Forgot your password?
typodupeerror
Encryption Communications Security IT

The Clock Is Ticking On Encryption 228

Posted by timothy
from the promise-that-keeps-on-giving dept.
CWmike writes "In the indictment that led to the expulsion of ten Russian spies from the US in the summer of 2010, the FBI said that it gained access to their communications after surreptitiously entering one of the spies' homes, during which agents found a piece of paper with a 27-character password. The FBI had found it more productive to burglarize a house than to crack a 216-bit code, despite having the computational resources of the US government behind it, writes Lamont Wood. That's because modern cryptography, when used correctly, is rock solid. Cracking an encrypted message can require time frames that dwarf the age of the universe. That's the case today. 'The entire commercial world runs off the assumption that encryption is rock solid and is not breakable,' says Joe Moorcones, vice president of information security firm SafeNet. But within the foreseeable future, cracking those same codes could become trivial, thanks to quantum computing."
This discussion has been archived. No new comments can be posted.

The Clock Is Ticking On Encryption

Comments Filter:
  • by Anonymous Coward

    The FBI had found it more productive to burglarize a house...

    That kind of behavior, burglarizing houses, committing a crime to stop other crimes, is destructive to the rest of the nation. There are mistakes. There are agents who use their power to cause trouble. There are many other negative consequences, such as the FBI agents acting to support their personal ideas of political action, which has happened numerous times in the past.

    • by Black Parrot (19622) on Saturday December 18, 2010 @09:43AM (#34599016)

      That kind of behavior, burglarizing houses, committing a crime to stop other crimes, is destructive to the rest of the nation.

      I don't find it such a bad thing, if they have a warrant from a non-corrupt judicial system.

      You can hardly say fighting espionage is inherently corrupt.

      • by Jawnn (445279)

        That kind of behavior, burglarizing houses, committing a crime to stop other crimes, is destructive to the rest of the nation.

        I don't find it such a bad thing, if they have a warrant from a non-corrupt judicial system.

        You can hardly say fighting espionage is inherently corrupt.

        True enough, but a government that increasingly finds it necessary to hide it's actions in that arena from even the tacit judicial oversight now in place deserves every bit of the suspicion it suffers, and then some. History has (or should have) taught us well that the excuse that "we're protecting you from " is almost always a sign of bad things to come.

    • by elucido (870205) * on Saturday December 18, 2010 @11:27AM (#34599614)

      And they'll break any law to accomplish the mission. The FBI has murderers and serial killers who are confidential informants. They also have thieves who are confidential informants.

      It's a surprise to me that some Russian spies who you'd expect would be trained to deal with counter intelligence would be so careless.

    • To burglarize a house is to turn the house into a burglar - I don't think that's what the FBI did, whatever they said they did.

      I'm willing to believe the house was burgled - that seems more usual nefarious behaviour --- yes - a word with all the vowels in

      • The English word is burgle. The American word is burglarize. It's one of the more amusing Americanisms, but it is valid American.
    • And loves to editorialize shit to try and spin things. Burglary is illegally entering someone's house for the purpose of theft. Now the important part there is "illegally" and also what the intent is. If I enter your house, because you gave me a key and want me to watch you cat, that is legal. Well guess what? It is also legal for the police to search your house, if they get a warrant which the FBI did. Further they can get warrants for surveillance of various types like tapping your phones or planting bugs

    • by ScentCone (795499)
      burglarizing houses

      Counter-espionage actions against foreigners who you know to be spies working for another country ain't the same as burglary. Of course you know that, you trolling twit.
  • by Anonymous Coward on Saturday December 18, 2010 @09:30AM (#34598970)

    Many of us have known it for a long time, but more and more people are waking up to the fact that "cloud computing" is a sham. It's basically 1970s-era mainframe computing revived and renamed, with a layer after layer of marketing bullshit layered on. It has all of the same drawbacks as mainframe computing plus some, and often without many of the benefits.

    "Quantum computing" risks becoming the next such mania. Soon enough, some marketing dipshits will come along and relabel some lousy existing technology as "quantum computing" (even when it absolutely isn't). This will get the press going, and soon the buzz will be overwhelming. Every manufacturer will be hard at work putting "Quantum Powered" stickers on the hardware they sell, and all sorts of software providers will be labeling their software as "quantum-compatible".

    If it's anything like cloud computing has been, it'll just be a waste of time and money.

    • by Joce640k (829181)

      Yep. There's a *very* limited set of tasks that quantum computing can be used for. Factoring numbers just happens to be one of them, that's why it's always dragged out in articles about quantum computing.

      To be more specific, a problem needs these properties for a quantum computer to be useful:

      1. The only way to solve it is to guess answers repeatedly and check them,
      2. There are n possible answers to check,
      3. Every possible answer takes the same amount of time to check, and
      4.

  • Quite right (Score:5, Insightful)

    by AaxelB (1034884) on Saturday December 18, 2010 @09:31AM (#34598974)
    Yeah, that's true.

    Wait, who didn't know this already? The title is misleading, but the fact that quantum computing breaks RSA is pretty standard knowledge (among people who have heard of quantum computing at all, I guess). Of course, there are other encryption schemes that seem to work just fine (e.g. Elliptic curve cryptography) with quantum computing, and there's not much evidence that algorithms other than RSA are broken. Note: factoring isn't NP-complete! So far there's no reason to believe it's not an "easy" problem, except that we haven't figured out how to do it. More intersetingly, there's a lot of research being done on quantum cryptography [wikipedia.org], which is really quite cool. In total, quantum computing should probably give us more security than it breaks, except for the idiots who keep using outdated algorithms long after they're broken, but they'd be screwed anyway.

    So, the sky is falling! Oh wait, no, that's just the weather changing.
    • but the fact that quantum computing breaks RSA is pretty standard knowledge (among people who have heard of quantum computing)

      Yep - and given how well it's currently working, you're screwed if you're using 4-bit RSA (to steal a famous quote from Schneier).

      We've been hearing this story for long enough that the 'quantum computing breaks crypto' crowd ought to stop broadcasting that claim until they can break keys of arbitrary length.

      • It's important for some people. No encryption is unbreakable, when you encrypt you always have to decide how long the information needs to be secret for. It may not still be the case (computing power is a lot cheaper now), but fighter aircraft used to use very weak encryption for their communications, because it was only important that it remain uncracked by a determined adversary for a few hours and adding more latency was more dangerous than someone learning what you said a couple of hours ago. In cont

    • A minor nit: any "hard" problem that's harder one way than the other will ultimately be attackable via quantum methods. This is true for almost any public key system including ECC. There hasn't been as much work quantum vs ECC, but only because ECC is pretty cutting edge.

      the source of all human knowledge [wikipedia.org] has a couple links to research on the topic.

      It is certainly the case that you can overcome quantum attacks by using quantum crypto, but that's going to be a problem for people who have less money t

      • by AaxelB (1034884)

        A minor nit: any "hard" problem that's harder one way than the other will ultimately be attackable via quantum methods.

        Can you point me toward more information on this? I haven't heard anything like that before -- all arguments I've seen that say quantum computing breaks cryptographic schemes are just based on Shor's algorithm, which I didn't think had such broad implications. (I didn't know it breaks ECC, too.)

    • I knew it, yet I didn't know it.
    • Obviously you didn't RTFA, which states EC cryptography is just as easily breakable via quantum computation (moreso, in fact, than RSA). The upshot: use QKD to transmit the key, then rely on classical encryption schemes (e.g. AES) for the message (for which QKD is nearly useless). Actually, it sounds perfect since QKD is generally considered unbreakable. Then again, computing power increases so quickly that I doubt AES will be secure for long.

      wow, I actually learned something FTFA.

      • by AaxelB (1034884)
        Yeah, I didn't know about ECC also being vulnerable (I learned something, too!). The problem with using QKD is that it requires all involved parties to be on a network of quantum computers. The biggest danger I see is when a few people (like the NSA) have quantum computers, but no one else does. If there aren't classical public-key schemes that can stand up to quantum computing, then security as we know it is basically broken, and anyone who wants a real guarantee of privacy will have to resort to one-time
        • by wagnerrp (1305589)
          No. The problem with using QKD is that it requires all involved parties to be able to exchange entangled particles. You can't do that on a switched network. You MUST have direct fiber optic links for it to work.
          • by AaxelB (1034884)
            That reinforces my point, though :)

            If they get quantum computers to work at a useful scale, they'll be near useless for communication (both because they're so expensive and because of the networking problems you mentioned), but will be great for breaking all the encryption that everyone else uses around the world. In short, we need a classical cryptography scheme that's still secure with quantum computing.
        • Yes, this is definitely a valid point. However, QKD is right now at a level pretty far past quantum computation, so maybe there's hope that QKD will be widespread enough for normal users before quantum computation reaches the point where it can break heavy RSA encryption. I envision some sort of routing hub that can accept keys via QKD which then passes it securely to the client.

          However, if QKD can't be managed for long distances (that is, if we don't find a good way to send it over long distances OR if we

      • by arose (644256)
        Or a one time pad. You don't need to each have a hard drive full of random bits to periodically exchange AES keys.
    • The title is misleading, but the fact that quantum computing breaks RSA is pretty standard knowledge

      Yeah, but even if they knew it was RSA, breaking into a house is still easier [xkcd.com] than running a quantum computer. The FBI is pretty expert in this type of crime.

      This operation was probably cheaper and took less time than getting access to the box at Fort Meade.

  • by lxs (131946) on Saturday December 18, 2010 @09:32AM (#34598976)

    I rely on magic pixie dust found on top of the space elevator. It's easier to get than a useful quantum computer and will be for quite some time.

    • I rely on magic pixie dust found on top of the space elevator. It's easier to get than a useful quantum computer and will be for quite some time.

      And if you do get cracked, you just snort some of the dust and then you don't care anyway.

    • Right. And 640K should be enough for anyone too, right?

      Qubits have already been demonstrated with great coherence times and we're now making great advances in fabrication so they can be scaled up to thousands of qubits and well beyond. There's no reason to believe that we won't have quantum machines with computational power meeting (if not exceeding, by a large margin) today's classical machines within a generation. Then again, if you refuse to seriously consider any technological innovation that takes more

  • CWMike (Score:5, Informative)

    by pjt33 (739471) on Saturday December 18, 2010 @09:34AM (#34598984)

    Anyone prepared to take a bet that the CW of CWMike stands for ComputerWorld, and this is a blatant attempt to drive traffic towards an article he either wrote or published?

    • Re:CWMike (Score:5, Informative)

      by beakerMeep (716990) on Saturday December 18, 2010 @10:08AM (#34599132)

      Pretty obvious really -- CWMike along with Julie188 have been plaguing Slashdot with this InfoWorld/ComputerWorld tripe for years. The articles are almost always either sensationalism (magic future computing may crack your password, clock is ticking!) or trolling flamebait (is [insert favorite mobile OS] dangerous?). It's bullshit blogspam and Slashdot can do better. I just wish they cared a bit more about weeding out this kind of stuff.

    • Who cares? If it's interesting, it's interesting. In this case it's not really very interesting, but I don't see a point in attaching a stigma because of the submitter. It's not like it's possible for the editors to pay any less attention to the submissions to let something slide!
  • Basically, quantum computers could do magic on encryption, probably, in the future, possibly in 20 years?

    Also possible: flying cars, cold fusion and immortality.

  • It is checking the guessed key is right that is the problem.
    Say I take my credit card 4111 1111 1111 1111 and encrypt it with a numeric Caesar cypher, it turns out the encryption is bad but close 90% of the keys you brute force will give you what appears to be a valid answer (assuming mod 10 and 3/4/5 on the 1st digit checks only). If you take the same number with spaces and a EOL and used export grade DES you can try 2^40 keys but only a fraction will result what looks like a credit card number. If you u

    • by jimicus (737525) on Saturday December 18, 2010 @10:27AM (#34599228)

      Thing is, much of the time you can be pretty sure that a particular string of plaintext will appear at least somewhere in the decrypted result.

      In the case of your credit card number, for example, there's a few things we can do to eliminate most of the apparently valid numbers:

      • Mastercard and Visa both allocate the first four digits of card numbers to individual banks. These blocks don't overlap between card types - there's no such thing as a Mastercard that begins with 4547, for instance. If I know where you live, I can take a reasonable guess that your card was issued by a bank in your country and immediately rule out any numbers that weren't allocated to a bank in your country.
      • Banks frequently use a predictable pattern to fill the rest of the card number, such as account number (which may itself have a check digit, so you essentially wind up with two check digits in the card number). If you know what patterns the banks in your country use, you can cut down the potential matches further.
      • Beyond this, we probably need insider knowledge of the banks own processes - what numbers have/have not been allocated yet? Can we figure out from the card number when the associated account was opened? - if you're 25 years old, it's unlikely you'll have a number indicating a 30 year old account.
    • I wrote a proof-of-concept cracker for WEP that ran into a similar situation: It found a lot of keys that appeared to give valid, checksum-good packets. So I just modified it to require that every one in a series of packets all came out good, and that did it. Still too slow to be practical though... could break 40bit, eventually, if someone were to optimise it.
  • by vadim_t (324782) on Saturday December 18, 2010 @09:52AM (#34599068) Homepage

    People generally mention that quantum computing will spell the doom for current crypto, but from what I read on different sites, it seems that it's not exactly that. So I would really appreciate if somebody could clarify it. For instance, on Wikipedia there is this:

    Integer factorization is believed to be computationally infeasible with an ordinary computer for large integers if they are the product of few prime numbers (e.g., products of two 300-digit primes).[5] By comparison, a quantum computer could efficiently solve this problem using Shor's algorithm to find its factors. This ability would allow a quantum computer to decrypt many of the cryptographic systems in use today, in the sense that there would be a polynomial time (in the number of digits of the integer) algorithm for solving the problem.

    It has been proven that applying Grover's algorithm to break a symmetric (secret key) algorithm by brute force requires roughly 2n/2 invocations of the underlying cryptographic algorithm, compared with roughly 2n in the classical case,[10] meaning that symmetric key lengths are effectively halved: AES-256 would have the same security against an attack using Grover's algorithm that AES-128 has against classical brute-force search

    So, the problem is only for public key crypto, and for AES we just switch to 512 bit keys and no problem? Also if quantum computers don't do all that great against AES, wouldn't be it just a problem of finding somethinig else they have trouble with that could be used for public key crypto?

    • Not exactly (Score:4, Interesting)

      by betterunixthanunix (980855) on Saturday December 18, 2010 @10:18AM (#34599166)
      For one, AES is designed to have fixed key sizes, so "just switching to 512 bits" is not as trivial as you may think. Also, not all public key cryptosystems are based on the RSA problem.

      Quantum computers can factor the product of two prime numbers in polynomial time, so RSA would be broken. A modification of that algorithm allows certain cases of the discrete logarithm problem to be solved efficiently as well, so DH and ElGamal would be broken also. Luckily, quantum computers are not yet known to be able to solve NP complete problems in polynomial time, so cryptosystems based on NP complete problems (Polly Cracker systems, for example) would still be secure assuming that P != NP. There are also hard lattice problems which quantum computers are not known to be more efficient at solving, which can be used to construct cryptosystems, and there was an early public key cryptosystem based on a group theoretic problem which is known to be secure against quantum computing.

      So basically, quantum computing is not really a problem at all, at least not in a theoretical sense. It throws a bit of a wrench into some standard hardness assumptions, but nothing too bad.
      • by Nursie (632944)

        "For one, AES is designed to have fixed key sizes, so "just switching to 512 bits" is not as trivial as you may think."

        Err, no. AES was based on a simplification of Rijndael, which was designed for arbitrary key lengths. It should be fairly easy to adapt the AES algorithm to longer keys.

        Maybe not trivial, but likely not that hard.

        • That is true, but the point is that it is non-trivial. Already, AES256 (well, a reduced number of rounds) is known to be vulnerable to related key attacks that AES128 is not vulnerable to. It might not be terribly hard to get Rijndael to work for arbitrary key sizes, but there is no guarantee or reason to believe that a 512 bit Rijndael would actually be more secure than 256 bit Rijndael (or that it would not be less secure, though this is not likely). Rijndael is not a provably secure cipher, so claimin
    • by pwilli (1102893)
      Encryptions that rely on the difficulty large integer factorization like RSA are indeed "doomed", because Shor's algorithm will be able to do that in polynomial time. This is a very rare exception. You can literally count the number of quantum algorithms known which can reduce the complexity class of such interesting problems with your fingers. Simply choosing an encryption method that doesn't rely on the difficulty of large integer factorization or one of the other in the "quantum age" no-longer-difficult
    • The practice of quantum computing makes it quite doubtful that they will be any better than classical attacks for the foreseeable future. The problem is that quantum computers have exponential complexity in *construction*. A 2n qbit machine needs much more than just 2x the qbit, but also better decoherence times and much higher fidelity on the quantum to classical output channel (it gets harder to "read" the answer).

      To make matters worse. A n bit quantum computer cannot simulate a (n+1) bit quantum compu
    • by dachshund (300733) on Saturday December 18, 2010 @05:32PM (#34602424)

      So, the problem is only for public key crypto, and for AES we just switch to 512 bit keys and no problem?

      Not necessarily. At present we know of a small number of quantum algorithms for problems such as factorization and database search. There are some brilliant theorists working on these things, but the total amount of (wo)manpower being applied to these problems is constrained by the fact that we don't really have any quantum computers to use this stuff with. A consequence of this is that there are vastly more problems for which we don't have a quantum algorithm than those for which we do.

      This has led to a lot of interest in 'post-quantum cryptography' and flood of research papers proposing new public-key cryptosystems based on mathematical problems we don't know how to solve with quantum computers. Another poster mentioned the McEliece cryptosystem, which is based on problems in coding theory. That's a little bit old-school. The new hotness is lattice problems [wikipedia.org] --- go to any top academic crypto conference and you'll see a bunch of papers using these. If you're really interested in this stuff, here's a pretty good intro to a book on the subject of post-quantum crypto [pqcrypto.org].

      However, all this talk is good for researchers in non-standard areas, but it shouldn't lead anyone to be overconfident that these problems will stay resistant to quantum solutions. You can more or less bank on there being some future 'golden age of quantum computing theory' which should take off right about the same time useful quantum computers become available. Predictably, the problems that receive the most attention will be the ones most widely used at the time --- including the ones underlying the most widely used cryptosystems.

      The one other thing I should mention is that there's a big difference between finding quantum algorithms for fundamental problems such as database search (Grover's algorithm) or number theoretic problems (Shor's algorithm) and finding quantum algorithms for extremely complex specialized systems like AES. Finding an algorithm that solves a major number theory problem is a big contribution --- if you break a particular cryptosystem, people will just shift away from it eventually and your work will become a footnote. Simultaneously, developing an algorithm that attacks AES is enormously harder using the relatively primitive techniques we currently have. So while right now our best approach to breaking symmetric algorithms is to use generic tools like Grover's algorithm, that's not aways guaranteed to be the case.

      Of course, crypto's important to us and the chance for a quantum-resistant cryptosystem is better than none at all, so this is still useful work. If you care about your crypto you need to this stuff it all with a little grain of salt, and hope that QCs are far in the future.

    • by LainTouko (926420)
      Even switching to 512-bit keys is probably an overreaction. AES keys go up to 256-bit mostly to provide safety against these theoretical quantum attacks. Federal standards are only now trying to phase 80-bit equivalent algorithms out of new products, (even though they're still a long way away from being breakable), and while AES-128 isn't considered good enough to protect top secret information, only secret, AES-192 is considered fine for top secret info. Excluding AES-128 is generally seen as an insurance
  • The silver lining (Score:4, Insightful)

    by petes_PoV (912422) on Saturday December 18, 2010 @09:53AM (#34599072)

    But within the foreseeable future, cracking those same codes could become trivial, thanks to quantum computing

    At least the number of burglaries will go down

  • Cryptography, eh? (Score:4, Insightful)

    by Jahava (946858) on Saturday December 18, 2010 @10:00AM (#34599090)

    Quantum computing could break known asymmetric cyphers, not symmetric. I'm not aware of any quantum solution to breaking any modern popular symmetric algorithms.

    1. If the 27-character password that they used protected an asymmetric key, then the FBI had to break into their house to recover more than the 216-bit password ... they had to recover the password and the encrypted key that it protected.
    2. If, on the other hand, the 27-character password generated a symmetric key, then the entire discussion of quantum computing is irrelevant.

    Also worth mentioning is that there's really no way the FBI could have known exactly what they'd find. They broke into a home and recovered lots of information, one piece of which proved useful to decrypting messages. If they hadn't found that, who knows what they would have done? Point is don't lower your guard yet - this isn't proof that encryption is rock solid so much as evidence in that direction.

    In the end, let's assume unbreakable encryption is readily available. The weakness is in the human factor, since (ultimately) humans have to, at some point, interact with that encryption for it to contain useful information. Looking at the direction England and other countries are going, a government's solution isn't to invest in supercomputers to attack the cryptography; it's to create a set of laws criminalizing a failure to decrypt. Such a failure would be penalized by as much (or more, given the absurd magnitude of criminal damages associated with most modern electronic-targeting laws) as the charges against you for which the cyphertext is relevant. Your information could be protected until the end of the universe while your corpse rots away for some form of electronic obstruction of justice.

    There is a pervasive attitude of "If you have done nothing wrong, you have nothing to hide" that seems to be driving a lot of the thrust behind modern laws and solutions. A jury could be (and has been) biased against you just for possession of encrypted material. Why would a legitimate person need to encrypt their documents? Why wouldn't they decrypt them for authorities? "Because they're mine, not yours, and not the government's" isn't something a lot of people sympathize with. I suppose the point I'm trying to make is, while progress on the cryptographic front to stay ahead of authorities (and "bad guys", and the intersection of the two) is critical, it's also critical to enforce a right to innocently encrypt data in the first place.

    But sorry to be predominantly negative - overall, a great article that exposes the world of cryptography (and its importance) in terms a layman could understand.

  • Is really just part of the feds useful toolkit.
    They can look for extra CC's, books, address books, rolodex, business card, photos get noted, hobbies, signs of other crimes..
    When they walk out they may have a pw and a whole new area area of inquiries.
    But think back to the foreseeable past, most of what was sold on the commercial/telco and NATO market has been weakened in someway. Tempest leaks or design flaws allowed dreamy Enigma like plaintext decrypting or plaintext entry to be collected.
    http://cry [cryptome.org]
  • First, there are such things as quantum-computer resistant encryption algorithms. They are not in current usage but it is possible to do.
    Second, there are more and more people who suspect that quantum computers may be a pipe dream : http://arstechnica.com/science/news/2010/06/magic-quantum-wand-does-not-vanish-hard-maths.ars [arstechnica.com]
    It has been a good way to make people invest in fundamental research though ;-)
  • It's not your complex 27 character password that's the problem, it's the 8 bit, John the Ripper-rapeable password of the person you email that's the problem.

    • by JamesP (688957)

      No, the problem is

      The 27 letter password should have been memorizable

      If IT Morons insist in a too complex password that changes all the time
      then noting it down is the only way to keep access to the system.

      Remember that if the password changes FBI will just break in again and see the note

      Relative complex passwords that are easly memorizable are better.

  • What in the HELL is the point of a 27-character password if you're going to write it down?

    People can go so egregiously far off the deep end to protect their security and then make the most basic of mistakes. A password of half that length with a decent encryption process would be nearly inconceivable to break in any practical length of time.

    • by isorox (205688)

      What in the HELL is the point of a 27-character password if you're going to write it down?

      People that haven't been taught to remember a phrase rather than a password.

      On complex password I have for example, is 30 characters long -- 3 orders of magnitude stronger than a 128bit phrase, even if you knew it was entirely lowercase.

      Then you get stupid password systems which state your password must be "at least 6 letters, including 1 upper case and 1 number", about 38 bits. Or even worse "between 6 and 8 character

      • Re:*slaps head* (Score:4, Insightful)

        by Waffle Iron (339739) on Saturday December 18, 2010 @11:55AM (#34599852)

        Then you get stupid password systems which state your password must be "at least 6 letters, including 1 upper case and 1 number", about 38 bits. Or even worse "between 6 and 8 characters".

        Those systems are generally not trying to protect against people with direct access to the encrypted data files. Instead, they are *login* passwords for systems where attackers do not have direct access to the protected data.

        In principle, each of those systems should detect repeat login failures and delay or deny further attempts. In that case, the attacker doesn't get to try countless thousands of guesses. Security holes are very common in those types of systems, but it's not necessarily just because the password is 8 characters long.

  • Now they just need to recruit spies that can remember 27 character passwords without writing them down.
  • One-time pad encryption doesn't care how much compute power, quantum or otherwise, you throw at it. If you don't have the key, you don't have the message. Period.

    I've sometimes thought it would be fun to hook something really random (like a geiger counter) up to my computer, generate a DVD full of really random encryption keys, send a copy to my Mom, and we could send email that even the NSA couldn't read.

    ...laura

    • The other nice thing about OTP is that for a given encrypted message, you can create an OTP that produces any message you want.

      So, for example, if the message gets intercepted and the NSA demands you produce the OTP key, you can provide one that decrypts the message into a recipe for cranberry muffins.

    • by cpghost (719344)

      I've sometimes thought it would be fun to hook something really random (like a geiger counter) up to my computer, generate a DVD full of really random encryption keys, send a copy to my Mom, and we could send email that even the NSA couldn't read.

      And what if the NSA intercepts the one-time pad DVD before it gets to your Mom?

  • Given a pair of needle nosed pliers and some soft body parts.

No user-servicable parts inside. Refer to qualified service personnel.

Working...