Encryption and risk

[Dan Ritter]

On Tue, Oct 06, 2009 at 10:09:05AM -0400, Richard Pieri wrote:
> Two, a one-time pad is effectively unbreakable.  You could brute force  
> a short message but you would get multiple different messages without  
> knowing which is the correct one.  Thus, while an OTP can be cracked  
> (deciphered by someone other than the intended recipient) the cracker  
> still doesn't know for sure what the real message is.  OTP is one of  
> the reasons you really should read that article and _Practical  
> Cryptography_ while you are at it.  OTP is a great example of a  
> perfect secure algorithm that can be weakened by the implementation,  
> notably in the strength of the random pad generator used.  A less than  
> perfectly random pad makes the ciphertext susceptible to conventional  
> cryptanalysis which is much, much faster than brute force.

Everyone seems to be ignoring the real brute force attack:
rubber-hose cryptanalysis.

If Eve and Mallory are well-funded and either have a state or a
significant criminal group backing them, it might not matter
that the algorithm is good, the key is hard and the
implementation perfect. Torture and imprisonment, and sometimes
the threats thereof, work all too well at obtaining immediately
verifiable secrets.

-dsr-


-- 
http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.
You can't defend freedom by getting rid of it.