How are you going to generate this 1TB of genuinely random data? Are you proposing that everyone on earth exchanges 1TB shared secrets with every other person on earth? How does the receipient know what offset to use from the beginning of that shared secret drive? How does the sender ensure that they never, ever reuse the same chunk of one-time pad (a requirement for true security in one-time pad)? How does the receiver know that they have successfully decoded the message correctly? How does the recepient verify the authenticity and integrity of the message (i.e. how do they know it came from who it claims to be from, and how do they know it has not been modified in transit)? How do you get the encrypted message to and from the device - surely you're not expecting the user to manually copy out a megabyte of gobbledegook between their internet enabled computer and this encrypting box?
I know the answers to most if not all of those, and in most cases it is either "You simply don't - its impractical" or "you need something more complicated than XOR". These questions, and others besides, are why one-time pad is not normally used in practice. Whilst I agree that theoretically secure is better than computationally secure, in practice computationally secure is "good enough" on the basis that by the time you can crack it, the information is no longer useful. And that's all that you really need from encryption - to make the resources or time required to read the message an order of magnitude greater than the value of the information. I can trivially decrypt messages encoded using the Engima cipher 70 years ago - but it doesn't matter that I can because those messages contain nothing of value anymore, except perhaps purely for historical interest. Nothing encrypted today using modern, properly implemented cipher techniques can be cracked in the next ten years, by which time anything that you or I would write in them will be completely irrelevant - assuming what you write isn't a confession to a murder or some-such.
Quote:
The one-time pad has never been cracked. In 1950 or 1949 Claude Shannon proved that this algorithm can never be cracked if it is done correctly. From the wiretapper's point of view, every possible message of the length of the one being hacked is equally likely to be the intended message.
I know. Not only do you keep repeating it, as if we havn't read what you said, but I also studied cryptography at University.
Quote:
I don't know off hand how long it would take a 65816 to write a file that is the XOR of two other files, each being one megabyte in size, but most text email messages are much shorter.
I don't knoe either, XOR itself is easy, but copying data into and out of the USB will use a lot of cycles, as will other periphial processing. If I throw a wild guesstimate of an average of 200 cycles per byte, that means we need 200million cycles to complete the job. 200million / 14MHz = 14.28 seconds. I honestly think, however, in practice it'd probably be more like a minute or two as any system you build it unlikely to operate at 14MHz, or if it does, not all the time, and I suspect that 200 cycles per byte is on the low end of possibility, given how complex I know USB and filesystems to be in the PC market.
Quote:
I had assumed that the 6502 family devices were cheaper than the others
The
LPC1768 costs £8.43. That can do 96MHz (maybe evne higher, I havn't checked), has built in 32K RAM, 512K Flash and USB support. The nearest equivalent in the 65xx range is probably the
W65C265S, costing £12.21, max speed 8MHz, no native USB support and 576 bytes of RAM. It has 8KB of ROM, but I don't think that'd be usable for your own software in practice as I think its mask programmed in the factory. So, it costs £4 more, is considerably slower and lacks useful functionality for your intended job, which you'd need to supply externally as an extra part, further increasing costs.
Quote:
The methods made popular depend on complexity or obscure math or both and do not depend on truly random data shared by the sender and receiver only.
This is ignoring the modern phenominom of Forward Secrecy. Essentially modern public key encryption is increasingly using a system whereby hacking the encryption stream after the fact will not provide enough information to allow the message stream to be read, so reading the stream requires intercepting and decoding the stream in real time, which no-one on earth currently has the capacity to do, and will not do for the forseeable future. A far bigger problem, infact, is MitM attacks revolving around the inhernetly flawed PKI trust architecture. There are solutions to PKI, principally web-of-trust, they've just never taken off because they require people to be an active participant in their own security, which most people don't want to be because "effort".
Quote:
Many people have more than one computing device. Many people have seen an advertising message on their desktop before invoking their browser. Public education on the matter is not beyond practicality. It is not beyond me.
With the greatest possible respect,
it is beyond you. The entire tech security industry as a whole has been trying to educate the average joe about these sorts of things for
literally decades and, if anything, they've actually made the problem worse as people get a false sense of security when they follow some handy guide without actually understanding the theory behind it. And that's assuming they even do that, most people simply ignore all advice if it inconveniences them even slightly. How many people use "password" as their password, or leave devices setup to defaults? Who actually checks the SSL certificates on the sites they visit? Who spends the time to encrypt their local computer drives? How many times have you read about some idiot civil-servant leaving a USB full of unencrypted personal details on a train?
The tools and the knowledge are there, but people choose to ignore it. To get the average person to use encryption, it has to be as transparent to them as possible, which means they cannot be an active participant in it, which means that shared secrets in the way you describe are not practical because people simply won't do it.Besides, are you going to ring up Microsoft, Apple, Google and the myriad other OS makers and get them all to put a message into their OSs that tells people to buy your encryption box? Best of luck with that, but it ain't gonna happen, not unless you have several billion pounds to throw into their bottomless money holes. Plus, these big companies don't actually want you to be truly secure, because if you were they couldn't datamine you, they only pay lip-service to security because it gets them more money (or prevents loss of money from fines).
FINALLY, on one final note, if some boogey-man really wants to find out what your encrypted message says...
...
Wow, that ended up longer than I planned, and its 3:15am. I'm going to bed
_________________
Want to design a PCB for your project? I strongly recommend
KiCad. Its free, its multiplatform, and its easy to learn!
Also, I maintain KiCad libraries of
Retro Computing and
Arduino components you might find useful.
Login
Register
FAQ
Search
