Ezzel max nagyobb lesz a cyphertext, több rajta a zaj, a hatékonyság ekvivalens.TCH írta/wrote:
az USA garantáltan nem fog úgy elkódolni valamit, hogy ahhoz kelljen egy ugyanakkora kulcs, mint az adat maga, pláne nem kell nekik olyan kódoló eljárás, ami nyomot (vö. kulcsot) hagy maga után. Persze, hogy nem, van nekik erre hatékony módszerük. Csak arra akartam rávilágítani, hogy nem az érdekli őket, hogy gyors legyen, hanem, hogy nehezen törhető. Az RC, meg ha van mondjuk egy 64 bites kulcs, akkor ugye brute force-szal a támadónak átlagosan 264 / 2 lehetséges seedet kell végigpróbálnia. Elég nagy szám, de máris nem törhetetlen. Ha viszont többször több irányba lett elkódolva akkor már nehezebb a dolga. A One Time Pad esetén viszont fingja nincs, mivel kell xorolni, ha nem tudja a kulcsot. Azt a módszert már fél évszázada kitalálták, és használták is a hidegháborúban az amerikai meg az orosz kémek.
Wikipedia írta/wrote:
For such applications as cryptography, the use of pseudorandom number generators (whether hardware or software or some combination) is insecure. When random values are required in cryptography, the goal is to make a message as hard to crack as possible, by eliminating or obscuring the parameters used to encrypt the message (the key) from the message itself or from the context in which it is carried. Pseudorandom sequences are deterministic and reproducible; all that is required in order to discover and reproduce a pseudorandom sequence is the algorithm used to generate it and the initial seed. So the entire sequence of numbers is only as powerful as the randomly chosen parts - sometimes the algorithm and the seed, but usually only the seed.
There are many examples in cryptographic history of cyphers, otherwise excellent, in which random choices were not random enough and security was lost as a direct consequence. The World War II Japanese PURPLE cypher machine used for diplomatic communications is a good example. It was consistently broken throughout WWII, mostly because the "key values" used were insufficiently random. They had patterns, and those patterns made any intercepted traffic readily decryptable. Had the keys (i. e., the initial settings of the stepping switches in the machine) been made unpredictably (i.e., randomly), that traffic would have been much harder to break, and perhaps even secure in practice.
Users and designers of cryptography are strongly cautioned to treat their randomness needs with the utmost care. Absolutely nothing has changed with the era of computerized cryptography, except that patterns in pseudorandom data are easier to discover than ever before. Randomness is, if anything, more important than ever.
|