'Unbreakable' Encryption Unveiled

Originally posted by dave420
reply to post by justyc

 

We already have 100% secure encryption that anyone can use. The one-time pad.

Not terribly practical though, since the key can't repeat it has to be the same size as the message. You can also never use the same key again, ever. This is fine for very small bandwidth messages, but horribly impractical for anything in the real world. It also doesn't provide the receiver of the message with any authenticity.

Also generating the one-time pad is difficult, you can't use a conventional random number generator, they are always at best pseudo-random and that isn't good enough for a true one-time pad.

Originally posted by zsrgt

Originally posted by dave420
reply to post by justyc

 

Also generating the one-time pad is difficult, you can't use a conventional random number generator, they are always at best pseudo-random and that isn't good enough for a true one-time pad.

Is there any example of an encrypting device where a conventional random number generator is used? If so, what is the generator made of?

I found one example that demonstrates a protected data acquisition device that could be a tough cookie:
www.msnbc.msn.com...

What would be the best hi-tech counter-measure to deal with the trojan?

Originally posted by zsrgt
It also doesn't provide the receiver of the message with any authenticity.

Disagree. At the very least, you can authenticate the user has the one-time pad. Hopefully, if nobody else has it, you know the message came from that user (because you can unencrypt it.)

Really, what we need as a one time pad is to use some microchip implanted in our body containing 10^23 random bits. Then, the one-time pad is indexed by the DNA sample of the person you are trying to communicate with.

Something like that.

Originally posted by Buck Division

Originally posted by zsrgt
It also doesn't provide the receiver of the message with any authenticity.

Disagree. At the very least, you can authenticate the user has the one-time pad. Hopefully, if nobody else has it, you know the message came from that user (because you can unencrypt it.)

Really, what we need as a one time pad is to use some microchip implanted in our body containing 10^23 random bits. Then, the one-time pad is indexed by the DNA sample of the person you are trying to communicate with.

Something like that.

So, horribly impractical then...

Secure Cryptography comes down to 2 things, designing secure algorithms where as long as the key isn't known and can't be brute forced the cipher text is secure, and key distribution. We are very good at the first one, the second is more problematic. What a one-time pad does is make the key distribution problem even harder without making the encryption algorithm part easier. It's not logical.

Instead of focusing on one-time pads, we need to find more secure ways of handing key distribution with authentication and once distributed, how to keep those keys secure.

That is going to be a hard problem to solve as long as 1) humans are involved and 2) we don't have the network equivalent of packets in transfer having armed guards



Edited to add: What quantum crypto attempts to solve isn't the encryption part, but securing key distribution.

[edit on 11-10-2008 by zsrgt]

Originally posted by zsrgt
Secure Cryptography comes down to 2 things, designing secure algorithms where as long as the key isn't known and can't be brute forced the cipher text is secure, and key distribution. We are very good at the first one, the second is more problematic.

Yes! Very good point, Zsrgt.

Until we get secure key distribution (which the OP addresses) it is a bit like putting hundreds of locks on a door, but totally ignoring the door hinges as a weak point.

It is so easy to lose sight of that. It is the exact type misdirection that makes most encryption so vulnerable. People naturally have a blind spot. You think you have a well locked door, but the hacker simply removes the door at its hinges, or comes in through a window.