|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Wayne L. Kearns (kearns@COLLTECH.COM)
Date: Mon Feb 26 2001 - 14:13:01 CST
Hey all,
Ok, I figure that I'll take first whack at this. The primary implications I
see are:
1. Source- The source must be trusted and must be not be affected by time
delay. The cryptographic is based on the ability of a computer not being able
to hold all of the key in RAM at one particular time. This means that the key
sequence must be received in a timely manner and must not have to be
reassembled from out of order packets. You could have in internal encryption
that draws from some close source of dependable data, such as timing from a
master telco switch ( I have seen/done this{from the techie side}) in which
case if the source were discovered and a data stream could be predicted the
advantage would be lost.
2. Remote Source- It also seems that since this would have to be centralized
and since the key would be pulled from a central source that this method would
be particularly vulnerable to a Man-in-the-Middle attack. I do that sort of
thing all the time to sniff passwords off of a switched network. This would be
a bit more complex... but not much more so because the key would captured
along with the traffic. It also brings into question whether or not the source
itself could be spoofed. Kinda like nabbing someelse's PGP key and putting
yours in their place...
Anyway, I would definitely have to agree that this is nifty but it seems a bit
impractical, esp on the internet. On a closed system it could work. But then
again, how closed is a closed system?
Regards,
{Wayne L. Kearns}<----asbestos coating for junior comments[;-)
Dan Houser wrote:
> OK CISSP holders & hopefuls... time to put on your thinking cap for fun
> discussion of random stream one-time pad encryption:
>
> "[Dr. Michael Rabin, noted cryptographer and] computer science professor at
> Harvard says he has found a way to send coded messages that cannot be
> deciphered, even by an all-powerful adversary with unlimited computing
> power. And, he says, he can prove it."
>
> I thought of 2 big implementation flaws with statements in the article
> about implementing this encryption technology, besides Bruce Schneier's
> enlightened "encryption is a pole in your front yard you hope people will
> run into instead of around" statement (which is also true). Show me yours,
> and I'll show you mine... :^)
>
> For full article: http://www.nytimes.com/2001/02/20/science/20CODE.html
> (You will need to register to get this article from the NY Times, well
> worth the trouble.... their daily technology update is superb)
>
> ddh, cissp, etc.
>
> +--------------------------------------------+
> | You have received this email because you |
> | subscribed to the CISSPSTUDY mailing list. |
> | -- To unsubscribe, send an email to -- |
> | listserv@securityfocus.com |
> | with a message body of: |
> | UNSUBSCRIBE CISSPSTUDY |
> +--------------------------------------------+
+--------------------------------------------+
| You have received this email because you |
| subscribed to the CISSPSTUDY mailing list. |
| -- To unsubscribe, send an email to -- |
| listserv@securityfocus.com |
| with a message body of: |
| UNSUBSCRIBE CISSPSTUDY |
+--------------------------------------------+
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]