Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Totally Random One Time Pads

Zonk posted more than 8 years ago | from the random-is-as-random-does dept.

265

liliafan writes "Scientists in Japan have come up with a way of harnessing a truly random datasource for generating one time encryption pads: Quasars. One time encryption pads are widely accepted as being the most secure form of encryption, but this new technology from the National Institute of Information and Communications Technology makes the pads even more secure."

cancel ×

265 comments

Sorry! There are no comments related to the filter you selected.

Dupe (5, Informative)

TheComputerMutt.ca (907022) | more than 8 years ago | (#15030727)

This is a dupe of almost the same story from the same source [slashdot.org] .

Re:Dupe (5, Funny)

suso (153703) | more than 8 years ago | (#15030749)

So its not truely a one time pad then.

Re:Dupe (4, Funny)

koh (124962) | more than 8 years ago | (#15030784)

This is a dupe of almost the same story from the same source.

If you had read TFA, you would know they use Slashdot feeds as an entropy source for their one-time pads. They do report problems though, since during a recent test run they noticed 42% of their one-time pads were effectively equal...

Hack (2, Interesting)

Catskul (323619) | more than 8 years ago | (#15030790)

It sounds like a great idea, but it might be easy to subvert. All I have to do is overwhelm the signal and get the target to use my (or null) one time pad, and I will be able to decrypt. Hell I can even make my one time pad *look* random, and they'd likely never notice. While I'm at it I can do it from a satellite and not have to get near their antenna.

Re:Hack (1)

XenoRyet (824514) | more than 8 years ago | (#15030830)

I would hope they had protections against that sort of thing. But you do have a very interesting idea there, I wonder if it could be made to work.

Re:Hack (1)

Loconut1389 (455297) | more than 8 years ago | (#15030878)

Or find out which quasar is their source and listen, then you have the same dataset and it is only a matter of figuring out where they started using it for OTP. Though transmission 'errors' or rather detection errors could skew the result. Figuring out their sample rate, and exact point to start the sample would be next to impossible I suppose.. But in theory it is a weakness. Enough social engineering or background research might turn up that kind of information (espionage?). Again, what my receiver says is a 1 may not be what your receiver says, based on power at your position, etc... So who know...

Re:Hack (1)

jspoon (585173) | more than 8 years ago | (#15030901)

"...transmission 'errors' or rather detection errors could skew the result... ...Again, what my receiver says is a 1 may not be what your receiver says, based on power at your position, etc... So who know..."

They'd have to find a way to avoid this themselves, since the sender and receiver will most likely be in different locations and might have to use different equipment.

Re:Dupe (1)

techno-vampire (666512) | more than 8 years ago | (#15030964)

Not only is it a dupe, the other story's still on the front page. Editors, edit thyselves!

FIRST POST (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15030732)

I've been on Slashdot for five years and have witnessed the extreme faggotry with my own tired eyes.

Rob Malda's faggot cock has been in and out of so many geeks it's not funny. No, I'm serious, don't laugh. Kathleen Fent (sounds like bent) is obviously his beard so he can enjoy the benefits of marriage while still exploring the rectums of Linux faggots ther world over.

Alan "Anal" Cox, the TCP/IP coder for the Linux kernel, solicits gay sex from underage Linux enthusiasts using GAIM (sounds like gay-m). After convincing smooth young innocent man-boys to share the beauty of their hairlessness with him, Alan rapes them in his shower while asking them if they noticed better network performance in other operating systems, shoving whole bars of soap up their asses if they answer in the affimrative.

ESR, the redheaded anthropologist of the Open Source movement, douches his colon nightly with a special Jagermeister enema. He also takes pictures of his thin, erect penis and hairy red balls and posts them to comp.linux.teens where he trolls for unsuspecting victims in his depraved anus games. No butt-crack is safe with Eric S. Raymond on the loose!

Richard M. Stallman, Hassidic Jew and leader of the Free Software Foundation, took a vow of abstinence in 1984. His loyal army of GNU coders take his word as gospel and interpret the GNU toolset as homosexual instructions for building faggot communist sex software. After twenty years, RMS's insidious plans to seed the Earth with gay hippy values is coming to fruition in millions of mothers basements worldwide.

Hmm... (3, Funny)

fishybell (516991) | more than 8 years ago | (#15030738)

Where can I buy one of these new fangled quasars anyway?

From what I hear, I'll probably be able to save on my heating bills too.

Re:Hmm... (1)

ScrewMaster (602015) | more than 8 years ago | (#15030809)

The entire Solar System could save on heating bills.

Re:Hmm... (1)

atheist666 (525252) | more than 8 years ago | (#15030893)

Not in my backyard,are you going to have a Quasar.
I heard one hypothesis of why there aren't a zillion alien civilizations out there is that every once in awhile, a Quasar toasts huge swaths of the universe.

One Time Pads... (5, Funny)

Anonymous Coward | more than 8 years ago | (#15030740)

Women have had those forever...

Re:One Time Pads... (0)

Anonymous Coward | more than 8 years ago | (#15031029)

Yes, but they also have no penis. I repeat: they have absolutely no penis. I was truly shocked when I accidentally discovered this issue at the age of 43 when ass-raping a stranger, who turned out to be one of that specific gender.

Instead of a normal penis, he had nothing. A traumatic experience for me and my dog, indeed.

Re:One Time Pads... (1, Informative)

Anonymous Coward | more than 8 years ago | (#15031031)

No, only since the middle of the century or so.

Before then, they used multiple-use rags. And smart women are starting to go [gladrags.com] back [lunapads.com] to them [bigstep.com] .

Re:One Time Pads... (1)

g0at (135364) | more than 8 years ago | (#15031047)

Hahahaha... +4 Insightful instead of Funny? This really is slashdot...

-b

Re:One Time Pads... (1)

Calyth (168525) | more than 8 years ago | (#15031059)

But most of those women were pretty regular, I would assume.

Has To Be Said (1, Funny)

Naked Chef (626614) | more than 8 years ago | (#15030741)

I for one welcome our new one-time overlords...

Re:Has To Be Said (0)

Anonymous Coward | more than 8 years ago | (#15030754)

They look more like two-timing overlords from where I'm standing.

Re:Has To Be Said (0)

Anonymous Coward | more than 8 years ago | (#15030827)

No, really, it doesn't need to be said. Stop with the stupid welcoming overlords crap.

cracking this would be useful (2, Interesting)

caffeinemessiah (918089) | more than 8 years ago | (#15030747)

if this is ever widely accepted, it seems that the inevitable deluge of security researchers trying to find predictability in the patterns would be a beneficial thing. if one ever comes close to succeeding, sure your credit card details could be stolen, but we'd understand the universe a tiny little bit better...

Re:cracking this would be useful (0)

Anonymous Coward | more than 8 years ago | (#15030766)


Way to make a pointless and obvious post in your effort to karma whore.

Re:cracking this would be useful (1)

caffeinemessiah (918089) | more than 8 years ago | (#15031019)

"karma whore"?? wow you really need to get a life...

Re:cracking this would be useful (0)

Anonymous Coward | more than 8 years ago | (#15031070)


Sure, Mr. "I have a 900K+ UID and think I'm l337"

Begone with your faggotry, Karma Whore.

Re:cracking this would be useful (0)

Anonymous Coward | more than 8 years ago | (#15031088)

I think his post was actually quite interesting as it touched on an aspect of the story one might not have thought of.

Old technology... (1)

creimer (824291) | more than 8 years ago | (#15030758)

Isn't quartz technology currently being used for timing applications? :P

Re:Old technology... (0)

Anonymous Coward | more than 8 years ago | (#15030912)

http://www.phys.vt.edu/~jhs/faq/quasars.html [vt.edu]

If you're thinking of quartz crystals, then you're probably thinking of digital timing devices. I'm pretty sure that quasars are totally different.

Re:Old technology... (1)

HTL2001 (836298) | more than 8 years ago | (#15030983)

looks like you should have used the iPod volume limiter [slashdot.org] to prevent those hearing problems...

Re:Old technology... (2, Funny)

Mr. Underbridge (666784) | more than 8 years ago | (#15031086)

Isn't quartz technology currently being used for timing applications? :P

Time to check the prescription on your reading glasses there Pops.

So what? (3, Interesting)

rsw (70577) | more than 8 years ago | (#15030763)

Getting randomness isn't interesting. Thermal noise is truly random, perfectly white, and easy to generate---it's as hard as passing a current through a resistor. Want more noise power? Avalanche breakdown, with appropriate whitening, works fine.

Unless they've come up with an interesting way for two people in disparate locations to observe the same quasar and both independently observe the same random phenomena in a way which reliably and securely gives them access to the pad with no communication channel between them, this just isn't interesting.

-rsw

Re:So what? (1)

hogghogg (791053) | more than 8 years ago | (#15030840)

I agree -- the article says that the signal can be transmitted "over the internet" but isn't that just the same as transmitting any white noise source over the internet, without the expense of a radio observatory?

Re:So what? (4, Informative)

homer_ca (144738) | more than 8 years ago | (#15030883)

Actually it's worse than that. From TFA:

Each communicating party would only need to know which quasar to monitor and when to start in order to encrypt and decrypt a message.


The name of the quasar and time to start monitoring are the cryptographic keys. That doesn't sound like a lot of bits in the keyspace.

Re:So what? (5, Informative)

interiot (50685) | more than 8 years ago | (#15030975)

The name of the quasar and time to start monitoring are the cryptographic keys. That doesn't sound like a lot of bits in the keyspace.
Yes, but it's more secure than other keys, because the only way to attack it is to steal the keys before the time that the quasar is monitored. If an attacker discovers the keys afterwards, the key is useless.

Also, the keyspace is larger than you think... the article mentions that quasars have a very broad frequency spectrum. So, #quasars (that are visible to both) X monitoring-time-choices X monitoring-frequency-choices may result in a large-ish keyspace (or, at the very least, means that it may be physically extremely expensive to try to decrypt a message against all possible keys).

Do the keys narrow down the geographic space (1)

grahamsz (150076) | more than 8 years ago | (#15030990)

It would seem that if you intercept a set of keys that specify a certain quasar and a certain start time then you could establish a geographic region that encompassed both the sender and receiver.

Re:So what? (2, Insightful)

homer_ca (144738) | more than 8 years ago | (#15031035)

OK, even if the keyspace is pretty large, what you have now is a symmetrical cipher. You still have to distribute that key securely.

Re:So what? (1)

interiot (50685) | more than 8 years ago | (#15031082)

... So you distribute that key via assymetric encryption, very soon before you send the actual message. That narrows the keyspace a bit, but means that if the attacker doesn't have the computing power to brute-force the assymetric encryption between the time that the key is sent, and the time that the quasar is monitored, that the attacker has failed.

In other words, it makes it exceedingly difficult to brute-force, even for well-funded governments, so dedicated attackers will almost certainly use other methods to break the encryption.

Re:So what? (2, Insightful)

GlassHeart (579618) | more than 8 years ago | (#15031123)

So you distribute that key via assymetric encryption, very soon before you send the actual message. That narrows the keyspace a bit, but means that if the attacker doesn't have the computing power to brute-force the assymetric encryption between the time that the key is sent, and the time that the quasar is monitored, that the attacker has failed.

I start monitoring as many quasars as I can the moment I intercept the key message. That way, when I finally decode the key message I can also read the actual message. The secrecy of your message then depends on whether my choices of quasars get lucky, which is not nearly as good as a real one-time pad.

Re:So what? (1)

interiot (50685) | more than 8 years ago | (#15031124)

Though that's assuming that it's very expensive to record the wide-band transmissions of all quasars in the visible sky... is that true, or not?

Re:So what? (2, Informative)

mal0rd (323126) | more than 8 years ago | (#15031126)

This is not like other forms of encyption where the attacker to brute force by going through all the possible keys after the fact. With all the telescopes and camera on earth, we can only monitor about 2% of the visible sky. So a single cracker can't possibly record the data from every quasar all the time, or even a small percentage of them. So even though the keyspace is small, the attacker only gets to make a few gueses.

Let's say the communicators choose the least secure method and publish the exact time they will start recording the one time pad from the quasar. And assume the attacker can only monitor 1e-9 percent of the quasars at once. Then they have a fairly good chance of remaining undetected.

Now if they just keep recording from that quasar for the entire session, the cracker could try lots of different stars over time and see which on matches. But enryption often uses cipher-block chaining, where the unecrypted data from earlier in the session is used to encrypt the next block in addition to the shared secret. If they did this the attacker would have no hope of breaking the encryption unless he gets lucky on the first transmission.

Re:So what? (1)

cinnamoninja (958754) | more than 8 years ago | (#15030892)

From the article:

Umeno and his colleagues suggest using an agreed quasar radio signal to add randomness to a stream cipher - a method of encrypting information at high speed.

Each communicating party would only need to know which quasar to monitor and when to start in order to encrypt and decrypt a message. Without knowing the target quasar and time an eavesdropper should be unable to decrypt the message.


Both parties having access to same source of randomness is exactly what they're talking about here. Essentially this means that the radio signal choice is their shared private key.

Ok, this seems pretty easily brute forceable. How big can the key space of all possible radio signals be?

Cinnamon

Re:So what? (1)

mishmash (585101) | more than 8 years ago | (#15030957)

According to Quasar [wikipedia.org] there are several hundred known Quasars.

Re:So what? (2, Insightful)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#15031056)

If the two communicating parties have to agee on a particular time to start observing they need to synchronize their clocks. The most practical approach is GPS. Figure 10-100 nanoseconds of timing resolution. If an adversary can guess to within three years when you started observing, there are 1E15 to 1E16 possible starting times. There's 50 bits, if there are a thousand QSO's we add 10 bits, so they've got the equivalent of a 60-bit private key.

Worse, this scheme doesn't let you get forward secrecy. In a conventional one-time pad you destroy the keying material after you use it. What are these people going to do, destroy quasars retroactively? Copyright QSO recordings and stage DMCA raids periodically?

Worse yet, someone pointed out (who? I want to give you credit) that an active adversary could trivially inject fake signals into your radio telescopes and control the contents of your one time pad.

Re:So what? (1)

8.012 (34665) | more than 8 years ago | (#15030997)

Presumably, that is what they have. It shouldn't be too hard for endpoints a few thousand kilometers apart to receive the "same" signal from a many-lightyear-distant quasar.

The problem is that the same one-time-pad is also easily available to wiretappers - all they need to do is guess which quasar you're using, much easier than guessing which of 2^256 AES keys you're using. Adding in the additional factor of a shared start-time (i.e. record, then use) helps, but probably not enough.

Assuming 10^9 suitable quasars, and a millisecond-resolution start time within a month-delay (1000*3600*24*30), we have only 3*10^18 possible streams, which is only about 64bits. I expect the real numbers would be much lower, and thus more breakable.

Re:So what? (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15031137)

It's not truly random - it is subject to statistical analysis and the physical constraints of the resistor. Implement that avalanche breakdown wrong and that introduces a weakness. Show me or any mathematician 'appropriate whitening' - if you can appropriately whiten a random set, it's not truly random, now is it?
All algorithmic approaches to generating true randomness are fundamentally wrongdoing.
The question is, is a jittery thermal source in our backyard more or less random, more or less signatory, than one that occurred billions of years ago?

Lava Lamps (1, Interesting)

NitsujTPU (19263) | more than 8 years ago | (#15030768)

The coolest random number generator ever.

http://www.lavarnd.org/ [lavarnd.org]

Re:Lava Lamps (0)

Anonymous Coward | more than 8 years ago | (#15030882)

I read in 'When Things Start To Think' by Neil Gerschenfeld that lava lamps can't actually be used that way, since the patterns they generate turn out to have a certain level of regularity. He did say (as somebody else here just did) something about the thermal radiation of a resistor being a better generator of randomness (I think, not sure exactly what it was).

Xl6oUBY (5, Funny)

Entropy (6967) | more than 8 years ago | (#15030770)

i147 F7b AIQzC9 7kXTA8TzJ Vl LcYxkN FXkCFA Ev4Lpwjk2 A0Jy7flvj phOlaTF 3S Z0uPk kP 5RKMkQ 5U5oZPW FzA f rj4FB 4vrI ZWr dovA6W l CS6

Re:Xl6oUBY (2, Insightful)

Tackhead (54550) | more than 8 years ago | (#15030806)

> i147 F7b AIQzC9 7kXTA8TzJ Vl LcYxkN FXkCFA Ev4Lpwjk2 A0Jy7flvj phOlaTF 3S Z0uPk kP 5RKMkQ 5U5oZPW FzA f rj4FB 4vrI ZWr dovA6W l CS6

"'Impossible to predict', my 4vrI, you insensitive CS6!"

You forgot that the LcYxkN (who live in the disc, at a 90-degree angle from the jet of 3C273, and who escaped the blast) have developed faster-than-light communication.

Re:Xl6oUBY (4, Funny)

Guppy06 (410832) | more than 8 years ago | (#15031027)

Mom, hang up the phone! I'm trying to play VGA Planets!

Not a one time pad... (0)

Anonymous Coward | more than 8 years ago | (#15030779)

A one time pad is supposed to be a shared secret between only the two communicating parties.

This is a system with a given quasar, and a given start time as a cipher.

It suffers from the same set of potential attacks that any other public datastream with an unknown origin point suffers.

If you were going to use such a method,you could, say, choose a random digit of PI as a a starting point for your transmission, and encrypt using susequent bits that way; but that method isn't as unbreakable as a one time pad, and neither is this.

This is just a quirky way to get attention paid to quasars.

not so sure about this (3, Interesting)

argoff (142580) | more than 8 years ago | (#15030780)

I imagine someone who wanted to could buy enough equiptment to record all known quasar emmissions and store them
or try them against encrypted data streams. A million quasars with 5000 possible frequencies each, wouldn't be that
much for a computer to churn thru. In a way, it almost seems like security thru obscurity.

Re:not so sure about this (1)

ZombieWomble (893157) | more than 8 years ago | (#15030962)

And of course, you need to work out the exact moment the observation starts at. An offset of even a single bit will give you nonsense, that's the idea behind the pad. The keyspace offered by a million quasars, 5000 possible frequencies, and an almost arbitrarily fine time sampling is pretty vast.

Re:not so sure about this (3, Insightful)

kingkade (584184) | more than 8 years ago | (#15031064)

The keyspace offered by a million quasars, 5000 possible frequencies, and an almost arbitrarily fine time sampling is pretty vast.

The point is how do you get those parameters to the other party secretly? This is the same problem as giving them a one-time pad generated any random way. I think the point is that you can get randomness but the previous problem will always exist.

Makes the pads even more secure (0)

Anonymous Coward | more than 8 years ago | (#15030786)

By killing everyone in an entire galaxy!?!?

Now they only have to fix the problem of preserving the recipient.

Actual advancement (5, Insightful)

flooey (695860) | more than 8 years ago | (#15030789)

The summary for this article is a little misleading. One time pads aren't new, and good sources of natural randomness aren't new either.

The interesting part of this article is the fact that quasars could be used as a natural source of randomness for one time pads, yet can be accessed by both parties simultaneously. The historical problem with one time pads (and the reason they're rarely used in practice) is that it's a huge pain to distibute sufficient random data to all parties involved in a communication. Being able to use a natural source of randomness that's available to everyone at once would be a major increase in the usability of one time pads.

Re:Actual advancement (0)

Anonymous Coward | more than 8 years ago | (#15030910)

a natural source of randomness that's available to everyone as your choice of OTP would also be a very poor reason to use it as an OTP as everyone could decrypt it.

Re:Actual advancement (1)

vertinox (846076) | more than 8 years ago | (#15030914)

Being able to use a natural source of randomness that's available to everyone at once would be a major increase in the usability of one time pads.

Including Eve ;)

Sorry inside Alice and Bob [wikipedia.org] encryption humor.

almost there (1)

morcheeba (260908) | more than 8 years ago | (#15030800)

So, the quasar is effectively transmitting the decryption key. Great! -- Now all you need to do is prevent everyone in the world except your intended recipient from seeing it.

Re:almost there (2, Informative)

PitaBred (632671) | more than 8 years ago | (#15030861)

Naah. Just prevent everyone except the intended recipient from knowing when you're recording it for the OTP. Much easier problem.

Finally! (4, Funny)

loconet (415875) | more than 8 years ago | (#15030801)

...harnessing a truly random datasource

Wow, they finally managed to tap into my girlfriend's mood neurons?
 

Re:Finally! (0)

Anonymous Coward | more than 8 years ago | (#15030991)

Girlfriend? You must be new here.

Code already broken (1)

Roadkills-R-Us (122219) | more than 8 years ago | (#15031040)

Man, you really need to get a secret decoder ring.

They go by the name of "Mood Ring".

And so I broke the code of both your girlfriend *and* the quasars.

Next?

How is this secure? (3, Insightful)

Zadaz (950521) | more than 8 years ago | (#15030810)

How does this increase security? It's not like quasars are private property. Anyone can look at 'em...

Re:How is this secure? (1)

starwed (735423) | more than 8 years ago | (#15030854)

Exept, no. The equipment to measure their transmissions is a little hard to come by. (You should price radio telescopes sometime. ^_^)

Re:How is this secure? (2, Insightful)

Zadaz (950521) | more than 8 years ago | (#15030876)

It seems to me if I have a spare radio telescope to encrypt with, I'm probably sending messages that other radio telescope owners would be interested in.

Am I missing something? (2, Insightful)

brian0918 (638904) | more than 8 years ago | (#15030817)

How is this more secure than one-time pads? Whereas only the two parties involved have access to one-time pads, everyone has access to quasar radiation. The two users still have to tell eachother where to look and when, and that information is all someone would need to crack the message. The only way it could be more secure is if the coordinates are only available on one-time pads, in which case you're basically saying that code breakers have to go out and buy an antenna....

Re:Am I missing something? (1)

LuminaireX (949185) | more than 8 years ago | (#15030834)

I think the intent of the article was to explain the use of quasars in generating OTP's, not replacing them.

Re:Am I missing something? (1)

flooey (695860) | more than 8 years ago | (#15030848)

How is this more secure than one-time pads?

It's not (and it can't be, properly used one time pads are perfectly secure). What this does, though, is make it so that you could use a one time pad without predistributing huge blocks of random data. That makes one time pads quite a bit more usable in real world applications.

That's not randomness at all (2, Interesting)

LuminaireX (949185) | more than 8 years ago | (#15030820)

That's not randomness at all. It only seems random because they don't have a model currently to describe quasar behavior. Thus, they're confusing randomness with unpredictability - just because one can't predict what will happen in the next n instances doesn't make it random. What's to say some brilliant scientist won't come along in the near future with a model predicting quasar behavior?

Re:That's not randomness at all (3, Interesting)

Eric Smith (4379) | more than 8 years ago | (#15030860)

That's not randomness at all. It only seems random
An interesting assertion, but without any backing evidence.
they're confusing randomness with unpredictability
There isn't any particularly better definition of randomness than "unpredicability". Some things are more unpredicable than others. Some things can even be proven to be unpredictable; for instance, the Blum-Blum-Shub PRNG has been proven to be unpredictable if you don't have a copy of its internal state, because it is mathematically intractable to derive the state from the output.

It seems unlikely that it will become possible to predict the behavior of quasars as you suggest; we can't even accurately predict the weather on earth, which is a much smaller system than a quasar. For that matter, we can't predict the detailed behavior of a lava lamp, making that a reasonable source of random numbers (but patented!).

Re:That's not randomness at all (1)

slavemowgli (585321) | more than 8 years ago | (#15031043)

Some things can even be proven to be unpredictable; for instance, the Blum-Blum-Shub PRNG has been proven to be unpredictable if you don't have a copy of its internal state, because it is mathematically intractable to derive the state from the output.

Not quite true: it's been proven that telling apart the bits output by a BBS PRNG from truly random bits is at least as difficult as integer factorisation. Of course, that's still better than most other PRNGs, and generally good enough.

Re:That's not randomness at all (1)

AlterTick (665659) | more than 8 years ago | (#15031033)

That's not randomness at all. It only seems random because they don't have a model currently to describe quasar behavior.

You're not hungry, you just think you're hungry.

Seriously, given an accurate model of how it's generated, nothing is random. Randomness is totally subjective. Nothing is ever truly random.

Re:That's not randomness at all (1)

LokiSteve (557281) | more than 8 years ago | (#15031074)

"What's to say some brilliant scientist won't come along in the near future with a model predicting quasar behavior?"

Or a lucky idiot.

Obligatory alien plot comment (1)

behindthewall (231520) | more than 8 years ago | (#15030825)

Mothership, phaser/plasma/gamma/mind-control rays, incubating larvae, tastes good with ketchup (catsup, whatever), and all that...

Oh, and "They've got our codes!"

Sigh. When will Earth ever learn?

Neat idea, not practical (1)

SamMichaels (213605) | more than 8 years ago | (#15030832)

There are plenty of sources closer to us that require less bells of whistles. Thermal (amplifier) noise [comscire.com] ? Radioactive decay [fourmilab.ch] ?

Read. [random.org]

or IPKI (3, Funny)

gadzook33 (740455) | more than 8 years ago | (#15030839)

Intergalactic Public Key Infrastructure

Coins (1)

mtenhagen (450608) | more than 8 years ago | (#15030856)

I've got a random number generator in my wallet.

Just flip a coin.

This article and research is utterly useless and therefor logicaly patented.

overkill (1)

gadzook33 (740455) | more than 8 years ago | (#15030859)

Interesting that they picked OTP since you need a random source for all key generation. Anyway, this is overkill in the extreme. While generating good random numbers is tricky, it's perfectly possible with sources right here at home. If you want really good numbers, use something like thermal noise. If you want good numbers, use /dev/random. Either way it's a question of estimating the number of bits of entropy you have collected. That isn't straight-forward but it's perfectly possible. And a lot easier than trying to guarantee you get one bit of entropy per bit collected by carrying a radio telescope around with you.

Getting the OTP around is the hard part. (1)

caluml (551744) | more than 8 years ago | (#15030869)

Trouble is, is if you have a secure method for getting the copy of the one time pad to the other person, you might as well have sent the thing you're encrypting. (Unless you do it in advance, and store it completely securely, and destroy it the moment it is used. And it's not much use for network traffic - a 650MB CD of random data lasts only minutes on a 10Mbit link. And you cannot reuse it without seriously compromising the security of the encryption).

Re:Getting the OTP around is the hard part. (1)

Locke2005 (849178) | more than 8 years ago | (#15030944)

You're missing the point -- it solves the OTP distribution problem, because once a specific quasar and time period is known, the OTP can be generated simultaneously by all participants. Of course, this would be possible with almost any astronomical source of random data, not just quasars. Once all the partipants know which quasar to use and how to use it, there is a virtually infinite source of OTP random bits.

Re:Getting the OTP around is the hard part. (1)

TheRaven64 (641858) | more than 8 years ago | (#15031028)

Then problem with a one time pad is that you need to transmit a phenomenal amount of data. The pad size must be equal to the length of the message multiplied by the number of different characters in your character set. One solution to this is to generate the pads algorithmically, using a true random source as your input. If you record the random source, then both parties can generate the same pads. This means that you can transmit a slightly smaller amount of data for the pads.

The advantage of this approach is that now they don't even need to transmit the random data. Instead, they transmit the location of a quasar to use, the time at which it should be used, and the frequency. Since this amount of information is relatively small, only a small one time pad needs to be exchanged in order to permit the exchange of this information. Once both sides have the same random source, they can keep generating the same one time pads, and use these to exchange messages much larger than the amount of data they needed to securely exchange initially.

While this is a nice idea, it is potentially vulnerable to a known plaintext attack. An attacker with the ability to record the output from all known quasars could compare a known ciphertext to a known plaintext encrypted with each potential key. The search space for this is, however, huge and I suspect it will be some time before it becomes feasible.

Why not use white noise? (1)

Yartrebo (690383) | more than 8 years ago | (#15030873)

What's so bad with using the randomly fluctuating voltage in a wire or the current in a conducting loop as a source of random data. This could be implemented as part of an integrated circuit and could cost a fraction of a cent per copy.

If you need protection against willful interference, put a faraday cage around it, which is not hard at all to do using lithography.

An added advantage is that random bits can be generated by the billions per second, and is limited only by the sampling rate of the voltmeter.

Oh no. Not again. (2, Insightful)

hhr (909621) | more than 8 years ago | (#15030900)

One Time Pads may be the most secure form of encryption, but they are *not* the most secure way to protect your secrets.

Time and time again, security breaks down because of the way people treat their keys, not because the encryption algorithm is week.

With a one time pad, you need to keep a copy of the pad with everyone who wants access to the data. Compare that to Public Key Crypto where you can keep your private key in one secure spot and distribute your public key widely.

Or how about session keys (Diffie Hellman for example)... single use keys that only you and your partner have access to. How good is that! And you don't need to transfer and secure your OTP to use them!

A Cheap Soundcard ... (0)

Anonymous Coward | more than 8 years ago | (#15030913)

with poor electronics sure can be noisy and hence random, maybe it is good competition to comic noise...
http://ourworld.compuserve.com/homepages/geoffreyp ark/ [compuserve.com]

Fucking sanitary towels ... (0)

Anonymous Coward | more than 8 years ago | (#15030936)

Bloody hell, come on, less of these 'one time pads' stories here, there's hardly any girls, and they can sort it out themselves if they have an issue with the security.

And Quasars? What happened to the good old lunar timing?

One time pads are _NOT_ secure, asswit (0, Flamebait)

Lord Bitman (95493) | more than 8 years ago | (#15030937)

there's more than one level of security. One time pads are one of the least secure methods of secure communication, for obvious reasons.

Re:One time pads are _NOT_ secure, asswit (1)

blahtree (55190) | more than 8 years ago | (#15031122)

For those that don't know, here are the rules when using one-time pads.

1. One time pads must be random. Not "random enough", but random.
2. Do not re-use one time pads. Ever.
3. Since both parties that want to communicate are going to need the same one-time pad, that one-time pad must be shared securely.

#3 is probably what Lord Bitman is refering to when he says "One time pads are one of the least secure methods of secure communication." This is a problem with many forms of encryption called the key transfer problem.

Even despite these limitations, I wouldn't call one time pads one of the least secure methods of secure communication. DES, 3DES, and in fact any form of symmetric encryption have the same problem.

The key transfer problem certainly isn't insurmountable.

A common use for OTPs - Numbers Stations (2, Informative)

ChePibe (882378) | more than 8 years ago | (#15030949)

Some here may not be familiar with the uses of an OTP, so here's a common use:

In order for an intelligence agency to communicate with an asset overseas, spy agencies must often use methods of communication that cannot be easily traced (duh). Passing a message along via e-mail, phone, or a one-to-one meeting can easily be tracked, creating lots of problems for everyone in the loop.

Therefore, many intelligence agencies did (and still) use OTPs and "Numbers Stations" - shortwave radio stations that blast out a seemingly senseless series of numbers at regular intervals and frequencies. This method gets messages and instructions to your assets without betraying who the recipient of the message is.

The beauty is that the asset only needs a cheap, readily available shortwave radio and a OTP, which can be concealed in virtually anything (some were created that could even be affixed to the back of stamps, others were hidden in toothpaste tubes, etc. The agent then responds with a seemingly inocuous method, a "wrong number code", a mark on a wall near where an intelligence officer drives, etc.

The problem, of course, rests in getting OTPs to the asset and ensuring they aren't compromised. But, assuming they are passed and handled securely, there's no problem at all.

More information on Wikipedia [wikipedia.org]

Re:A common use for OTPs - Numbers Stations (0)

Anonymous Coward | more than 8 years ago | (#15031135)

well, if you can securely transmit the OTP, why not just securetly transmit the darn plaintext? You know that the OTP has, by definition, the same number of bits as the plaintext, right?

Keyspace (2, Informative)

Erich (151) | more than 8 years ago | (#15030976)

There are relatively few quasars that are observable. Probably a lot fewer that are observable at the same time by two locations, if the two locations are geographically diverse. It is possible for a third party to monitor these discrete locations. Noise would be different to the two observation locations, which could be overcome using sufficient error coding in the plaintext at of course the loss of plaintext entropy, making it easier for a third party with perhaps a noisier signal (due to being slightly out-of-bound, etc) to obtain the plaintext.

The fundimental problem is that the data is not fully random -- it is mostly deterministic based on the key of what quasar, what frequency and bandwidth, and what time. So an outside person could recover the plaintext by obtaining the observable behavior and trying all keys, or if the outside person could somehow obtain the key.

This is a very similar situation to a "good" pseudorandom number generator. You can transmit the seed for the pseudorandom number generator and generate a one-time pad from the pseudorandom number generator. I guess the difference is that quasar behavior is not observable after the fact, but if it is feasable for the data to be logged then they reduce to similar solutions: find all the pads within the keyspace, xor with the cipher text, and watch for the entropy to drop or visibility of known plaintext.

Re:Keyspace (1)

CanSpice (300894) | more than 8 years ago | (#15031083)

There are relatively few quasars that are observable.


I suppose you're right, if by "relatively few" you mean "200,000 and counting".

Not so secure... (2, Insightful)

jamesivie (805019) | more than 8 years ago | (#15030993)

If the party trying to decrypt your message knows that your "random" data comes from a quasar, they could just monitor the quasar themselves and crack the data pretty quickly (faster than brute force). Cryptography relies on the random data being secret, and this isn't secret at all unless your trying to hide your conversation from someone whose planet can't view the quasar you're using.

GPLed code (1)

slashdotmsiriv (922939) | more than 8 years ago | (#15031025)

I am among the first to incorporate this solution to my software. This is released under GPL: void generateEncryptionKey(const unsigned char * key, const unsigned char* iv) { int fd; if ((fd = open ("/dev/radio_telescope_quazar1", O_RDONLY)) == -1) perror ("open error"); if ((read (fd, (char*)key, KEY_SIZE)) == -1) perror ("read key error"); if ((read (fd, (char*)iv, IV_SIZE)) == -1) perror ("read iv error"); }

Spiffy, but not news (5, Informative)

Syberghost (10557) | more than 8 years ago | (#15031058)

This is a Vernam Cipher [wikipedia.org] with a novel but impractical noise source. It was news when Vernam invented it in 1917, and maybe again in 1919 when he patented it, but this version solves an already-solved problem in a manner that would sound really good if Lt. Colonel Carter suggested it on SG-1, but otherwise is inferior to existing solutions to the same problem.

Nothing to see here, folks; move along.

I can just imagine a secret agent... (1)

Expert Determination (950523) | more than 8 years ago | (#15031069)

...out in the field trying to point his 100ft wide dish at the right quasar while hiding behind a tree so that nobody else can see what he's pointing it at.

I think this should get some kind of award for dumbest invention ever.

most what? (2, Informative)

eddeye (85134) | more than 8 years ago | (#15031092)

"One time encryption pads are widely accepted as being the most secure form of encryption..."

Only for very limited definitions of secure. You have to produce the pads. You have to distribute the pads. You have to synchronize the pads. You have to dispose of the pads. All these steps are tedious and error-prone, and a chink in any of them destroys your supposed "perfect" security.

Now if you said "OTP are the most algorithmically secure pads under ideal conditions", then I'd buy it. Otherwise, there's a reason only well-funded governments use these things. Ask the Soviets how well it worked for them.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>