On Thu, Aug 1, 2013 at 5:01 PM, Andy Isaacson <[email protected]> wrote:
> On Thu, Aug 01, 2013 at 07:37:59AM -0700, Andy Isaacson wrote: > > Since a OTP depends critically on never using the same pad to encrypt > > multiple plaintexts, it conversely also depends on the same pad only > > decrypting a single ciphertext. If a onetime implementation implements > > a decryption oracle, an attacker can almost certainly leverage multiple > > decryption attempts with timing or error discrimination to break the pad > > entirely. > > Sorry, meant to add -- > > therefore, it's important that onetime record that a given range of pad > is consumed *on decryption* and is only used, thereafter, to decrypt > the identical ciphertext. > > If this is true in a strict sense, it means that any protocol that use retransmission is incompatible with OTP. Alexander > -andy > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech >
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
