Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!think!nike!caip!brl-adm!brl-smoke!brl-sem!gwyn From: gwyn@brl-sem.ARPA (Doug Gwyn ) Newsgroups: net.crypt Subject: Re: randomly adding bits/bytes Message-ID: <406@brl-sem.ARPA> Date: Sun, 10-Aug-86 23:28:21 EDT Article-I.D.: brl-sem.406 Posted: Sun Aug 10 23:28:21 1986 Date-Received: Tue, 12-Aug-86 13:01:13 EDT References: <8608042018.AA04376@ucbjade.Berkeley.Edu> <437@argus.UUCP> <588@ur-tut.UUCP> Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) ) Organization: Ballistic Research Lab (BRL), APG, MD. Lines: 29 In article <588@ur-tut.UUCP> aptr@ur-tut.UUCP (The Wumpus) writes: >My favorite system for any set up is still adding a random number to each >letter in the message. This also will break up most of the common character >occurence methods of breaking. Of course a repeatable sequence of randoms >is needed. A random number generator that does not repeat for >10,000 loops >would work fairly well as long as the key is changed often. This form of encryption is good if the numbers are truly random (in which case they do not repeat), and such a system has been used, for example, on the Washington-Moscow hot line. Such a system is theoretically unbreakable without possession of the key. However, when one uses a pseudo-random generator instead, it's a different story. The repeat cycle of the generator is NOT a good guide to the security of such a system. I've broken such systems where the repeat cycle was 2^64, using a modest amount of ciphertext. It appears that you're recommending using this method as a "superencipherment" in addition to the "regular" encryption method. Sometimes this adds appreciable strength to the encryption, and sometimes it doesn't; the entire system must be studied to determine this. It is certainly true that key change frequency is a crucial factor in the security of a cryptosystem. This is a major logistic problem in data-processing encryption, where the traffic volume may require immense amounts of key. Recent efforts seem to have centered on using computational complexity to replace the requirement for key data. I'm not convinced that this necessarily works, but many people are.