Encyrpted data sample

[John Vokey]

On Thursday, April 10, 2003, at 10:05  AM, Glen Yatesm wrote:

> Unbreakable! Ha, famous last words of an overconfident cryptologist!
>
> While I agree that a non-repeating key is the strongest form of 
> encryption,
> it is not neccessarily unbreakable, you have to look at how the key was
> generated, are the numbers truly random or not? If you use your 
> computer as
> you have done in the sample code to generate the key then they are not
> random but rather psuedo-random numbers. If that is the case, then the 
> code
> breaker can use knowledge of how the key was generated to help in 
> decrypting
> the data.
>
> To be more secure, you should use a truly random source of random 
> numbers,
> such as measurements of radioactive decay.
>
That's probably overkill.  It is true that LCG RNGs are relatively easy 
to ``break'' (i.e., solve for the constants in the equation), but even 
they require the knowledge that it *is* an LCG RNG (although, most 
computer RNGs these days are).  However, even that problem is easily 
solved if you have more than one available (.e.g., use one to determine 
which of another will be chosen next, and so on).  Unless that precise 
knowledge was also available to the code-breaker, the code should be as 
secure as a truly random source.

Given that, rather than create and send the whole file of random 
numbers on both computers, why not just prepare both computers to use 
the same randomSeed (or set of randomSeeds, for multiple RNGs)?  In 
fact, it could even be encoded as the first, say, 5 bytes of the 
encrypted message.

-- 
John R. Vokey