Re: IPG Algorith Broken!
Known-plaintext: Unbreakable, since the pad is never reused Chosen-plaintext: Unbreakable, ditto Adaptive-chosen-plaintext: Unbreakable, ditto Correct but for a different reason. Re-using the pad does render the security useless but the other reason is if we know part of the pad AND the ciphertext (and hence the plaintext) or part of the plaintext and the ciphertext and therefore the pad, We cannot solve the rest of the ciphertext as the pad is true random and the next bits are independent of all the previous ones so we cannot predict from what we have. A better definition of unbreakable, IMHO, is that there is no way to determine the plaintext given unlimited ciphertext and computational resources. Sure, this isn`t a complete definition but at least it definites perfect security in an analytic sense. Datacomms Technologies web authoring and data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey"
On Mon, 25 Nov 1996 paul@fatbrain.demon.co.uk wrote:
Known-plaintext: Unbreakable, since the pad is never reused Chosen-plaintext: Unbreakable, ditto Adaptive-chosen-plaintext: Unbreakable, ditto
Correct but for a different reason.
No correct period, for the same reason. To paraphrase Gertrude Stein, an OTP is an OTP is an OTP.
Re-using the pad does render the security useless but the other reason is if we know part of the pad AND the ciphertext (and hence the plaintext) or part of the plaintext and the ciphertext and therefore the pad, We cannot solve the rest of the ciphertext as the pad is true random and the next bits are independent of all the previous ones so we cannot predict from what we have.
More dumbest information, from FAT BRAIN. If an OTP is used more than once, it is not an OTP by definition. Plaintext xor Plaintext, even in derivative forms. Like so much of his dribble, that paragraph contains some words but I challenge anyone to tell us what it means. It simply does not say anything which translates into anything meaningful. Frequently, you fill in some, and maybe even all of the plaintext, if you have part of the plain text, for example if you have the partial signature of a message emanating from the White House of: Wi Jef on You might reasonably conclude that the missing characters could be filled in to be: William Jefferson Clinton Two plaintexts xored together can reveal much more than you might think. With Kindest regards, Don Wood
Don Wood <wichita@cyberstation.net> writes:
On Mon, 25 Nov 1996 paul@fatbrain.demon.co.uk wrote:
More dumbest information, from FAT BRAIN. ...
Don, a word of caution. You've been excrutiatingly civil throughout this discussion, while the cypherpunks have been, well, punks. Paul Bradley's favorite arguments are to put "(spit)" after your name or to call anything he can't understand "bullshit". Paul can get away with it, but if you stoop on their level, then a) you sound more like them, and you don't want to do that, I'm sure, b) you might get a nastygram from John Gilmore, the 50-ish long-haired bitch who's the "owner" of this "private mailing list". Caution: John Gilmore is a liar and a content-based censor. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
-----BEGIN PGP SIGNED MESSAGE----- On Sat, 30 Nov 1996 wichita@cyberstation.net wrote:
No correct period, for the same reason. To paraphrase Gertrude Stein, an OTP is an OTP is an OTP.
And IPGs algorithm is not OTP, so what you're saying is irrelevant.
More dumbest information, from FAT BRAIN. If an OTP is used more than once, it is not an OTP by definition. Plaintext xor Plaintext, even in
Correction. If I generate a completely random number, and use it in my pad, and then generate another random number, and the 2 randoms happen to be the same, they are still perfectly valid pads; as long as the numbers were truly random. Don't get me wrong -- its still stupid to use the same one twice, and it defies the point, but it is not "not an OTP by definition".
derivative forms. Like so much of his dribble, that paragraph contains some words but I challenge anyone to tell us what it means. It simply does not say anything which translates into anything meaningful.
Stop describing what you write.
Frequently, you fill in some, and maybe even all of the plaintext, if you have part of the plain text, for example if you have the partial signature of a message emanating from the White House of:
Wi Jef on
You might reasonably conclude that the missing characters could be filled in to be:
William Jefferson Clinton
Two plaintexts xored together can reveal much more than you might think.
This is, as they say, completely irrelevant.
Don Wood
--Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 Unix is the worst operating system; except for all others. -- Berry Kercheval -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqEjBDCdEh3oIPAVAQFu4Af+NhUpKK24vICvSbV6v5YdQUxGoegwFk8j S0K0KM3HN7cLnLDPQPWnjtLROkDmh3RBzYZ9DurJmtVX9qC9d95hca4Z+6jyvdJx oQaUYFil9X7hukQZPU3idsX6XsmXCJXUpB/v+XktfkeqC0Rzp9h1fAVfAu7JNA7b q/TbCah4yLe4WZORnySds4nTd0hq19niyO6XCesEddL6DEOS2i5rtRe/ATXSmelu vX16LpvsUIkiyCLMpnPQWBNZbSPOZ9OXDGgj4NNKGP0EFI/eNzwQdNNuBc7dXELk +g3Dk7F9co0HhqmoDjoX7B3l3MnvozziepfV7KAh5O7cr+iFa7lecQ== =aeRZ -----END PGP SIGNATURE-----
On Sun, 1 Dec 1996, The Deviant wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 30 Nov 1996 wichita@cyberstation.net wrote:
No correct period, for the same reason. To paraphrase Gertrude Stein, an OTP is an OTP is an OTP.
And IPGs algorithm is not OTP, so what you're saying is irrelevant.
More dumbest information, from FAT BRAIN. If an OTP is used more than once, it is not an OTP by definition. Plaintext xor Plaintext, even in
Correction. If I generate a completely random number, and use it in my pad, and then generate another random number, and the 2 randoms happen to be the same, they are still perfectly valid pads; as long as the numbers were truly random. Don't get me wrong -- its still stupid to use the same one twice, and it defies the point, but it is not "not an OTP by definition".
Correction, an OTP means a One Time Pad. If it is used more than once, it is not a One Time Pad. The likelihood of a duplicate random number series of any significant length of course is very remote. If it did occur and you were able to to XOR the resultant ciphertexts together, partial or complete compromise might be possible. An OTP means one time use period, why call it a One Time Pad, why not call it a Random Number Series or some other appellation. This is just another example or more pendant pap. Obviously, you like Paul, do not know what you are talking about. You have read some textbooks and think that makes you are an expert. I suggest that you take some time off and learn some IT and what an OTP is. It most certainly is not two identical random number series.
derivative forms. Like so much of his dribble, that paragraph contains some words but I challenge anyone to tell us what it means. It simply does not say anything which translates into anything meaningful.
Stop describing what you write.
Frequently, you fill in some, and maybe even all of the plaintext, if you have part of the plain text, for example if you have the partial signature of a message emanating from the White House of:
Wi Jef on
You might reasonably conclude that the missing characters could be filled in to be:
William Jefferson Clinton
Two plaintexts xored together can reveal much more than you might think.
This is, as they say, completely irrelevant.
Not nearly as irrelevant as your meaningless dribble.
Don Wood
--Deviant
With Kindest regards, Don Wood
wichita@cyberstation.net wrote:
This is just another example or more pendant pap. Obviously, you like Paul, do not know what you are talking about. You have read some textbooks and think that makes you are an expert. I suggest that you take some time off and learn some IT and what an OTP is. It most certainly is not two identical random number series.
what is IT? - Igor.
participants (5)
-
dlv@bwalk.dm.com -
ichudov@algebra.com -
paul@fatmans.demon.co.uk -
The Deviant -
wichita@cyberstation.net