in reply to Re: Web Cryptomatic
in thread Web Cryptomatic
I just had a look at Crypt::OTP. Gack. Let's just say that the author was cryptographically unsophisticated.
Ouch. That's a little uncalled for, I think. As I said in the POD for Crypt::OTP, the safest method (that is, the method that should be used) is to use a large pad file. I take for granted that you're referring to the second, substantially less secure method that I worked into Crypt::OTP. Again, as I said in the POD, it is substantially less secure. That method, quite obviously, isn't intended to be used for anything that requires any serious degree of security. I included it in the module because 1.) it was already there because I used it for testing purposes; 2.) some people are going to use the module that way anyway; and 3.) it is handy for things that really only require the most modest level of security. Your point on the proper use of one-time pad encryption is absolutely correct. You aren't supposed to reuse anything. Period. End of discussion. But as with any tool, it is only as good as the way that you use it. If you use it in an insecure fashion, it will be insecure. The shortcoming is not a result of being "cryptographically unsophisticated." I'm not about to sit here and claim to be an international authority on the subject of cryptography. However, I have more than my fair share of experience in the field. I've read the books, attended the seminars, taken the classes, had memberships at one time or another in probably six or eight security related organizations, etc., etc., etc. At no time have I ever claimed that my implementation of OTP is the cryptographic magic bullet, so to speak. If you use it correctly, it will serve you in good stead. If you use it incorrectly, well, you're doing it at your own risk. Taking all of that into account, that you would make assumptions about my level of cryptographic sophistication without knowing me or anything about me, I find rather disturbing.
___________________
Kurt
Ouch. That's a little uncalled for, I think. As I said in the POD for Crypt::OTP, the safest method (that is, the method that should be used) is to use a large pad file. I take for granted that you're referring to the second, substantially less secure method that I worked into Crypt::OTP. Again, as I said in the POD, it is substantially less secure. That method, quite obviously, isn't intended to be used for anything that requires any serious degree of security. I included it in the module because 1.) it was already there because I used it for testing purposes; 2.) some people are going to use the module that way anyway; and 3.) it is handy for things that really only require the most modest level of security. Your point on the proper use of one-time pad encryption is absolutely correct. You aren't supposed to reuse anything. Period. End of discussion. But as with any tool, it is only as good as the way that you use it. If you use it in an insecure fashion, it will be insecure. The shortcoming is not a result of being "cryptographically unsophisticated." I'm not about to sit here and claim to be an international authority on the subject of cryptography. However, I have more than my fair share of experience in the field. I've read the books, attended the seminars, taken the classes, had memberships at one time or another in probably six or eight security related organizations, etc., etc., etc. At no time have I ever claimed that my implementation of OTP is the cryptographic magic bullet, so to speak. If you use it correctly, it will serve you in good stead. If you use it incorrectly, well, you're doing it at your own risk. Taking all of that into account, that you would make assumptions about my level of cryptographic sophistication without knowing me or anything about me, I find rather disturbing.
___________________
Kurt
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Re: Re: Web Cryptomatic
by no_slogan (Deacon) on Apr 07, 2002 at 07:40 UTC | |
by sifukurt (Hermit) on Apr 08, 2002 at 15:25 UTC | |
by no_slogan (Deacon) on Apr 08, 2002 at 21:09 UTC |
In Section
Code Catacombs