Using a one-time pad is just ridiculous. Yes, it's provably unbreakable, so what. It's also completely impractical.

Every well-known, mainstream algorithm such as Rijandel with a key length of 128 or more bits is unbreakable, too. No single secret that you may own can possibly be so valuable that anyone will invest the computional resources needed to break a 128-bit key. Seriously.

(Also, the wrench attack pointed out by BitMaster is more real than you may think, for things which are sufficiently valuable.)

Is there any way to prove that even exists?

You need to prove or disprove the universe itself is deterministic over the relative time and space involved.

It runs counter to things like free will, ethics, and many types of philosophy, and is a great way to cause religious/philosophy wars.

It isn't enough to prove the universe to be deterministic. It may happen that the universe is nondeterministic in a different time or place, but not in the time and place the randomness is needed.

So not only would you need to prove nondeterminism, you need to prove nondeterminism within that the thing (the data in the computer) during at time frame (when the random data is generated). If that tiny window of space and time happens to be deterministic, it is non-random.

Since computing theory and information theory include variations for both deterministic and nondeterministic spaces -- famously the P=NP problem -- discussion about proof of determinism comes up quite often in the field.

>Whatever you're trying to encrypt isn't nearly as important as you may think.

But it is, TO ME.

All known encryption and cypher routines can be overcome with the $5 wrench attack.

Agreeing with the others, go get established an off-the-shelf solution, pick one of the many options like the well-studied AES-Rijndael 256, Twofish, or RC6. These are currently generally accepted as the most solid algorithms. Avoid DES, 3DES, Blowfish, (they were once recommended by have since had vulnerabilities discovered) and avoid all custom or homemade algorithms and tools, since they are likely at least subtly flawed.

If you want to keep data safe, truly safe, not just safe beyond the norm. Really secure from all forms of attack. You only have one option.

Place your data on a hard drive. Remove the hard drive from your computer. Encase it in concrete. Attach it to a rocket. Blast it into a random region of space.

It is now as safe as is humanly possible.

Of course now it is no use to you. It's gone, but it's safe.

You have to sit down with a clear head and decide what level of security allows you peace of mind, yet still allows you to use the data.

You can be completely paranoid and require thumb print or retina scans before accessing the data, but I could come along with a knife and cut your thumb off, pluck out your eye and still get access to the data.

You could disconnect your computer from all networks and only host the data on that one machine, and I could come along with scanning equipment and read the data straight off your computer screen.

Can you see what we are trying to tell you? Security is relative and the level of security you need may not be anywhere near the level you think you need.

The highest sensible system would include a Faraday cage to suppress EMF fields that could be read from a distance. Multiple professionally installed firewalls running on FreeBSD (the most secure firewalls I have ever seen run on FreeBSD). Physical access to the room would have to be controlled by extra layers of security as well.

Then you would be as secure as you can be, but are you really that paranoid?

>I can say this with absolute confidence because you're not a security specialist (otherwise you wouldn't be asking the questions that you're asking).

Actually, I do know quite a bit about security, especially cryptography, which is why I'm posting this. I've been going over and over it in my mind, trying to find a reasonable solution, and it seems like true random data is the only thing with absolutely perfect security (at least in terms of the quality of the key).

>You need to prove or disprove the universe itself is deterministic over the relative time and space involved.

It wouldn't really matter if the universe is deterministic per se, because the computer would not know the cause and effect of anything originating outside its system. (For example, RAM is considered random access, because from the computer's perspective, it's unpredictable what the user will do. And the computer doesn't know what input the user will give it either, so even if it's far from random, it's not predictable in that sense. So any physical process that seems random, even if it's only technically pseudo-random, can not be predicted mathematically, simply for a lack of information within the computer [remember that from studying proofs in school?] - in other words, the computer has no way of knowing where or in what state the particles/waves, or whatever the device was using, were in at the time they were read, much less someone else's computer that's trying to hack it.)

>Then you would be as secure as you can be, but are you really that paranoid?

Absolutely.

>They virtually all occur as either side channels in the implementation of the higher-level protocols, or edge cases in said protocols that happen to leak sensitive information.

The word virtually is interesting, as it implies "not entirely". I don't intend to use any overly complex protocols anyway.

Bacterius, where to start?

>Also, one-time-pads do not offer perfect security.

Alright, so I'm not using the perfect terminology, I meant secrecy of the data, and I wasn't referring to authentication. Note that I did say "at least in terms of the quality of the key", so I was giving a specific context.

>They offer perfect secrecy, you are still lacking authentication and integrity checking

>yeah, it's funny how people get hung up on the "perfect secrecy" bit but completely skip the next chapter which is "secrecy without authenticity is worthless"

I'm well aware of this, and fully intend to authenticate, but I just wasn't talking about that part of it (that's not what my post was intended to be about anyway).

>Then maybe you would share what your actual problem is, so that other people who also know quite a bit about security can peer-review and give their opinions and possible alternative solutions.

And that's the paradox. Obviously I wouldn't want to tell you anything specific, lest it defeat the purpose of encrypting anything in the first place. Suffice it to say, I want to be able to send data that I will be 100% certain that if any snooper were to intercept it, it would be impossible for them to see the information. (And yes I know about people being hit with wrenches, etc.)

>There's this pattern I noticed that people who tend to fixate on one particular feature that they need, invariably fail to mention why they need it, and become somewhat abrasive whenever they are called out on it, and that actually pisses me off quite a bit because people who claim to be knowledgeable in the field should know that transparency is a key attribute.

As I said, I can't tell you all the details, because that would defeat the purpose. Do I sound abrasive? If so, I apologize. I'm honestly not trying to, but I tend to nitpick people's statements when dealing with issues that are highly technical and must be done in a precise way, and that can seem abrasive I suppose.

>I'm not sure this thread is a great place to talk about popsci quantum physics and discuss the nature of the universe.

I didn't bring up that topic, and I only commented on it in a specific context to which it related to this topic.