An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Flaw Found in Online Encryption Method
#20640 02/15/12 08:50 AM
Joined: Aug 2009
Likes: 4
grelber Offline OP
OP Offline

Joined: Aug 2009
Likes: 4

Re: Flaw Found in Online Encryption Method
grelber #20643 02/15/12 06:41 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
The title is a bit misleading; the flaw isn't in the encryption method itself, but rather in the randomness of the numbers used to generate the secret keys on some Web sites.

Good encryption depends on good randomness. That's true even of one of the simplest and most secure of all encryption methods, the one-time pad (a grid of random letter substitutions, used once and then thrown away). Even very subtle non-randomness can mess up encryption.

During WWII, the Allies often used one-time pads to encrypt communication with spies in enemy territory. The one-time pads were made by a person who shook a container full of balls that had letters printed on them and drew balls out of the container at random. But randomness doesn't work the way human brains think it does; it doesn't produce even distributions, and there is often "clumpiness" or repeated runs in a truly random sequence. The people drawing out the balls would sometimes not write down the letters exactly as they drew them; they would think "Wait, I drew too many letter Ts in a row, I will just draw again rather than write down another T." This introduced very subtle non-randomness into the sequences that in a few occasions allowed enemies to crack the code.

I saw a really interesting demonstration on TV by a professor who teaches statistics and probability at a college level. On the first day of class, she divides the class into two teams. One team is asked to flip a coin 100 times and write down the results exactly as they are flipped. The other team is asked to try to make up and write down a series of 100 "heads" or "tails" without flipping a real coin. When both teams are done, she comes into the room and tries to guess which one is the real sequence of coin flips and which one the team just imagined would be random. She can spot the real random sequence and the sequence the team just made up almost 100% of the time.

Randomness is hard. smile


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Flaw Found in Online Encryption Method
tacit #20726 02/19/12 09:58 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
> During WWII, the Allies often used one-time pads to encrypt communication with spies in enemy territory.

How'd they get the keys to the spies?

> Randomness is hard.

I've often thought that the key to randomness lies somewhere within a cat's brain: If they can figure out what makes a cat stop dead in its tracks in the middle of (Edit: among many other things) running from one end of the house to the other (and bouncing off the walls in the process) and sit down on the floor and start licking its butt as if it were the most natural action in the world, they'll have it beat. (No matter how many times I see a cat do that, I'm still amazed the next time I see it.)

Last edited by artie505; 02/19/12 10:25 AM.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Flaw Found in Online Encryption Method
artie505 #20738 02/19/12 11:28 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: artie505
How'd they get the keys to the spies?

The one time key pads were delivered by various means including smugglers, parachute drops, or simply sending the spies in with a supply of the key pads in the first place. They were after all "one time" key pads and used only once for a particular message and were specific to a unique operative. As late as the Vietnam war era, U. S. Navy vessels carried similar one time encoding pads for use in emergency situations when other encryption methods failed. For example when the "crypto" machine on our ship failed and we had to go to hand encoding.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Flaw Found in Online Encryption Method
joemikeb #20739 02/20/12 12:11 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Thanks.

I can envision potential problems with all those methods, but I guess there is no guaranteed way to deal with encryption keys in "the wild."


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Flaw Found in Online Encryption Method
artie505 #20755 02/21/12 10:11 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
There are huge problems with distributing keys in any non-public-key encryption system. One-time pads were often concealed to look like something else; for example, there's an encryption system that uses a deck of cards as a one-time pad (the order of the cards constitutes the key).

The advent of public key crypto, where you can give the keys to all and sundry and even broadcast them on network TV and they can't be used by the enemy to decrypt a message, was a revolution for cryptography.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Flaw Found in Online Encryption Method
tacit #20771 02/21/12 07:24 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Books were also popular as a form of one time pad. A sufficiently large book could be used to write a paragraph by specifying page, line, and word. So each word was encoded as a tuple of numbers like 55-18-4 to mean the 4th word on the 18th line of page 55. If you didn't know what the book was, you had very little chance of decoding the message. And in that case the pad itself didn't need to be smuggled in, the agents simply needed to know the exact title/edition of the book and have access to it "on the other side". The book could continue to be used for awhile until too many necessary words had been exhausted in the book. You wouldn't want to ever re-use a tuple, it would break the definition of "one-time".


I work for the Department of Redundancy Department

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.046s Queries: 28 (0.012s) Memory: 0.6041 MB (Peak: 0.6784 MB) Data Comp: Zlib Server Time: 2024-03-29 01:01:39 UTC
Valid HTML 5 and Valid CSS