

Unbreakable Cryptography in 5 Minutes - bpolania
http://xrds.acm.org/blog/2012/08/unbreakable-cryptography-in-5-minutes/

======
Petrushka
Wow! Does this say that as long as key generation, key distribution, and
message authentication are trivial, unbreakable cryptography is a cinch? What
a shock, here I thought that all those billions of dollars of research and
thousands upon thousands of man-hours devoted to the development of secure
communications throughout the last three-thousand years meant that this is a
difficult problem. Had all those people simply read this article, we wouldn't
have had any sort of issue whatsoever...

Not only are the three problems I mentioned above the most serious open issues
in cryptography, but the actual encryption of information might be the least
difficult. As long as they are implemented correctly, and no one has some
quantum or otherwise impossibly powerful computer lying around someplace that
no one knows about (or has solved the Riemann Conjecture), then RSA, El Gamal,
AES (w/ proper mode), Blowfish (ditto), and numerous others are unbreakable as
well. In fact, with the lack of restrictions the author includes for what
constitutes "unbreakable" cryptography, a one-time pad will also work just as
well.

And yes, I do realize he gives mention to this at the bottom of the article,
but it's still hilarious to title this "unbreakable" cryptography.

~~~
bpolania
XRDS Crossroads is a magazine blog for students, the article presents an
actual topic explained for those interested, I think it targets an important
part of Hacker News demography and it makes an excellent job in encouraging
students to go ahead and develop their own crytographic solution, so I don't
know what are you so angry about the article

~~~
Petrushka
I'm a student myself. Funny enough, some of us are actually intelligent and
can handle complexity. To me, this is the equivalent of teaching military
science by telling someone how to shoot a gun. Instead of trying to introduce
someone into the field by showing them what questions the field is actually
trying solve, you're introducing them into the field by showing them the small
subset which those who have no interest in it assume constitutes the entirety
of it.

How many mathematicians do you thing have read an article on cryptography,
gotten really interested in it, and then realized the most important open
question in it revolves around the computer equivalent of spotting a fake ID?

~~~
bpolania
The article explains an implementation of a Vernam Cipher, it's not intended
to solve the most important questions in cryptography.

I don't understand how "introduce someone into the field by showing them what
questions the field is actually trying solve" could do any good, it's like
saying that the first subject in Physics 101 should be the unified field
theory instead of Newtonian physics.

------
anuy
This article is very poorly written. Few things: author even did not mention
the common name "one-time pad" for the technique he explained. one-time
pad(OTP) uses the key same length as the data. the key has to come from a true
random source that is resistant to side-channel attacks. key
transport/exchange is a big issue.

Diffie–Hellman key exchange uses keys shorter than message length using prime
field arithmetic. DH key exchange is not really paired with OTP. So author
tossing the name of DH key exchange is odd. Good intro about OTP and DH Key
exchange is here: <http://en.wikipedia.org/wiki/One-time_pad>
[http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exch...](http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange)

~~~
rubbingalcohol
A requirement for a One Time Pad is that the key stream be generated from
_true_ random numbers. Computerized number generators are pseudorandom number
generators. Even cryptographically secure pseudorandom number generators are
not true random numbers.

This article describes some of the requirements for a One Time Pad, but its
failure to account for the strict requirements of the definition leave us with
something that is not provably "unbreakable."

------
ColinWright
Why have you lunk to comment 116? Why have you not submitted a link to the
article itself? Am I missing something?

~~~
bpolania
Not sure why that happens, I think is an issue with page itself since the link
points to the general article.

~~~
ColinWright
It does now - it's been fixed. It did have the "#" and comment number at the
end. If you check it out here you'll find the original submission pointed at
the comment:

[http://www.hnsearch.com/search#request/all&q=title%3Aunb...](http://www.hnsearch.com/search#request/all&q=title%3Aunbreakable)

------
assaflavie
This is still susceptible to timing attacks, for example.
<http://codahale.com/a-lesson-in-timing-attacks/>

