Animated Encryption

An anonymous reader submits: "Cartoons for fun and secrecy -- A student at the University of Dayton has apparently come up with an encryption scheme using computer generated animation. Story at the Chronicle of Higher Education."

Not Using Animation to encrypt

[nairnr]

Maybe it is just me, but I think the poster is a little bit confused. It is not that animation is being used in encryption, but rather he was inspired by the crowd scene in Hunchback, where the characters movements were essential being controlled by random numbers to create a lively and chaotic look to it.

The article then states that the thought was to use random data in an encryption algorythm to make it unbreakable. So I don't think that we will be seeing messages passed around the the next Disney flick...

Re:Scant on details

[SpatchMonkey]

Yep, here you go [cryptome.org]. She cracked it herself shortly after it was publicised, the method is detailed in the appendix.

Also here's a link [udayton.edu] to the press release this guy's university published on his work. Although, come to think of it, it looks quite familiar. Is this a repeated story?

Re:Computer != true randomness

[Antity]

How does he generate his randow numbers?

A computer can do pseudo randomness... but since it's not truly random there are ways to detect periodic repetitions and thus find the missing key to decrypt the message...

What you mean is probably: "Computers cannot generate true random numbers in software".

Germanium diodes are said to generate real random, chaotic electron flows if used in blocking direction.

One usually uses a Germanium diode, places an A/D converter past it and calls it "hardware random number generator".

That said, scientists still aren't sure whether there is such a thing like "true random numbers" at all. Create your own universe and maybe you will be able to predict any "random" number that beings within this universe try to create.

More Details - His Abstract

[Cryptosporidium]

This is a direct quote from his science fair project abstract:

The purpose of this project was to create unbreakable cryptography employing a random number generator for personal and business use on the Internet or for internal communications and data storage. A literature search found that currently used methods have computational security (DES, Public Key) and that only cryptography with "one-time pad" encryption and random keys has unconditional security. The hypothesis for this project was that unconditional cryptography is possible if the random number generator has perfect probability and is mathematically random. A wide range of random number generators (computer built-ins and from the literature) were tested for randomness, speed, range of seed numbers, simplicity, and period length. Randomness was tested for frequency patterns using the chi-square test method.

The best random number generator (from literature) was combined with a shift cipher to produce cryptography that is simple to implement, suitable for personal or networked computers, and has unconditional security. The method uses one time, random keys and modulus arithmetic to make the cipher one-way and unbreakable. Disks containing a large array coordinates of the seed used to generate the one-time, random key can be transmitted publicly. The developed cryptography would be suitable for personal use, business sensitive messages and data, and top-secret military communications.

Google?

[DaveHowe]

A quick websearch threw up the occasional highlight:

Jason finds way to recycle used oil [udayton.edu]
gives a more technical view [udayton.edu] of the current discovery (its a prng by the way)

Re:You're right, there's no reason for alternative

[NortWind]

Two problems with one-time pads:
1) Generating the pad initially, and
2) exchanging the pad.

1) Generating the one-time pad is easy with a hardware noise generator such as an avalanche diode. Marx [marx.com] makes a USB dongle that has a true white noise generator. Just pump the noise into a file, walla!

2) Exchanging pads is not needed, as the one-time pad can be used in a symetric scheme, just a simple XOR will do fine. You only have to transfer the pad one way. Unfortunately, that is a problem that has no good solution.

Snake Oil

[Jerf]

Assuming this abstract is complete and correct, then it provides us enough information to know that his encryption technique is more snake oil [interhack.net].

Specifically, we have the unbreakable claim [interhack.net] warning sign, and even more specifically, this is almost certainly one of the one -time pad [interhack.net] errors:

The bits in the pad cannot be generated by an algorithm or cipher. They must be truly random, using a real random source such as specialized hardware, radioactive decay timings, etc. Some snake oil vendors will try to dance around this issue, and talk about functions they perform on the bit stream, things they do with the bit stream vs. the plaintext, or something similar. But this still doesn't change the fact that anything that doesn't use

real random bits is not an OTP. The important part of an OTP is the source of the bits, not what one does with them.

There's also the technobabble [interhack.net], secret algorithms [interhack.net], and revolutionary breakthrough [interhack.net] warning signs.

I hope they enjoy the $20,000 patent, 'cause it's not worth the paper it's printed on.