- the first time, i intentionally modified the key [to show that it doesn't work just on any number input]
- the system can be updated to take a key as input.
- right, it expands by nearly a half; that's used to make it just as secure as the one-time pad, but more practical. [and this is what i want to verify, then optimize].
if you have the time, i'd love to hear more feedback. thank you very much.
> that's used to make it just as secure as the one-time pad, but more practical.
No. There is no such thing as "just as secure as the one-time pad but more practical". If you want information-theoretic security you have to pay for it, and if you don't pay for it you don't get it. Like, there are theorems. That's why mention of OTP is a good proxy for not understanding modern cryptography. Everyone who's serious about it knows that not only are the benefits of the OTP not achievable in almost every practical situation (due to key distribution), nobody actually needs that level of security when 256-bit algorithms are available.
my claim is a bit different though; it's a new take on encrypting text that has no properties of existing crypto systems.
used OTP as an analogy. i think it's a fallacy to do so.
The video is too tiny to see on iPhone 4s. People generally don't want video for this kind of stuff, a text description of what you're doing would be much better.
> - right, it expands by half but i believe it's just as secure as the one-time pad [this is what i want to verify]
This is the easiest bit to critique / attack.
For OTP to work the pad needs to be properly random; the pad needs to be bigger than the plain text.
Expanding something else probably stops it being properly random.
People get hung up on OTP because PROVABLY SECURE. They are secure, but they're also cumbersome to use.
- my bad, the font size in the editor is originally small. will try to fix that.
- problem is that the algorithm itself is what makes the system strong. once revealed in a white paper, the whole thing is useless. what do you recommend to write in a text description for this case?
- it's an imitation of OTP mechanism but has nothing to do with how OTP is conventionally implemented.
> problem is that the algorithm itself is what makes the system strong. once revealed in a white paper, the whole thing is useless
This is a deal-breaker. Your system is not strong if you rely on other people not knowing how it works. Nobody will use it because you can't convince them it's worth anything, you can't distribute it in code. I don't mean to sound like a jerk, but again this is literally 19th century stuff: https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle .
No problem. I hope I don't sound too negative. It can be fun to play around with ideas like this, and trying to see if you can crack your own systems. But there is a huge gulf between "this is fun and I'm learning something" and "I've discovered/built something totally new that other people will want to use", and if you aren't familiar with the current state of the art you aren't even speaking the same language.
- the system can be updated to take a key as input.
- right, it expands by nearly a half; that's used to make it just as secure as the one-time pad, but more practical. [and this is what i want to verify, then optimize].
if you have the time, i'd love to hear more feedback. thank you very much.