From: smith@sctc.com (Rick Smith)
To: Black Unicorn <frantz@netcom.com>
Message Hash: 79aea861b898483a7d89d7605d642701fc9661106eab6e7ac2a39ec474af24e8
Message ID: <v01540b0fae48c44b87ff@[172.17.1.61]>
Reply To: N/A
UTC Datetime: 1996-08-27 18:03:09 UTC
Raw Date: Wed, 28 Aug 1996 02:03:09 +0800
From: smith@sctc.com (Rick Smith)
Date: Wed, 28 Aug 1996 02:03:09 +0800
To: Black Unicorn <frantz@netcom.com>
Subject: Re: NSA's Venona Intercepts
Message-ID: <v01540b0fae48c44b87ff@[172.17.1.61]>
MIME-Version: 1.0
Content-Type: text/plain
At 12:26 AM 8/27/96, Black Unicorn wrote:
>I seem to recall an exhibit on Verona including a proported Soviet OTP at
>the National Cryptologic Museum in MD.
Kahn's "Codebreakers" also has photos of OTPs captured from undercover
Soviet spies. The fact that illegals were using OTPs to talk to their
controllers didn't necessarily imply that messages from Soviet embassies
and other offices needed to be using OTPs themselves. The could have used a
good rotor machine (well, good for the era). But now I'm convinced they
didn't.
The whole thing makes sense if we're looking at cryptanalysis based on
reused OTPs. I can see why the NSA doesn't mind letting the world know that
they could crack reused OTPs as opposed to some other identifiable cipher
technique. The degree of NSA's success doesn't help an adversary optimize
their crypto technology. The decryption success is in direct proportion to
how sloppy the Soviets were in using their OTPs. I'll bet some official got
shot when this was all figured out.
Partial decrypts occur when parts of the keystream are recovered and other
parts are not. I wonder if one could compare the "holes" in the various
messages and thereby infer which OTPs were used for which messages based on
patterns of keystream recovery.
Venona also presents an object lesson on why not to use OTPs: the security
does not degrade gracefully if they are misused. Reusing one even once
could easily compromise both messages sent with it. I doubt security
degrades nearly as quickly if you overuse or reuse keys in more modern
techniques. Thus, OTP keying requires a reliably pessimistic prediction of
traffic flow, and your security is toast if you underestimate your
transmission needs.
Besides, given that nobody can crack a truly randomized OTP, I can see why
NSA would want to publicize a failed use of OTPs. Might as well focus
interest on more theoretically tractable techniques.
Rick.
Return to August 1996
Return to “smith@sctc.com (Rick Smith)”
1996-08-27 (Wed, 28 Aug 1996 02:03:09 +0800) - Re: NSA’s Venona Intercepts - smith@sctc.com (Rick Smith)