This scheme isn't as secure as it seems. Suppose I set up a corrupt repository where I copy the name of every pad and its first 8 bytes, but randomize all other data. Anyone who tries to reconstruct the original text using one of these altered pads will get only garbage, as will anyone trying to reconstruct using the original pad a message encrypted with the altered pads.
A better solution is to use a hash function's output as the byte string. Since it is in practice virtually impossible to create another pad with the same hash signature, all a client has to do is compute a hash for each pad, and compare it against the list of hashes of the pads needed to reconstruct the message. Any tampering in a pad would thus be obvious; a hash scheme would also protect against errors in downloading pads, pads that get damaged due to hard drive problems, etc.
Marketing folks will argue that since you've made the sale, it doesn't matter what format the docs are in, because you've already won the customer. But that's not true. Software with awkward, inaccessible documentation makes for unhappy, frustrated users, and when the product comes up for re-evaluation 18 months later, that frustration gets expressed in a desire to work with something "less awkward".
Also, your current customers probably know other people (unless you're marketing HERMITCAVE-2.4.2) who haven't bought your product. Those people are called potential customers. If they hear nothing but griping about your product, those people are called non-customers.
What would happen if the NSA would simply ignore the lawsuit, or not do as told? What could happen to them (other than somebody "being responsible")? Could the NSA's buildings be searched by police?
Who polices the police? We give an agency carte blanche in the name of national security, and we get surprised when they push the envelope. The fact that they refused an FIA request is interesting, isn't it?
Perhaps it's time to take an axe to the agency's budget.
Slashdot Mirror
This scheme isn't as secure as it seems. Suppose I set up a corrupt repository where I copy the name of every pad and its first 8 bytes, but randomize all other data. Anyone who tries to reconstruct the original text using one of these altered pads will get only garbage, as will anyone trying to reconstruct using the original pad a message encrypted with the altered pads.
A better solution is to use a hash function's output as the byte string. Since it is in practice virtually impossible to create another pad with the same hash signature, all a client has to do is compute a hash for each pad, and compare it against the list of hashes of the pads needed to reconstruct the message. Any tampering in a pad would thus be obvious; a hash scheme would also protect against errors in downloading pads, pads that get damaged due to hard drive problems, etc.
Marketing folks will argue that since you've made the sale, it doesn't matter what format the docs are in, because you've already won the customer. But that's not true. Software with awkward, inaccessible documentation makes for unhappy, frustrated users, and when the product comes up for re-evaluation 18 months later, that frustration gets expressed in a desire to work with something "less awkward".
Also, your current customers probably know other people (unless you're marketing HERMITCAVE-2.4.2) who haven't bought your product. Those people are called potential customers. If they hear nothing but griping about your product, those people are called non-customers.
Who polices the police? We give an agency carte blanche in the name of national security, and we get surprised when they push the envelope. The fact that they refused an FIA request is interesting, isn't it?
Perhaps it's time to take an axe to the agency's budget.