OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: one time pad and random num gen
From: Bill Stewart (bill.stewartpobox.com)
Date: Mon Oct 02 2000 - 11:45:30 CDT

At 09:16 AM 10/2/00 GMT, John Kedzie wrote:
>One Time Pad questions...
>
>would using two keys be more secure?
>
>lets say I have the plain text message: "JONATHAN"
....
(this example is supposed to represent
>someone using a bad random num generator)
>
>now, instead of only using one key set, what about using two?
>if i used two key sets of random numbers, each set made
>from a different process, than wouldn't that be much much
>more secure?
...
>good idea? bad idea? thanks

If you're using a random number generator, you've failed,
and you're not using a "one-time pad", you're using snake oil.
The way you're asking the question implies that you don't
understand why one-time pads are strong, so let's fix that first.

If you have real random numbers, typically derived from
physical processes (e.g. dice, or pulling balls out of a jar),
there's a 50% chance that each bit is a 1,
and there's entirely no correlation between bits -
even if you know bits 1....I-1 and I+1....N,
you still don't know anything about bit I except that
there's a 50% chance of it being 0 and 50% chance of 1.
Every one-time pad of a given length is equally likely -
therefore a cyphertext of length N could represent
ANY plaintext of length <=N, padded out to N,
because there's a one-time pad possible that will do that,
and there's entirely no reason to think one is more
likely than another.

By contrast, if you've got a pseudo-random number generator,
which uses some mathematical process to generate the numbers,
knowing bits 1...I-1 tells you something about bits I...N,
so if the message has structure to it, you can often exploit it.

There are two good reasons you might want to use two pads -
1 - your randomness comes from a physical process that might
have some hidden structure to it, e.g. you're using a sound card
and crunching the noise through a hash function, or you're
rolling dice but maybe they're not perfect, just not way off,
and maybe the KGB are good enough to find some patterns there.
Most people who are at that paranoia level are handling things like
nuclear secrets can buy good dice or flip coins or whatever.

2 - You're shipping the two pads separately. Yes, you're the CIA
and you used a Marine courier with a briefcase handcuffed to his arm
and an explosive self-destruct anti-tampering mechanism inside,
but maybe the KGB drugged or bribed the courier and carefully
opened the briefcase to make a copy of the key without him noticing.
Or maybe you're worried that the NSA is electronically eavesdropping
on your computer facility, reading the keystrokes when you type in
the numbers you get by rolling dice, or the KGB bribed the clerk who made it.
Or (because you're not _that_ paranoid) you shipped it Express Mail,
but the Feds could still have opened your mail and read it.
In that case, having two separate pads, created and shipped separately,
does increase the chances of one pad getting transmitted unread.
Because of how one-time pads work, if either pad is good,
then your message is secure. But having the same courier ship
both of the pads together doesn't give you this advantage.

                                Thanks!
                                        Bill
Bill Stewart, bill.stewartpobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639