From: pjb@ny.ubs.com
Date: Wed, 28 Aug 1996 00:14:58 +0800
To: smith@sctc.com
Subject: Re: NSA's Venona Intercepts
Message-ID: <199608271315.JAA10821@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


it is my understanding that the Venona traffic used a code book with super-
encyption using a otp.  the break was possible because the Soviet's got
sloppy with the otp keys and in fact used some of them more than once. 
even then, it tooks years of work to make the breaks.  everything you ever
heard about using true random keys, and only once is true.  difficult as it
may be to accomplish,  it is possible to break a otp if the pad isn't really
'one time'.

	-paul

> From cypherpunks-errors@toad.com Mon Aug 26 18:14:44 1996
> X-Sender: smith@mailhost.sctc.com
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Date: Mon, 26 Aug 1996 10:49:39 -0600
> To: cypherpunks@toad.com
> From: smith@sctc.com (Rick Smith)
> Subject: NSA's Venona Intercepts
> Sender: owner-cypherpunks@toad.com
> Content-Length: 1510
> 
> The bulk of the material available from NSA's web site is associated with a
> long time project called Venona to decrypt Soviet message traffic from the
> 1940s. It's an interesting exhibition of the practical output of
> cryptanalysis that, incidentally, contains alleged reference to famous
> Commie spies of that era (Hiss, the Rosenbergs, etc).
> 
> One question that I haven't found answered in my perusals of the site is a
> definitive statement of the cryptographic technology used by the Soviets. I
> was re-reading Kahn's 1967 chapter on Soviet crypto and he claimed that
> they relied primarily on one time pads. In fact, he was pretty specific
> about them using OTPs for exactly the type of traffic appearing in the
> Venona archive. But when I look at the partial decrypts in the Venona
> archive I don't understand how you'd get such partial decrypts from OTPs.
> 
> The intercepts seem to indicate the use of ciphers with some codewords
> weakly layerd on top. Some intercepts show translations based on the
> phonetic properties of the extracted Russian plaintext. So I don't think
> the "unrecovered codegroups" are caused by a classic code that substitutes
> tokens for word meanings. But you're not going to crack only part of a OTP
> ciphertext -- presumably you'd need a compromised key tape, and that would
> either decrypt everything or nothing.
> 
> So they were either really using rotor machines or they were using
> something else. Any other ideas? Other references?
> 
> Rick.
> smith@sctc.com          secure computing corporation
> 
> 
>