Posts

Showing posts from September, 2009

For the love of one time pads, or Why we still mess up crypto

I know, "Oh great, another crypto post". I'll try to get back to talking about password cracking next week, (as I have a bunch of stuff I'm just polishing up right now). Also, I'm still trying to reply to all of the e-mails I've received since Defcon so if I haven't gotten back to you yet, I apologize and I'm working on it. Well, on with the show. Bruce Schneier reposted a writeup from another blog by Steve Bellovian , (it's like Twitter), that talked about the history of one time pads, (which I'll refer to as OTPs). More to the point, why you should generally avoid using them, and instead use standard cryptography, (RSA, AES, etc). This certainly isn't news. In fact Bruce has been writing about it since 2002 . I have to say I enjoyed it simply since it introduced me to Bellovian's blog which is really good. This post isn't about OTPs though, despite the title and the fact that I'll be talking about them a bit. What interests me