I have every right to express my opinions!)
Fair enough. I suppose I thought the voting was only intended to be used for giving someone a point if they're helpful and say something useful, and taking one away if they're somehow harmful or otherwise mean. I didn't realize it was intended to vote opinions, like it's some sort of popularity contest.
(Even THIS gets a down vote? I think someone's screwing with me.)
The text when hovering over the down vote button says:
This response is not useful and does not improve the conversation.
I haven't been around that terribly long. And I was never trying to argue against anyone's experience or expertise in the subject. I'm sure they know a lot about how to make things secure - to a point. I was only arguing that different people have different standards of what they consider secure enough for the application, and all the things they suggested happened to fall below my standard in this case.
(I will say that I appreciate your objectivity, BitMaster. Far too many people seem to like to judge others just because their opinions don't match, even though what we're discussing isn't really a political or moral issue at all - at least not the way we're discussing it.)
You overlooked the obvious. Do away with the computer. Hand write secure information on paper in long life ink, and lock it in a room guarded by big tough angry military types with guns, guard dogs and a violent nature. Cover the room and immediate area in physical security. Use alarms, laser trip wires, razor wire fences, anti climb paint, tall walls, thick concrete and underground bunkers. Use division of labour during construction of the bunker and production of the secrets so that no one person knows the whole thing meaning you need several thousand $5 hammers and tons of research to attack the system. This has been proven time and time again to be more secure than a computer.The highest sensible system would include a Faraday cage to suppress EMF fields that could be read from a distance. Multiple professionally installed firewalls running on FreeBSD (the most secure firewalls I have ever seen run on FreeBSD). Physical access to the room would have to be controlled by extra layers of security as well.
it will be encrypted, sent to a user over the Internet, then decrypted by that user. The data will be sent in real time and not stored on any hard drive. I have a method of sharing the key and that shouldn't be an issue.
How shouldn't sharing a key be an issue? This is exactly the issue 
You either have to give a physical copy to the user personally (say, on an USB stick), or transmit the key over the network. The former case is not realistic, and sending the USB stick by mail is as insecure (indeed, I daresay much more insecure) as using an established crypto algorithm. Transmitting the key over the network in some way (maybe as part of the executable, or using whatever method) makes the OTP system as secure as the security protocol used to transmit the key (that is, as good as TLS if you use TLS, or as good as nothing if you don't use encryption).
You mentioned something like "many megabytes" somewhere at the beginning, so this is not trivial either. Plus, do note that every single user must have his individual key, otherwise the OTP is trivially exploitable by xor-ing two users' messages. So you need huge amounts of random, huge huge.
A: if you wait a few years/decades, who knows what kind of computing technology will be available, which might be able to crack it in a day!
No. Please be aware that 2256 is roughly 1077. A present day computer will not just be unable to execute that many instructions (and decrypting a block takes a few dozen instructions at least) in your lifetime, nor in any other person's lifetime. Or during the probable existence of humankind.
It takes roughly 1060 years to do that, and even assuming that a miracle happens and computers get a billion times faster over night and a billion attackers conspire against you, each using a billion of these supercomputers, it still takes 1033 years. Heck, the entire universe isn't 1033 years old! This is not realistic.
And then, consider how much energy is needed for this. Executing instructions costs energy, you can find an evaluation based on a hypothetical ideal computer running at close to zero Kelvin in Schneier's book (which points out that brute-forcing 256 bit keys is impossible even with that theoretical machine). Realistically, you can't expect to get more than 5,000 MFLOPS per Watt out of the best, most energy-efficient computers. Now assume that checking one key can be done in the equivalent of one FLOP (very unrealistic, but feel free to assume that anyway) and assume a technology breakthrough happens so you're a billion times more energy-efficient.
Do your math, and you will see that in order to brute-force a single 128-bit key within the lifetime of your grand-grand children, your attacker needs a power source that is approximately equivalent to all power plants in the USA. That's for one key. One.
Now, unless you are the most important person in the world (are you?) this one key that they might hypothetically try to crack will definitively not be yours. Realistically, they won't crack anyone else's key either.
Really, this "wrench attack" comic is no joke. Why would someone spend the major part of a nation's resources and decades of time if they can just cut off your small finger? Once the knife is onto your ring finger, you will happily tell them where to find the key. And surprise, it didn't cost a lot.
You think this won't happen? Then whatever secret you have is not valuable.
Quantum computing
Oh yes, the dreaded quantum panacea. Mr. Worf, quantum torpedoes! Fire!
Maybe this is going to happen, maybe it isn't. Someone builds this huge quantum computer, and has nothing better to do than try and decode your super secret data (really, how important are you? Do you realize how much a large-scale quantum computer costs?).
Having "quantum super powers" at hands means that they can solve some (but not all, it is rather unlikely that this will work for a block cipher) hard problems in a time that has an exponent half as big as before. So... it's 2128 instead of 2256. Hypothetically, but not likely. Now, 2128 is still pretty good. It's still impractical by all means. It is still way cheaper to waterboard you or to cut off a few fingers to find out your key, if whatever you have is important.
Some algorithms are deliberately given a back door, for the public to only discover too late
[...]
The NSA did this to a particular example, of which I just can't recall the name at the moment.
The particular examples would be DES (which was however well-known for decades and for the most part regulated by export laws) and IDEA where the backdoor was not built into the algorithm, but into the crypto boxes that were sold to end users. The algorithm remains unbroken. This backdoor is very similar to the previously mentioned wrench attack insofar as it attacks you (the guy who is stupid enough to buy a tampered crypto box) instead of the algorithm.
None of that is relevant for using any of the well-tested modern algorithms. But even so, if you are worried, you can still encrypt your data twice with two algorithms. This pretty much rules out that any single backdoor will allow anyone to decrypt your stuff easily.
The risk of unintentionally building your own little backdoor into your homebrewn super awesome crypto is a lot higher than the possibility that something that significantly threatens your secrets is found in an algorithm like Rijandel or Twofish.
There are trojans that can infect millions of computers worldwide
What about the trojans that infect your computer to reveal the super secret uncrackable key? Or the trojans that infect your computer to send them the already decrypted data in plaintext?
I'll be quite blunt. The only "legitimate", and I use that word VERY loosely!, use for such an extreme encryption method is to prevent forensic snooping. In other words, the data you are trying to hide is illegal. Nothing else makes sense.
That being said, a one pad cipher requires secrecy. You've just told the world you plan to use this. I will now intercept every letter, package, e-mail and data stream emanating from you. ;)
>What about the trojans that infect your computer to reveal the super secret uncrackable key? Or the trojans that infect your computer to send them the already decrypted data in plaintext?
That's why I need protection against that as well, but it's a seperate issue. The point I was trying to make though, is that they can get however much computing power they need.
As far as the actual numbers, I guess I never really did the math - I just know that computing power increases exponentially over time, and at an exponential rate of increase, eventually that'll catch up with just about anything.
>The particular examples would be DES (which was however well-known for decades and for the most part regulated by export laws) and IDEA where the backdoor was not built into the algorithm, but into the crypto boxes that were sold to end users.
No, the one I'm thinking of wasn't either of those. I wish I remembered what it was called. But anyway, it was in the algorithm, not any kind of hardware.
>You either have to give a physical copy to the user personally (say, on an USB stick), ... case is not realistic
And why not? What if I know the person directly?
Let's see... I think that's about all I had to say about that post, except that you did ease my mind a little (only a little though, because these issues are still definately worth worrying about).
So hypathetically, suppose I did want to use an algorithm other than just OTP by itself, assuming it was an EXTREMELY secure one, would the following be a good idea?:
- Make a huge OTP with TRUE random data
- Transmit it using a great public key algorithm
- Use small pieces of the OTP to transmit all additional data transfers
- Make a new OTP if the first one ever runs out, and transmit it the same way
- Have every data transmittion very securely authenticated and integrity-checked
- Never save data to any hard drive and have it cleared from RAM after each session
Would that be sufficient for the complete security that I want?
(Edit: MarkS, I don't do ANYTHING illegal, but in regards to your interception proposition, I'm proceeding to expose my buttocks for smooching purposes, metaphorically of course.)
