Re: High Quality Random sources, was: Re: SecuriKey

[Stephen D. Williams]

It has puzzled me for a while why it doesn't occur to people that a high 
quality OTP is a high quality source of shared private keys for a good 
symmetric algorithm.  That is a much better use than 1-to-1 XOR.  Sure, 
you're still only as secure as the symmetric algorithm but if you can 
manage distribution of a OTP, you don't have to otherwise worry about 
key management other than walking through the keys so that they are only 
used once.  128MB+ (or 200MB or 1GB)  represents a lot of AES keys.  
With that many, you could just skip around on a non-key aligned random 
point (using your high-quality random source of course ;-) ), transmit 
the point you are using as a key selector, and not worry about avoiding 
reuse management.

PKI is better for many reasons, but it's still interesting that an 
essentially low-tech technique like OTP could be used in a similar way.  
You still have an N^2 key exchange problem that PKI solves.

sdw

Valdis.Kletnieks@xxxxxx wrote:

> On Sun, 11 Jan 2004 23:10:47 EST, "Stephen D. Williams" said:
>
>  
>
> > OTP absolutely requires that you share the OTP out of band, i.e. you 
> > twin a capture of random data.  Any transfer makes it as vulnerable as 
> > the transfer method.
> >    
>
> The single most common OTP-related offense of Schneier's "snake oil crypto"
> has got to be the fact it's almost never only used exactly once and then discarded.
>
> So sure you can load 200 meg of OTP into the dongle before you leave the spy agency
> on a mission.  The fun starts when you get to the 201st megabyte of data. :)
>  

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/