<HTML><FONT FACE=arial,helvetica><FONT SIZE=2>In a message dated 4/10/2003 10:28:30 AM Central Standard Time, JAMES.G.YATES@saic.com writes:<BR>
<BR>
<BR>
<BLOCKQUOTE TYPE=CITE style="BORDER-LEFT: #0000ff 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px">Unbreakable! Ha, famous last words of an overconfident cryptologist!<BR>
<BR>
While I agree that a non-repeating key is the strongest form of encryption,<BR>
it is not neccessarily unbreakable, you have to look at how the key was<BR>
generated, are the numbers truly random or not? If you use your computer as<BR>
you have done in the sample code to generate the key then they are not<BR>
random but rather psuedo-random numbers. If that is the case, then the code<BR>
breaker can use knowledge of how the key was generated to help in decrypting<BR>
the data.<BR>
<BR>
To be more secure, you should use a truly random source of random numbers,<BR>
such as measurements of radioactive decay.</BLOCKQUOTE><BR>
<BR>
"the code breaker can use knowledge of how the key was generated to help in decrypting the data" is not as simple as it sounds. I can generate a list of random numbers by counting freckles on dogs, but unless one has the resources of NSA, the knowldge of that really doesn't make the code any more breakable. In addition, techniques such as taking two lists of random numbers and mulitplying numbers in one by numbers in another to get a third list of random numbers helps get around the "pseudo-random" issue.<BR>
<BR>
A truly random source is of course more secure. For example, NSA uses cosmic emissions. However, the important point, is not whether it is unbreakable, but rather, whether it is feasible to break it. For instance, many institutions such as banks use Public Key cyphers which *are* breakable in theory. However, the fastest computers in existence would take millions of years to determine the underlying key so for all practical purposes, the code is unbreakable. Thus, unless one is using the code for something which will attract the attention of the National Security Agency, the pseudo random numbers generated by a computer are, for all practical reasons, unbreakable. The main point to remember is that any cypher is simply a fence. The idea is to make the fence high enough so that its impractical for others to try to climb over it.<BR>
<BR>
Philip Chumbley</FONT></HTML>