Sennadar Forums

shadowhawk wrote: No, I'm talking about Verdano (?) cipher. The one where the random key is the length of the message, and you encode the message by XORing key and message. But both parties have to have the key, and no one else. And the key should be used only once.

I havn't heard of the Verdano cipher previously, but if it's only using a "random" use-once key the size of the message, and XORing key+message, it is just a derivation of a one-time-pad, albeit digital.  

It basicly boils down to this: The security of the cipher is only as secure as your random key generator. The random number generators inside your PC whilst they may seem random - given enough data are fairly predictable.

There are now some random number generators which appear to be truely random - but they require some hardware bits to be added to your PC.

spec8472 wrote:I havn't heard of the Verdano cipher previously, but if it's only using a "random" use-once key the size of the message, and XORing key+message, it is just a derivation of a one-time-pad, albeit digital.  

It basicly boils down to this: The security of the cipher is only as secure as your random key generator. The random number generators inside your PC whilst they may seem random - given enough data are fairly predictable.

There are now some random number generators which appear to be truely random - but they require some hardware bits to be added to your PC.

I didn't know that name (one-time-pad) but I think we are talking about the same thing. I don't know about using pseudo-random deterministic generators, but there are some tests of randomness, and some generators are very good. Theoretically I think that the 'true' key is the rendom generator seed, so you don't need to guess generated sequence, only the generator seed.

There are some sources of randomness in the computer (noise mostly); while I think the only proven truly random are quantum phenomena like radioactive atoms decay it is believed that "thermal" noise is good enough for ciphers. In Linux one have /dev/random device for such use:

The  random  number  generator  gathers environmental noise from device drivers and other sources into an entropy  pool.   The  generator  also keeps  an  estimate  of  the  number of bit of the noise in the entropy pool.  From this entropy pool random numbers are created.

OK, I think we've gotten slightly off topic here...