←back to thread

Code that helped end Apartheid

(www.wired.com)
358 points impish9208 | 2 comments | 18 Oct 24 13:05 UTC | HN request time: 0.002s | source
Show context
LeifCarrotson ◴[18 Oct 24 15:33 UTC] No.41880363[source]
Interesting how the PKZIP password-protected compressed file is now easily decrypted in <5 minutes, but the original one-time pad is still as mathematically robust as ever.

We could have had a very different history if they'd used DES or RC2 for encryption!

replies(2): >>41880875 #>>41884073 #
rtkwe ◴[18 Oct 24 16:22 UTC] No.41880875[source]
One time pads used properly are theoretically perfectly unbreakable. The problem is making sure no one ever uses the same 'pad'/keystream twice, that your pad generation is actually random, and that the pads never fall into the hands of your adversaries. (or if they do you've been diligent about completely destroying the used pads and the other end of your communications doesn't use the captured set of pads) They're just not very good at anything other than point to point secret passing and require a real world connection to distribute.

So much of symmetric key cryptography is just trying to find creative ways of creating and recreating 'one time pads' so we can distribute the key material instead of the pads themselves.

replies(1): >>41880989 #
janzer ◴[18 Oct 24 16:32 UTC] No.41880989[source]
> that your pad generation is actually random

The one thing that stood out to me with the original blog post and a quick glance at the code was that it appeared as if the pad was certainly not actually random.

Could anyone that has actually understood it a bit more confirm or reject this?

Edit: It seems that the random generation can be found starting here https://github.com/Vulacode/RANDOM/blob/d6a1a1d694b22e6a115b... With three methods, one (RAND2) seems to use the basic interpreter rng more or less directly and the other two seem to be fairly simple prngs seeded from the basic interpreter's rng.

I don't actually know what the state of basic interpreter rngs was in the early '80s but I would be fairly surprised if they're anything that is secure.

replies(2): >>41881412 #>>41886790 #
rtkwe ◴[18 Oct 24 17:12 UTC] No.41881412[source]
At the time PRNG was probably good enough. I wouldn't want to go up against the NSA today using the same entropy source but against South Africa decades ago it was probably good enough. Even knowing what PRNG source the original noise came from it'd take a hell of a lot of guess and check with cribs to come close to guessing the seed for the PRNG. That would be my first crack at breaking a OTP I knew was generated with a particular PRNG at least as a casual student of the craft. Generate huge amount of noise for the possible seeds and see if any names like "Mandela" or other known leaders suddenly pops out of intercepted messages starting at different points in the noise stream (and see if the rest of the message makes any sense when that does happen).
replies(1): >>41881669 #
janzer ◴[18 Oct 24 17:37 UTC] No.41881669[source]
If the PRNG is good enough then shipping floppies full of PRNG output is very much unnecessary. Simply send the seeds used to initialize the PRNG thereby fitting many (~180k of them on a 720kb floppy) seeds on one floppy and save your couriers a lot of risk.
replies(3): >>41882824 #>>41883991 #>>41886028 #
1. sdenton4 ◴[18 Oct 24 19:46 UTC] No.41882824[source]
Encode the seed in the arrangement of a deck of cards... shuffle to delete.
replies(1): >>41883129 #
2. rtkwe ◴[18 Oct 24 20:23 UTC] No.41883129[source]
The card deck can be the key and the encryption mechanism too with Solitare. It's not secure for longer messages but it should be sufficient for short messages. It's a delicate method though because if you mess up it can be difficult to impossible to recover the proper state of the deck.

https://en.wikipedia.org/wiki/Solitaire_(cipher)