One-Time Pad From Caltech Offers Uncrackable Cryptography 192
zrbyte writes "One-time pads are the holy grail of cryptography — they are impossible to crack, even in principle. However, the ability to copy electronic code makes one-time pads vulnerable to hackers. Now engineers at the California Institute of Technology in Pasadena, have found a way around this to create a system of cryptography that is invulnerable to electronic attack. Their solution is based on a special kind of one-time pad that generates a random key through the complexity of its physical structure, namely shining a light through a diffusive glass plate."
Is it new? (Score:4, Interesting)
Was it really used? Or am I hazily recalling some spy novel stuff from Irwin Wallace or Alistair MacLean and mistaking it for real history?
Re:Random is hard. (Score:5, Interesting)
I have heard of some that try to utilize some sort of seemingly random event that is naturally occurring. However even these can be modeled over time.
A good post, but I'm not sure you understand hardware based random number generation. At least one way to do it is have a small amount of radiactive material. Although it decays predictably in the long term (half life) it is random in the short term. By measuring the radioactive decay truly random numbers can be obtained.
Can you model this? Sure, but your model will either be a software based random number generator or it will be a hardware token. In either case it will *not* be the item in question at the time in question and will not allow you to determine what numbers were generated.
No system is foolproof, but all the interesting cracks in cryptography that I'm aware of come through side channels or demonstration that a method was not truly random. Human card shuffling is certainly not random -- not only is the process controlled by the shuffler, but there are distinct non-random patterns to it that allow stage magicians to take a stack decked that is shuffled and still produce the desired result.
I think my favorite side channel attack was picking up the attenuated signal from the unencrypted side of a cryptograpy machine -- the British didn't have to crack the encryption used by the French embassy, they just read the plain text!
OTP are sexy and cool because they provide unbreakable encryption. As long as they are generated correctly (truly random) and distributed without tampering or exposure. The first is hard enough, but distribution on any scale means that not all of them will be free of tampering and exposure.
Re:Nothing is impossible to crack... (Score:4, Interesting)
You are wrong.
The "one time" in "one time pad" means you never use a piece of key twice. The OTP needs to be as long (or longer than) the plaintext, and when you've used up your OTP, you need to get together and share a new one.
You can make an OTP last longer by compressing before encrypting, or by using OTP encyption to exchange temporary keys, to be used with other encryption methods.
Clearly you *could* re-use your OTP, perhaps starting from the beginning when you run out of bytes. But each time you do that you weaken your security.
Re:Not too long until an iceberg attack is reveale (Score:5, Interesting)