1995-11-05 - Re: using pgp to make an otp

Header Data

From: Simon Spero <ses@tipper.oit.unc.edu>
To: “Perry E. Metzger” <perry@piermont.com>
Message Hash: 9be2974ce6859a75e1ee9b5d7d30f3a368570028bbc7600e732659d4fe8740ba
Message ID: <Pine.SOL.3.91.951104211722.6970F-100000@chivalry>
Reply To: <199511050428.XAA06831@jekyll.piermont.com>
UTC Datetime: 1995-11-05 05:40:58 UTC
Raw Date: Sun, 5 Nov 1995 13:40:58 +0800

Raw message

From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 5 Nov 1995 13:40:58 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: using pgp to make an otp
In-Reply-To: <199511050428.XAA06831@jekyll.piermont.com>
Message-ID: <Pine.SOL.3.91.951104211722.6970F-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain



On the subject of reused one-time-pads: What are the attacks that become 
available if a pad is used two times. The ones I can think of are:

known plaintext- if any parts of one message can be obtained or guessed, 
	the corresponding parts of the other message are automatically 
	obtained. 

statistics- (m1^C)^(m2^C) == m1 ^ m2. If the message is english, then 
certain combinations of letters are more frequent than others. Try more 
probably cominations first. 

Guess phrases - pick a common word - slide it down the m1^m2 text and 
see if the result looks like english - if it does, you've got a word in 
one, and a bunch of known text in another. 

The latter attack looks like it could be automated pretty well, and could 
run pretty fast, but I get the feeling I'm missing an obvious, better 
method. What's the standard way of attacking TTPs?

What's the most secure way to reuse a OTP if (say) an emergency happens 
when you're on the road, and you're out of pad? Could you build a 
sequence of keys for something like DES from widely separated bits of the 
pad, and use each key for one block, or is this likely to expose the 
original OTPed message, as well as the successor messages?

Simon





Thread