tcmay@netcom.com writes:
Sure, one-time pads are information-theoretically secure.
The problem is the key distribution problem, as well as the storage of one-time pads. For example, for the couple of hundred folks on this list to communicate securely will other members, each would have to meet in person or deliver by trusted courier a one-time pad to _each_ of the others! A very tough logistical problem, fraught with potential weaknesses, and much easier to spoof or break than, for example, factoring very large numbers.
This is the problem, the key distribution problem, that public key methods solve.
I never recommended the digital OTP as a replacement for public key cryptography. Clearly the logistics of using OTPs on a large scale are clearly dismal. While public key solutions like PGP are good for mass communication systems, they are not secure as far as I am concerned. I am sure the NSA has plenty of tricks up their sleeve for dealing with PGP & RSA. OTP is an excellent solution for small groups (5 people or less) who MUST have completely secure communications. It would be quite easy for a small group like this to physically meet once a year and exchange their fresh 250mb pads (stored on magnetic reel tape which is incrementaly shreaded & burned on the way out of a OTP decoding machine). In fact only one trusted individual is needed to operate an OTP pad generating machine to create the fresh pad tapes from RF noise and only once a year. This could be the ring leader of the group and tape distributor. A 250mb pad is enough for each individual to send 250,000 one kilobyte messages to his conspirators, surely enough pad material to require physical pad exchange only once a year, perhaps even less frequently. A terrorist group or drug ring could use OTPs quite easily from a logistical and key distribution point of view and never have to worry about their messages (e-mail or telex) being decrypted by any agency on the face of the earth. The costs of such a method are minimal for a group of 5 terrorists, a 5-node system like this could be built and set up for around $5000. Of course an OTP scheme must insure physical security as well. Used up key stream tape must be incrementally shredded and burned beyond recovery. And plaintext messages should be displayed to CRT, never be stored. After each message is read or sent, it is destroyed by being overwritten in RAM by nulls. The screen should either by an LCD display or a Tempest proof CRT. Unused pad tape must be quickly removable so that it can be dropped into a near by barrel of sulfuric acid should the law bust through your door. This would prevent the capture of the unused pad tape and prevent the law from spoofing your conspirators by sending and decoding messages as you. A ventilation system must be put in place to suck out the fumes from the barrel of acid out of the room. A wireless alarm system must be in place to allow the detection of a law enforcement assault and allow the quick acid bath destruction of unused pad material. Note, this scheme comes directly from my mind as I speak and does not fly out of anything. It could be refined into a very secure and inexpensive set up. A well implemented OTP scheme makes the interception of plaintext impossible and the capture of messages by physical raids also impossible. This is what I believe to be the only provably secure communication method. If I was a drug king pin, this is what I would use. Thug