Hi

Why would they need to be perfectly random? If you used something like a book for a key, how would that be worse than using the same length string of random characters?
Certainly, you are making a good point. That is why often risk management is
used in relation to IT security. Besides the identification of assets, threat
agents, threats and vulnerabilities[1], probabilities are also applied.

So, you are counting in the probability in order to make a decision. This is
real life.


In theory, however, a claim like unbreakable cipher can only hold
if you can prove it. You cannot prove it with an arbitrary passage from a book:
as you say, there is a slim chance - and 'slim' is not 'zero'.
Of course, it would be hard to apply all possibilities, however, in a few
thousand years, the message will be decrypted eventually...

Thus, I had to mention perfectly random. Even ordinary random generators
are fully deterministic - once you know the seed, you know everything[2],
and breaking the message gets trivial.


Cheers


[1] http://tazforum.blogspot.com/ (see "identifying the assets and their values",
which was a contribution of mine in a discussion and made a blog entry).
[2] http://antionline.com/showpost.php?p...4&postcount=12