Cryptography-Digest Digest #813, Volume #13 Tue, 6 Mar 01 00:13:01 EST
Contents:
Re: One-time Pad really unbreakable? (Steven Smolinski)
Re: Super strong crypto (David Wagner)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Steven Smolinski)
Subject: Re: One-time Pad really unbreakable?
Reply-To: Steven Smolinski <[EMAIL PROTECTED]>
Date: Tue, 06 Mar 2001 04:13:23 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> Steven Smolinski wrote:
> > If you can break a one-time pad if you get two ciphertexts made with
> > the same key, why can't you divide one ciphertext in half and apply
> > the same analysis?
>
> I think you're confusing "the same key" used twice with "two parts of
> the same key, each used once".
I was; thanks (to all) for replies.
I had forgotten that the keylength in a one-time pad must be greater
than the plaintext length to be secure, and just assumed that it would
repeat in a single message.
[... snip excellent explanation ...]
> Try that where instead of KEY you have FIRST_HALF_OF_KEY and
> SECOND_HALF_OF_KEY and you should see why it doesn't work; we
> cannot rely on a common KEY to relate the two texts.
Yeah, if it's FIRST_HALF and SECOND_HALF, it's just like having two
separate plaintexts enciphered with two separate keys; there's no
relation.
Again, thanks.
Steve
--
Steven Smolinski => http://www.steven.cx/
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Super strong crypto
Date: 6 Mar 2001 04:23:44 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Douglas A. Gwyn wrote:
>For example, exhibit *any*
>practical C/A attack against the phase 3 design in a normal
>scenario (known PT and CT, multiple sessions with same initial
>key). If there isn't one, then the design goals have been met.
Of course, one could issue the very same challenge about, say, AES.
If lack of known attacks is our criteria, we don't need new systems.
So it seems the $64,000 question here is: What is our criteria for
success, and how do we gain confidence that the new proposal is any
better than existing techniques? In the absence of any _proof_ of
security (which we do not at present have), this seems to be the part
that has to be justified quite carefully.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
