General > General Technical Chat
Crypto bombshell
<< < (10/14) > >>
peter-h:
I reckon SIGSALY was leaking stuff at the boundaries of where it switched over from one "key bit" to the next.
tooki:

--- Quote from: peter-h on February 13, 2020, 07:58:38 pm ---I reckon SIGSALY was leaking stuff at the boundaries of where it switched over from one "key bit" to the next.

--- End quote ---
Huh? Can you be a lot more detailed in what you mean?
Mr. Scram:

--- Quote from: imo on February 13, 2020, 07:36:54 pm ---The attacker may start think on where the random numbers used come from..
After a while he/she finds out the message starts to give some sense when temperatures in Berlin, Tokyo, Beijing, New York, Toronto, London, Sydney, Rome are at specific levels :)

The numbers must be perfectly random, and the sequence should not repeat with each message - that is the fundamental problem of that science. The temperatures in those cities are not random.

--- End quote ---
City temperatures are anything but random. They're cyclic within very well defined bandwidths and with some values appearing much more often than others. Using those would limit the strength of your cryptography severely.
edy:

--- Quote from: Mr. Scram on February 13, 2020, 08:29:45 pm ---
--- Quote from: imo on February 13, 2020, 07:36:54 pm ---The attacker may start think on where the random numbers used come from..
After a while he/she finds out the message starts to give some sense when temperatures in Berlin, Tokyo, Beijing, New York, Toronto, London, Sydney, Rome are at specific levels :)

The numbers must be perfectly random, and the sequence should not repeat with each message - that is the fundamental problem of that science. The temperatures in those cities are not random.

--- End quote ---
City temperatures are anything but random. They're cyclic within very well defined bandwidths and with some values appearing much more often than others. Using those would limit the strength of your cryptography severely.

--- End quote ---

Yes I figured that much... but if there was a source of random enough information that could be gleaned by 2 observers half way around the world from each other, using a simple to remember rule, theoretically it could be the source of their random one-time pad. Weather is not a good option. On the other hand, trying to find a random enough source of data on the planet itself may give away the method... if only a few exist, then it may be easily discovered as well by attackers. Also, if it is obscure enough (say people are checking an online seismic activity chart for some earthquake zone) also and you can track which IP addresses access the information, it may also give away people who are checking it at certain times regularly every day. So not so easy to implement either. Truth is, if you already are going through the trouble of checking some online resource for random information, etc... it has already become too complex and prone to tracking and error that it may be more trouble than it's worth. The only advantage is that it hides in plain site, much like a shortwave radio. So carrying a shortwave radio around or visiting some popular layman's website wouldn't raise any suspicion.
Mr. Scram:

--- Quote from: edy on February 13, 2020, 09:16:54 pm ---Yes I figured that much... but if there was a source of random enough information that could be gleaned by 2 observers half way around the world from each other, using a simple to remember rule, theoretically it could be the source of their random one-time pad. Weather is not a good option. On the other hand, trying to find a random enough source of data on the planet itself may give away the method... if only a few exist, then it may be easily discovered as well by attackers. Also, if it is obscure enough (say people are checking an online seismic activity chart for some earthquake zone) also and you can track which IP addresses access the information, it may also give away people who are checking it at certain times regularly every day. So not so easy to implement either. Truth is, if you already are going through the trouble of checking some online resource for random information, etc... it has already become too complex and prone to tracking and error that it may be more trouble than it's worth. The only advantage is that it hides in plain site, much like a shortwave radio. So carrying a shortwave radio around or visiting some popular layman's website wouldn't raise any suspicion.

--- End quote ---
I think independently deriving OTPs leads to various potential issues. They're typically exchanged in advance.
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod