Path: ...!news.roellig-ltd.de!open-news-network.org!weretis.net!feeder8.news.weretis.net!newsfeed.bofh.team!paganini.bofh.team!not-for-mail
From: Stefan Claas <pollux@tilde.club>
Newsgroups: sci.crypt
Subject: Re: Ternary Encoding :-)
Date: Thu, 2 Jan 2025 15:18:05 +0100
Organization: To protect and to server
Message-ID: <vl6770$3v5qv$2@paganini.bofh.team>
References: <vl243l$3jkpe$1@paganini.bofh.team> <vl3q7v$3mbq0$1@paganini.bofh.team> <vl418a$2sv2k$1@dont-email.me> <vl4el9$3ndf1$1@paganini.bofh.team> <vl4f3g$2vav0$3@dont-email.me> <vl4mjv$3sqb1$1@paganini.bofh.team> <vl54qf$36b5p$1@dont-email.me>
Mime-Version: 1.0
Injection-Date: Thu, 2 Jan 2025 14:18:08 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="4167519"; posting-host="WyaToOEEsx2UzvHb61/7Ew.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: flnews/1.3.0pre29 (for GNU/Linux)
Cancel-Lock: sha1:x/7mjvxh8eIGjhiRbUImGxPmqZs=
X-Notice: Filtered by postfilter v. 0.9.3
X-Ed25519-Sig: 620b0fb35a635445edf70e5a1cee3a00f1348ba5d818508e30213f3e442d17de
 6804f61c69a262f95b6ca32bf547b17a146c1b3f47cb49196ce5ef54d43a900c
X-Ed25519-Pub: c0ffee5a36e581eb10f60b2831b3cdb955d2e7ef680dd282a8d43ad8b84b357a
X-Date: It's Thu Sep 11447 03:18:05 PM CET 1993, the September that never ends.
Bytes: 4260
Lines: 65

Rich wrote:
> Stefan Claas <pollux@tilde.club> wrote:
> > Rich wrote:
> > > Stefan Claas <pollux@tilde.club> wrote:
> > > > Rich wrote:
> > > > 
> > > > > Of course, this just brings to the front the OTP key distribution and 
> > > > > key reuse problems.
> > > > 
> > > > Forgot to mention, not with my programs, because also in this case I
> > > > can use for ternary xor encryption deterministic keys, valid for one
> > > > day (UTC +0000), so that border control does not find keys. :-)
> > > 
> > > You'll have to explain further, as the above is not nearly enough 
> > > explanation to understand what you are discussing.
> > > 
> > > > I have made this a standard for some of my programs, because long ago 
> > > > I thought of key distribution problems and looked for solutions, 
> > > > which others afaik have not thought of (yet).
> > > 
> > > Further explanation needed.
> > 
> > Ok. You talked about key distribution problems with OTPs and management.
> > 
> > I have Go programs which can generate as many random keys/pads per day
> > (UTC +0000) for my programs, based on a shared secret, consisting of
> > a password and salt.
> > 
> > In order that this works Alice and Bob needs only one initial session,
> > where they transfer with a client/server program, which uses DHE/AES-GCM,
> > the shared secret via the Tor Network, to bypass third party servers
> > and NAT etc.
> > 
> > Once the shared secret is transfered securely to Alice or Bob, they use
> > the key generation programs, which are deterministic. This means that
> > when Alice generates todays pads/keys she does not need to transfer them
> > to Bob, because Bob has the shared secret and can generate the same
> > determenistic keys for each day (UTC +0000).
> > 
> > This procedure allows either Alice or Bob to travel, without worring that
> > some border patrol finds pads/keys, for daily usage, or If I would do
> > encryption with you without sending you pads in advance, via postal
> > service etc.
> 
> Then the weakness here is this "generator algorithm".  A OTP is only 
> perfectly secure if the pads are true random sequences.
> 
> Deterministic outputs from a seeded generator are not "true random 
> sequences" so you will not gain the "unbreakable" aspect of a proper 
> OTP.
> 
> Will it likely be /good enough/ such that those of us left here are 
> unlikely to break it: yes.  Will it be good enough that one of the 
> three-letter-agencies cannot break it: likely no.
> 

That is old saying , that it is only unbreakable with TRRNG. I believe
that nowadays PRNG can serve the purpose as well, for OTP encryption.

What patterns would distinguish a TRNG and PRNG OTP sheet, if a
cryptanalist would look at them, or when looking at a couple of
more sheets? The difference is IMHO none.

-- 
Regards
Stefan