cryptologist bruce schneier on the OTP: "[it's] the only provably secure cryptosystem we know of. It's also pretty much useless. Because the key has to be as long as the message, it doesn't solve the security problem. One way to look at encryption is that it takes very long secrets -- the message -- and turns them into very short secrets: the key. With a one-time pad, you haven't shrunk the secret any. It's just as hard to courier the pad to the recipient as it is to courier the message itself."

You are missing the most important part of the One-Time-Pad(OTP): If you encrypt ALICE using the OTP every possible word with 5 Letters is a possible outcome after the encryption. The "hacker" can not know which of these set of words is the initial encrypted one. Thats why the OTP is even unconditionally secure meaning that you cannot break it even if you have infinite computational resources.

The irony of stacking sheets of paper in a forest!

Simple, I'll give you an example to illustrate the how Eve can figure out the msg if the one time pad is used repeatedly. In the time of war, if Allies send a one time pad message to the troops in the front line to attack. If the Axis intercepts this encrypted text, they don't know what it means. But if the Allies reuse this one time pad and the Axis keep getting the same encrypted messages and the Allies keep attacking after each msg, then the Axis can figure out what that encoded msg means.

1. You can't share it multiple times because then you would give Eve multiple sources to work from, and he/she would be able to find patterns leading to the cypher. The one-time pad is elegant because the message is equally likely to be decoded into any sequence of letters the length of the original message. Once more messages are released, the number of possible cyphers is decreased significantly because they would have to fit with all of the messages 2. I think he'll cover that in the futur

I love this topic. I want more :D

When considering if these are usable on a device like a smart phone. It’s worth noting that password hacking had a 50-60% success rate 10 years ago, just by having the accelerometer read the tiny differences of your hands twitching when typing one letter versus the next. Just look at your keyboard and know that you can have a password long enough to take 37,000 years to brute force crack, but Apple has at least a 60% chance of cracking it in real time by being able to read the twitch difference between you hitting the G or the H.

khanacademy never fails to amaze me.

The one-time-pad is the ONLY crypto scheme that can be proven immune to quantum computer cracking! Sure, it is inconvenient to have to exchange these secret keys ahead of time, but depending on the importance of what you are communicating, it might be worth it. Modern thumb drives can contain 256GB or more of random data that you can exchange with the other person, so there is little chance of running out of key material any time soon. Of course, you would need a scheme to insure that no key data is ever used more than once, and that the used key on your thumb drive is zeroed-out after it is used.

this is also assuming if the code breaker knows 2 26 sided dice was used

1) If both your messages are intercepted, it is possible to brute for the one-time pad. 2) With great difficulty- that's the problem with the one-time pad.

I understand the idea here. But to me it seems impractical given the previously given scenario that Bob and Alice are separated. When Alice writes her message she is also creating the key using the one time pad. How would Bob be able to have the key that Alice created after they have already parted. She would have to send him the key as well which defeats the purpose. In order for encryption and decryption to work of distance both parties have to have the key beforehand.

It is interesting that the time of the video is 2:56.

This is true, but only if they can figure out a likely string of text in the encrypted message and verify it by decrypting the same fragment in each message that uses the same key. Then, using the fragments in the other letters, guess more possible combinations for nearby letters and verify those. That's why it's the one-time pad; it's strength relies on it's ambiguity. With only 1 key and 1 encrypted message, it could be absolutely anything!

What is the function of that small dial thing?? @0:30

Well the one time pad is an arbitrary string or sequence of numbers(string can be converted to a list of numbers). You just shift the 1st letter in your msg with the 1st in the one time pad, then the 2nd letter with the 2nd number in the one time pad, and so on. Once all the letters in the original text is shifted, u'll get your cipher text. Bob decrypts the cipher text by unshifting it with the one time pad, which he should have.

Unless you know the answer breaking it is always 1: in the total number of possibilities. Basically this video explains why you won't win the lottery

Please release more videos on this topic!

More of this! Please!

greate work !

That is right. This encryption is usually broken as a result of an encoder using the same page more then once. @PhantomAct : You second questions answer is that the two cryptographer has to be together at some point in order to obtain a copy of the same pad. This is the reason why the Allies spent a decent amount of resources trying to obtain Axis OTP during the wars. But if you had the pad you had to keep it a secret from your enemy or they would just get a new OTP.

the best way to send keys is on the messages themselves i mean : you give the first key of the first (plantext)message to your friend physically, then when you send the message just add the key of the second message in this one , when you send the second message you add the key of 3th msg and so on... add the key in plantext not in ciphertext. example : plantext : yourmsg...nextkeyisjkjljkjlj that's it :)

Some random numbers could be used to swap letters around instead of shift them. So, for example, if the random numbers are 4,9,5,11,17, you would swap every 4th letter, then every 9th, 5th, 11th, 17th, etc.

the list has to be shared beforehand. Another requirement is, of course, that there should only be two copies of the list. if someone gets the key he will be able to decrypt the text. That a weakness in using this method, but if used correctly, it is the only unbreakable decryption method.

So, this is basically a vigenère cipher with a key that's the same length as the message?

(1) If you use it twice, then the encryption method simplifies to a Vigenere Cipher (like a fancy shift cipher) and is vulnerable to a frequency attack. (2) To share, use a courier?

these videos are amazing, is there any possibility of getting more?

I believe this is like PSK, Pre-Shared Key where you'll always have the other person, the receiver, to know the transition method to encryption.

It means you only use that specific sequence of random numbers once because two intercepted letters using the same set of random shifts could be broken.

There's only one problem with this type of cipher. If the key is random then the only way the receiver of the encrypted message would be able to view it, would be if you sent the key along with the message. Thus, making it readable to anyone who understands basic cryptography, which is something anyone can google now'a days. Now remember, it's called the *One-Time* Pad for a reason, meaning the key can only be used once. If the same key is used more than once then the cipher is no longer a One-Time Pad cipher, it's just a standard Vernam cipher. Which is more vulnerable to being broken. This type of cipher is more used to keep anyone from viewing something than it is to communicate between individuals. It's best to keep in mind that nothing you send with encryption is 100% secure. Not even a One-Time Pad cipher is 100% secure as it only appears to be impossible to break because of how long it would take, but it can be broken. Especially with the power of molecular and even quantum computers which are being tested and even used to some degree now.

How do they share the key?

keep khan academy free by paying for it, let's go!

Plus the key can't have repetitions is it? If so in the 0:37, there's N written twice! Or is it for a single word?

No Cause in this method you can use the same spacing but in randomness it is VERY unlikely that it'll happen. For instance if I am protecting this message Hello Then a random number generated is 2 2 2 2 2 (WHICH IS VERYYY UNLIKELY) I would get the message as J G N N Q. But obviously getting 2 2 2 2 2 in random is like saying 1/26 * 1/26 * 1/26 * 1/26 * 1/26. Remember were not taking out a gap after we use it. Otherwise this method would only be useful for messages less then 26.

What do u mean 'chaotic algorithm'? If you are saying to encrypt with randomness, then you'll have to think about how Bob is going to decrypt the message. Or are you talking about salting random chars in the message? Then a longer one time pad will have the same effect.

Cause he gets all pieces of the information to solve it e.g. the shift numbers, which direction it shifts, and the encrypted message.

Thank you very much. Very easy to understand. I got so curious that I did the math in Excel. You notice that the OTP has 21 21 19 for E L E, this should have been Z G X, not Z G N heheh, not that it matters so much

As for the second part of your question the OTP is used by several governments including the United States of America and the British government, as I understand it the keys are typically transported to the recipients location ahead of time and under HEAVY security.

More of this series!!

So bob gets the random numbers ? or the crypt message ? And if bob gets both, then couldn't eve figure it out, considering the random numbers are the instructions to decrypt it ?

Well all encryption have to share the keys before hand, so i don't think this is a weakness of the one time pad. The only weakness is you can only use it once.

they have the key from the beginning. an agent would have a bunch of keys to use (dont know if they had an id nr or something to tell which). if used twice you can work out some letters by just trying shifts and comparing what makes words. a fair bit of work but can potentially be done, as opposed to with just the one sheet. I think. :)

I recommend to anyone interested in the topic to check out Numberphile's two videos on the Enigma machine from WWII; very good stuff.

You could have a secret chaotic algorithm that generates random numbers. That way Alice could attach the input for the alorithm to the message, and it could be different each time a message is sent, and Eve wouldn't be able to work out the shift.

Do more videos in this series!!

To get your OTP through Customs, you might try swallowing some microfilm. You need to make absolutely sure the OTP isn't read surreptitiously in transit. If your job is to defeat someone else's OTP system, you can either search Bob's room, hack his computer, or ask him to show you the OTP. Of course, this is exactly the problem. If you had a perfectly secure and convenient way of distributing OTPs, you'd have a secure way of sending messages.

but would it not be 26*25*24*23*22 because you wouldn't want to have one letter representing more that one letter, ie one to one mapping?

1) Because then you have a repeating pattern (Occurs twice).

best way to explain !!! keep it up !!! (y)

How and when, is the list of random offsets shared ?

I want more of this!!

Assume quantum technology well mastered. Would a well developed quantum processor still struggle to crack it in a reasonable amount of time?

What conditions need to be met to ensure perfect security?

ham radio? you listen to the numbers stations?

Then how is the recipient able to read the message? Does Alice need to send the key as well? Then Eve can break it too? So is she the only one with the key and the only one able to read it???

yeah sort of... but what i mean is that only getting the key to the other person might be considered as dangerous (you take the risk of the key being intercepted) anyway, have a nice day :)

Again... wow..

Yes, we are still in the world of "Private Key" cryptography which requires A and B to meet first. Public Key cryptography deals with the case when they cannot meet first. Coming soon!

Does anyone know what is that metal thing between the numbers and the encrypted message she uses to encrypt the message in the beginning?

if i were to capture a bunch of these cipher text, can i eventually break the encryption?

I think unfortunately the method is slightly missrepresented here because the spaces where kept (because it makes it easier to follow visually I suppose). The spaces should however be treated as characters as well making it a 27 letter alphabet (all letters plus space).

OTP is great! But it's not bulletproof, for all cryptographic purposes. If someone can anticipate what the encrypted message might be, (like for example, perhaps it could be something crazy and unusual like, "GET / HTTP/1.1", but if that could be guessed --) then the attacker can modify the message in place. There are ways to protect an OTP against this kind of an attack, but it's an additional step.

What if you'd have multiple messages with this same key. Could you then start to decipher the messages in the same fashion as with the more simple example? You would stack them all up and see which letters are repeated. I'm not smart enough to see if that would work or not.

You're not far off, but algorithms can not behave chaotically; the idea itself is a paradox. Algorithms can only generate pseudo-random numbers which where we have to hide it source, but in theory it can always be reverse engineered by a competent hacker. To solve this problem we use specialized hardware that is actually chaotic in nature. It's basically a box containing a small quantity of radioactive material that measures it's decay and convert that to numbers.

It wouldn't be 1 kilometer tall because it would fall over. :)

Nothing is foolproof, even the one time pad.

perfect

I do agree getting 5 in a row is very unlikely, but getting say 2 in a row is not so much, say your same message HELLO became JGNNQ but what if H=N , E=G, L=N, O= Q, so now when decrypting N's how do you know whether it is an H or an L?

That is all good.. But for the one-time pad cryptosystem to work, We have to somehow be able to share the One-time pad with the recipient without EVE finding out. Because if Eve gets ahold of the one time pad, then she can just as easy as the recipient decrypt the text. RSA is by far the best solution to this.

Is there any way to effectively crack this code?

Isn't this the same thing as using Vigenere Cipher with the length as the same length as the message?

launch codes are a kind of a password isnt it, not a cipher. what has that to do with OTPs? "need to know the length of the code"? to decrypt something youd obviously need the encrypted message. the "length" is the same as that.

but my argument is that what if all the letters a,l,i,c,e all get mapped to the same letter, say T, then it would be encrypted as TTTTT...but then it is useless because the word is no longer recoverable, there for your options for the first letter is 26, then for the second 25 because you cant use the one you chose the letter A, and soo one till you get 22 for the last letter

if u wanna send a clear message... then use the key as a message and a ciphertext as a key, Example : (HELLO) is the real message (WATER) is the message u send (DEEPF) is the key.... so here (HELLO) is the Plaintext (WATER) is the Onetimepad (DEEPF) is the ciphertext ... you can send an ordinary letter hidden a message.

what is the device that she is turning in the video??? can anyone tell me?

No it must be 26*26*26...otherwise you'd be eliminating possibilities. There is a 1/26^5 chance that ALICE would be encrypted as ALICE - and this is okay. I will go into more detail soon!

Bob has the same one time pad key. It's the secure sharing of the key which is the greatest weakness of the one time pad.

You don't choose that letter, you shift by that letter.

We need moreeee

how do we always get a uniform frequency distribution in one time pad?

I don't get it, how bob would decrypt it back to plain text by using the same key (I mean the random number shifts shown in the vid)?

*QUANTUM COMPUTING*

@megaelliott Isn't using an algorithm potentially a source of leak? My understanding is that many cypher algorithms are well known, so statistical analysis might reveal the algorithm and put the code breaker closer to knowing the secret input. BTW, I read an article some time back about NSA using mathematical analysis to find suspicious encoded messages within the flow of internet traffic; this is way over my head, but it does make me question the assertion that OTP is unbreakable.

the stack of outcomes would be too Damn high!

otp is only uncrackable because of it's lack of a message authentication code. no MAC means it's vulnerable to being corrupted. as far as im concerned, OTP is just a basic XOR cipher with large single use keys and no MAC

hello!! could someone please do me a really big favor and tell me what kind of dice I can use to generate the random shifts I would need in order to create my own encrypted text? I'm trying to make my own for a paper that I have to write for school but I'm struggling to find a 26 sided dice like they use in the video. Any advice would be helpful :)

yjod od dp serdp,r@ (this is so awesome!) I did this by shifting my hands over one place to the right on my keyboard.

What I gather. If your password is 5 characters (a-z). A computer only needs 12,000,000 guesses to get it right, which should take less than a mute

How would it be (26)^5? If alice rolls a 26 sided dice 26 times, then each of the 26 outcomes should be associated with each letter. then it should be 26 factorial. isn't it?

But this only works from point to point. Computer A to Computer B. This is useless in a networked system because of the need of multiple people and devices having access to the Cypher. It is based of the German enigma machine from ww2 which was cracked due to unit capture and mathematical analysis. Unless you can scale it and keep it secure this will remains a pipe dream.

0:23 "and shared this with Bob"

But you can only send one message with that so what's the use really? It would often be more trouble than it's worth because you would have to share the key too.

Cause I would tell you also that the turns. Turns meaning whether the jump is to the left of the alphabet or to the right of the alphabet. So if I was encrypting the message Hello even more securely, I would tell you that the turn alternates every letter and it starts with a forward jump. Therefore you can decrypt it. E.g. Here decrypt this using the above: 5 1 9 16 21 M D U V J

More of this?

i think they already agreed on the all the shift.

Wait, it was that easy that whole time?

i don't get it... how does bob solve it?

Isn't that the same idea as the monoalphabetic cipher ??

Decrypt this 4-letter word: WQFD Good luck.

it removes the key