Naive question here, but what if you made multiple one time pads (XORing them all together to get your "true key") and then sent the different pads via different mechanisms (one via FedEx, one via secure courier, one via your best friend)? Unless *all* were compromised, the combined key would still be secure.
As for PKI being secure for 20,000 years, it sure as hell won't be if those million-qubit prototypes turn out to be worth their salt. Think more like 5-10 years. In fact, just about everything except for OTP solutions will be totally, totally fucked. Which means that you should start thinking about using OTP *now* if you have secrets you'd like to keep past when an adversary of yours might have access to a quantum computer. I'd put 50 years as an upper bound on that, 5 years as a lower. -d ----- Original Message ----- From: "David Howe" <[EMAIL PROTECTED]> To: "Email List: Cypherpunks" <[EMAIL PROTECTED]> Sent: Wednesday, October 16, 2002 7:52 AM Subject: Re: One time pads > at Wednesday, October 16, 2002 2:01 PM, Sarad AV > <[EMAIL PROTECTED]> was seen to say: > > Though it has a large key length greater than or equal > > to the plain text,why would it be insecure if we can > > use a good pseudo random number generators,store the > > bits produced on a taper proof medium. > because you have replaced a OTP (provably secure) with a PRNG stream > cypher (only as secure as the PRNG). he isn't saying that stream cyphers > can't be secure - just that they aren't OTP. > There is also no point in distributing the output of a PRNG as a > tamperproof tape - you just run the PRNG at both sides, in sync. > if you use a *real* RNG, then you can do the tape disribution thing and > it *will* be a OTP - but its the tape distribution that is the difficult > bit (as he points out in the article) > > > why do we always have to rely on the internet for > > sending the pad?If it is physically carried to the > > receiver we can say for sure if P or R is intercepted. > two obvious points are > 1. it isn't aways possible to ensure secure delivery - if a courier is > compromised or "falls asleep" and the tape is substituted with another, > a mitm attack can be made transparently. > 2. if the parties are physically remote, they may not have time to > exchange tapes securely; unless there is a airplane link directly or > indirectly between the sites, it may be days or weeks in transit. > > > can some one answer the issues involved that one time > > pads is not a good choice. > OTP is the best choice for something that must be secret for all time, > no matter what the expense. > anything that "secure for 20,000 years" will be sufficient for, go for > PKI instead :)
