General cryptography question - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: General cryptography question

  1. #11
    Senior Member
    Join Date
    Apr 2005
    Location
    USA
    Posts
    422
    Quote Originally Posted by sec_ware
    Hi

    Substitution ciphers _can_ be extremely secure. Actually, the only known
    class of unbreakable ciphers is often categorised as a subsitution ciphers:
    the one-time pad (or see also polyalphabetic substitutions).

    The drawback certainly is that the key has to be quite long, has to be perfectly
    random, and the pad should not be got lost
    Why would they need to be perfectly random? If you used something like a book for a key, how would that be worse than using the same length string of random characters? The chance of someone guessing that you used that book as a key would be fairly slim, so i wouldn't even consider that as a factor in the security, unless it was an extremely common book that has something to do with the contents or something in that nature. And even if they did guess it, they'd still need the exact same document, with all the same spaces and everything.

  2. #12
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    Why would they need to be perfectly random? If you used something like a book for a key, how would that be worse than using the same length string of random characters?
    Certainly, you are making a good point. That is why often risk management is
    used in relation to IT security. Besides the identification of assets, threat
    agents, threats and vulnerabilities[1], probabilities are also applied.

    So, you are counting in the probability in order to make a decision. This is
    real life.


    In theory, however, a claim like unbreakable cipher can only hold
    if you can prove it. You cannot prove it with an arbitrary passage from a book:
    as you say, there is a slim chance - and 'slim' is not 'zero'.
    Of course, it would be hard to apply all possibilities, however, in a few
    thousand years, the message will be decrypted eventually...

    Thus, I had to mention perfectly random. Even ordinary random generators
    are fully deterministic - once you know the seed, you know everything[2],
    and breaking the message gets trivial.


    Cheers


    [1] http://tazforum.blogspot.com/ (see "identifying the assets and their values",
    which was a contribution of mine in a discussion and made a blog entry).
    [2] http://antionline.com/showpost.php?p...4&postcount=12
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

Similar Threads

  1. Read Me First
    By Negative in forum The Security Tutorials Forum
    Replies: 12
    Last Post: June 2nd, 2004, 01:09 AM
  2. Cryptography Introduction.
    By instronics in forum The Security Tutorials Forum
    Replies: 5
    Last Post: March 24th, 2003, 02:33 AM
  3. General Motors HelpLine
    By Euclid in forum Tech Humor
    Replies: 0
    Last Post: September 2nd, 2002, 07:04 PM
  4. Test Your General Linux Knowledge
    By smirc in forum AntiOnline's General Chit Chat
    Replies: 6
    Last Post: May 13th, 2002, 04:35 PM
  5. Test Your Knowledge of Redhat?
    By smirc in forum AntiOnline's General Chit Chat
    Replies: 3
    Last Post: May 13th, 2002, 03:24 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides