Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Mathematically unbreakable if your pad is truly random


Sure, but if your RNG is compromised, there's no point talking about encryption in the first place.


That's not really the case. OTP requires a large amount of perfectly unbiased randomness, implicitly from a hardware randomness source (otherwise what you have is more accurately a stream cipher).

Contrast with deriving a key using cryptographic primitives, which can accept low-quality randomness (as long as there is sufficient entropy), that can be easily and transparently collected.


Yes, in theory OTP requires perfectly uniform uncorrelated random input. However, in practice, you can use a randomness extractor… at which point, yes, we can't prove that someone with unbounded computational power wouldn't be able to crack it. But all known computational power is bounded.


Right. So now you have to figure out how to get a secure RNG into people's hands, so they can create pads. How does that work? Genuinely curious whether there's a reasonable solution.


Devices that produce a trickle of truly random numbers can be produced for a few bucks. They're included in modern CPUs, for example.

But that was never the problem. The problem is, now what? To use this OTP you need to securely deliver pads to everybody you'll ever send a message to. So, OTP is practical for a handful of secret agents who'll receive messages of a few dozen words per year from a single controller, and useless for most of us in the real world.

_This_ problem is why we have public key cryptography.


Snarkily: a one time pad reduces the problem of exchanging secret messages to exchanging secret keys of the same length..

The only thing that OTP buys you is that you can exchange the pads at your convenience any time before.


You only need to meet once.

With a few GB (a couple bucks in a supermarket will buy a 8GB usb stick) you can communicate in text about 16 thousand books worth of words.

In other words, to deplete the pad you would have to write sixteen thousand books.

I think that's pretty convenient, as far as literally unbreakable encryption goes!


Oh, definitely. The convenience of being able to secure your communication in advance is great.

It's just that key-sharing is basically the most complicated and vulnerable part of modern cryptography.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: