A Snake-Oil FAQ

David Sternlight david at sternlight.com
Sun Jul 21 21:17:37 PDT 1996


At 1:05 PM -0700 7/21/96, Simon Spero wrote:
>[sorry Perry]
>
>On Sun, 21 Jul 1996, David Sternlight wrote:
>
>> So is your comment. What was broken was not public key, but a particular
>> key length (and by implication shorter ones). You can do that with just
>> about any system, even a one-time pad, by brute force, but it won't buy you
>
>Really? The only way I know of forcing a one-time pad is to use a hardware
>QM-based random number generator to generate every possible decrypt, thus
>creating a number of universes equal to the number of possible keys. Since
>you can't tell if you're universe is the right one, one should always
>verify the information obtained against a second source. IANAL, so I can't
>say if such a decrypt would count as probably cause.

Theoretically Simon is right. Nevertheless one-time pads have been broken
through trial and error when they have been reused either out of laziness
or force majeure.

It's not a "monkeys in the British Museum" problem, since when you hit the
right key sequences both encrypted text streams will fall cleanly
out--otherwise the chances are overwhelming (given a decently long run)
that one of the two streams will contain garbles or more likely be complete
gibberish.

It's a pretty simple computer program--all you need is a decent test for
plaintext so you don't have to examine most of the test decryptions.

David








More information about the cypherpunks-legacy mailing list