This forum is in permanent archive mode. Our new active community can be found here.

Geeknights 070326 - Encryption

RymRym
edited March 2007 in Technology

Tonight on GeekNights, we explain the basics of encryption. In the news, Hans Reiser pleads "not guilty," and Apple TV.

Scott's Thing - How do you prove photography to a blind man?
Rym's Thing - Chicken Police

Comments

  • Lotte's Koala's March is sort of icky but I love love love Meiji's Kinoko no Yama cookies (Mountain Mushrooms). Their Takenoko No Sato (Bamboo Shoot) is ok but I love the Mountain Mushrooms! >.<

    My friends and I used to go Elizabeth Center in Chinatown (cool place to get fansubbed anime, models such as Gundam, imported video games, and other trinkets) often when I was in h.s. and about a block or so away, there were two great Japanese snack places. Everyone should try Dorayaki. It is two small pancakes (well size varies but I like the medium to small sized ones) usually with red bean paste in the middle and it tastes scrumptious!

    Has anyone ever heard of Doraemon?
  • Has anyone ever heard of Doraemon?
    Who hasn't?
  • Encrypted signatures on artwork sounds like a really awesome idea. Are there sites out there that can show me how to do this?
  • edited March 2007
    I love Koalas. I used to get them at this little market that my friend's dad owned when I was a little kid. I think an episode on Japanese snacks is in order.

    I read a most excellent book on the history of codes and computer encryption, along with guides on code breaking. The Code Book by Simon Singh. I highly recommend.

    Stay away from a site called Skeptiko. It's a podcast by "true believers" pretending to be skeptical.
    Post edited by Sail on

  • Stay away from a site calledSkeptiko. It's a podcast by "true believers" pretending to be skeptical.
    We were talking about a blog called Skeptico, not the podcast Skeptiko.
  • I really liked Scott's "Thing of the Day". Great analogy and honestly waaaaaay better than Rym's crappy Chicken Police... You should have posted "Spiders on Drugs". Highly educational and extremely hilarious.
  • edited March 2007
    Here's a stab at the photography thing:

    It's probably hard to find a blind person who doesn't know that there are sighted people and that they can see things by light reflected by the things, refracted through lenses, and all other sorts of light tomfoolery. It's also probably hard to find a blind person who doesn't know that there are things called paintings and that they can be representations of things sighted people see. Now, if the person knows some chemistry, couldn't you explain to the person: Imagine I prepare a silver oxide emulsion. If I expose it to the light I see by in a certain way, I can produce painting like copies of things I see in the emulsion.

    Speaking of blind people, I saw a blind person walking down the street the other day. She had a seeing eye dog and it looked like she had a couple of those cane things. When I got closer to her, I saw that, instead of the things being canes, they were fencing epees! I won't be going to that fencing club.
    Post edited by HungryJoe on
  • edited March 2007
    Stay away from a site calledSkeptiko. It's a podcast by "true believers" pretending to be skeptical.
    We were talking about a blog called Skeptico, not the podcast Skeptiko.
    I know. The mention of "Skeptico" reminded me of "Skeptiko", so I differentiated the two to avoid confusion.
    Post edited by Sail on
  • edited March 2007
    Ok. Say I created a Pad encryption for a message I was going to send to Scott. How is he going to get the pad decrypter? Is the only way writing it down and giving it to him? Then how would it be effective for computer use? Secondly, if I was just going to use an asymmetric key encryption to send the the Pad data to the receiving party, then why deal with the Pad at all?

    Lastly, and I may be mistaken about this one, isn't it impossible to create a true random number on a computer? Since computers are finite state machines, it is literally impossible to create random numbers from a program. Many systems use the real time clock of the system to create a random number, but it is a pseudo-random number. Doing a little more research, I noticed /dev/random on Unix based systems can produce a higher-quality number, enough for a Pad encryption, but it is still not completely random. I make this point because if a number is not truly random, when we do create a quantum computer, like you said, it may be trivial for it to decrypt a pseudo-random number in a Pad encryption.
    Post edited by Andrew on
  • @WaterIsPoison

    We will likely answer these in more detail briefly on the next Monday night show (for the benefit of non-forum listeners).

    Suffice to say, the fact that one-time-pads must be shared ahead of time is the primary limitation of them: you can't have ad hoc communication. For a computer pad, you'd have to use a physically secure channel, as opposed to a cryptographically secure channel. These can include tamper-proof fiber links, burned CDs, flash drives, etc...
    Then how would it be effective for computer use?
    Simple. If there's someone with whom you'll be engaging in extremely sensitive conversations, you arrange to each hold a shared copy of the pad ahead of time. Then, later, when the communication must happen, you're already in possession of a perfectly secure channel. Use normal encryption for most conversations, but keep the pad around for the critical moment.
    if I was just going to use an asymmetric key encryption to send the the Pad data to the receiving party, then why deal with the Pad at all?
    Just don't send the pad over a non-physically-secure link. You're right in that it most definitely defeats the purpose.

    One time pads are perfect, but they require diligence, planning, and forethought.
    Lastly, and I may be mistaken about this one, isn't it impossible to create atruerandom number on a computer?
    Numbers that are truly or effectively random are not terribly difficult to generate, and even non-truly-random streams provide a great deal of security. Some computers in sensitive places use hardware random number generators that so such interesting things as measure minute thermal flux or collisions from cosmic rays. The processes behind /dev/random in Linux (not to be confused with /dev/urandom, which can provide much lower-quality entropy in much greater quantity) are very often random enough to create secure one-time-pads. Still, even /dev/urandom creates very useful randomness and secure encryption.

    The key here is that a perfectly random stream will create a perfect one time pad. A less-than-perfect stream will still create an extremely-difficult-to-decrypt one time pad. Even when non-random numbers are used, the success rate of decrypting one time pads is VERY low.
    when we do create a quantum computer, like you said, it may be trivial for it to decrypt a pseudo-random number in a Pad encryption.
    Quantum computers will not make it any easier to decrypt one time pads generated with less-than-perfect random numbers. There is no mathematical operation to reduce entropy. What they do is make it (theoretically) easier to factor large numbers and generate prime numbers, thereby breaking most modern forms of encryption which rely on these things.
  • edited March 2007
    Numbers that are truly or effectively random are not terribly difficult to generate, and even non-truly-random streams provide a great deal of security. Some computers in sensitive places use hardware random number generators that so such interesting things as measure minute thermal flux or collisions from cosmic rays. The processes behind /dev/random in Linux (not to be confused with /dev/urandom, which can provide much lower-quality entropy in much greater quantity) are very often random enough to create secure one-time-pads. Still, even /dev/urandom creates very useful randomness and secure encryption.

    The key here is that a perfectly random stream will create a perfect one time pad. A less-than-perfect stream will still create an extremely-difficult-to-decrypt one time pad. Even when non-random numbers are used, the success rate of decrypting one time pads is VERY low.
    I understand what you are saying here, it is true that currently an effectively random will suffice, but deep down, a pattern will emerge. It is IMPOSSIBLE for a deterministic machine to give a true random, which means that while it is effectively impossible to break, theoretically it can be. After doing some more reading on these, a Pad Cipher that uses a PRN (Pseudo-Random Number) is actually called a Stream Cipher. Pad's may be impossible to break, but I believe that it's weaknesses, attacks from a middle man, make it much too inefficient for 99.99999% of data that needs to be secured.

    EDIT: I suppose you could always use a radioactive decay card to create a random number if you really wanted to.

    Thanks for the podcast though, Cryptology is one of the main fields I am looking to work in when I graduate with my CS degree.
    Post edited by Andrew on
  • I just stopped by my local Wal-Mart store and they have plenty of Wiis.
  • attacks from a middle man
    The "man in the middle" attack is not a real danger of one time pad encryption: it only exists when a pad is reused and a portion of cleartext is known to the attacker. In these very specific circumstances, an attacker could theoretically replace a portion of the message with different information (but still could not read additional information). This can be easily prevented with cleartext or ciphertext-based checksumming or verification codes.

    Theoretical proofs of one time pad security aside, they have a number of real world advantages to this day, and are used more often than one might think.

    One time pads provide extremely good security with extremely low technology and practically zero resource cost outside of time. They can be implemented securely with little more than paper, pencils, and a deck of cards. The pads can be very small or even steganographically hidden, and are often designed to be easily destroyed or discarded (destroying evidence of cryptographic capabilities). They can be used with agents or informers who have nonexistent computer or cryptographic skills. If the pads are used and destroyed properly, the data is secure forever baring human breaches: they do not become breakable over time like most asymmetric key encryption does.

    Despite their drawbacks, one time pads verymuch have important uses even in modern cryptography, especially in situations where computers or electricity are unavailable or would draw unwanted attention, or in cases where the encrypted data must remain secure indefinitely.
  • The strawberry Koalas are awesome! How can you hate on the strawberry koala!
  • The strawberry Koalas are awesome! How can you hate on the strawberry koala!
    bargle!
  • edited March 2007
    The strawberry Koalas are awesome! How can you hate on the strawberry koala!
    bargle!
    Pocky is better anyway.
    Post edited by Apreche on
  • I guess I should have put this here instead of Random Comments.
    Pegu said:

    So apparently Joe Biden introduced this into the omnibus crime bill of 1991?

    "It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law"
    Edit: It took me a while to find an official citation but here it is.

  • Sail said:

    I love Koalas.

    Careful, you'll get Chlamydia that way.

Sign In or Register to comment.