Re: One time pads and randomness?
By the way, did anyone try to run "all randomness tests" on a sequence of digits of, say, decimal representation of "e"?
igor
Blake Coverett wrote:
I want to use a one time pad pased crypto system. I understand that the randomness of the pad genorator is key to security(other than lossing the keys). What I want to know is if I use a psuedo-RNG that maybe repeats
its
self every 1000 characters and use it to only encrypt messagase that are 100's of charaters long, will this be a major security risk?
I'm afraid you've fallen into one of the standard traps. A PRNG can *not* make a OTP no matter how you use it.
The total amount of entropy in a PRNG is the amount of entropy in the seed you use to key it. All the other bits are directly derived from that seed.
A true OTP is completely secure from an information-theory point of view because every byte has a full eight bits of entropy. A PRNG can never have this.
Having said all this, it is possible to make a good cipher from a PRNG. RC4, for example, is exactly that and the variable sized key is the seed for the PRNG. It is however very difficult to come up with a good algorithm for that cryptographically sound PRNG and you would be much further ahead to use an existing one rather that trying to roll your own.
Say I create a 1 million character one time pad that passes all of the randomness tests. It is "truely random". I place it on two computers. Now when these two computers want to send email computer "A" grabs a chunk of the one time pad starting at a random point and encrypts it. It labels
with the random starting point and sends it to "B". There "B" moves to
random point and begins decryption. During to process both computers mark that section of the OTP used so that they don't retransmit with it. I realize this has a limited amount of messages before it is used up. But would
as i have writ before, the sources i have read say that digits of the transcendentals are THOUGHT to be uniformly and 'randomly' distributed --- in quotes because there are many criteria for randomness and i don't mean to imply a specific one. however, this supposision is no stronger than a conjecture. has not been proven, AFAIK. At 02:06 PM 1/18/97 -0600, Igor Chudov @ home wrote: the email the this be
secure? Any suggestions, complaints, big gapping holes I missed?
I don't see anything wrong as such, but there is nothing to be gained either. If your random data is real OTP material there is no need to skip to a random byte within it, just start at the beginning and use it in sequence. If your random data is the output of a PRNG like the above then random starting point doesn't buy you much additional security because the entire set of keying material can be recreated from the seed. It may increase the work-factor of searching for the key, but it also imposes the practical problem of keeping all that keying material secure.
More importantly don't confuse statistically random with cryptographically random. Just because a bunch of bits passes all the randomness test you can think of doesn't mean it contains 100% entropy. Consider the digits of an irrational number like sqrt(2) or pi, the digits appear statistically random but they can be recreated from just a tiny bit of knowledge.
A good litmus test is to ask yourself if there is any way you can reproduce those bits. If there is, they aren't a one time pad. (Of course even if you can't it doesn't mean they are good. :-)
regards, -Blake
- Igor.
participants (1)
-
i.am.not.a.number@best.com