On 21 Mar 2015 21:17 -0700, from [email protected] (Seth David Schoen): > *True random pad*: Attacker doesn't know whether pad k₁ is actually more > likely than pad k₂, if (c ⊕ k₁) and (c ⊕ k₂) both appear to be equally > plausible plaintexts. > > *Choosing a meaningful file but keeping secret which one you used*: An > attacker who tries your file f₁ as the pad notices that both (c ⊕ f₁) > and f₁ itself appear "meaningful", so it's more likely that f₁ is > correct compared to some other f₂ which is not "meaningful".
This also goes hand in hand with the difference between a true OTP and a stream cipher secured by a key of length less than the length of the message to be encrypted. In that sense, "which file was used as the pad?" corresponds to "what was the encryption key fed into the cipher?". -- Michael Kjörling • https://michael.kjorling.se • [email protected] OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
