On Fri, Aug 30, 2013 at 9:38 PM, Andy Isaacson <a...@hexapodia.org> wrote: > This is incorrect. A one-time pad needs to be the same size as the > message being encrypted, not 256 times as large. OTP implementations > such as onetime (http://red-bean.com/onetime/) implement this properly, > using one byte of pad to encrypt one byte of plaintext. > > Making such a fundamental mistake in the basic definition of the cipher > you're promoting is not a good sign that you're capable of implementing > it securely.
Not to imply that this guy understands what he is doing, but this is not a “fundamental mistake” — it is a peculiar suboptimal (and pointless) generalization of OTP when viewed as a stream of substitution ciphers over {0,1}^n (assuming alphabet of {0,1} here, although this can be generalized, too). The real OTP specifies a permutation for each bit (n=1), and you need one bit to specify such a permutation: the bit to which bit 0 is mapped. Coincidentally, this is equivalent to addition in Z_2 (XOR). Scrambler uses n=8, and optimally you would need log_2(2^n) + log_2(2^n-1) + ... + log_2(2) = log_2((2^n)!) = 1684 bits to represent a permutation, whereas Scrambler uses 2048 bits. >> While it is recommended that you do not reuse one-time cypher pads, >> Scrambler will do so. > > Well, that's a really bad idea, because reusing a OTP makes it > completely trivial to break. Not “completely trivial”. Reusing OTP lets you know the distance between corresponding letters in a pair of plaintexts for given ciphertexts — XOR for alphabet of {0,1}. So you gather 1 bit of information from 2 corresponding bits in ciphertexts. However, for the {0,1}^n generalization above you would only know whether n corresponding bits of plaintexts are same or different given 2n bits in ciphertexts — cryptanalysis would be much trickier, although in the end you would probably be able to extract the same amount of information (ignoring correlation differences) for a given (repeating) key length. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.