Two other problems with using a CD for OTP key material:
1. How to insure physical security for the N years between when you exchange CDs and the use of a given chunk of keying material? The "single CD" system is "brittle" -- a single black-bag burglary to copy the CD, and poof, the adversary has all your keys for the next N years. 2. How to securely destroy it after use, to prevent retrospective dumpster-diving? Nothing short of physical destruction will stop a determined adversary... and physical destruction is *hard*: Smashing the CD with a hammer leaves individual fragments which can still be read with a microscope. (That would yield "some" key bits; a serious adversary could "drag" these across archived encrypted-traffic to find the position which decrypts to something that's statistically plaintext.) Melting the CD should work... but in practice that takes a specialized "oven" (I seriously doubt my home oven gets hot enough), and is likely to produce toxic fumes, and leave behind a sticky mess (stuck to the surface of the specialized oven). ciao, -- -- Jonathan Thornburg <[EMAIL PROTECTED]> Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut), Golm, Germany, "Old Europe" http://www.aei.mpg.de/~jthorn/home.html "Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral." -- quote by Freire / poster by Oxfam --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]