Article <vl6lnl$3eumm$1@dont-email.me>

Deutsch English Français Italiano
<vl6lnl$3eumm$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Rich <rich@example.invalid>
Newsgroups: sci.crypt
Subject: Re: Ternary Encoding :-)
Date: Thu, 2 Jan 2025 18:25:57 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 75
Message-ID: <vl6lnl$3eumm$1@dont-email.me>
References: <vl243l$3jkpe$1@paganini.bofh.team> <vl3q7v$3mbq0$1@paganini.bofh.team> <vl418a$2sv2k$1@dont-email.me> <vl4el9$3ndf1$1@paganini.bofh.team> <vl4f3g$2vav0$3@dont-email.me> <vl4mjv$3sqb1$1@paganini.bofh.team> <vl54qf$36b5p$1@dont-email.me> <vl6770$3v5qv$2@paganini.bofh.team>
Injection-Date: Thu, 02 Jan 2025 19:25:58 +0100 (CET)
Injection-Info: dont-email.me; posting-host="6420596632e4571cd84179c8b721a5c9";
	logging-data="3635926"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX19xB9TdqIiADTfhWYzRJlfN"
User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64))
Cancel-Lock: sha1:cdcYWvY+eJXuumgTLRj46LBXI3w=
Bytes: 4633

Stefan Claas <pollux@tilde.club> wrote:
> Rich wrote:
>> Stefan Claas <pollux@tilde.club> wrote:
>> > Rich wrote:
>> > > Stefan Claas <pollux@tilde.club> wrote:
>> > > > Rich wrote:
>> > > > 
>> > > > > Of course, this just brings to the front the OTP key distribution and 
>> > > > > key reuse problems.
>> > > > 
>> > > > Forgot to mention, not with my programs, because also in this case I
>> > > > can use for ternary xor encryption deterministic keys, valid for one
>> > > > day (UTC +0000), so that border control does not find keys. :-)
>> > > 
>> > > You'll have to explain further, as the above is not nearly enough 
>> > > explanation to understand what you are discussing.
>> > > 
>> > > > I have made this a standard for some of my programs, because long ago 
>> > > > I thought of key distribution problems and looked for solutions, 
>> > > > which others afaik have not thought of (yet).
>> > > 
>> > > Further explanation needed.
>> > 
>> > Ok. You talked about key distribution problems with OTPs and management.
>> > 
>> > I have Go programs which can generate as many random keys/pads per day
>> > (UTC +0000) for my programs, based on a shared secret, consisting of
>> > a password and salt.
>> > 
>> > In order that this works Alice and Bob needs only one initial session,
>> > where they transfer with a client/server program, which uses DHE/AES-GCM,
>> > the shared secret via the Tor Network, to bypass third party servers
>> > and NAT etc.
>> > 
>> > Once the shared secret is transfered securely to Alice or Bob, they use
>> > the key generation programs, which are deterministic. This means that
>> > when Alice generates todays pads/keys she does not need to transfer them
>> > to Bob, because Bob has the shared secret and can generate the same
>> > determenistic keys for each day (UTC +0000).
>> > 
>> > This procedure allows either Alice or Bob to travel, without worring that
>> > some border patrol finds pads/keys, for daily usage, or If I would do
>> > encryption with you without sending you pads in advance, via postal
>> > service etc.
>> 
>> Then the weakness here is this "generator algorithm".  A OTP is only 
>> perfectly secure if the pads are true random sequences.
>> 
>> Deterministic outputs from a seeded generator are not "true random 
>> sequences" so you will not gain the "unbreakable" aspect of a proper 
>> OTP.
>> 
>> Will it likely be /good enough/ such that those of us left here are 
>> unlikely to break it: yes.  Will it be good enough that one of the 
>> three-letter-agencies cannot break it: likely no.
>> 
> 
> That is old saying , that it is only unbreakable with TRRNG. I believe
> that nowadays PRNG can serve the purpose as well, for OTP encryption.

You can believe what you wish.  But for your belief to be accepted by 
more than yourself you'll need to show a proof of such.  Neither of us 
being a "cryptographer" I'll continue to believe the existing proofs 
that for an OTP to be secure the pad needs to be generated from a true 
random source.

> What patterns would distinguish a TRNG and PRNG OTP sheet, if a
> cryptanalist would look at them, or when looking at a couple of
> more sheets? The difference is IMHO none.

Any deterministic generator system (i.e., a PRNG) is going to have some 
bias somewhere (possibly not noticable until a significant number of 
outputs are analyzed).  It will be that bias that will provide the 
crack through which an actual cryptographer will break the system.