Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!rutgers!sri-unix!hplabs!hao!nbires!vianet!devine From: devine@vianet.UUCP Newsgroups: sci.crypt Subject: Re: bitwise exclusive-or Message-ID: <132@vianet.UUCP> Date: Mon, 26-Jan-87 21:34:15 EST Article-I.D.: vianet.132 Posted: Mon Jan 26 21:34:15 1987 Date-Received: Wed, 28-Jan-87 06:17:51 EST References: <434@ethz.UUCP> Organization: Western Digital, Boulder Tech Ctr Lines: 64 Keywords: xor Summary: a bit of random thoughts (it's long, sssry) [ ethz!wyle describes a encryption scheme based on random keys and asks: > How is the system flawed? Is it unbreakable? Couldn't companies > implement this strategy cost-effectively? This system is essentially a one-time pad system. It is not breakable in the sense of never having to re-get the random-bits. However, that does not mean that it is a totally secure system. If the "pad" -- here it is the (1) source of the random bits; (2) the storage of the random bits on a copyable medium; (3) transmission of the the random bits by a supposedly reliable courier and (4) both the reading and writing of the random bits on the medium -- is kept secure, the system is a good way towards security. And, if it is not kept secure, too bad. However, let me suggest some possible drawbacks: 1. What constitutes a message? Are there specified lengths of messages? Are there always headers or trailers to every message? What error-correction/detection features are used? If a message arrives in error, what happens? A nasty person knowing this information might be able to do a plain-text attack or other cryptanalytic [note, this word is easy to write but very hard to say -Bob] attack. 2. Can just the fact that a message is sent from A to B be used to suggest ssmething? Remember, even if the messaging is secure an fiendish ssrt of spy can realize that since A is now sending a message that means A's office safe is not being watched, and as a result, may be open for an attack on it! Information may be garnered just from the fact of finding out that perssn A has sent a message to person Z, such as (1) they have something to talk about (hmm, what could it be?) or (2) that A's computer is on the network. 3. A optical disk platter would be a very tempting target for a spy. If one were stolen (the best theft is one were the owner does not realize that a theft has taken place, copying a disk surreptitiously fits this classification) it would likely be usable as the key source for months after the theft. They need to balance the amount that can be stolen against the overhead of sending small amounts of random bits. 4. Is a different selection of random bits always used? How is the selection made? Is the information of where to start kept in a secured file? How much handshaking is done between the sender and recipient to ensure that both are using the correct selection? 5. Because the network is not secure, an active tapper could interpose bad messages and delete good messages. The messages might be secure by themselves but the transmission could be rendered useless. 6. Systems that use the same key for encryption and decryption are susceptible to key distribution problems. The random-key system falls into same-keyness. Public/private keys can handle the key distribution problem nicely. 7. Putting people into the encryption loop is never cheap. Having a secure courier deliver the keys to the (just one?) recipient is expensive because the courier must be investigated and other security nonsense. Bob Devine