A few important points on Tango 2000's one time pad: - Only letters are encrypted. Numbers and other characters are unchanged. - OTP is usually an XOR. Tango uses simple alphabet rotation. - The key can only contain letters and ignores case.
The limitation of not working whatsoever with numbers certainly reduces its effectiveness for (e.g.) securing a credit card number. Take a look at how secure this example is: <@CIPHER ACTION=ENCRYPT TYPE=ONETIMEPAD KEY="onlyalpha" STR="1234-1234-1234-1234"> This might be completely different in a more recent version of Witango. On Mon, 27 Jan 2003, Eric Weidl wrote: > Hi, > > A couple of specific comments: > > >Unfortunately I have it on very good authority that the @CIPHER tag does > >not work as well as it should. Here is what Jess told me: > > > >"Unless somebody has changed something in the last > >year, all of Tango's <@CIPHER> stuff (besides the > >hash) is basically worthless for the purposes of > >security. > > There may be some truth to that comment, but it is due to the nature of the > problem and not necessarily the @CIPHER tag itself. Yes, the BitRoll, > Caesar, and Rot13 types supported by @CIPHER are trivial encryption methods > and don't have a place in a production system. > > > > >The one time pad actually isn't a one time pad at all, > >it's a rotation cipher, and on top of that it doesn't > >work properly... > > OneTimePad is by definition a rotation cipher. It even says so right in the > manual. Criticizing it for being so is like complaining that a dog has fur. > > The power of the OneTimePad is based in the keys and their management, not > the cipher algorithm itself. In a perfect world, OneTimePad is the most > secure encryption mechanism available. Why? Because, in a perfect world, > the keys are *NEVER* reused and never stored after use. > > Obviously not storing keys is difficult in the real world, so in practice, > the OneTimePad falls far short of its theoretical performance. > > As to your comment that it doesn't work properly, I've never heard or > experienced any issues with it. > > > Eric > > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body > ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body