>>>> altogether they make maybe one GB per year. I could have gone there >>>>> five years ago and have personally brought them a DVD, and we could be >>>>> using OTP for the whole time. >>>> >>>> Tom attacked this on the grounds of the key distribution problem but >>>> there is another problem of equal magnitude, in my view. >>>> >>>> How do you know that your random number generator (RNG) gave you pad >>>> bits are actually random? >>>> >>>> Sure, we have a series of engineering techniques that can produce a >>>> large series of random bits in *theory*. But that's quite a different >>>> than building an actual device that captures those bits accurately, >>>> without introducing bias. [1] >>> >>>But that problem was solved by von Neumann in 1951, for any source >>>that generates independent bits. >> >> Wow, this is pretty naive. von Neuman did exactly what you say, but >> how many sources have biased but independent bits? In practice, >> there are higher order correlations or biases that come in to play. > >Sure, but for this one specific problem -- removing bias -- the >problem can be solved. And that was the point I was making. It >doesn't remove other correlations. > >As for the rest of the problem, there's a nice paper, with a good list >of references, at >http://www.wisdom.weizmann.ac.il/~tromer/papers/rng.pdf > >Andrew. Don't know why this group keeps hammering on OTPs. Radiographic counters provide biased independent bits. And lots of them unless you use cosmic ray counters. And for the most part it's irrelevant - you don't own and can't buy an information processing system secure enough to care whether the OTP is "absolutely" random or not. All systems leak information and with the amount of money it would take to brute force a "good enough" OTP, it would be much easier to pay off the other end, compromise your system, compromise the other end, or just put a radio in your keyboard. If you want an absolutely secure system, write it on a piece of paper and then burn the paper. (be sure to do it in a sealed room with no microphones or cameras). Crypto is a VERY small part of infosec, and remember that it's only as strong as its weakest link - which is generally the human part. -- 2+2!=5 even for extremely large values of 2
From: Tom St Denis on 9 May 2010 07:44
On May 9, 4:20 am, Spinner <nos...(a)nospam.net> wrote: > Don't know why this group keeps hammering on OTPs. Radiographic > counters provide biased independent bits. And lots of them unless you > use cosmic ray counters. > And for the most part it's irrelevant - you don't own and can't buy an > information processing system secure enough to care whether the OTP is > "absolutely" random or not. All systems leak information and with the > amount of money it would take to brute force a "good enough" OTP, it > would be much easier to pay off the other end, compromise your system, > compromise the other end, or just put a radio in your keyboard. People like me don't hammer on OTPs because they're hard to get secure. You could just dump data from /dev/urandom for all it mattered and use that pad as an OTP if you wanted (I know that it's just a CSPRNG...). I dislike the OTP and regularly try to discourage people from using it [or variants thereof] because it's totally impractical and it's the attempt to make practical that renders systems wholly insecure. Tom |