Website, DB, & Software Developers

IDemo

(16,926 posts) Fri Jul 5, 2013, 11:11 AM Jul 2013

A question on an encryption method

And I'm not even sure that this would technically qualify as 'encryption', per se.

But if two or more parties wanted to secure their email contents from inspection (and I'm assuming plain text here), wouldn't the following system be virtually safe:

A large file is created with nothing more than random numbers in sequential order. Let's say the numbers can be any value from 0 to 999. Realizing that random numbers may not be as random as desired, we are still going to have a large list that will more than suffice for our needs.

Now, a program is created that will take plain text and execute a different operation on each character, referencing one or more of the numbers in our list. Let's say for example that our message begins with the letter 'A'. The executable picks the value at the 213th place of our list, 428, performs a math operation, say x = 1 * 428 * 15 (with 'A' equaling the 1 here) and writes the result into a text string. And onwards, with each successive character from the original text being used in a different operation with another number from the randomized table. The end result is what appears to be an entirely meaningless list of numbers.

The sequence of operations is compiled within the executable and can be used to decipher the message on the other end. Each of our parties is given the two files - the randomized number list and the executable.

I may be missing something here, but would this not represent a literally indecipherable method of encrypting a simple text-only email?

7 replies

= new reply since forum marked as read

Highlight:

A question on an encryption method (Original Post) IDemo Jul 2013 OP

If I'm understanding your description, that's called a "one time pad" Recursion Jul 2013 #1

Upon a quick Wiki check, yes IDemo Jul 2013 #2

Kerchoff's postulate Recursion Jul 2013 #3

Isn't this how software like PGP works? ManiacJoe Jul 2013 #4

No; one time pad is symmetric key, PGP is asymmetric key Recursion Jul 2013 #5

Gotcha. Thanks for the correction. ManiacJoe Jul 2013 #6

What you describe is a one-time pad... ljm2002 Nov 2013 #7

Recursion

(56,582 posts)

1. If I'm understanding your description, that's called a "one time pad"

Reply to IDemo (Original post)

Fri Jul 5, 2013, 11:15 AM

Jul 2013

It is theoretically indecipherable, as long as you only use the random data once. If you reuse the pad, you can perform statistical analysis.

The other downside is distributing the pad to begin with to both parties -- if you have a trustworthy channel to do that, why do you need encryption in the first place?

IDemo

(16,926 posts)

2. Upon a quick Wiki check, yes

Reply to Recursion (Reply #1)

Fri Jul 5, 2013, 11:24 AM

Jul 2013

But what's to prevent a smart enough executable from a re-shuffle of the lookups with each successive use? There could exist another table within the program that would again randomize the order of operations.

The assumption is that the pad and programs are given physically to each party to begin with, via USB drive or otherwise.

Recursion

(56,582 posts)

3. Kerchoff's postulate

Reply to IDemo (Reply #2)

Fri Jul 5, 2013, 11:55 AM

Jul 2013

Always assume an attacker had access to the entire cryptosystem except the key.

If any byte of the pad is used more than once, an attacker can start doing statistical analysis.

ManiacJoe

(10,136 posts)

4. Isn't this how software like PGP works?

Reply to Recursion (Reply #1)

Fri Jul 5, 2013, 03:42 PM

Jul 2013

Each message gets a new one-time pad. The pad encrypts the message. The pad is encrypted with the receiver's key and attached to the message.

Recursion

(56,582 posts)

5. No; one time pad is symmetric key, PGP is asymmetric key

Reply to ManiacJoe (Reply #4)

Fri Jul 5, 2013, 03:48 PM

Jul 2013

With a one-time pad, both parties (traditionally, "Alice" and "Bob&quot have to have the same key because the encipherment and decipherment processes are symmetrical. So, give them both the same pad (distributing this is the problem, because if you have a secure means of getting information from Alice to Bob already, why do they need cryptography?)

With PGP, Alice enciphers the message with Bob's public key, which only Bob's private key can decipher. Interestingly, once Alice has done this, she herself cannot decrypt the message.

ManiacJoe

(10,136 posts)

6. Gotcha. Thanks for the correction.

Reply to Recursion (Reply #5)

Fri Jul 5, 2013, 04:00 PM

Jul 2013

ljm2002

(10,751 posts)

7. What you describe is a one-time pad...

Reply to IDemo (Original post)

Wed Nov 6, 2013, 02:26 PM

Nov 2013

...and it is essentially uncrackable if used only once.

The problem for online use is this: both parties need the key. Therefore, you need a secure way to send the key before sending the enciphered message. But the key for a one-time pad is the same length as the message, so if you have a secure way to send the key, you may as well just use it to send the message in the first place.

That is why public key encryption is the gold standard for online encryption. The protocols using public and private keys allow secure key exchange even over public channels. If the key values are large enough, this is also essentially uncrackable, assuming you are using software and hardware without any back doors...

Reply to this discussion