On Tue, 20 Feb 2001, Tom wrote:
essentially, a one-time-pad with a central source of randomness, the key being the point in the random-number-stream that you start with.
Not quite. The point which you start with in the random number stream is one of the keys, but the system he describes also includes another, which is used to encrypt the random number stream prior to the OTP's XOR operation. The rest of your post, I agree with. First, your orbital random number server can only be put there by someone with enough bucks to launch a rocket -- whom you have to trust implicitly. None of the twenty or thirty people whom I trust implicitly has that much money. Heck, I don't even think I personally *know* anyone who has that much money. What if it was just a few dozen Blum-Blum-Shub generators up there spewing all those bits? We'd never see the difference, but a data thief who was "in the know" about how they were keyed could recreate any sequence at any time. The basic problem is the problem you always get with systems that have a "trusted server" sitting in the middle -- can you really trust that server? Can you inspect it, and inspect the code it's running, personally? Can you verify that the thing you were allowed to inspect is the same as the thing that you're trusting? I don't see any government, or for that matter any criminal organization, with a significant investment in SigInt allowing such a launch to go up untampered if they could possibly prevent it. And we already have systems with barriers of ridiculous levels of computer hardware - proofs of the security of a cipher which rest on the assumption that the opponent has storage capacity limited to less than some finite value are no more nor less valid than proofs of the security of a cipher which rest on the assumption that the opponent has CPU capacity limited to less than some finite value. The only value of this system, assuming you get random numbers you can trust, is that the opponent has to have the large storage capacity NOW - when we know how hard it would be to have it - rather than at some vague point in the future, where moore's law has had time to work its wonders. Finally, this system doesn't protect storage. It protects communications, and communications only. Think about it. If you protect storage, you have to have the bits from the OTP around somewhere to decrypt it. If you have the bits from the OTP around somewhere, you no longer have an unbreakable cipher. Bear