Comments inline... On Thu, Aug 1, 2013 at 7:58 AM, Andy Isaacson <[email protected]> wrote: >> Then someone may force you to exhaust your >> pad bits by corrupting or dropping messages in transit. > > An attacker with control of your wire can deny you service. News at 11! > What cryptosystem does not have this property?
With a one-time pad, the attacker only needs to deny service for a fixed amount of messages until you run out of bits. >> Regardless, you could use a one-time MAC on the ciphertext. Here are >> some lecture notes on the topic: >> http://cs.nyu.edu/~dodis/randomness-in-crypto/lecture1.pdf > > Thanks for the link, that looks very helpful (although too dense for me > to absorb quickly right now). Here are a couple more lecture notes that may be relevant: https://wiki.cc.gatech.edu/theory/images/9/9e/Lec11.pdf http://www.cs.nyu.edu/courses/fall08/G22.3210-001/lect/lecture11.pdf -- Liberationtech list is public and archives are available via Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
