It looks like you're new here. If you want to get involved, click one of these buttons!
Tonight on GeekNights, we explain the basics of encryption. In the news, Hans Reiser pleads "not guilty," and Apple TV.
Scott's Thing - How do you prove photography to a blind man?
Rym's Thing - Chicken Police
Comments
My friends and I used to go Elizabeth Center in Chinatown (cool place to get fansubbed anime, models such as Gundam, imported video games, and other trinkets) often when I was in h.s. and about a block or so away, there were two great Japanese snack places. Everyone should try Dorayaki. It is two small pancakes (well size varies but I like the medium to small sized ones) usually with red bean paste in the middle and it tastes scrumptious!
Has anyone ever heard of Doraemon?
I read a most excellent book on the history of codes and computer encryption, along with guides on code breaking. The Code Book by Simon Singh. I highly recommend.
Stay away from a site called Skeptiko. It's a podcast by "true believers" pretending to be skeptical.
It's probably hard to find a blind person who doesn't know that there are sighted people and that they can see things by light reflected by the things, refracted through lenses, and all other sorts of light tomfoolery. It's also probably hard to find a blind person who doesn't know that there are things called paintings and that they can be representations of things sighted people see. Now, if the person knows some chemistry, couldn't you explain to the person: Imagine I prepare a silver oxide emulsion. If I expose it to the light I see by in a certain way, I can produce painting like copies of things I see in the emulsion.
Speaking of blind people, I saw a blind person walking down the street the other day. She had a seeing eye dog and it looked like she had a couple of those cane things. When I got closer to her, I saw that, instead of the things being canes, they were fencing epees! I won't be going to that fencing club.
Lastly, and I may be mistaken about this one, isn't it impossible to create a true random number on a computer? Since computers are finite state machines, it is literally impossible to create random numbers from a program. Many systems use the real time clock of the system to create a random number, but it is a pseudo-random number. Doing a little more research, I noticed /dev/random on Unix based systems can produce a higher-quality number, enough for a Pad encryption, but it is still not completely random. I make this point because if a number is not truly random, when we do create a quantum computer, like you said, it may be trivial for it to decrypt a pseudo-random number in a Pad encryption.
We will likely answer these in more detail briefly on the next Monday night show (for the benefit of non-forum listeners).
Suffice to say, the fact that one-time-pads must be shared ahead of time is the primary limitation of them: you can't have ad hoc communication. For a computer pad, you'd have to use a physically secure channel, as opposed to a cryptographically secure channel. These can include tamper-proof fiber links, burned CDs, flash drives, etc... Simple. If there's someone with whom you'll be engaging in extremely sensitive conversations, you arrange to each hold a shared copy of the pad ahead of time. Then, later, when the communication must happen, you're already in possession of a perfectly secure channel. Use normal encryption for most conversations, but keep the pad around for the critical moment. Just don't send the pad over a non-physically-secure link. You're right in that it most definitely defeats the purpose.
One time pads are perfect, but they require diligence, planning, and forethought. Numbers that are truly or effectively random are not terribly difficult to generate, and even non-truly-random streams provide a great deal of security. Some computers in sensitive places use hardware random number generators that so such interesting things as measure minute thermal flux or collisions from cosmic rays. The processes behind /dev/random in Linux (not to be confused with /dev/urandom, which can provide much lower-quality entropy in much greater quantity) are very often random enough to create secure one-time-pads. Still, even /dev/urandom creates very useful randomness and secure encryption.
The key here is that a perfectly random stream will create a perfect one time pad. A less-than-perfect stream will still create an extremely-difficult-to-decrypt one time pad. Even when non-random numbers are used, the success rate of decrypting one time pads is VERY low. Quantum computers will not make it any easier to decrypt one time pads generated with less-than-perfect random numbers. There is no mathematical operation to reduce entropy. What they do is make it (theoretically) easier to factor large numbers and generate prime numbers, thereby breaking most modern forms of encryption which rely on these things.
EDIT: I suppose you could always use a radioactive decay card to create a random number if you really wanted to.
Thanks for the podcast though, Cryptology is one of the main fields I am looking to work in when I graduate with my CS degree.
Theoretical proofs of one time pad security aside, they have a number of real world advantages to this day, and are used more often than one might think.
One time pads provide extremely good security with extremely low technology and practically zero resource cost outside of time. They can be implemented securely with little more than paper, pencils, and a deck of cards. The pads can be very small or even steganographically hidden, and are often designed to be easily destroyed or discarded (destroying evidence of cryptographic capabilities). They can be used with agents or informers who have nonexistent computer or cryptographic skills. If the pads are used and destroyed properly, the data is secure forever baring human breaches: they do not become breakable over time like most asymmetric key encryption does.
Despite their drawbacks, one time pads verymuch have important uses even in modern cryptography, especially in situations where computers or electricity are unavailable or would draw unwanted attention, or in cases where the encrypted data must remain secure indefinitely.