Main Area and Open Discussion > General Software Discussion
Truecrypt defeats FBI
Eóin:
I didn't know about that 'purposely corrupting some bytes' trick. But wouldn't you be better off putting that effort into remembering an even stronger password? Seems to me like changing some bytes is like an extension to the password.
Also a question about the effect on the data? I know RSA and probably those like it would succumb to any changed bytes, but wouldn't the like of AES decrypt up to the corrupted portion more or less correctly? Thinking about it, if there is more than one pass over the data then no you probably wouldn't be able to recover anything.
Also - Bruce Schneier says meh to one-time pads
* Bruce found a secure way to reuse a one-time pad.
* Bruce Schneier can crack a one-time pad before it's used.
* At college, Bruce Schneier had his way with so many women that his dorm room was called "The One-Time Pad.".-http://www.schneierfacts.com/
--- End quote ---
Crush:
40hz: An additional encryption-locker would be an interesting idea for some kind of NANY...
mwb1100:
And any encryption system that utilizes a properly implemented One-Time Pad technique is still completely unbreakable using analytic methods.
-40hz (June 28, 2010, 02:29 PM)
--- End quote ---
The problem is that there are very few properly implemented one time pad systems, and certainly none for general purpose desktop use. To properly implement it you need a random key that's as long as what you're encrypting, and you can use the key only once (that's what it's a "one time" pad). And a computer's pseudo-random number generator isn't really good enough to generate the keys.
The advantage of the one time pad is that it's provable secure (if you adhere to the requirements) - any output message is just as likely as any other, so there's no way for an attacker to know if they've 'cracked' the right message.
The problem with one time pad is key management - storing the key securely is as much a problem as storing the data you want secured. Add to that the problem of creating the key properly. When used incorrectly (if you don't produce, secure and use the key properly), the one-time pad is probably about the easiest encryption scheme to break.
So one time pads are generally only useful for short messages between 2 parties, no so much for storing data securely (since you have to store the key securely as well).
So anyone looking at encryption software that claims to use one-time pad would be wise to steer clear.
40hz:
@mwb1100 - All good points, although since there are many publicly available resources for obtaining true random numbers, that part isn't really a problem.
Note: I'm not advocating one-time pad cryptography. It's basically unworkable for anything other than short messages, as you pointed out. I was just mentioning it as the one cryptographic system that is mathematically known to be 100% unbreakable if implemented properly. At least as far as our current mathematics can determine.
40hz: An additional encryption-locker would be an interesting idea for some kind of NANY...
-Crush (June 28, 2010, 04:01 PM)
--- End quote ---
Would be. If I could code worth a penny, I might be tempted to try writing something like that. Unfortunately, many things have taught me that application coding is not where my talents lie. ;D
Crush:
40hz: I´ll do it. Tell me your wishes for such a program.
mwb1100: I made a file-encryptor with implemented OTP that has a hardware radioactivity as a source for pure randomness: Crush Cryptonizer
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version