at Wednesday, October 16, 2002 2:01 PM, Sarad AV <[EMAIL PROTECTED]> was seen to say: > Though it has a large key length greater than or equal > to the plain text,why would it be insecure if we can > use a good pseudo random number generators,store the > bits produced on a taper proof medium. because you have replaced a OTP (provably secure) with a PRNG stream cypher (only as secure as the PRNG). he isn't saying that stream cyphers can't be secure - just that they aren't OTP. There is also no point in distributing the output of a PRNG as a tamperproof tape - you just run the PRNG at both sides, in sync. if you use a *real* RNG, then you can do the tape disribution thing and it *will* be a OTP - but its the tape distribution that is the difficult bit (as he points out in the article)
> why do we always have to rely on the internet for > sending the pad?If it is physically carried to the > receiver we can say for sure if P or R is intercepted. two obvious points are 1. it isn't aways possible to ensure secure delivery - if a courier is compromised or "falls asleep" and the tape is substituted with another, a mitm attack can be made transparently. 2. if the parties are physically remote, they may not have time to exchange tapes securely; unless there is a airplane link directly or indirectly between the sites, it may be days or weeks in transit. > can some one answer the issues involved that one time > pads is not a good choice. OTP is the best choice for something that must be secret for all time, no matter what the expense. anything that "secure for 20,000 years" will be sufficient for, go for PKI instead :)
