Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I've got a look at his number generator for the secure one-time pad, and Melissa O'Neil would be proud. Almost pcg. It uses the powerbasic system Rand LCG to switch between 3 new rand1-3 functions, two of them with different LCG's.

https://github.com/Vulacode/RANDOM/blob/d6a1a1d694b22e6a115b...



Man that one time pad generation is...... not good, I would bet that its very possible to recover the seed state for the different generators, LCGs are trivial to reverse engineer. It looks like the PRNG's are seeded by the system RNG as well, which means that you only need to recover the initial seed of the system's LCG to reverse engineer the one time pads

I don't know what the seed size is of the system LCG, but if its 32-bit (which I think it is), you could simply bruteforce the seed state, and do entropy analysis on the result to crack it in like an hour tops


Hm. This is crypto from 30 years ago. And from reading around, the OTP generation never left UK jusidiction, so it would be a black box to attack. Handwaving how this is trivial to defeat with current compute and crypto analysis with full information feels quite unfairly dismissive, even if correct.

Especially since it was strong enough that human error dominated.


I was having more of a think about this, one of the issues with LCG's is that they're linear, which means that even relatively basic cryptographic analysis can defeat them. The issue here particularly is that, say you have a cryptoscheme where you encode ascii characters. 95% of your plaintext data has one of the two following formats in binary:

011xxxxx 010xxxxx

And of that, about 70% is:

0110xxxx 0100xxxx

This means with a deterministic seed, you're giving away 3 known bits of state away with every with every encrypted letter, and a good chance at a 4th

That analysis does not require a particularly deep understanding of the cryptosystem to be able to perform, known plaintext is going to be one of the first things that anyone tries. Its less complicated than many crypto schemes that were broken

Disclaimer: I have no idea how this system encodes things as the technology predates my knowledge, and it might not be so straightforward as this


And the original programmer wrote a of this while having to pick up crypto and BASIC on the go, too. Never roll your own crypto is the first rule, unless you were in the late 80s and working with fancy new tech…


Nowhere near good enough for an actual One Time Pad, obviously.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: