Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
gucci-on-fleek 2 days ago

> encryption is not ever to be considered impossible to break

One-time pads [0] are actually impossible to break, but they're pretty tricky to use: you must never ever reuse them, they must be truely random, and you need some way to share them between both parties (which isn't that easy since they need to be at least as large as all the data that you ever want to transmit).

[0]: https://en.wikipedia.org/wiki/One-time_pad

rolph 2 days ago | parent [-]

not trying to be obtuse, but there is at least one solution, the one used to decrypt.

if you know something about the content e.g. it is for russians, or americans.

you can use a frequency analysis to identify vowels. that goes for a simple substitution cypher that is relying on low frequency of usage[one time use] and does not keep it brief.

when you further substitute numbers for words, you gain more room for verbosity.

if you have high stakes, your message in the clear, should only be useful for a limited time, at the point that it is no longer actionable.

im very familiar with one time pads random, and keyed.

they are a little simple, you can use a triaxial scheme, or a tensor like scheme, for more leg room and more complexity.

depending on what you are doing it may be necessary, to not carry any pads, but to have access at some point, to agreed upon keys, in order to generate a pad on the spot. or even work in your head, if you have skill. e.g. jackdwlovemybigsphnxfqurtz as a weak example.

gucci-on-fleek 2 days ago | parent | next [-]

> not trying to be obtuse, but there is at least one solution, the one used to decrypt

Right, which is why I didn't quote that part :)

> you can use a frequency analysis to identify vowels.

That will help in many cases, but not against a properly-used one-time-pad.

> but to have access at some point, to agreed upon keys, in order to generate a pad on the spot

That's not really a one-time pad then, that's just a stream cipher. Which do work better than one-time pads in the vast majority of cases, aside from not being "perfectly" secure.

rcxdude 2 days ago | parent | prev [-]

I don't think you understand the point of the OTP and why it can't be brute forced: for any possible output, there is a corresponding one-time key. So you have no way to tell if the key you have come up with is correct, you can 'decrypt' an OTP ciphertext into a coherent sentence saying whatever you want in any language you want (the only constraint being maximum length), and bruteforcing will just give you all of them.

rolph 2 days ago | parent [-]

oh i get it, the frequency of use is what allows frequency analysis.

use a pad once then rotate to a new pad. [effectively re-key the encryption]

avoid using characters in high frequency [vowels, language specific phonemes]

use alternate misspellings, intentional typos.

keep the message very brief, the longer the message the more effective frequency analysis becomes.

try to avoid corelative events.

if every time a cypher that looks like [abc] is captured, somthing, is bombed, or major troop movements occur, you have an idea what the message is about, giving a bit more leverage.

also standard OTP pads use 2 axis, a tensor matrix is a better OTP.