On Fri, Aug 30, 2013 at 9:38 PM, Andy Isaacson <a...@hexapodia.org> wrote:
> This is incorrect. A one-time pad needs to be the same size as the
> message being encrypted, not 256 times as large. OTP implementations
> such as onetime (http://red-bean.com/onetime/) implement this properly,
> using one byte of pad to encrypt one byte of plaintext.
>
> Making such a fundamental mistake in the basic definition of the cipher
> you're promoting is not a good sign that you're capable of implementing
> it securely.
Not to imply that this guy understands what he is doing, but this is
not a “fundamental mistake” — it is a peculiar suboptimal (and
pointless) generalization of OTP when viewed as a stream of
substitution ciphers over {0,1}^n (assuming alphabet of {0,1} here,
although this can be generalized, too). The real OTP specifies a
permutation for each bit (n=1), and you need one bit to specify such a
permutation: the bit to which bit 0 is mapped. Coincidentally, this is
equivalent to addition in Z_2 (XOR). Scrambler uses n=8, and optimally
you would need log_2(2^n) + log_2(2^n-1) + ... + log_2(2) =
log_2((2^n)!) = 1684 bits to represent a permutation, whereas
Scrambler uses 2048 bits.
>> While it is recommended that you do not reuse one-time cypher pads,
>> Scrambler will do so.
>
> Well, that's a really bad idea, because reusing a OTP makes it
> completely trivial to break.
Not “completely trivial”. Reusing OTP lets you know the distance
between corresponding letters in a pair of plaintexts for given
ciphertexts — XOR for alphabet of {0,1}. So you gather 1 bit of
information from 2 corresponding bits in ciphertexts. However, for the
{0,1}^n generalization above you would only know whether n
corresponding bits of plaintexts are same or different given 2n bits
in ciphertexts — cryptanalysis would be much trickier, although in the
end you would probably be able to extract the same amount of
information (ignoring correlation differences) for a given (repeating)
key length.
--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
--
Liberationtech is a public list whose archives are searchable on Google.
Violations of list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
change to digest, or change password by emailing moderator at
compa...@stanford.edu.
