Oh, sorry, I thought I made that clear in a previous post. It will be encrypted, sent to a user over the Internet, then decrypted by that user. The data will be sent in real time and not stored on any hard drive. I have a method of sharing the key and that shouldn't be an issue.

Whether truly random numbers exist is a question for philosophers, and not a particularly interesting one,

As someone who is more philosophical in nature than not, I can certainly vouch for this statement, although, I do have to disagree with the "notp particularly interesting" portion. But that's just me; I'm weird. To elaborate further, part of the philosophical debate around this can come from the Buddhist concept of "dependent arising" meaning, that everything that IS is a direct result (and thus explicitly predictable) from what WAS. This can also be applied to the function of the human brain, thought, as well.

On a molecular level, neurons function by a very specific mechanism; the differential in magnetic fields based upon the presence, and movement, or either positively or negatively charged ions - particularly sodium and calcium ions. This is what produces the electrical activity of the brain. The "differences" in thought and learning come from the sheer numbers of neuron and how they are interconnected. This can also be thusly affected by factors such as diet (which is the only way to obtain neurotransmitters and their precursors, such as choline -> acetocholine. Even that natural tendencies and urges are predictable, as was shown by experiments involving rats in which they were given access to multiple water-based solutions (which were tasteless, odorless, and colorless) containing a single type of chemical component. What researchers found was that the rats developed a pattern throughout the day in which they consumed each type of water. This was based solely upon the need for each type of chemical and had no factor of "preference" at all. Nursing rats also consumed large amounts of the solution containing calcium chloride, which one would expect.

What's the point? The point is that even is basic needs, desires, and even thought can be shown to be dependent upon simple and predictable molecular reactions, then is thought even random? Are we truly individuals? And if our thoughts, needs, and desires, can be show to be completely predictable, is there even true randomness, or is it merely a baseless concept that we all predictably believe exists?

;-)

Yeah that's right.... The morning mind-blowing thought for today!

I don't intend to use any overly complex protocols anyway.

Yet you want to use the most complex, most annoying, and most troublesome and error-prone protocol in existence. One-time pad key generation and management is a nightmare. It's what makes one-time pads impractical.

Get real. I've been smoking the same weed in the late 1980s. It was when the kool kids exchanged mail via UUCP (or other stone age technologies like Fido and what they're all called). Yes, I'm talking about the time when you were cool if you owned a 1200 bps modem. Not like anyone had anything interesting to say, or that they couldn't have used the phone to talk to people who went to the same school and lived in the same town, but that just wasn't cool. Not like any other person would reasonably have had any interest in anything that anyone from our group had to say anyway.

So, all of us being security experts, we used one-time pads to protect our messages. At first, we used a moderately complex homebrew substitution cipher (basically 4 interleaved binary rot13-variants with a different offset each) with incremented each offset with every character encoded to hide patterns. This one delivered surprisingly well for such a naive approach (except the key length was, well, 32 bits...). But being security experts, we figured that this was not good enough. Someone came up with one-time pads, which sounded really cool, so we used that. We distributed the one-time pad (which, lacking a truly good random number generator, probably was not much of a one-time pad, although we tried to make it as good as we could) on CD-writeables.

It was the time when a CD writer would cost a fortune and writeable CDs weren't precisely cheap either, but sure enough, all the kool kids had a burner. Burning a CD required a powerful computer with a lot of RAM, and burning took like half an hour during which you could do nothing else on that computer (if you were wise, you wouldn't even touch the mouse!), and one of three CDs came out broken, either thanks to buffer underrun or for no particular reason, or just because CD writeables suck.

So, for a group of 8 people, you wasted a week generating a disk full of kinda-real-random data (much like you would leave the computer on over night just to raytrace a 320*200 scene of a few transparent marbles on an infinite plane) and a complete afternoon burning CDs. And then you had to meet in person to distribute a copy to everybody. We didn't opt for meeting under a bridge like in a spy novel.

Guess what happened a few months later. Hint: recordable CDs are not as robust and error-free as you might wish. And yeah, people do lose them and roll office chairs over them, too.

In one word, from a usability perspective, one-time pads are just "WTF".

On the other hand, established algorithms (say, Twofish or AES, if you will) with a reasonable key length (128 bits, or 256 if you are really paranoid) are easy to manage, reliable, and are just as secure.

This is quite comparable to taking a photograph. Something at 20 meters distance is "infinite", and moving it further away still only makes it "infinite". It is unfeasible (and, above all, economically forbidding) to break a 128-bit key, and it is simply impossible (with our present understanding of the universe) to break a 256-bit key. A 16384-bit or 4294967296-bit key is equally impossible to break, and a 2MB one-time pad is also impossible to break. There is, however, no difference between "impossible" and "impossible". The difference is only in the ease of handling.

>If you are looking to make some kind of exploit truly impossible...

You just answered your own question. That's exactly what I need.

If I understand correctly access to computer (server?) to get the algorithm and seed of data is the attack vector but access to the same computer to get static data is not? You've also said you have secure channel to pass the "key" to the other peer. If your secure channel can handle few MB of "true random" data (aka "the key") why not use it to transfer the message itself and save on cost of encryption?

As others said many times in this thread you will go much farther using transparent algorithm that will generate cryptographically secure data with only small seed transferred using secure channel to the other peer.

Well I can say to both samoth and Bacterius: I already know OTP is a huge pain, but if used correctly, I don't see why it couldn't work. The problem is that the alternative is any of these other algorithms which, unfortunately, are potentially susceptible to cryptanalysis. All the arguments of it taking several lifetimes to analyse are BS, because:

A: if you wait a few years/decades, who knows what kind of computing technology will be available, which might be able to crack it in a day!

B: Quantum computing threatens to make many algorithms obsolete, and the ones that won't be are often ones that only work ON quantum technology (which frankly, will probably not be available to the persons transmitting these communications). And even those may be cracked at some point.

C: Some algorithms are deliberately given a back door, for the public to only discover too late, after they've been using the algorithm on their "private" data, thinking it was secure! The NSA did this to a particular example, of which I just can't recall the name at the moment.

D: There are trojans that can infect millions of computers worldwide, and force them to perform background jobs that just constantly process cryptanalysis, on the off-chance that one may crack a key. But given enough processors enough time, well, you know what they say about monkeys and typewriters.

So you see, given the circumstances, I don't think wanting perfect secrecy is unreasonable. Maybe impractical, but certainly not unreasonable.

And if you think I don't know anything about cryptography just because I didn't know much about random number generation, it's only because I've studied cryptography, but haven't actually used it before for one simple reason: I don't trust it. And the reason I don't trust it is because it is imperfect. But at a certain point, there comes a time when unfortunately it may be necessary to rely on electronic communications, and when that time comes, you NEED something secure!

To answer your questions, Bacterius:

- My authentication prevents impersonation. The reason I didn't mention it in this post was because I really only wanted to know how to generate truely random numbers. The rest of this just branched off from that.

- Assuming it's authenticated and encrypted adequately, I'm not sure how a MITM attack would happen. Unless I'm missinterpretting your implication.

- The data should go through fine unless there's an error or tampering, in which case the data can be re-transmitted with a different section of the OTP.

- Interactive in what way? I was thinking of having it pretty much automated.

- In this situation, I'm not sure how there would be a replay attack. Do you have an example?

- The entropy of the key is set up ahead of time and there's no way it can be tampered with because it's done completely privately.

- If one party is compromised, we may as well just eat bullets.

- Doesn't need more than 2 users (or computers anyway).

- The encryption is deniable to the extent that no data is ever stored long term and is erased after each session.

>In the future there might also governments with brain scanning satellites, able to scan and retrieve your very thoughts and memories if you ever go outside (or even inside, with some clever use of bending light and such).

What steps are you taking to prevent this (roughly equally relevant scenario) from being an issue?

If that ever became close to possible, I would end my life.

(And don't vote me down for saying that! Some people keep voting me down for some reason and I don't know why. I have every right to express my opinions!)

(I see you took my advice and didn't vote me down ;P)