I know theres AES and PGP, but all electronics stuff still has backdoors. You can’t backdoor a piece of paper and a writing utensil.

  • ricecake@sh.itjust.works
    link
    fedilink
    arrow-up
    6
    ·
    8 months ago

    That’s no longer a one time pad. That’s closer to a homebrew stream cipher with the weakness of having a key that you just hope no one notices.

    • m0darn@lemmy.ca
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      Neat, yeah Wikipedia says steam cipher approximate one time pads but can also be completely insecure.

      I think it would take one hell of an effort to crack, it would be like 3MB encryption right? Or if they guessed the scheme they could try all mp3s ever torrented XOR’ed in every possible combination.

      Idk I think there’s something workable there but I only having a casual knowledge

      Also I think OP wanted pen and paper so maybe use a book instead digital files.

      • ricecake@sh.itjust.works
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        So, the size of the key doesn’t directly relate to the size of the cipher, which also doesn’t directly relate to security. AES is 128 bit , can have 128, 192, or 256 but keys and is currently not known to have any workable weaknesses.

        Largely a cipher isn’t weak if guessing the key is the only weakness, since every cipher is vulnerable to brute force. It’s weak if you can figure out the message without needing the key.

        • m0darn@lemmy.ca
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          So how does generating a one time pad from mutually accessible data fit into this scheme. Is the pad the cipher or the key?

          If two people agreed that the pad would be the output of a particular pRNG given the 3rd paragraph of the second article on the third page of that day’s newspaper as a seed.

          The attack vector would be shortcomings in the pRNG I guess? Which could result in the possibility of some sort of statistical language attack?

          Or the attacker could guess the newspaper text & algorithm.