Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
One-time pad
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Authentication=== As traditionally used, one-time pads provide no [[authentication|message authentication]], the lack of which can pose a security threat in real-world systems. For example, an attacker who knows that the message contains "meet jane and me tomorrow at three thirty pm" can derive the corresponding codes of the pad directly from the two known elements (the encrypted text and the known plaintext). The attacker can then replace that text by any other text of exactly the same length, such as "three thirty meeting is cancelled, stay home". The attacker's knowledge of the one-time pad is limited to this byte length, which must be maintained for any other content of the message to remain valid. This is different from [[malleability (cryptography)|malleability]]<ref>{{cite book|url=https://books.google.com/books?id=ySZwUT4nyPsC&q=malleable+one+time+pad&pg=PR1|title=Information Theoretic Security: Third International Conference, ICITS 2008, Calgary, Canada, August 10β13, 2008, Proceedings|first=Reihaneh|last=Safavi-Naini|year=2008|publisher=Springer Science & Business Media|via=Google Books|isbn=978-3540850922}}</ref> where the plaintext is not necessarily known. Without knowing the message, the attacker can also flip bits in a message sent with a one-time pad, without the recipient being able to detect it. Because of their similarities, attacks on one-time pads are similar to [[Stream cipher attacks|attacks on stream ciphers]].<ref name=":0">{{Cite web |last=Boneh |first=Dan |title=Attacks on Stream Ciphers and The One Time Pad - Course overview and stream ciphers |url=https://www.coursera.org/lecture/crypto/attacks-on-stream-ciphers-and-the-one-time-pad-euFJx |access-date=2022-03-21 |website=Coursera |language=en}}</ref> Standard techniques to prevent this, such as the use of a [[message authentication code]] can be used along with a one-time pad system to prevent such attacks, as can classical methods such as variable length [[padding (cryptography)|padding]] and [[Russian copulation]], but they all lack the perfect security the OTP itself has. [[Universal hashing]] provides a way to authenticate messages up to an arbitrary security bound (i.e., for any {{nowrap|''p'' > 0}}, a large enough hash ensures that even a computationally unbounded attacker's likelihood of successful forgery is less than ''p''), but this uses additional random data from the pad, and some of these techniques remove the possibility of implementing the system without a computer.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)