Long crypo keys (was Re: YA cracker challenge)

Eugene Leitl Eugene.Leitl@lrz.uni-muenchen.de
Tue, 12 Mar 2002 18:24:35 +0100 (MET)


On Tue, 12 Mar 2002, Peter G Capek wrote:

> Very important to remember: this statement would only be true if the
> bits of internal state are independent, as they would be with a properly
> done one-time pad.  The observation that a long key approaches a

A one time pad is typically created from a PRNG fed from a physical
entropy source (say, a cryptohash of noisy /dev/audio, amplified noise of
a junction, etc). We don't know the physical system providing the entropy
is really a RNG (see Fredkin's Finite Nature). The issue is *knowledge*. A
PRNG producing a sequence leaks information about its internal machinery.
All other things being equal, the lower the number of state bits, the
higher the rate of PRNG generation and the longer you watch it, the sooner
it will leak enough to be broken.

All things being equal, the more internal state, the better. Of course,
we don't have proven methods to build block cyphers with lots of internal
state, but this doesn't meant these are doodoo intrinsically.

> one-time pad may be true, but it ignores the reality of generating,
> distributing, and dealing with such a long key, and it's clearly only

The key is just a bit vector. It can be distributed over a secure channel
or via a public key cryptosystem. I'm not sure how a ~MByte of data is a
problem these days.

> true to the extent that key information is used once.  If key bits are
> recycled (even with some fancy feedback shift register to introduce
> apparent complexity), or (much worse) in conjunction with multiple

I don't know why you use "apparent" together with complexity. A fully
reversible discrete system with lots of state and the right Hamiltonian
(cellular automaton, automaton network) only differs from a physical
entropy source that you can predict the sequence -- *if* you know the
state.

> messages, it's a big problem. Read the history of crypto.

I'm not a cryptographer, but I understand the basics of it. I realize the
opinion voiced was dissenting to the crypto mainstream.