The macosxhints Forums
Page 2 of 2 1 2
Show 100 post(s) from this thread on one page

The macosxhints Forums (http://hintsforums.macworld.com/index.php)
-   The Coat Room (http://hintsforums.macworld.com/forumdisplay.php?f=8)
-   -   Secure Communications Folly (http://hintsforums.macworld.com/showthread.php?t=114215)

fracai 09-29-2010 07:57 AM
Quote:
Originally Posted by acme.mail.order (Post 597374)
Video streams, this week's dump of Wikipedia...
I should add, these sources might be good for disguising a message, but not for protecting it.

acme.mail.order 09-29-2010 11:22 AM
In theory, yes. But in practice you would run a book or Vigenère cipher* over your source and NOT need to transmit the key (just knowledge of the key). The attacker still needs to work out your key source and if you run the cipher (or a different one) over the plaintext twice you prevent them from finding out when they are correct. The one downside to the digital systems is that everyone involved knows which algorithm they need to beat on.

* considered unbreakable if length($key) = length($plaintext) - at this point it gets called a one-time pad.

trevor 09-29-2010 07:44 PM
Quote:
Originally Posted by tw (Post 597383)
That should be: "You have the right to free speech, as long as you are dumb enough to actually try it." seems more in line with empirical evidence...
Hmmm, I think the empirical evidence agrees with Joe Strummer and Mick Jones--for example the Maryland motorist that fracai mentions was charged with wiretapping crimes because he posted a video of a cop's misbehavior on YouTube. As soon as he was "dumb" enough to expect that his free speech rights actually gave him the freedom to say what he wanted, he was charged and brought into court with something very serious.

Fortunately, sanity prevailed in that case thanks to a good judgment.

Trevor

fracai 09-29-2010 10:42 PM
Quote:
Originally Posted by acme.mail.order (Post 597424)
In theory, yes. But in practice you would run a book or Vigenère cipher* over your source and NOT need to transmit the key (just knowledge of the key). The attacker still needs to work out your key source and if you run the cipher (or a different one) over the plaintext twice you prevent them from finding out when they are correct. The one downside to the digital systems is that everyone involved knows which algorithm they need to beat on.

* considered unbreakable if length($key) = length($plaintext) - at this point it gets called a one-time pad.
Only if the key is truly random; then yes, it's a one time pad. And it's the key that provides the security, not the algorithm at this point. The Vignère just adds extra work.

What do you mean by transmitting knowledge of the key instead of the key itself? Stating which book was used? That is the key. Having a pre-arranged book and transmitting the algorithm used to generate the key is also just pre-distributing the keys and involves the same distribution problems. This is solved by exchange methods like Diffie–Hellman.

I also don't think running the cipher twice necessarily protects the message any better. I'm pretty sure that just effectively creates a different key. Regardless, it's still vulnerable to cryptanalysis.

And part of the reason that systems like AES are acceptable is because the security isn't placed in the algorithm. It's in the key. The algorithm is effectively just a method for generating random data to expand the key and confuse and disperse the message. Putting your security in the algorithm means the algorithm has to be kept secret. That's harder as well as being vulnerable to analysis which reveals the algorithm.

Maybe this should fork off into a separate crypto discussion.


All times are GMT -5. The time now is 02:20 AM.
Page 2 of 2 1 2
Show 100 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.