From: paul@fatmans.demon.co.uk
To: walrus <walrus@tcgcs.com>
Message Hash: 56cb013c05e2052eddb85f57436dfa91f33dae885ba9d3012fe7ef37a00ddef6
Message ID: <845910403.8325.0@fatmans.demon.co.uk>
Reply To: N/A
UTC Datetime: 1996-10-21 15:57:33 UTC
Raw Date: Mon, 21 Oct 1996 08:57:33 -0700 (PDT)
From: paul@fatmans.demon.co.uk
Date: Mon, 21 Oct 1996 08:57:33 -0700 (PDT)
To: walrus <walrus@tcgcs.com>
Subject: Re: [crypto-philo]OTP or DES?
Message-ID: <845910403.8325.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain
> It is quite easy to take the bits of the des-encrypted message, and
> calculate the OTP key nessasary to decrypt the message into your real plan.
> It would seem you could build a key to have your message say anything of
> equal length. Why then must a true OTP be based on a true RNG? Because one
> of the actual possible keys of a real OTP is indeed the encrypted des
> message, you can claim that it is an otp and no-one can prove otherwise.
> They can say "But we cracked your des key and can decypher this message!"
> and you say "nope i used an OTP, that is a false message, here is what it
> really says! The fact that by PURE coincidence that OTP could be decrypted
> using that particular key means nothing, because a true OTP can generate
> that bit sequence.
Not quite,
It is so unlikely that any DES key would exist to turn a one time pad
encrypted message into an intelligible plaintext with no errors,
proper linguistic structure etc. that it just wouldn`t wash.
I shiver at the idea of calculating the probability (my statistics is
a bit rusty) but it is a pretty damn small probability given that the
set of all possible DES ciphertexts is a smallish subset of all
possible binary values (if memory serves correctly, I may be off the
mark here though).
This may work with a stream cipher (which is pretty similar to a OTP
apart from not being provably secure because the entropy of the key
is greater than or equal to that of the message) where you can have
any possible binary value as your ciphertext...
However, for a block cipher, this would appear to me to be impossible
for most ciphertexts.
Datacomms Technologies web authoring and data security
Paul Bradley, Paul@fatmans.demon.co.uk
Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org
Http://www.cryptography.home.ml.org/
Email for PGP public key, ID: 5BBFAEB1
"Don`t forget to mount a scratch monkey"
Return to October 1996
Return to “paul@fatmans.demon.co.uk”
1996-10-21 (Mon, 21 Oct 1996 08:57:33 -0700 (PDT)) - Re: [crypto-philo]OTP or DES? - paul@fatmans.demon.co.uk