Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!princeton!allegra!ulysses!faline!karn
From: karn@faline.UUCP
Newsgroups: sci.crypt
Subject: Re: Cheap more-or-less one-time-pads
Message-ID: <573@faline.bellcore.com>
Date: Mon, 11-May-87 03:00:21 EDT
Article-I.D.: faline.573
Posted: Mon May 11 03:00:21 1987
Date-Received: Thu, 14-May-87 02:09:45 EDT
References: <57@decvax.UUCP> <182@vianet.UUCP>
Organization: Bell Communications Research, Inc
Lines: 25
Keywords: DES
Summary: Commercial CDs make lousy one-time-pads

While custom-made CDs with random bits would make excellent one-time
pads, using commercially available music recordings would be a very bad
idea.  Even if you disregard the statistical attacks that would be
possible because of the high degree of correlation (non-randomness)
between samples on all music recordings (with the possible exception of
Billy and the Boingers), the system is not very secure. The effective
"key space" is well within range of a brute force attack.

Assume there are 20,000 titles available on CD (this is a guess).  If
each message is encrypted with the CD contents starting at the beginning
of the disk, then the effective "key" (ie., the title of the disk) is
less than 15 bits.  You could make the effective key longer by starting
at some random point on the disk and wrapping around back to your
starting point.  A typical CD has 60 minutes of music; this is 5
gigabits. Log2(5e9) is about 32, so you can add 32 bits to your key for
a total of 47 bits. You're better off sticking with DES for the time
being.

There is precedent for using audio recordings to hold one-time-pad keys.
The vocoder system developed for secure voice conversations between
Roosevelt and Churchill in WWII used audio recordings of the noise
generated by a mercury vapor rectifier. Two copies were made, the
originals destroyed, and the records sent to Washington and London.

Phil