In the example of wanting to access a computer in your home, you can implement this fairly easily using entirely free software with VNC-over-SSH, but it's depending on having a public IP address and open port on your home NAT/router. But outside of certain very niche scenarios, maybe, there simply isn't any need for it, nor will there be in the foreseeable future. If there was a need for it it'd be rapidly adopted. So I disagree with you that technical challenges are in any way even remotely the "primary issue" when it comes to OTP. Using each bit is just a matter of an XOR operation and that's it. Generating decent random noise, storing it in an ordered way, then deleting it automatically after use are comparatively straight forward operations to automate. That implementation matters goes without saying in these discussions, but if you want to go there then in that respect OTP is fundamentally much simpler and easier to get right then public-key crypto. Please explain how this does not apply identically to every form of encryption, particularly as we have directly seen vulnerability after vulnerability. And, it still appears secure to the hapless user. >The primary issue is that through misuse it degrades almost instantly from unbreakable to "little better than ROT13". But for anyone to bother all existing crypto would have to be utterly broken, otherwise it's superior to just use standard crypto. Basically, if an organization moves weapons, money, or drugs around securely then it could move entropy too, so governments, militaries, banks, organized crime and the like. OTP applies best to any organization that can already handle physical security. There's no reason in general not just use a decent pre-shared self-gen cert, PKI or WoT key system instead. The issues with OTP include that it doesn't provide authentication, it doesn't scale, pure point-to-point, etc., and that in the end the benefits it offers just don't matter in general right now vs the costs and disadvantages. If instead it's used just for symmetrical session keys then from a human perspective it'll last forever (can burn through thousands of 512-bit keys an hour for an entire lifetime and still be fine). These days that could mean trivially having a pool of hundreds of gigabytes to terabytes, which equates to tens of thousands of hours of high quality voice communications, ludicrous amounts of plain text, etc, and that's assuming direct consumption. Ie., two people meet up an exchange a USB stick (or HDD), then consume the entropy pool over time.
Fundamentally, OTPs involve leveraging physical security and fleeting points of physical contact to create a pre-shared perfectly secure future communication channel. Your mistake here is failing to consider that sharing an entropy pool does not (and in fact should not, it must be shared out-of-band anyway) need to be real time.
0 kommentar(er)
