gwyn@brl-smoke.ARPA (Doug Gwyn ) (04/28/86)
In article <2507@decwrl.DEC.COM> koning@koning.DEC (Paul Koning -- LAS Engineering) writes: >Isn't one-time pad the ONLY (theoretically, rather than computationally) >secure cryptosystem? No; this is a common misconception. The one-time pad is secure against statistical attacks on the ciphertext, but not against stealing the key! Also, consider a 1-1 mapping via one-time pad used to respond to a known message: "Do you need an escape route?"; if the response is "XZW" we can pretty reliably assume that it says "Yes" rather than "No". However, in the sense in which you probably meant it, a one-time pad system using truly random keys is safe against mathematical cryptanalysis. On the other hand, other cryptosystems can also be theoretically secure (to a specified confidence level) against statistical attacks. If the combination of intrinsic structural complexity, key length, plaintext nonredundancy, and key change interval is adequate, a system will be secure at a certain confidence level. The strength of such a system is measured by its "unicity distance", which you can find briefly discussed in some of the open literature (e.g., Kahn's "The Codebreakers", I think). I don't know if the exact statement of the theorem is public knowledge or not, but this is a relatively simple application of information theory; are there any information theorists out there who haven't worked for NSA who would like to formulate the theorem accurately for this newsgroup? You can be sure that NSA doesn't insist on true one-time 1-1 keys for all its approved cryptosystems (that's just not operationally feasible for heavy traffic volume), yet it clearly has confidence in their security. On the other hand, last I heard, it does NOT authorize use of DES, nor, I believe, RSA, for protecting classified information. Draw your own conclusions..
dhenson@islenet.UUCP (Donald D. Henson) (05/04/86)
> On the other hand, last I heard, it does NOT authorize use of DES, nor, > I believe, RSA, for protecting classified information. Draw your own > conclusions.. Wrong on both counts. DES can be used for protecting classified information. You have to get approved keys from NSA, though. RSA is not used now for classified, but several systems are under development. Don Henson Infosys Consulting
franka@mmintl.UUCP (05/09/86)
In article <329@brl-smoke.ARPA> gwyn@brl.ARPA writes: >You can be sure that NSA doesn't insist on true one-time 1-1 keys for all >its approved cryptosystems, yet it clearly has confidence in their security. >On the other hand, last I heard, it does NOT authorize use of DES, nor, >I believe, RSA, for protecting classified information. Draw your own >conclusions.. There are two possibilities, and either one seems about equally likely to me. One is the NSA can currently break DES and RSA; the other is that they consider it likely that it will soon be possible to do so. Frank Adams ihnp4!philabs!pwa-b!mmintl!franka Multimate International 52 Oakland Ave North E. Hartford, CT 06108