UK government planning a database of every phone call and email by the public -- in the name of fighting terror....

[mawilson 2,133]

mawilson,

Once the system is in place, ciphers of x-length or more will become illegal. Mark my words. And then you and I will have to co-form the NCA - the National Cryptography Association, to protect crypto rights!

Well, how can they tell if something's encrypted and not just random garbage?

[britty 1]

The UK government makes a complete hash of everything it touches. Gordon Brown is just an imbecile who couldn't run a corner shop let alone a country. Why would this new super database be successful? If it ever gets into production, it will have a zillion problems, idiots running it, and after having billions of pounds spent on it, it will be swept under the carpet and Britons will have their taxes increased further to cover the billions wasted. And to the person who mentioned Walthamstow earlier, why don't they just nuke it? It really is a hole full of the dregs of humanity. Before I get attacked, I used to live very close to Walthamstow so I had to unfortunately drive through it on a regular basis.

[Peikko 1,575]

The UK government makes a complete hash of everything it touches.

Yes, an interesting perspective that remains completely untroubled by reality.

[mawilson 2,133]

mawilson,

Once the system is in place, ciphers of x-length or more will become illegal. Mark my words. And then you and I will have to co-form the NCA - the National Cryptography Association, to protect crypto rights!

Well, how can they tell if something's encrypted and not just random garbage?

Guess what I'm trying to say is that you can't make something illegal if you have no way

of enforcing it.

Public key cryptography is great if you want to send a message to someone you've

never met in person, but if the sender and the recipient can physically exchange keys,

there's no need for all that messy RSA or Diffie-Hellman. They can just use a

one-time pad -- a perfect cipher that simply CANNOT be broken, unless you have

access to the key.

So if Osama Bin Laden wanted to send a message to his cell in the US, the best way

to do that is to generate a one-time pad:

bin-laden's-unix-box$ dd if=/dev/random of=bin-laden's-secret-key bs=1024k count=100

copy it to a USB drive and give it to Mohammed al-Jihad who will safeguard the key

and physically transport it to the US.

All messages sent to and from the cell can then be encrypted by XOR'ing them with

the key starting at some offset (which could be agreed over the phone - or email LOL.)

[Ban Hammer 13,352]

They can just use a one-time pad -- a perfect cipher that simply CANNOT be broken, unless you have access to the key.

no cypher is unbreakable, it's a matter of if they want to assign the resources to break it.

[w¡n9Nµ7 §£@¥€r 123]

They can just use a one-time pad -- a perfect cipher that simply CANNOT be broken, unless you have access to the key.

no cypher is unbreakable, it's a matter of if they want to assign the resources to break it.

With a one-time pad, the private key transmission must be protected. If that is compromised, the cipher breaks.

eta: doh, I see you already said that. Nevermind.

Edited May 21, 2008 by VJ Troll

[mawilson 2,133]

They can just use a one-time pad -- a perfect cipher that simply CANNOT be broken, unless you have access to the key.

no cypher is unbreakable, it's a matter of if they want to assign the resources to break it.

You can have all the resources in the universe -- it's unbreakable without the key.

[Ban Hammer 13,352]

They can just use a one-time pad -- a perfect cipher that simply CANNOT be broken, unless you have access to the key.

no cypher is unbreakable, it's a matter of if they want to assign the resources to break it.

You can have all the resources in the universe -- it's unbreakable without the key.

don't bet on it

[mawilson 2,133]

They can just use a one-time pad -- a perfect cipher that simply CANNOT be broken, unless you have access to the key.

no cypher is unbreakable, it's a matter of if they want to assign the resources to break it.

You can have all the resources in the universe -- it's unbreakable without the key.

don't bet on it

Charles,

Are you going to read up on one-time pads yourself, or do you want me to explain?

[Ban Hammer 13,352]

They can just use a one-time pad -- a perfect cipher that simply CANNOT be broken, unless you have access to the key.

no cypher is unbreakable, it's a matter of if they want to assign the resources to break it.

You can have all the resources in the universe -- it's unbreakable without the key.

don't bet on it

Charles,

Are you going to read up on one-time pads yourself, or do you want me to explain?

read about them, and still don't buy that they are unbreakable.

[Amby 490]

charles, I just want you to know I invented them and they're unbreakable. that's my EXPERT opinion

[Ban Hammer 13,352]

charles, I just want you to know I invented them and they're unbreakable. that's my EXPERT opinion

and i still say a cray can break them.

[Amby 490]

dammit I'm an expert!

[Ban Hammer 13,352]

dammit I'm an expert!

she's a scientist, burn her!

[w¡n9Nµ7 §£@¥€r 123]

Charles, what will the Cray decrypt? The encrypted message will be mathematically impossible to decrypt. This is not a statement of opinion, rather a mathematical fact of OTP. The pad is the only thing that is open to an exploit, so are you saying you're assuming transmission of the pad via a medium that leaves it open to capture?

Personally, I don't think an OTP is terribly useful as it depends on a secure means of transmitting the pad.

Anyway, I found this explanation very useful.

What is a One Time Pad?

A one time pad is the only currently known unconditionally secure encryption system. Other encryption systems are cryptographically secure which means that they have a cost associated with breaking, this cost will be very high, but it would theoretically be possible to break if enough compute time could be gathered.

OTPs are provably unconditionally secure, this means that you can not break them with any amount of compute time. It is mathematically impossible to break a OTP.

Okay, so a OTP is a marvelously secure crypto system, so why isn't it more widely used? This is due to convenience, in order to use a OTP you have to trade pads with each person you wish to communicate with. The pad should be a truly random number, so you would ideally want a radioactive decay card or something to generate the pad. The system will critically depend on the true randomness of the pad, and of course on keeping the pad known only to you and the recipient.

This is where the inconvenience comes in, you must somehow trade pads with your intendend recipient securely, this means meeting in person or using a trusted courier.

How does it work

Basically you have your random OTP, which both you and your intended recipient have. You have a message M, and you compute the ciphertext C by XORing the message with the OTP:

C = M xor OTP

You send the ciphertext to your recipient, the recipient knowing the OTP also can recover the message by computing the reverse, XORing the ciphertext C with the OTP:

M = C xor OTP

You must never re-use the OTP, other wise it wouldn't be a "One-Time" pad anymore, and it would loose it's unbreakable properties as information would start to be leaked.

http://www.cypherspace.org/adam/rsa/otp.html