The Bruce Schneier (BS) Challenge Clock

Re: The Bruce Schneier (BS) Challenge Clock

Alright... just out of curiosity I will take the bait.

It sounds like you have a giant One Time Pad implementation.... a key of equal length to the message. Right? At least from what I gathered from your patent > http://patft.uspto.gov/netacgi/nph-P...&RS=PN/7190791

That portion "1. A method of generating a stream cipher having length x bytes, the method comprising the steps of: i) selecting a number n representing a number of sub-keys, and n unique prime numbers m.sub.n each representing a unique non-repeating sub-key length m.sub.n bytes; ii) generating n unique random numbers, each having non-repeating length m.sub.n bytes; iii) generating a n+1st random number R; iv) for each byte whose position in said n.sup.th random number is p, where p=R Mod m.sub.n, consecutively applying a function to each p.sup.th byte of each of said n random numbers to generate a value; v) incrementing the value of p by 1; and vi) repeating step iv) and v) and concatenating each said value produced in step iv) to the previous value produced in step iv) until said stream cipher of x bytes in length has been produced. "

So you generate a OTP of 1M bytes.
"5. The method of claim 4 wherein said delinearization function is a substitution cipher. "
Then you OR the bytes...
Use that OTP on a message of key byte length or shorter, but longer than 4 bytes. If it is a string you run mod256 on the ascii bytes.


...and from your description:
"There is therefore a need for a method of generating a random key, or OTP, which is of variable length and that allows for encryption of very large amounts of data. "

The problems I have with this, and why I too think it is snake oil:

1) OTP is, without the pad, impossible to break when the keyset does not repeat.
2) Asking someone to break with without the one time pad is a farce
3) In the real world, you would have to transfer the pad to those who wanted to communicate. Interception of that pad would be critical to breaking the cipher... In real comms you would have to transfer the pad... so either A) pad has to be encrypted by a PKI scheme or B) sent via a different medium than the encrypted method or C) use a pre-sharedkey ...which you don't include the mechanisms for A,B, or C in your contest (or in your writeups).

From more of your writings, I gather that the PSK implementation based up some table of time base entropy is how you develop your randoms...to which... in order for this challenge to be legit...the key generation mechanism would need to be shared with the contestants. Asking someone to just blindly crack a 1M byte 'one time pad' encrypted byte stream is ...well... not a contest at all. Especially since you are not including the key sharing mechanisms of your encryption scheme...something that most challenges would at least outline.

Share your entropy methods, and the time/date this keyset was generated and maybe then...then you may have a contest. Also, I kindly raise the BULLSHIT flag on all other claims about 'distributed repudiation' and the like. Unless all folks can generate the same OTP (which is highly insecure, btw), this is ...indeed...snake oil. Actually. It's bullshit.


Of course you are welcome to retort, but as of right now I stand by my accusations.

Re: The Bruce Schneier (BS) Challenge Clock

You can read more here > http://en.wikipedia.org/wiki/One-time_pad . Specifically under Problems. Notice that the problematic areas come with the real world implementations of a proposed OTP system. That is what brings about the imperfection in the theory of perfect encryption OTP offers. Without your real world implementation, an attack on a one time pad without the pad or a machine/code that auto-generates one...is pointless.