Mark K. Kim writes: > On Tue, 4 Jun 2002, Micah Cowan wrote: > > > Bill Broadley writes: > > > Xor is 100% secure if your key is as long as your data, otherwise known > > > as the otp = one time pad. If it's less, it is indeed rather easy to break. > > > > This is really picky of course, but the other criteria for "secure use > > of Xor", in addition to having a key at least as long as your data, > > is: > > > > 1. That it be a random sequence - *truly* random. This rules out > > using "passphrases" and the like. *All* passphrases or passwords > > are extremely insecure for Xor, regardless of length. > > > > 2. That it be used only one time, and then discarded - never to be > > used again. > > > > The combination of those three requirements (counting yours), is what > > makes something a one-time pad, or "Vernam Cipher". (I know you know > > this stuff, Bill - but I'm pointing it out for any who don't). > ==8<-- > > One-time-pad (of which XOR is one method) is still not secure even if you > follow the "standard rules" (the ones Micah points out.)
Good point about XOR being one method - the "canonical" method is to rotate the letters by the value, not XOR it. But either way, the probability distributions work out the same. > One way the > message could be compromised is if the adversary messes up your > communication. Example: > > 1. I send the message "I'll meet you at 10 O'Clock", XORed. > > 2. Aversary intercepts the message. S/he has no clue what it says, > but s/he knows it's about some meeting. In a random spite, > s/he changes a random character. > > 3. The recipient receives the message "I'll meet you at 11 O'Clock". > > The message has now been compromised even though the adversary did not > know what the original message was. It took a little luck, but it's not a > bad chance, if all the adversary wants to do is confuse the recipient. More luck than I'm willing to worry about, frankly. The chances of choosing the right spot to change (1 out of 17), *and* the right value to change it to (9 out of 256) to affect it in a way that is meaningful are pretty slim. The odds are *much* greater that the message will just be garbled slightly. > I guess if the adversary could do the above, s/he could also simply not > forward the message until the recipient dies from old age, too. But all > these issues are important concerns one should be aware of in security; > one can't blindly use a technique just because someone tells you it's > secure, but one also needs to be aware of all the issues. This still makes OTP by far the most secure encryption mechanism, bar none. However, complications arise because it's also damned inconvenient for most situations. You can't use it to encrypt internet communications, for instance, unless you physically transport the key to the other site in advance, or use some other means of communications that is already secured. Also, the fact that once you've used up the key, it's done. And you have to ensure that both parties are very good at destroying the keys, unless you don't care what happens to the message once it's been received (which is a possibility). All in all, OTP isn't much more convenient than just driving over to the recipient's house and delivering it in person. Which is why it's almost never used - security is always a balance between practical usability and ultimate security. After all, security's no problem if you're enclsoed in a shielded room, with no connectivity, and you're the only one there. But that makes it kinda difficult to communicate. But anyway, in general, I agree with you - there's no perfect solution for every situation. Everything's a trade-off: finding the right one is always important. Micah _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
