Totally Random One Time Pads 265
liliafan writes "Scientists in Japan have come up with a way of harnessing a truly random datasource for generating one time encryption pads: Quasars. One time encryption pads are widely accepted as being the most secure form of encryption, but this new technology from the National Institute of Information and Communications Technology makes the pads even more secure."
Dupe (Score:5, Informative)
Re:Dupe (Score:5, Funny)
Re:Dupe (Score:5, Funny)
If you had read TFA, you would know they use Slashdot feeds as an entropy source for their one-time pads. They do report problems though, since during a recent test run they noticed 42% of their one-time pads were effectively equal...
Hack (Score:3, Interesting)
Re:Hack (Score:2)
Re:Hack (Score:3, Interesting)
Could one jam/interfer with it enough if they had a rough idea of when? Sounds MUCH easier than pegging the millisecond to inject yours.
Interfer enough so data is unusable, then they have to resend. Repeat as much as possible. Isn't having multiple versions of secret data floating around a bad thing?
Re:Hack (Score:2)
They'd have to find a way to avoid this themselves, since the sender and receiver will most likely be in different locations and might have to use different equipment.
Re:Dupe (Score:2)
Re:Dupe (Score:2)
Totally Random One Time Pads (Score:3, Funny)
Cool! But how do you move all your stuff from place to place?
wbs.
Hmm... (Score:4, Funny)
From what I hear, I'll probably be able to save on my heating bills too.
Re:Hmm... (Score:2)
Re:Hmm... (Score:3, Funny)
One Time Pads... (Score:5, Funny)
Re:One Time Pads... (Score:2)
-b
cracking this would be useful (Score:3, Interesting)
Re:cracking this would be useful (Score:2)
Thus, even though the data is random, it still isn't secure.
Yes, I know they want to add ciphers to it FTA, but that is snake oil on snake oil. And One time pads are very weak if the key isn't properly handled and generated.
Good
Re:cracking this would be useful (Score:2)
Re:cracking this would be useful (Score:3, Informative)
Old technology... (Score:2)
Re:Old technology... (Score:2)
Re:Old technology... (Score:2)
Re:Old technology... (Score:3, Funny)
Time to check the prescription on your reading glasses there Pops.
So what? (Score:4, Interesting)
Unless they've come up with an interesting way for two people in disparate locations to observe the same quasar and both independently observe the same random phenomena in a way which reliably and securely gives them access to the pad with no communication channel between them, this just isn't interesting.
-rsw
Re:So what? (Score:5, Informative)
The name of the quasar and time to start monitoring are the cryptographic keys. That doesn't sound like a lot of bits in the keyspace.
Re:So what? (Score:5, Informative)
Also, the keyspace is larger than you think... the article mentions that quasars have a very broad frequency spectrum. So, #quasars (that are visible to both) X monitoring-time-choices X monitoring-frequency-choices may result in a large-ish keyspace (or, at the very least, means that it may be physically extremely expensive to try to decrypt a message against all possible keys).
Do the keys narrow down the geographic space (Score:2)
Re:So what? (Score:2, Insightful)
Re:So what? (Score:2)
In other words, it makes it exceedingly difficult to brute-force, even for well-funded governments, so dedicated attackers will almost certainly use other
Re:So what? (Score:3, Insightful)
I start monitoring as many quasars as I can the moment I intercept the key message. That way, when I finally decode the key message I can also read the actual me
Re:So what? (Score:2)
Re:So what? (Score:2)
I don't get that. You could just record all quasars, then get a key and take a look into your archive and presto - there's the one-time pad of the other party. Right?
Re:So what? (Score:3, Insightful)
I actually thought that they were talking about using the data from quasars to generate one-time pads, which would then be distributed by conventional means. I didn't think they were actually proposing having two separate people observe the same quasar, to produce the "one-time" pad simultaneously. Unless you had a quasar that you knew nobody else knew about, and definitely wasn't monitoring, it seems like a pretty bad idea. Especially if the people you're trying to conceal information from
BUZZZ! Wrong! (Score:2, Interesting)
Re:So what? (Score:2, Informative)
Let's say the communicators choose the least secure method and publish the exact
Re:So what? (Score:2)
homer_ca wrote:
This was discussed the last time this article came 'round. You're right in your summary, but not in your assessment. The number of quasars, window of time to start monitoring, available bandwidth of random data from the quasars, etc., all make such attacks essentially impractical. Remember that shifting a one-time pad by even one bit renders the decrypt
Re:So what? (Score:2)
Re:So what? (Score:2)
Re:So what? (Score:2)
Re:So what? (Score:3, Insightful)
Worse, this scheme doesn't let you get forward secrecy. In a c
Re:So what? (Score:2)
Um, that was the article that pointed it out!
But in any case very insightful post with the key size estimate.
Lava Lamps (Score:2, Interesting)
http://www.lavarnd.org/ [lavarnd.org]
Re:Lava Lamps (Score:2)
http://en.wikipedia.org/wiki/Lavarand [wikipedia.org]
Xl6oUBY (Score:5, Funny)
Re:Xl6oUBY (Score:3, Insightful)
You forgot that the LcYxkN (who live in the disc, at a 90-degree angle from the jet of 3C273, and who escaped the blast) have developed faster-than-light communication.
Re:Xl6oUBY (Score:5, Funny)
Re:Xl6oUBY (Score:2)
not so sure about this (Score:4, Interesting)
or try them against encrypted data streams. A million quasars with 5000 possible frequencies each, wouldn't be that
much for a computer to churn thru. In a way, it almost seems like security thru obscurity.
Re:not so sure about this (Score:2)
Re:not so sure about this (Score:4, Insightful)
The point is how do you get those parameters to the other party secretly? This is the same problem as giving them a one-time pad generated any random way. I think the point is that you can get randomness but the previous problem will always exist.
Key stream rationing (Score:2)
Bruce Schneier's blog is having an interesting discussion about this. The key question that's floating to the top is exactly the one you zeroed in on.
What if there aren't enough radio telescopes in the world to tape all the quasars in the sky? In that case, the "quasar encryption" scheme may actually be workable. Then even an opponent with infinite computing resources is stuck. Eve the eavesd
Re:Key stream rationing (Score:2)
Actual advancement (Score:5, Insightful)
The interesting part of this article is the fact that quasars could be used as a natural source of randomness for one time pads, yet can be accessed by both parties simultaneously. The historical problem with one time pads (and the reason they're rarely used in practice) is that it's a huge pain to distibute sufficient random data to all parties involved in a communication. Being able to use a natural source of randomness that's available to everyone at once would be a major increase in the usability of one time pads.
Re:Actual advancement (Score:2)
Including Eve
Sorry inside Alice and Bob [wikipedia.org] encryption humor.
almost there (Score:2)
Re:almost there (Score:3, Informative)
Finally! (Score:5, Funny)
Wow, they finally managed to tap into my girlfriend's mood neurons?
Code already broken (Score:2)
They go by the name of "Mood Ring".
And so I broke the code of both your girlfriend *and* the quasars.
Next?
How is this secure? (Score:3, Insightful)
Re:How is this secure? (Score:2)
Re:How is this secure? (Score:2, Insightful)
Am I missing something? (Score:3, Insightful)
That's not randomness at all (Score:2, Interesting)
Re:That's not randomness at all (Score:4, Interesting)
It seems unlikely that it will become possible to predict the behavior of quasars as you suggest; we can't even accurately predict the weather on earth, which is a much smaller system than a quasar. For that matter, we can't predict the detailed behavior of a lava lamp, making that a reasonable source of random numbers (but patented!).
Re:That's not randomness at all (Score:2)
Not quite true: it's been proven that telling apart the bits output by a BBS PRNG from truly random bits is at least as difficult as integer factorisation. Of course, that's still better than most other PRNGs, and generally good enough.
Re:That's not randomness at all (Score:5, Informative)
There isn't any particularly better definition of randomness than "unpredicability".
That's true not just as a rule of thumb, but in a more formal sense as well. The word "random" is pretty hard to come up with a mathematically formal definition for, and "pretty hard" may mean "impossible" depending on your definition of "definition" (more on that later). To make things simple, let's just talk about sequences of ones and zeros. Take for example the sequence 01101110010111011110001001101010111100110111101111 ... Definitions of randomness from statistics and probability just require a potentially random sequence to have all possible subsequences of a given length appear with the same frequency. That is, 0 appears exactly as often as 1; 00 appears exactly as often as 01, 10, and 11; 000 as often as 001, 010, 011, 100, 101, 110, and 111; and so on. The sequence I gave above passes those tests with flying colors. But it's not random at all. I'll put some spaces in it, and you'll see the pattern: 0 1 10 11 100 101 110 111 1000 1001 1010 1011 1100 1101 1110 1111... It's simply counting in binary. The longer you extend the sequence, the better it does in statistical randomness tests--the first few dozen bits have a pretty strong bias for 1 over 0, but that ends up as noise in the long run.
The relatively young field of information theory introduces the concept of "algorithmic randomness." The randomness of a sequence of bits is defined to be the length of the shortest Universal Turing Machine program which ouputs that sequence. In pseudocode, our example sequence is output by the program:
let i = 0
while (true) do
output i
let i = i + 1
end while
That's a comically short program to generate an arbitrarily long sequence. So the example fails tests for algorithmic randomness miserably. The fun part is that the problem of finding the shortest UTM program to generate a given sequence is provably intractable. Thanks to the the Halting Problem [wolfram.com], you can't always tell if a given UTM program will halt or loop infinitely. All you could ever know is whether or not the program has output the desired sequence yet--if it's still running, it may do so eventually and then halt, it may output something else and then halt, or it may keep running forever. So algorithmic randomness plugs the holes in statistical randomness by trading an unreliably solvable problem for a reliably unsolvable one. You can't ever be sure a sequence is random, but you can sometimes be sure it isn't.
I got off on a bit of a tangent there about information theory, but my point is that algorithmic randomness captures what we mean by "random" much better than statistical randomness. And algorithmic randomness is just a mathematically formal way of saying "unpredictable."
Re:That's not randomness at all (Score:2)
You're not hungry, you just think you're hungry.
Seriously, given an accurate model of how it's generated, nothing is random. Randomness is totally subjective. Nothing is ever truly random.
Re:That's not randomness at all (Score:2)
--jeffk++
Re:That's not randomness at all (Score:2)
Obligatory alien plot comment (Score:2)
Oh, and "They've got our codes!"
Sigh. When will Earth ever learn?
Neat idea, not practical (Score:2)
Read. [random.org]
or IPKI (Score:3, Funny)
Coins (Score:2)
Just flip a coin.
This article and research is utterly useless and therefor logicaly patented.
Getting the OTP around is the hard part. (Score:2)
Re:Getting the OTP around is the hard part. (Score:2)
Re:Getting the OTP around is the hard part. (Score:2)
The advantage of this app
Why not use white noise? (Score:2)
If you need protection against willful interference, put a faraday cage around it, which is not hard at all to do using lithography.
An added advantage is that random bits can be generated by the billions per second, and is limited only by the sampling rate of the voltmeter.
Here's what's bad... (Score:2)
To be useful for communication, the data source needs to be observable by both the sender and the reciever. And if the spy on continent A is to be able to use it to send data to their employer on continent B, the wire would have to be span both continents, and have to be pretty conspicous to work...
Astronomical observations is a clever way to find a shared data source visible from anywhere on the planet.
Oh no. Not again. (Score:2, Insightful)
Time and time again, security breaks down because of the way people treat their keys, not because the encryption algorithm is week.
With a one time pad, you need to keep a copy of the pad with everyone who wants access to the data. Compare that to Public Key Crypto where you can keep your private key in one secure spot and distribute your public key widely.
Or how about session keys (Diffie
Re:Oh no. Not again. (Score:2)
Not really - all you need is two one-time pads. One to send, and one to receive.
The intent of One-time pads is to prevent the decoding of the message when it is intercepted. Once it reaches the destination, you can decrypt the message into a usable format and use your own security system that could be cracked more easily (but requires having better access). It is not intended to be a mass dissemmination sy
A common use for OTPs - Numbers Stations (Score:3, Informative)
In order for an intelligence agency to communicate with an asset overseas, spy agencies must often use methods of communication that cannot be easily traced (duh). Passing a message along via e-mail, phone, or a one-to-one meeting can easily be tracked, creating lots of problems for everyone in the loop.
Therefore, many intelligence agencies did (and still) use OTPs and "Numbers Stations" - shortwave radio stations that blast out a seemingly senseless series of numbers at regular intervals and frequencies. This method gets messages and instructions to your assets without betraying who the recipient of the message is.
The beauty is that the asset only needs a cheap, readily available shortwave radio and a OTP, which can be concealed in virtually anything (some were created that could even be affixed to the back of stamps, others were hidden in toothpaste tubes, etc. The agent then responds with a seemingly inocuous method, a "wrong number code", a mark on a wall near where an intelligence officer drives, etc.
The problem, of course, rests in getting OTPs to the asset and ensuring they aren't compromised. But, assuming they are passed and handled securely, there's no problem at all.
More information on Wikipedia [wikipedia.org]
Re:A common use for OTPs - Numbers Stations (Score:2)
Future communications (Score:2)
Keyspace (Score:3, Informative)
The fundimental problem is that the data is not fully random -- it is mostly deterministic based on the key of what quasar, what frequency and bandwidth, and what time. So an outside person could recover the plaintext by obtaining the observable behavior and trying all keys, or if the outside person could somehow obtain the key.
This is a very similar situation to a "good" pseudorandom number generator. You can transmit the seed for the pseudorandom number generator and generate a one-time pad from the pseudorandom number generator. I guess the difference is that quasar behavior is not observable after the fact, but if it is feasable for the data to be logged then they reduce to similar solutions: find all the pads within the keyspace, xor with the cipher text, and watch for the entropy to drop or visibility of known plaintext.
Re:Keyspace (Score:2)
I suppose you're right, if by "relatively few" you mean "200,000 and counting".
Not so secure... (Score:2, Insightful)
Re:Not so secure... (Score:2)
Deep man. Deep.
Spiffy, but not news (Score:5, Informative)
Nothing to see here, folks; move along.
I can just imagine a secret agent... (Score:2)
I think this should get some kind of award for dumbest invention ever.
Re:No. You get dumbest post ever. (Score:2)
most what? (Score:3, Informative)
"One time encryption pads are widely accepted as being the most secure form of encryption..."
Only for very limited definitions of secure. You have to produce the pads. You have to distribute the pads. You have to synchronize the pads. You have to dispose of the pads. All these steps are tedious and error-prone, and a chink in any of them destroys your supposed "perfect" security.
Now if you said "OTP are the most algorithmically secure pads under ideal conditions", then I'd buy it. Otherwise, there's a reason only well-funded governments use these things. Ask the Soviets how well it worked for them.
Quasars? (Score:2)
I have a better idea... (Score:2)
Eh... (Score:2)
wow (Score:2)
one would think there are plenty of other random noise sources, but hey, why not go for the most exotic possible source imaginable?
sounds weak to me (Score:2)
Slight Problem (Score:2)
Seems doomed (Score:3, Insightful)
#6 ... (Score:3, Informative)
Re:One time pads are _NOT_ secure, asswit (Score:2)
1. One time pads must be random. Not "random enough", but random.
2. Do not re-use one time pads. Ever.
3. Since both parties that want to communicate are going to need the same one-time pad, that one-time pad must be shared securely.
#3 is probably what Lord Bitman is refering to when he says "One time pads are one of the least secure methods of secure communication." This is a problem with many forms of encryption called the key tra