Re: High Quality Random sources, was: Re: SecuriKey
From: Stephen D. Williams
Date: Mon Jan 12 2004 - 01:29:57 EST
It has puzzled me for a while why it doesn't occur to people that a high
quality OTP is a high quality source of shared private keys for a good
symmetric algorithm. That is a much better use than 1-to-1 XOR. Sure,
you're still only as secure as the symmetric algorithm but if you can
manage distribution of a OTP, you don't have to otherwise worry about
key management other than walking through the keys so that they are only
used once. 128MB+ (or 200MB or 1GB) represents a lot of AES keys.
With that many, you could just skip around on a non-key aligned random
point (using your high-quality random source of course ;-) ), transmit
the point you are using as a key selector, and not worry about avoiding
reuse management.
PKI is better for many reasons, but it's still interesting that an
essentially low-tech technique like OTP could be used in a similar way.
You still have an N^2 key exchange problem that PKI solves.
sdw
Valdis.Kletnieks@xxxxxx wrote:
On Sun, 11 Jan 2004 23:10:47 EST, "Stephen D. Williams" said:
OTP absolutely requires that you share the OTP out of band, i.e. you
twin a capture of random data. Any transfer makes it as vulnerable as
the transfer method.
The single most common OTP-related offense of Schneier's "snake oil crypto"
has got to be the fact it's almost never only used exactly once and then discarded.
So sure you can load 200 meg of OTP into the dongle before you leave the spy agency
on a mission. The fun starts when you get to the 201st megabyte of data. :)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/