Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site nsc.UUCP Path: utzoo!linus!decvax!harpo!seismo!hao!hplabs!menlo70!nsc!chongo From: chongo@nsc.UUCP (Landon Noll) Newsgroups: net.crypt Subject: Re: secure codes Message-ID: <620@nsc.UUCP> Date: Wed, 8-Feb-84 19:59:13 EST Article-I.D.: nsc.620 Posted: Wed Feb 8 19:59:13 1984 Date-Received: Sat, 11-Feb-84 05:28:55 EST References: <239@vortex.UUCP> Organization: National Semiconductor, Sunnyvale Lines: 42 one time pads are a good idea. but the the reasons below, they are not the answer to all needs. just for the record, i will point out the problems with such pads: 1) they are not public-key. one time pads are only as secure as the distribution of the pads. when you have to broadcast a message to many sites, the problem gets worse. anyone who gets one of the one-time pads (which becomes even more likely when you have a large distribution) will ruin the security for that pad. people who defect to the "other side" (whatever that means) can carry off such pads... 2) one time pads are very unforgiving on missing data the loss of a section of encrypted data will result in you getting off sync on your pad. just think of would happen if you had to use such a system over uucp? :-) you can use sync marks to help reduce loss of information, but such sync marks are "give-away information" for code crackers too. 3) when you need a large one-time pad, you almost have to resort to a generation system of some kind. say you want a 1,000,000 unit pad. how do you generate such data? if you use random number generators of some kind, and the method of generation or even the style of generation gets known the pad security is greatly reduced. you can overcome this problem by using static noise, or cosmic ray counts, but that is still not totally secure. 4) when you need to transmit a large amount of data, you must use a large one-time key pad, distribute many pads, or reuse the same pad. one time pads are best if they are short length, and short lived. the longer used, or worse more often used, the less secure they become. one time pads are useful, but not everywhere. to put it another way, if one time pads were the answer to everything and 100% secure, then why are there people spending time, energy, and money in the field of cryptosystems? chongo <0110 1010 1001 0001> /\00/\