Slashdot Mirror
Totally Random One Time Pads
liliafan writes "Scientists in Japan have come up with a way of harnessing a truly random datasource for generating one time encryption pads: Quasars. One time encryption pads are widely accepted as being the most secure form of encryption, but this new technology from the National Institute of Information and Communications Technology makes the pads even more secure."
This is a dupe of almost the same story from the same source.
From what I hear, I'll probably be able to save on my heating bills too.
><));>
Women have had those forever...
I for one welcome our new one-time overlords...
if this is ever widely accepted, it seems that the inevitable deluge of security researchers trying to find predictability in the patterns would be a beneficial thing. if one ever comes close to succeeding, sure your credit card details could be stolen, but we'd understand the universe a tiny little bit better...
An old-timer with old-timey ideas.
I can just decrypt it using the data from http://it.slashdot.org/article.pl?sid=06/03/30/011 5216 :-)
Isn't quartz technology currently being used for timing applications? :P
Getting randomness isn't interesting. Thermal noise is truly random, perfectly white, and easy to generate---it's as hard as passing a current through a resistor. Want more noise power? Avalanche breakdown, with appropriate whitening, works fine.
Unless they've come up with an interesting way for two people in disparate locations to observe the same quasar and both independently observe the same random phenomena in a way which reliably and securely gives them access to the pad with no communication channel between them, this just isn't interesting.
-rsw
The coolest random number generator ever.
http://www.lavarnd.org/
i147 F7b AIQzC9 7kXTA8TzJ Vl LcYxkN FXkCFA Ev4Lpwjk2 A0Jy7flvj phOlaTF 3S Z0uPk kP 5RKMkQ 5U5oZPW FzA f rj4FB 4vrI ZWr dovA6W l CS6
The sea changes color, but the sea does not change.
A one time pad is supposed to be a shared secret between only the two communicating parties.
This is a system with a given quasar, and a given start time as a cipher.
It suffers from the same set of potential attacks that any other public datastream with an unknown origin point suffers.
If you were going to use such a method,you could, say, choose a random digit of PI as a a starting point for your transmission, and encrypt using susequent bits that way; but that method isn't as unbreakable as a one time pad, and neither is this.
This is just a quirky way to get attention paid to quasars.
I imagine someone who wanted to could buy enough equiptment to record all known quasar emmissions and store them
or try them against encrypted data streams. A million quasars with 5000 possible frequencies each, wouldn't be that
much for a computer to churn thru. In a way, it almost seems like security thru obscurity.
By killing everyone in an entire galaxy!?!?
Now they only have to fix the problem of preserving the recipient.
The summary for this article is a little misleading. One time pads aren't new, and good sources of natural randomness aren't new either.
The interesting part of this article is the fact that quasars could be used as a natural source of randomness for one time pads, yet can be accessed by both parties simultaneously. The historical problem with one time pads (and the reason they're rarely used in practice) is that it's a huge pain to distibute sufficient random data to all parties involved in a communication. Being able to use a natural source of randomness that's available to everyone at once would be a major increase in the usability of one time pads.
It sounds like a great idea, but it might be easy to subvert. All I have to do is overwhelm the signal and get the target to use my (or null) one time pad, and I will be able to decrypt. Hell I can even make my one time pad *look* random, and they'd likely never notice. While I'm at it I can do it from a satellite and not have to get near their antenna.
Im not here now... Im out KILLING pepperoni
So, the quasar is effectively transmitting the decryption key. Great! -- Now all you need to do is prevent everyone in the world except your intended recipient from seeing it.
HIV Crosses Species Barrier... into Muppets
...harnessing a truly random datasource
Wow, they finally managed to tap into my girlfriend's mood neurons?
[alk]
How does this increase security? It's not like quasars are private property. Anyone can look at 'em...
How is this more secure than one-time pads? Whereas only the two parties involved have access to one-time pads, everyone has access to quasar radiation. The two users still have to tell eachother where to look and when, and that information is all someone would need to crack the message. The only way it could be more secure is if the coordinates are only available on one-time pads, in which case you're basically saying that code breakers have to go out and buy an antenna....
That's not randomness at all. It only seems random because they don't have a model currently to describe quasar behavior. Thus, they're confusing randomness with unpredictability - just because one can't predict what will happen in the next n instances doesn't make it random. What's to say some brilliant scientist won't come along in the near future with a model predicting quasar behavior?
Mothership, phaser/plasma/gamma/mind-control rays, incubating larvae, tastes good with ketchup (catsup, whatever), and all that...
Oh, and "They've got our codes!"
Sigh. When will Earth ever learn?
There are plenty of sources closer to us that require less bells of whistles. Thermal (amplifier) noise? Radioactive decay?
Read.
Intergalactic Public Key Infrastructure
http://it.slashdot.org/article.pl?sid=06/03/30/011 5216
I've got a random number generator in my wallet.
Just flip a coin.
This article and research is utterly useless and therefor logicaly patented.
200GB/2TB $7.95 Coupon: SAVE90DOLLAR
Interesting that they picked OTP since you need a random source for all key generation. Anyway, this is overkill in the extreme. While generating good random numbers is tricky, it's perfectly possible with sources right here at home. If you want really good numbers, use something like thermal noise. If you want good numbers, use /dev/random. Either way it's a question of estimating the number of bits of entropy you have collected. That isn't straight-forward but it's perfectly possible. And a lot easier than trying to guarantee you get one bit of entropy per bit collected by carrying a radio telescope around with you.
Trouble is, is if you have a secure method for getting the copy of the one time pad to the other person, you might as well have sent the thing you're encrypting. (Unless you do it in advance, and store it completely securely, and destroy it the moment it is used. And it's not much use for network traffic - a 650MB CD of random data lasts only minutes on a 10Mbit link. And you cannot reuse it without seriously compromising the security of the encryption).
Get your own free personal location tracker
What's so bad with using the randomly fluctuating voltage in a wire or the current in a conducting loop as a source of random data. This could be implemented as part of an integrated circuit and could cost a fraction of a cent per copy.
If you need protection against willful interference, put a faraday cage around it, which is not hard at all to do using lithography.
An added advantage is that random bits can be generated by the billions per second, and is limited only by the sampling rate of the voltmeter.
Thank the gods they aren't using /. for randomness:
1 5216
http://it.slashdot.org/article.pl?sid=06/03/30/01
One Time Pads may be the most secure form of encryption, but they are *not* the most secure way to protect your secrets.
Time and time again, security breaks down because of the way people treat their keys, not because the encryption algorithm is week.
With a one time pad, you need to keep a copy of the pad with everyone who wants access to the data. Compare that to Public Key Crypto where you can keep your private key in one secure spot and distribute your public key widely.
Or how about session keys (Diffie Hellman for example)... single use keys that only you and your partner have access to. How good is that! And you don't need to transfer and secure your OTP to use them!
with poor electronics sure can be noisy and hence random, maybe it is good competition to comic noise...p ark/
http://ourworld.compuserve.com/homepages/geoffrey
Bloody hell, come on, less of these 'one time pads' stories here, there's hardly any girls, and they can sort it out themselves if they have an issue with the security.
And Quasars? What happened to the good old lunar timing?
there's more than one level of security. One time pads are one of the least secure methods of secure communication, for obvious reasons.
-- 'The' Lord and Master Bitman On High, Master Of All
In order for an intelligence agency to communicate with an asset overseas, spy agencies must often use methods of communication that cannot be easily traced (duh). Passing a message along via e-mail, phone, or a one-to-one meeting can easily be tracked, creating lots of problems for everyone in the loop.
Therefore, many intelligence agencies did (and still) use OTPs and "Numbers Stations" - shortwave radio stations that blast out a seemingly senseless series of numbers at regular intervals and frequencies. This method gets messages and instructions to your assets without betraying who the recipient of the message is.
The beauty is that the asset only needs a cheap, readily available shortwave radio and a OTP, which can be concealed in virtually anything (some were created that could even be affixed to the back of stamps, others were hidden in toothpaste tubes, etc. The agent then responds with a seemingly inocuous method, a "wrong number code", a mark on a wall near where an intelligence officer drives, etc.
The problem, of course, rests in getting OTPs to the asset and ensuring they aren't compromised. But, assuming they are passed and handled securely, there's no problem at all.
More information on Wikipedia
The fundimental problem is that the data is not fully random -- it is mostly deterministic based on the key of what quasar, what frequency and bandwidth, and what time. So an outside person could recover the plaintext by obtaining the observable behavior and trying all keys, or if the outside person could somehow obtain the key.
This is a very similar situation to a "good" pseudorandom number generator. You can transmit the seed for the pseudorandom number generator and generate a one-time pad from the pseudorandom number generator. I guess the difference is that quasar behavior is not observable after the fact, but if it is feasable for the data to be logged then they reduce to similar solutions: find all the pads within the keyspace, xor with the cipher text, and watch for the entropy to drop or visibility of known plaintext.
-- Erich
Slashdot reader since 1997
It would seem that if you intercept a set of keys that specify a certain quasar and a certain start time then you could establish a geographic region that encompassed both the sender and receiver.
If the party trying to decrypt your message knows that your "random" data comes from a quasar, they could just monitor the quasar themselves and crack the data pretty quickly (faster than brute force). Cryptography relies on the random data being secret, and this isn't secret at all unless your trying to hide your conversation from someone whose planet can't view the quasar you're using.
"O'Connor, smash the window." "Why me, Bigboote?" "It might be boobie-trapped!" "Oh!"<smash> -Buckaroo Banzai
I am among the first to incorporate this solution to my software. This is released under GPL: void generateEncryptionKey(const unsigned char * key, const unsigned char* iv) { int fd; if ((fd = open ("/dev/radio_telescope_quazar1", O_RDONLY)) == -1) perror ("open error"); if ((read (fd, (char*)key, KEY_SIZE)) == -1) perror ("read key error"); if ((read (fd, (char*)iv, IV_SIZE)) == -1) perror ("read iv error"); }
Man, you really need to get a secret decoder ring.
They go by the name of "Mood Ring".
And so I broke the code of both your girlfriend *and* the quasars.
Next?
This is a Vernam Cipher with a novel but impractical noise source. It was news when Vernam invented it in 1917, and maybe again in 1919 when he patented it, but this version solves an already-solved problem in a manner that would sound really good if Lt. Colonel Carter suggested it on SG-1, but otherwise is inferior to existing solutions to the same problem.
Nothing to see here, folks; move along.
I think this should get some kind of award for dumbest invention ever.
"The White House is not an intelligence-gathering agency," -- Scott McClellan, Whitehouse spokesman.
"One time encryption pads are widely accepted as being the most secure form of encryption..."
Only for very limited definitions of secure. You have to produce the pads. You have to distribute the pads. You have to synchronize the pads. You have to dispose of the pads. All these steps are tedious and error-prone, and a chink in any of them destroys your supposed "perfect" security.
Now if you said "OTP are the most algorithmically secure pads under ideal conditions", then I'd buy it. Otherwise, there's a reason only well-funded governments use these things. Ask the Soviets how well it worked for them.
Democracy is two wolves and a sheep voting on lunch.
> I imagine someone who wanted to could buy enough equiptment to record all known quasar emmissions and store them
Bruce Schneier's blog is having an interesting discussion about this. The key question that's floating to the top is exactly the one you zeroed in on.
What if there aren't enough radio telescopes in the world to tape all the quasars in the sky? In that case, the "quasar encryption" scheme may actually be workable. Then even an opponent with infinite computing resources is stuck. Eve the eavesdropper might eventually guess that you recorded quasar Q at time T but wouldn't be able to use the information because nobody else in the world was listening to Q at and after time T.
The whole point of the OTP is to be able to communicate in the future rather than just one message. If you need to communicate to an asset that he or she is in danger, or to pick up a package at a certain dead drop, it's easier to zap off a message over shortwave than trust that the message will get to him in a few weeks/days via mail. Giving the asset an OTP once allows him/her to receive dozens or hundreds of messages in the future that cannot presently be anticipated.
I'll be damned. Who'd have thunk that those crappy old TVs would be of use for anything anymore?
// This is not a sig.
So you get to go home to a different apartment each night?
Cool! But how do you move all your stuff from place to place?
wbs.
Huh?
One that doesn't require a telescope: http://www.lavarnd.org/
Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
n/t
It will be the same as using atmospheric scintillation. You *record* the data. You don't use it live. How would that even work? Sender and receiver would not be using the same data. My god, you're stupid.
Using the quasars live seems a little flakey. If you're even *one* bit off... That's sort of the point with a good random pattern. It won't correlate with anything but itself. But I can seem them using quasars to generate the typical tapes or digital pad files.
There is only one problem with that, but it is fundamental and fatal.
To be useful for communication, the data source needs to be observable by both the sender and the reciever. And if the spy on continent A is to be able to use it to send data to their employer on continent B, the wire would have to be span both continents, and have to be pretty conspicous to work...
Astronomical observations is a clever way to find a shared data source visible from anywhere on the planet.
i did not know they shrank quasars onto chips yet
one would think there are plenty of other random noise sources, but hey, why not go for the most exotic possible source imaginable?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Agencies like the NSA will just monitor all quasars all the time. Given that the NSA already monitors (and records) communications transmissions (wireless mostly) 24/7/365.25, matching a quasar from the database with the appropriate signal start and stop would not be difficult to do. I'd say, not very secure a system really, because if the data is coming to or going from the U.S. the quasar would have to be visible in the same hemisphere as it's destination. You could not use this scheme to transmit data to the other side of the world either, as you would need the quasar to be visible by both parties. I'm still not that impressed. It's nice, but I really don't think it's more secure than much of what is out there already for crypto techniques.
the gold in this classic poe short story would not have been so easily found!
p
http://www.poedecoder.com/Qrisse/works/goldbug.ph
... 52 pick up? In Soviet Russia, Quasars find you random.
This sounds like a horrible way to generate a one time pad to me. A quick Googling indicates that there are about 12000 quasars. You need to pick a quasar obersvable at the same time by both parties, so that will cut the number down to around 6000, best case. Given a message, an attacker who merely knows what day the message was sent on only has to consider 86400 seconds/day * 1000000 possible_start_times/second * 6000 possible_keys/possible_start_time, which is less than 2^49 possible_keys/day. So, with microsecond synchronization, and the attacker only knowing what day the key is from, this scheme is only worth about 49 bits. Cryptographers consider that to be pathetic.
Maybe I'm stupid here, but if both parties have to be looking at the quasar at the same time, what happens if Party A is located in North America while Party B is located in India, and they attempt to communicate at 12PM? Only one party is going to have the quasar in their sky at a time!
Just to repeat several other posts beneath this topic, the quasar data doesn't provide the key or password for the encryption. It provides randomness in the salt added to the encrypted data. So, even if you tracked down all known values for the quasar data, you still would have to figure out that Professor Falken's son was named 'Jerome' which was the password he used to encrypt the whole shebang. This is really just a sensationalized and impractical solution to an easy problem. You could get just as messy a salt for your encryption algorithm by having the end-user point a webcam at a randomly-selected page from an old Sears catalog and then use image recognition algorithms to gather highlight data from the image. Since there is a LOT of variability in how the image is sized and what portion of what page was selected, this could provide a much more practical source for salting encryption.
But then, that wouldn't be as flashy and dumb VC's would be less likely to invest in a solution based on old Sears Roebuck catalogs.
Seth
$5 / month hosted VPS on linux = awesome!
Tom Clancy talked about using cosmic radiation emissions/noise as a one time pad in Cardinal of the Kremlin in 1988. I don't remember what exactly the source was, as it's been a long time since I read it. I do know there was a subplot about this system, which would record the noise to CDs and there was another random hardware bit vs. a math based system from NSA, the NSA plan was approved and the Soviets broke it and were reading the NSA/State's "mail".
The idea of making a one time pad out of a universally available information resource just seems real silly. It may be the easiest, highest volume, highest quality source of random data, but we have already in the past see ideas like large key space and computational complexity fall to one advance or another. It strikes me that even if there are 80,000 sources in the sky, that can be narrowed down quite a bit if you just look at the direction they are pointing their radio telescopes. Or are they using some secret hidden radio telescopes to capture quasar data? There may be some small ones but I think most are really, really big. You could probably tell the angle they are pointed at from a satellite. Also, if this encryption method gets used a lot you have to expect that more information about the route the data takes gets known. It seems to me there are a more limited number of radio telescopes with this system installed than there are say labs with a more traditional random data generator.
... on the list of snake-oil warning signs.
http://outcampaign.org/
The global availibility of pop music CDs seems to provide an inexhaustable source of one time pads, without reaching into outer space.
What if you just used whatever CD was at number X on some internet published sales list the previous week as your keypad?
Hmm, I've waited for the return of the "gay linux" trolls for quite some time...
Of course you can do nearly the same thing with a sound card and a microphone. Actually theres a good bet you don't need the microphone.
Recording at 8k samples per second without a microphone I get about 2 kbps of randomness out of my sound card. I mean really, is there any news here? It's not like there aren't any sources for random numbers out there that don't require use of a radio telescope.
Support SETI@home
Faith is a willingness to accept something w/o complete proof and to act on it. Reason allows you to correct that faith.
One time pads are completely secure because the key is different each time. Dice work well to generate the random numbers. The only trouble with one time pads is the pad, i.e. the recording medium where you have the list of random numbers. This must be communicated to the receiving party through a secure channel beforehand.
It's sort of like the totally random dick in yo' mouf nigga
The article that first suggested this approach to one time pads can be found at:
p erfect.html
http://citeseer.ist.psu.edu/maurer92conditionally
The basic idea is that is infeasible to store all of the random bits being broadcast, hence even once you learn what the two parties are sampling, the random bits they recorded are already long gone.
There are plenty of ways to generate truely random numbers.
Using Johnson noise or, even better, ANY radiation source, and doing a simple statistical calculation can trivially yield a stream of random 1's and 0's. The military has been using johnson noise sources since at least the 40's, in fact. A quantum two-slit setup could also be used, a quantum state changes, or tunneling, or a billion other things, to generate truely random numbers. Why use a Quasar that is observable by everyone with all of these isolatable sources available?
-Matt
I know a way to generate random numbers. Put someone in front of a keyboard, tell him/her to type as randomly as possible, blindfold the person and move the keyboard around as the person keeps on hammering the keyboard.
You can just collect raindrop data on a 1m x 1m touch sensitive grid for a few hours every year. This is an easier, more accessible way.
How would an average person go about collecting Quasar data? How would he be able to trust the source?
-clueless
Chat with other atheists http://secularchat.org
one time pads are already secure. that's why they call them one time pads.
time to read up on crypto, kids.
Now instead of transmitting a secret message, you have to transmit a secret key the same size as the secret message. Simultaneous quasar viewing is clever, but... Why bother? There are simpler ways to get a "secure enough for now" message to the back of beyond. If you needn't insist on OTP, why not just initialize the relatively small internal table of Mersenne Twister (the "cryptographically secure" way to use MT, as documented), then use MT as a token generator to encrypt each block of your plaintext using AES (or even TEA) in CTC mode? The "secret" is the relatively short random table, which you can transmit using El Gamal. Generating a small random table is also easy: Digital cameras work fine. E.g., shoot a hundred snapshots of cherry blossoms (Tokyo or Washington, D.C.), archive them in zip format, encrypt using AES. Voila! Small random data file.
Radio Telescope: 100 million dollars RSA Token Sync'd: 50 dolloars RSA Token Sync'd: to your favorite quasar--- Priceless Step 4 Profit?
http://www.DaveNet.biz/
I'd suggest the truest random data source would currently be Microsoft product release dates.
throw new NoSignatureException();
Sadly, people at /. understand that this is just technobabble (in CTC mode) :/
Send email from the afterlife! Write your e-will at Dead Man's Switch.
Couldn't an attacker find out at least parts of the key by observing in which direction the sender or receiver's radio telescope happens to be pointing?
The only real benefit would be if you both had your own dishes and you would throw the random data away after decrypting. Still then it would take a while to orient the dishes. If someone was able to see either party's dish, they may be able to tell with sophisticated equipment the exact quasar you were pointing to and relay that to others so they can listen in to the quasar as well.
You are not logged in. You can log in now using the convenient form below, or Create an Account, or post as Anonymous Coward.
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
The mind boggles....
This is bullshit. First -- one time pads are _universally unbreakable_ without knowing the key. This was mathematically proved by Claude Shannon in Communication Theory of Secrecy Systems in 1949. Contrast this with other ciphers, which we believe are not easily breakable.
One of the assumptions (or maybe the most important assumption) is, that plain text does not hold more information than key. Which is not true for quasars -- as stated in other comments, you would only need to know the source, frequency and start of encoding, which is by all means at most the same amount of information (see information enthropy, also defined by Shannon), but never more.
So in short -- this is worse than one time pads.
Man in the middle attacks can be quite literal.
meh
This doesn't solve anything; distributing randomness over an internet communications channel is stupid - people could either eavesdrop on your randomizer or, worse, replace the random data stream with something else.
Worse, you still have the problem of distributing the final one time pads - I can't believe anyone would be stupid enough to think that all they had to do was agree on a time to start listening to the random data on the internet to do their encoding....
Clear, Dark Skies
The reason OTPs work is that if each bit in the pad is independently a 50% probability of being 0 or 1 and you don't have access to the pad, there's no way to tell if the message was 0 or 1. But if you've got a copy of the pad, then the bits are no longer independent - from any given starting point, they're deterministic.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
First, let me clear up some things: 1) Making information look like random static is the whole point of encryption. 2) Trying to break a one-time-pad-encoded-message made from these quasars would be extremely difficult if you do not know the PRECISE (perhaps down to milliseconds) time to start recording or which quasar. 3) This quasar scheme pretty much sucks because it STILL requires a channel of communication between the two parties. They must each know which quasar and what time to start recording. So, either they have a communication line encrypted by some other scheme (stupid btw), or they are physically together. Being physically together makes the whole idea pointless. They might as well generate a one-time pad from something easier than quasars (thermal noise for example) and exchange the pads while they are together. This article just seems like something a dumb reporter stumbled onto and thought was cool.
Yup, you're right. I shouldn't have included the "danger" message in my post. Don't know what I was thinking.
Other favorites include - leaving a window open, a certain light on, etc.
but my point is that algorithmic randomness captures what we mean by "random" much better than statistical randomness. And algorithmic randomness is just a mathematically formal way of saying "unpredictable."
o n't-eat-you strategy; to use sequences with as little pattern as possible. Sequences with high 'algorithmic randomness', in your terminology.
That depends on who 'we' are. I, coming from the natural sciences, would never use the word random of numerical sequences. It is the origin of those number that can be random. E.g., throwing a dice is a random event, since I cannot predict the outcome. Throwing the dice six times might yield the result {1,2,3,4,5,6}, and it is not meaningful to say that this is less random than any other result. (In fact, it's not even less probable.)
Now, people are often faced with equations with no known solutions (or known not to have solutions in a closed form) and resort to computer simulations. This means, essentially, that they compute a sequence of f(x) from a sequence of x. They then generalise their results to all x (and publish). If f(x) exhibit some pattern, it might be a genuine result, or it might be because of a pattern in x. Unfortunately, one cannot beforehand (and usually not afterhand either) know which patterns to avoid in x.
The best bet is the wrap-towel-around-head-and-the-bugblatter-beast-w
Note that, using numbers from a random source is no guarantee, see above, (though low-pattern sequences are much less likely with a sensible setup). It would also not be a problem if the numbers are known from the outset. So, it is not the randomness we seek, but the patternlessness. The name pseudo-random pops up here, and it misses the point entirely. They are not the least bit random, and if they were we wouldn't necessarily be better off.
One source of confusion is that the situation being studied is usually random itself. In fact, what is calculated are various distribution functions - these assign probabilities to outcomes - and they are perfectly deterministic.
When I saw this article I was really excited - I thought this might finally solve my problem! Then I read that it's based on "random" emissions by quasars. Dammit! That's not random! God controls those emissions...too predictable!
So I'm still searching. My current line of research is the creation of pads based on the behavior of women.
Call it one-time-pad plus "security"-through-obscurity:
Your local music or video store is filled with simultaniously-observable random-enough noise sources:
Take any music CD, rip it with a known algorithm, and take the low-order (i.e. most likely to be random) bits of each sound, string them together, and wa-la, a fairly random bit of noise.
Need more randomness? Take two CD's worth of data and XOR them together.
Need to alert your co-consipirator of your key? Just give him the ISBN numbers for the CDs and the ripping algorithm and let him obtain him from his local music store.
The only real differences between this and quasars are:
1) it's not 100% random, but close enough for most purposes
2) it's a lot cheaper than monitoring quasars
3) FOR NOW, the quasar data isn't universally available. If quasars become popular as a tool for encryption, then someone will record every quasar out there.
I spent last weekend putting together my own prototype of a one-time-pad authentication system for logging into websites. I guess the concept is similar to S/Key some 10 years ago, but the passwords are generated on the fly and sent to your SMS phone. Reference: One Time Authentication
But I fail to see why they need to this secure. Sure, randomness is good, but if you are trying to type in a painfully obscured 32 character password, you'll probably get a bit frustrated. I found using pseudo-random characters that followed some phonetic pattern to be much more suitable, even for a one time use. At least they were easy to remember on short term basis and weren't difficult to type in.
I mean, if you really want to find out if they can be useful on the internet for authentication to websites, try out my link and get some practical application experience on the matter. Sorry if this sounds like a plug but I'm not selling anything. But I would be interested in useful feedback on what works and what doesn't about the overall concept.
"makes the pads even more secure."
Now that is funny. "Which Quasar and at what time" is an absurdedly short key.
The pad may be random, but it isn't all that unpredictable. In cryptography, unpredictability is more important than randomness.
I'm a Programmer. That's one level above Software Engineer and one level below Engineer.
Why not run an NNTP server subscribed to a few alt.binaries groups, take the raw feed and write a few giga/terabytes to the hard drive, and then run your choice of compression program on that random data, while stripping out the headers (you really don't want a ZIP header to truly announce that you ran ZIP) and you've got your one time pad. If you want more granularity than the alt.binaries, other high volume newsgroups might be substituted, and salting it with some smaller and more arcane newsgroups would probably be a good idea as well.
Bryan
OMG!!! quasars!!!