Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 5/3/83; site nsc.UUCP
Path: utzoo!linus!decvax!harpo!seismo!hao!hplabs!menlo70!nsc!chongo
From: chongo@nsc.UUCP (Landon Noll)
Newsgroups: net.crypt
Subject: Re: secure codes
Message-ID: <620@nsc.UUCP>
Date: Wed, 8-Feb-84 19:59:13 EST
Article-I.D.: nsc.620
Posted: Wed Feb  8 19:59:13 1984
Date-Received: Sat, 11-Feb-84 05:28:55 EST
References: <239@vortex.UUCP>
Organization: National Semiconductor, Sunnyvale
Lines: 42

one time pads are a good idea.  but the the reasons below, they are not the
answer to all needs.  just for the record, i will point out the problems
with such pads:


1) they are not public-key.

one time pads are only as secure as the distribution of the pads.  when you
have to broadcast a message to many sites, the problem gets worse.  anyone
who gets one of the one-time pads (which becomes even more likely when you
have a large distribution) will ruin the security for that pad.  people
who defect to the "other side" (whatever that means) can carry off such pads...

2) one time pads are very unforgiving on missing data

the loss of a section of encrypted data will result in you getting off sync
on your pad.  just think of would happen if you had to use such a system over
uucp?  :-)   you can use sync marks to help reduce loss of information,
but such sync marks are "give-away information" for code crackers too.

3) when you need a large one-time pad, you almost have to resort to a
   generation system of some kind.

say you want a 1,000,000 unit pad.  how do you generate such data?  if you
use random number generators of some kind, and the method of generation
or even the style of generation gets known the pad security is greatly
reduced.  you can overcome this problem by using static noise, or cosmic
ray counts, but that is still not totally secure.

4) when you need to transmit a large amount of data, you must use
   a large one-time key pad, distribute many pads, or reuse the same pad.

one time pads are best if they are short length, and short lived.  the longer
used, or worse more often used, the less secure they become.


one time pads are useful, but not everywhere.  to put it another way, if
one time pads were the answer to everything and 100% secure, then why are
there people spending time, energy, and money in the field of cryptosystems?


chongo <0110 1010 1001 0001> /\00/\