-
July 24th, 2007, 03:43 AM
#11
Originally Posted by sec_ware
Hi
Substitution ciphers _can_ be extremely secure. Actually, the only known
class of unbreakable ciphers is often categorised as a subsitution ciphers:
the one-time pad (or see also polyalphabetic substitutions).
The drawback certainly is that the key has to be quite long, has to be perfectly
random, and the pad should not be got lost
Why would they need to be perfectly random? If you used something like a book for a key, how would that be worse than using the same length string of random characters? The chance of someone guessing that you used that book as a key would be fairly slim, so i wouldn't even consider that as a factor in the security, unless it was an extremely common book that has something to do with the contents or something in that nature. And even if they did guess it, they'd still need the exact same document, with all the same spaces and everything.
-
July 24th, 2007, 08:24 AM
#12
Hi
Why would they need to be perfectly random? If you used something like a book for a key, how would that be worse than using the same length string of random characters?
Certainly, you are making a good point. That is why often risk management is
used in relation to IT security. Besides the identification of assets, threat
agents, threats and vulnerabilities[1], probabilities are also applied.
So, you are counting in the probability in order to make a decision. This is
real life.
In theory, however, a claim like unbreakable cipher can only hold
if you can prove it. You cannot prove it with an arbitrary passage from a book:
as you say, there is a slim chance - and 'slim' is not 'zero'.
Of course, it would be hard to apply all possibilities, however, in a few
thousand years, the message will be decrypted eventually...
Thus, I had to mention perfectly random. Even ordinary random generators
are fully deterministic - once you know the seed, you know everything[2],
and breaking the message gets trivial.
Cheers
[1] http://tazforum.blogspot.com/ (see "identifying the assets and their values",
which was a contribution of mine in a discussion and made a blog entry).
[2] http://antionline.com/showpost.php?p...4&postcount=12
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
Similar Threads
-
By Negative in forum The Security Tutorials Forum
Replies: 12
Last Post: June 2nd, 2004, 01:09 AM
-
By instronics in forum The Security Tutorials Forum
Replies: 5
Last Post: March 24th, 2003, 03:33 AM
-
By Euclid in forum Tech Humor
Replies: 0
Last Post: September 2nd, 2002, 07:04 PM
-
By smirc in forum AntiOnline's General Chit Chat
Replies: 6
Last Post: May 13th, 2002, 04:35 PM
-
By smirc in forum AntiOnline's General Chit Chat
Replies: 3
Last Post: May 13th, 2002, 03:24 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|