Re: @ Mark 65 Possible deadly flaw - compromised software
Forgive me, but your example implies that the "file of random noise" is the key. In which case it is a one-time pad. If it is *truly* random, not PRNG, no further hashing or randomisation is necessary.
As with all OTP schemes, everything then distils to:
1. Is the OTP truly random?
2. How will you distribute the keys?
3. How can you do #2 and be 100% certain no illicit copies are made?
4. How do you prevent everyone using the OTPs from witlessly or accidentally encrypting two or more messages with the same OTP and thereby blowing a hole in your security?
OTP is being adopted rapidly by certain governments for critical data exchange (many lightly laden couriers with fingernail-size data chips ready to be swallowed), but the problem of ensuring that a key in transit isn't compromised remains a thorny one.
OTP may yet be the only inviolably secure system for the future, but not until someone figures out a foolproof way to detect whether an OTP data source has been copied (or ensure it destroys itself if copied).
Biting the hand that feeds IT
