Q

'The seduction of the one-time pad'

I read your article about "One-time pads explained" (OTP) and the problems in exchanging them. I am thinking about

using RSA to send them with PGP, but there is again a problem.

Considering PGP, if I want to send OTP message to another person via e-mail, PGP will first compress this OTP message. Here is the problem: Since OTP file/message is highly random in nature (obviously it should be), you can't compress it even to 1%. I experimented by creating pseudo random data generated by keystroke hooks, mouse movements, memory digest, tickcount digest, system information, etc. using a block cipher (Blowfish) and hash digest (SHA-1). I checked the file I generated for randomness by ENT. It gave good results. I decided to encrypt 2.49 MB of pseudo random data by PGP and used a 512-bit RSA key. I found the PGP message size came out to be 3.39 MB -- even when a 512-bit key is used. If I had chosen RSA 4096-bit key and then calculated the result, it is of no use to send few KB of OTP messages via e-mail the whole day.

Considering the perfect security offered by OTP, where the key size of true random data may equal or exceed the message size, can the modern symmetric algorithms of 128-bit and 4096-bit asymmetric algorithms resist cryptanalysis by government agencies? I don't think the government agencies will find any difficulty in breaking a 128-bit encryption.

A few years ago, I gave a talk called, "The seduction of the one-time pad." In it, I discuss how the pursuit of perfect security with one-time pads leads people to make suboptimal security decisions. People spend a lot of effort chasing the one-time pad, and then end up with security that is only good enough. Starting with security that is good enough and sticking to it is almost always the best thing to do.

I'm afraid you've succumbed to that seduction. Don't feel badly about it, most of us do at one time or another. But let me discuss what you did.

You are right that random data is not compressible. This is pretty much the definition of random data. Since compression algorithms like Zip work by finding repeats of data and then putting in shorthands they aren't going to find them in random data. Anything they do find should have just occurred randomly and is not going to offset the extra data that has to be put in for the compression structures. So compressed random data is most likely going to be larger than the base data itself.

Now then, let's look at how to transfer pads to your partners. Since the pads have perfect security, the true security of the system is actually the security of the courier. Let's imagine that you have an actual person delivering them. The security of the system is essentially the chance that the adversary can copy the pads without the courier noticing. That's the way to attack that system. (We'll ignore the storage security issues, as well as the issues of how well your random data was generated.)

If your courier is PGP, then the security of the transfer is the security of your PGP envelope. If that has a 512-bit RSA key, and underneath that a 128-bit cipher, then the weak point of the system is the 512-bit RSA key, which has about the same strength as a 56-bit symmetric key. So, when you encrypt that pad, you have lowered its security to that of a 56-bit key. It would be simpler and just as secure to just use a 56-bit key.

FOR JON'S COMPLETE RESPONSE CLICK HERE

This was first published in April 2004

Dig deeper on Password Management and Policy

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close