one time pad breakable debate

**kryptkat** · 03-16-2010

a while back i did a study of randomology where i made a program called "wickid.c" that placed pixels at random points to see what random looked like. apparently i was the only one to see patterns. i believe this is because i have faster vision processing. young cats can see the dot move along the tv crt screen where the older cats could see the whole picture.

lets say i modify this program so that no dots are displayed and only a single porn.bmp is. now further modification to encrypt it with a one time pad. random run or program random generator or your own "key.txt" where you supply a single random number one at a time or predetermined random in the file "key.txt". with true random numbers. your own true random source.

pic encrypted with true random source one time pad check now to the brute force of the key the entire length of the data. check. " what differentiates a one time pad and these other cryptosystems is that the number of possible keys is no less than the number of possible messages (and all are equally likely). " and " cannot see the wood for the trees " would hold true no matter what the data. so as the file is brute forced other porn images appear. woohoo a porn generator ! <backflip> <backflip> <backflip> <backflip> meow ! < double laided out backflip> meow ! all kinds of porn. all kinds of fetish porn. all kinds of kitty porn ! stuff never even heard of. images magically appear. pictures that have never been taken by a digital camera. no need to use a camera any more thanks to the porn generator. a porn generator would put the porn industry right out of business. every porn film ever made right through your new porn generator. films never made come right through your porn generator too. all theoretically possible.

seriously i think you would only get parts of the original image where the rest if wrong key would appear as random pixels or blobs. out of focus if you will as an analogy. until you get the correct key then your image would be 100% clear or in focus as an analogy.

text i believe is the same out of focus. with the correct key the rest of the message will be there. with the short two character or a few words the obfuscatetion is more unclear. but with a larger text you can get more of a coherent message. i get it. i just happen to disagree.

And how would you know only letters from the English alphabet is used? Maybe the plaintext is German? What about punctuation? What if it's not even text?

trying every key to see what shows up.

How would you find a reliable method of determining if your bruteforced answer is the correct one or not?

in the movie and in books about ww2 the cryptanalysis sent out <leeked> specific information to confirm what the cipher was about. "midway has a boiler problem. needs new replacement water heater " as example.

we were discussing using the vigenere with a random key the entire length of the message. the weakness ironically would be the use of the chart lookup. i know normal vigenere is not a one time pad.

salem thank you for the link. for the record i am not wrong. just a diffff belieffff

i believe the one time pad is breakable. if you brute force it trying every possible key that would negate weather it was created by a true random number generator or not. sooner or later the key would be found. that is the question on the table if the message text is exposed it is broken even if the user or person looking at it does not recognize the message as being the actual one. depending on what was in the message that would be the point that external intel would have to begin.

thank you all for participating in the debate. you can all set a flame your nitrocellulose page now. <pooffff>

**_Mike** · 03-16-2010

Originally Posted by kryptkat

i believe the one time pad is breakable. if you brute force it trying every possible key that would negate weather it was created by a true random number generator or not. sooner or later the key would be found. that is the question on the table if the message text is exposed it is broken even if the user or person looking at it does not recognize the message as being the actual one. depending on what was in the message that would be the point that external intel would have to begin.

Sigh, why do we even bother trying to explain?

With that definition all encryption is useless because all encryption can be broken without having neither the key, plaintext or ciphertext.
Using Infinite monkey theorem - Wikipedia, the free encyclopedia will eventually give you the plaintext

**Sebastiani** · 03-16-2010

Originally Posted by kryptkat

a while back i did a study of randomology where i made a program called "wickid.c" that placed pixels at random points to see what random looked like. apparently i was the only one to see patterns. i believe this is because i have faster vision processing. young cats can see the dot move along the tv crt screen where the older cats could see the whole picture.

lets say i modify this program so that no dots are displayed and only a single porn.bmp is. now further modification to encrypt it with a one time pad. random run or program random generator or your own "key.txt" where you supply a single random number one at a time or predetermined random in the file "key.txt". with true random numbers. your own true random source.

pic encrypted with true random source one time pad check now to the brute force of the key the entire length of the data. check. " what differentiates a one time pad and these other cryptosystems is that the number of possible keys is no less than the number of possible messages (and all are equally likely). " and " cannot see the wood for the trees " would hold true no matter what the data. so as the file is brute forced other porn images appear. woohoo a porn generator ! <backflip> <backflip> <backflip> <backflip> meow ! < double laided out backflip> meow ! all kinds of porn. all kinds of fetish porn. all kinds of kitty porn ! stuff never even heard of. images magically appear. pictures that have never been taken by a digital camera. no need to use a camera any more thanks to the porn generator. a porn generator would put the porn industry right out of business. every porn film ever made right through your new porn generator. films never made come right through your porn generator too. all theoretically possible.

seriously i think you would only get parts of the original image where the rest if wrong key would appear as random pixels or blobs. out of focus if you will as an analogy. until you get the correct key then your image would be 100% clear or in focus as an analogy.

text i believe is the same out of focus. with the correct key the rest of the message will be there. with the short two character or a few words the obfuscatetion is more unclear. but with a larger text you can get more of a coherent message. i get it. i just happen to disagree.

trying every key to see what shows up.

in the movie and in books about ww2 the cryptanalysis sent out <leeked> specific information to confirm what the cipher was about. "midway has a boiler problem. needs new replacement water heater " as example.

we were discussing using the vigenere with a random key the entire length of the message. the weakness ironically would be the use of the chart lookup. i know normal vigenere is not a one time pad.

salem thank you for the link. for the record i am not wrong. just a diffff belieffff

i believe the one time pad is breakable. if you brute force it trying every possible key that would negate weather it was created by a true random number generator or not. sooner or later the key would be found. that is the question on the table if the message text is exposed it is broken even if the user or person looking at it does not recognize the message as being the actual one. depending on what was in the message that would be the point that external intel would have to begin.

thank you all for participating in the debate. you can all set a flame your nitrocellulose page now. <pooffff>

Hmm...yes, well that was adequately disturbing. Thank you, Kryptkat. On second thought, I'm actually glad you don't grasp the concepts too well...

**MK27** · 03-16-2010

Originally Posted by kryptkat

a while back i did a study of randomology where i made a program called "wickid.c" that placed pixels at random points to see what random looked like. apparently i was the only one to see patterns. i believe this is because i have faster vision processing. young cats can see the dot move along the tv crt screen where the older cats could see the whole picture.

If you used your computer's random number generator -- rand() -- of course you will notice patterns because it is not truly random, it produces "randomesque" patterns.

Code:

#include <stdio.h>
#include <stdlib.h>

int main() {
	int i;
        for (i=0;i<100;i++) printf("%d ",rand());
	return 0;
}

Run that as many times as you like. Every single time, you will get the exact same sequence of "random" numbers. That's a pattern alright.

You cannot study "randomness" using a computer RNG. This was the point of the discussion vis, why you cannot easily create a one-time pad with one.

One way to get a truly random one-time pad would be to get the user to type randomly or whatever for 8X the length of the message, then do odd/even modulus on this pad to get bits.

**EVOEx** · 03-16-2010

I didn't read this thread because I can't believe this discussion actually exists. FACT: It is impossible. Assuming the pad is random enough.
Easy to explain as well. Let's say you have a character A you want to encrypt using one character K. You can do "A ^ K" to get the encrypted text, and the other side, knowing the key, can do "(A ^ K) ^ K = A" to decrypt it.
Without knowing K, K can be anything. Meaning that, with an 8-bit-byte, K can have 256 distinct values. Meaning that any given character XOR'ed with K can have 256 distinct values. Yes, that is any character whatsoever.
Even if you expect a certain plaintext to be sent you can never prove that it was indeed sent without ever knowing the key.

Probably this was explained already, though. But as I said, I couldn't be bothered reading everything. I did read this:

Originally Posted by MK27

One way to get a truly random one-time pad would be to get the user to type randomly or whatever for 8X the length of the message, then do odd/even modulus on this pad to get bits.

Actually that would probably be still pretty non-random. But /dev/random does something quite similar, except with a lot more input depending on many variables. I think you can call that "REALLY" random, as it depends on about an infinite number of unpredictable factors coming from the person operating the computer and many other environmental sources (I bet it uses network traffic and stuff as well).

**MK27** · 03-16-2010

Originally Posted by EVOEx

Actually that would probably be still pretty non-random.

No, it would be very random, since each keypress would be simply evaluated as either "odd" or "even", your tendency to hit "asdf" frequently would be irrelevant (it's just odd-odd-even-even), and there is an 8:1 keypress:message character ration.

I was going to say hit keys for the same length as the message then do % 0-7 on each key value to set 8 bits, but this will be prone to obvious patterns I think.

**laserlight** · 03-16-2010

Originally Posted by kryptkat

seriously i think you would only get parts of the original image where the rest if wrong key would appear as random pixels or blobs. out of focus if you will as an analogy. until you get the correct key then your image would be 100% clear or in focus as an analogy.

text i believe is the same out of focus. with the correct key the rest of the message will be there. with the short two character or a few words the obfuscatetion is more unclear. but with a larger text you can get more of a coherent message. i get it. i just happen to disagree.

You think wrong: you are not thinking of what this information theoretic perfect secrecy of a one time pad means. You don't get it: you are still harping on something that applies to "normal" ciphers like AES, but not to a one time pad. I simply do not understand why you cannot understand that with information theoretic perfect secrecy, you cannot determine the correct key because you, as the attacker, have no way of differentiating it from other possible keys that appear to be correct.

The only room you have to disagree is to dispute this notion of perfect secrecy, i.e., to state that even if there is no way of differentiating the actual key from other possible keys, as long as the attacker can include the actual key in the list of possible keys, the encryption is broken. If you want to define it this way, fine, but you are alone in your definition of "perfect secrecy".

Originally Posted by kryptkat

in the movie and in books about ww2 the cryptanalysis sent out <leeked> specific information to confirm what the cipher was about. "midway has a boiler problem. needs new replacement water heater " as example.

You are talking about a known plaintext attack. This can work when you are trying to break a cipher that is not equivalent to a one time pad, but it is completely ineffective against a one time pad. All you would be able to derive from such cryptanalysis is a key that will never again be used. It is as if you figured out the key, but in the meantime the key has changed.

Originally Posted by kryptkat

i believe the one time pad is breakable. if you brute force it trying every possible key that would negate weather it was created by a true random number generator or not. sooner or later the key would be found. that is the question on the table if the message text is exposed it is broken even if the user or person looking at it does not recognize the message as being the actual one. depending on what was in the message that would be the point that external intel would have to begin.

This is precisely what I mean by you using your own definition of what it means for encryption to be broken. Don't you understand that all you need to "brute force it trying every possible key" is the length of the ciphertext? You do not even need the ciphertext. Therefore, this talk about "depending on what was in the message that would be the point that external intel would have to begin" is laughable, because this "external intel" has to process all plausible messages of the length of the ciphertext, including messages that contradict each other. In other words, after "breaking" the one time pad, you know nothing more about the message than before you "broke" it. This is the key to understand what this information theoretic perfect secrecy is about.

**rogster001** · 03-16-2010

If we look at this in terms of a lottery: according to kryptkat, everyone who plays in a lottery that can be won has already won the lottery, because whatever bet you place could be a winning bet, even if it isn't.

i suggest new username Schrodingers Kat then

**rogster001** · 03-16-2010

One way to get a truly random one-time pad would be to get the user to type randomly or whatever for 8X the length of the message....

apparently even random typing is not to be trusted as random keyboard bashing still reveals patterns , see Simon Singh's 'The Code Book', hell see the book anyway, its class....and i think a certain contributor to this discussion would benefit

!!

**laserlight** · 03-16-2010

Personally, I like the use of radioactive decay to generate random numbers.

**EVOEx** · 03-16-2010

Originally Posted by laserlight

Personally, I like the use of radioactive decay to generate random numbers.

Me too. If my wife's firstborn comes out with one arm, that's a 1, otherwise a 0.

**laserlight** · 03-16-2010

Originally Posted by MK27

I presume this is a book about codes which has little or nothing to do with a computer.

I have not read the book, but a quick search of the Web shows that your presumption is unwarranted.

Originally Posted by MK27

Unless you intentionally type asdf over and over again, I guarantee no form of pattern analysis will find anything

I think that's the problem: even when they try to be random, humans have a bad habit of being predictable. I am not sure if your suggestion really would avoid this problem, but your guarantee carries no weight when you have not yet performed any tests, studied the literature etc, to verify that your proposed method is actually reliable for its intended purpose.

**MK27** · 03-16-2010

Originally Posted by laserlight

I have not read the book, but a quick search of the Web shows that your presumption is unwarranted.

Malarky.

I think that's the problem: even when they try to be random, humans have a bad habit of being predictable. I am not sure if your suggestion really would avoid this problem, but your guarantee carries no weight when you have not yet performed any tests, studied the literature etc, to verify that your proposed method is actually reliable for its intended purpose.

You do not even have to try to be random. Let me repeat myself:

The best idea would be to just type words (the space character is even, but all the vowels are odd). An average word is considered 5 characters, and even if you repeat the same word a lot a 5-bit sequence is not a significant binary pattern. A five digit sequence in decimal, hexadecimal, base 26, or base 256 will be a significant pattern because of the number of possibilities.

Look at a paragraph of text as an odd-even (binary) sequence based on ascii values. Every character transformed to 0 or 1. You are now looking at truly random natural data.

Ie, data that is just as random as radioactive decay would be. The fact that it would be hard to avoid pattern in base 26 is irrelevent. So the base 26 patterns inherent in language and how you type are also now irrelevant -- so you have a source of naturally random data in exactly the same sense as /dev/rand or radioactive decay would do this. This does not require analysis to prove -- you would have to prove that there is some pattern inherent in English or whatever when you convert the characters to 0 or 1 using ascii modulus, which it would be very very very astonishing and only a fool would think there is.

**laserlight** · 03-16-2010

Originally Posted by MK27

Malarky.

Pardon?

Originally Posted by MK27

Look at a paragraph of text as an odd-even sequence based on ascii values. You are now looking at truly random natural data.

How do you know that it is "truly random natural data"?

Let me be clear: I am not saying that your idea will not work. I am saying that I am not yet convinced that it is guaranteed to work. Have you actually checked how this fares with the various statistical tests for randomness?

**EVOEx** · 03-16-2010

Actually, /dev/random wouldn't fall for anything like that, because it uses a lot more information for randomness. Keystrokes, probably speed of keystrokes, probably time they keys are pressed, mouse movement, probably also processor temperature and network traffic and network packet loss.

But your idea is flawed using, for instance, the "asdf" string I said. Also, using plain texts, certain words or combinations of characters are more common than others. While the more characters you use the less this will be noticeable, I doubt this is a very good method.