If Kerckhoff's Principle holds, why do we need a cipher at all?
I understand Kerckhoff's principle, in a very practical sense, that the best attack that can be performed on a given cryptographic algorithm should be only as practical, if not less practical, than an exhaustive key search, that is, testing every possible key. My question is, if this is the case, then why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
encryption algorithm-design keys
asked 2 days ago
Will Burghard
5713
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I understand Kerckhoff's principle, in a very practical sense, that the best attack that can be performed on a given cryptographic algorithm should be only as practical, if not less practical, than an exhaustive key search, that is, testing every possible key. My question is, if this is the case, then why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
encryption algorithm-design keys
asked 2 days ago
Will Burghard
5713
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
5
Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
– Ella Rose♦
2 days ago
24
Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
– marcelm
2 days ago
1
@marcelm I assume the encryption would be using a one-time-pad of some sort, which arguably to some extent renders the algorithm so trivial that it's solely the key that's providing security, not the algorithm (probably some variant of XOR).
– March Ho
2 days ago
4
This "ridiculously long key" is exactly a one-time pad, and all of the usual disadvantages apply.
– chrylis
2 days ago
1
@MarchHo & chrylis - Maybe Will was talking about OTP, but I'd prefer to hear confirmation from him; maybe he meant something else. Either way, OTP is still a cipher, however trivial ;)
– marcelm
2 days ago
add a comment |
I understand Kerckhoff's principle, in a very practical sense, that the best attack that can be performed on a given cryptographic algorithm should be only as practical, if not less practical, than an exhaustive key search, that is, testing every possible key. My question is, if this is the case, then why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
encryption algorithm-design keys
asked 2 days ago
Will Burghard
5713
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I understand Kerckhoff's principle, in a very practical sense, that the best attack that can be performed on a given cryptographic algorithm should be only as practical, if not less practical, than an exhaustive key search, that is, testing every possible key. My question is, if this is the case, then why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
encryption algorithm-design keys
encryption algorithm-design keys
asked 2 days ago
Will Burghard
5713
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 days ago
Will Burghard
5713
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 days ago
Will Burghard
5713
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 days ago
Will Burghard
5713
asked 2 days ago
Will Burghard
5713
5713
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Will Burghard is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
5
Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
– Ella Rose♦
2 days ago
24
Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
– marcelm
2 days ago
1
@marcelm I assume the encryption would be using a one-time-pad of some sort, which arguably to some extent renders the algorithm so trivial that it's solely the key that's providing security, not the algorithm (probably some variant of XOR).
– March Ho
2 days ago
4
This "ridiculously long key" is exactly a one-time pad, and all of the usual disadvantages apply.
– chrylis
2 days ago
1
@MarchHo & chrylis - Maybe Will was talking about OTP, but I'd prefer to hear confirmation from him; maybe he meant something else. Either way, OTP is still a cipher, however trivial ;)
– marcelm
2 days ago
add a comment |
5
Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
– Ella Rose♦
2 days ago
24
Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
– marcelm
2 days ago
1
@marcelm I assume the encryption would be using a one-time-pad of some sort, which arguably to some extent renders the algorithm so trivial that it's solely the key that's providing security, not the algorithm (probably some variant of XOR).
– March Ho
2 days ago
4
This "ridiculously long key" is exactly a one-time pad, and all of the usual disadvantages apply.
– chrylis
2 days ago
1
@MarchHo & chrylis - Maybe Will was talking about OTP, but I'd prefer to hear confirmation from him; maybe he meant something else. Either way, OTP is still a cipher, however trivial ;)
– marcelm
2 days ago
5
5
Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
– Ella Rose♦
2 days ago
Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
– Ella Rose♦
2 days ago
24
24
Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
– marcelm
2 days ago
Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
– marcelm
2 days ago
1
1
@marcelm I assume the encryption would be using a one-time-pad of some sort, which arguably to some extent renders the algorithm so trivial that it's solely the key that's providing security, not the algorithm (probably some variant of XOR).
– March Ho
2 days ago
@marcelm I assume the encryption would be using a one-time-pad of some sort, which arguably to some extent renders the algorithm so trivial that it's solely the key that's providing security, not the algorithm (probably some variant of XOR).
– March Ho
2 days ago
4
4
This "ridiculously long key" is exactly a one-time pad, and all of the usual disadvantages apply.
– chrylis
2 days ago
This "ridiculously long key" is exactly a one-time pad, and all of the usual disadvantages apply.
– chrylis
2 days ago
1
1
@MarchHo & chrylis - Maybe Will was talking about OTP, but I'd prefer to hear confirmation from him; maybe he meant something else. Either way, OTP is still a cipher, however trivial ;)
– marcelm
2 days ago
@MarchHo & chrylis - Maybe Will was talking about OTP, but I'd prefer to hear confirmation from him; maybe he meant something else. Either way, OTP is still a cipher, however trivial ;)
– marcelm
2 days ago
add a comment |
4 Answers
4
active
oldest
votes
...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
Designing a cipher is significantly less hassle then using a ridiculously long key.
Designing a cipher only needs to be done once by a competent professional.
Using a ridiculously long key would need to be:
- Done by all parties
- "all parties" includes everyone with a networked electronic device
- Almost all of them are not competent professionals
- Requires a pre-existing secure channel, or more likely a face-to-face meeting
- "secure channel" must not use encryption, otherwise the problem is circular
- Done pairwise for each group of communicating parties
- e.g. You have to go through the key establishment process for every particular site you want to visit
- A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)
- Done repeatedly
- You will eventually run out of key material
- Your keys could become compromised
- Updating them in a useful time frame will be next to impossible
- Destroyed securely after use
- Re-using any part of the key will lead to a practical lose of confidentiality
- In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key
- Re-using any part of the key will lead to a practical lose of confidentiality
It simply would not work in practice. A proper cipher will.
answered 2 days ago
Ella Rose♦
15.3k44279
add a comment |
Edit: I wrote the below on autopilot with the definition in the question. I have since realised an additional mistaken detail: the rule about no attacks better than key exhaustion is not called Kerckhoff's principle. Kerckhoff's principle is a related rule of cipher design that the key is the only component that can be relied upon to be secret.
When you say "If Kerckhoff's principle holds", I think you might have slightly misunderstood Kerckhoff's principle. It is not a scientific hypothesis about some property of all ciphers so much as a design principle for making good ciphers.
By way of analogy, suppose I have "Lancelot's principle" about suits of armour. Lancelot's principle is really simple: everything covered by armour should withstand three strikes from a longsword. Now it might be tempting to ask "If Lancelot's principle holds, why bother with fancy metalwork? If armour is always going to block a sword, let's just get the local tailor to make cloth** armour that covers every inch of you and your horse." Of course Lancelot's principle isn't actually saying that anything we call armour can block a sword: instead it's saying that something that can't block a sword shouldn't be counted on to serve as armour.
So, let's pick on some random thousand byte polyalphabetic Vigenère cipher. It's been known for over a hundred years how to use frequency analysis to break a polyalphabetic cipher. So long as the message is long enough, this attack takes linear time in the size of the key (whereas key exhaustion takes exponential time). So, it is not that this Vigenère is guaranteed by Kerckhoff's principle to resist anything short of exhaustive key search. Rather a Vigenère algorithm fails the test posed by Kerckhoff's principle, and therefore shouldn't be used as a cipher.
I hope that clears things up.
** If someone with dual interests in crypto and military history turns up to tell me that cloth is surprisingly effective against swords, replace cloth with body paint or something.
answered 2 days ago
Josiah
2915
5
Since you mentioned in footnote - type of cloth has been used as armor either standalone or with mail/plate. That said a) in pre-industrial revolution time for common folk the cloth was still expensive item and b) it would fail Lancelot's principle.
– Maciej Piechotka
2 days ago
add a comment |
There's a simple maxim that demonstrates otherwise. It's much much harder to make true random numbers/your 'ridiculous' key than it is to make pseudo random numbers.
A cryptographic strength pseudo random number generator can be instantiated at the drop of a hat (or calling a C++ constructor with a seed value). Based on some experience, a clever DIY guy can probably make 10 megabits per second of true random bits. A modern photonics laboratory can do much better, but most don't have access to those resources. Even then, you have the Brobdingnagian problem of distributing the key between parties. If an unexpected party suddenly wants to join the discourse, you're in trouble distributing said key to expand the conversation.
In the last six months, half a billion people visited Britain's BBC website which is served over HTTPS. Based on a recent page download survey suggesting a mean entertainment page size of 1.7MB , Auntie would have to generate > $10^{15}$ bits of key material/year. Many lava lamps would be required. It would take me 22 boring years to generate that much entropy. And ship it out of channel across international boundaries to ill defined transitory recipients. It's logistically impossible.
You've discovered a one time pad. They have practical applications, but only on very limited criteria.
Slight niggle: A one time pad à la random Vernam cipher is still a cipher.
answered 2 days ago
Paul Uszak
7,04311534
add a comment |
I understand Kerckhoff's principle ...
... then why go through the trouble of creating a cipher in the first place?
I think you misunderstood something:
Kerckhoff's principle does not say that a cryptosystem is secure. The principle says that the cipher used must have certain properties if the cryptosystem shall be secure.
In other words: Kerckhoff's principle won't be satisfied if the cipher used is bad!
An extreme counterexample
We could design the following "cryptographic" system:
- The key consists of any characters but the colon (:)
- To encrypt the text, we simply add a colon followed by the key to the text; the result is our "ciphertext"
- To decrypt the text, we check if the "ciphertext" ends with a colon followed by the key
- If yes, we remove the colon and the key; the result is our plaintext
- If no, our plaintext is "Sorry, wrong key!"
Example:
- The plaintext is: "This is a very secret text."
- Our secret key is: "This is our secret key."
- The "ciphertext" will be: "This is a very secret text.:This is our secret key."
- If we use the correct key for decryption, the decrypted text will be: "This is a very secret text."
- If we use any other key for decryption, the decrypted text will be: "Sorry, wrong key!"
Not using the correct key for decryption will definitely not result in the correct plaintext but in: "Sorry, wrong key!"
Do you think using a very long key will result in a secure encryption?
answered 12 hours ago
Martin Rosenau
1113
New contributor
Martin Rosenau is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
The principle in question states that the system should remain secure even if an adversary knows all of the steps of the algorithm, but does not have the key. The example provided here is broken with a single ciphertext-only attack, even to someone who previously did not know the algorithm.
– Ella Rose♦
4 hours ago
@EllaRose I doubt that there is any algorithm that allows "calculating" the algorithm from any information: Modify "my" algorithm in a way that the number 1234 must be added to every number when the "key" contains the word "hello". The plaintext "My cellphone password is 1111." would become: "My cellphone password is 2345.:Password is hello." If you don't test my algorithm with a number in the plaintext and the word "hello" in the key, you will never find out!
– Martin Rosenau
2 hours ago
@EllaRose ... and of course my intention was to show an example of an algorithm where Kerckhoff's principle definitely is not given.
– Martin Rosenau
2 hours ago
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66162%2fif-kerckhoffs-principle-holds-why-do-we-need-a-cipher-at-all%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
Designing a cipher is significantly less hassle then using a ridiculously long key.
Designing a cipher only needs to be done once by a competent professional.
Using a ridiculously long key would need to be:
- Done by all parties
- "all parties" includes everyone with a networked electronic device
- Almost all of them are not competent professionals
- Requires a pre-existing secure channel, or more likely a face-to-face meeting
- "secure channel" must not use encryption, otherwise the problem is circular
- Done pairwise for each group of communicating parties
- e.g. You have to go through the key establishment process for every particular site you want to visit
- A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)
- Done repeatedly
- You will eventually run out of key material
- Your keys could become compromised
- Updating them in a useful time frame will be next to impossible
- Destroyed securely after use
- Re-using any part of the key will lead to a practical lose of confidentiality
- In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key
- Re-using any part of the key will lead to a practical lose of confidentiality
It simply would not work in practice. A proper cipher will.
answered 2 days ago
Ella Rose♦
15.3k44279
add a comment |
...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
Designing a cipher is significantly less hassle then using a ridiculously long key.
Designing a cipher only needs to be done once by a competent professional.
Using a ridiculously long key would need to be:
- Done by all parties
- "all parties" includes everyone with a networked electronic device
- Almost all of them are not competent professionals
- Requires a pre-existing secure channel, or more likely a face-to-face meeting
- "secure channel" must not use encryption, otherwise the problem is circular
- Done pairwise for each group of communicating parties
- e.g. You have to go through the key establishment process for every particular site you want to visit
- A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)
- Done repeatedly
- You will eventually run out of key material
- Your keys could become compromised
- Updating them in a useful time frame will be next to impossible
- Destroyed securely after use
- Re-using any part of the key will lead to a practical lose of confidentiality
- In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key
- Re-using any part of the key will lead to a practical lose of confidentiality
It simply would not work in practice. A proper cipher will.
answered 2 days ago
Ella Rose♦
15.3k44279
add a comment |
...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
Designing a cipher is significantly less hassle then using a ridiculously long key.
Designing a cipher only needs to be done once by a competent professional.
Using a ridiculously long key would need to be:
- Done by all parties
- "all parties" includes everyone with a networked electronic device
- Almost all of them are not competent professionals
- Requires a pre-existing secure channel, or more likely a face-to-face meeting
- "secure channel" must not use encryption, otherwise the problem is circular
- Done pairwise for each group of communicating parties
- e.g. You have to go through the key establishment process for every particular site you want to visit
- A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)
- Done repeatedly
- You will eventually run out of key material
- Your keys could become compromised
- Updating them in a useful time frame will be next to impossible
- Destroyed securely after use
- Re-using any part of the key will lead to a practical lose of confidentiality
- In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key
- Re-using any part of the key will lead to a practical lose of confidentiality
It simply would not work in practice. A proper cipher will.
answered 2 days ago
Ella Rose♦
15.3k44279
...why go through the trouble of creating a cipher in the first place? Why not simply use a ridiculously long key, if you're gonna create a cipher that only takes as long as an exhaustive key search anyway?
Designing a cipher is significantly less hassle then using a ridiculously long key.
Designing a cipher only needs to be done once by a competent professional.
Using a ridiculously long key would need to be:
- Done by all parties
- "all parties" includes everyone with a networked electronic device
- Almost all of them are not competent professionals
- Requires a pre-existing secure channel, or more likely a face-to-face meeting
- "secure channel" must not use encryption, otherwise the problem is circular
- Done pairwise for each group of communicating parties
- e.g. You have to go through the key establishment process for every particular site you want to visit
- A web site with 1000 users that each have a 1GB key would need to have access to 1TB of reliable, secure storage just to store the key material (that's a small website)
- Done repeatedly
- You will eventually run out of key material
- Your keys could become compromised
- Updating them in a useful time frame will be next to impossible
- Destroyed securely after use
- Re-using any part of the key will lead to a practical lose of confidentiality
- In a practical scenario (e.g. HTTP requests) known-plaintext attacks apply, which will allow trivial recovery of the key
- Re-using any part of the key will lead to a practical lose of confidentiality
It simply would not work in practice. A proper cipher will.
answered 2 days ago
Ella Rose♦
15.3k44279
edited 2 days ago
answered 2 days ago
Ella Rose♦
15.3k44279
answered 2 days ago
Ella Rose♦
15.3k44279
answered 2 days ago
Ella Rose♦
15.3k44279
15.3k44279
add a comment |
add a comment |
Edit: I wrote the below on autopilot with the definition in the question. I have since realised an additional mistaken detail: the rule about no attacks better than key exhaustion is not called Kerckhoff's principle. Kerckhoff's principle is a related rule of cipher design that the key is the only component that can be relied upon to be secret.
When you say "If Kerckhoff's principle holds", I think you might have slightly misunderstood Kerckhoff's principle. It is not a scientific hypothesis about some property of all ciphers so much as a design principle for making good ciphers.
By way of analogy, suppose I have "Lancelot's principle" about suits of armour. Lancelot's principle is really simple: everything covered by armour should withstand three strikes from a longsword. Now it might be tempting to ask "If Lancelot's principle holds, why bother with fancy metalwork? If armour is always going to block a sword, let's just get the local tailor to make cloth** armour that covers every inch of you and your horse." Of course Lancelot's principle isn't actually saying that anything we call armour can block a sword: instead it's saying that something that can't block a sword shouldn't be counted on to serve as armour.
So, let's pick on some random thousand byte polyalphabetic Vigenère cipher. It's been known for over a hundred years how to use frequency analysis to break a polyalphabetic cipher. So long as the message is long enough, this attack takes linear time in the size of the key (whereas key exhaustion takes exponential time). So, it is not that this Vigenère is guaranteed by Kerckhoff's principle to resist anything short of exhaustive key search. Rather a Vigenère algorithm fails the test posed by Kerckhoff's principle, and therefore shouldn't be used as a cipher.
I hope that clears things up.
** If someone with dual interests in crypto and military history turns up to tell me that cloth is surprisingly effective against swords, replace cloth with body paint or something.
answered 2 days ago
Josiah
2915
5
Since you mentioned in footnote - type of cloth has been used as armor either standalone or with mail/plate. That said a) in pre-industrial revolution time for common folk the cloth was still expensive item and b) it would fail Lancelot's principle.
– Maciej Piechotka
2 days ago
add a comment |
Edit: I wrote the below on autopilot with the definition in the question. I have since realised an additional mistaken detail: the rule about no attacks better than key exhaustion is not called Kerckhoff's principle. Kerckhoff's principle is a related rule of cipher design that the key is the only component that can be relied upon to be secret.
When you say "If Kerckhoff's principle holds", I think you might have slightly misunderstood Kerckhoff's principle. It is not a scientific hypothesis about some property of all ciphers so much as a design principle for making good ciphers.
By way of analogy, suppose I have "Lancelot's principle" about suits of armour. Lancelot's principle is really simple: everything covered by armour should withstand three strikes from a longsword. Now it might be tempting to ask "If Lancelot's principle holds, why bother with fancy metalwork? If armour is always going to block a sword, let's just get the local tailor to make cloth** armour that covers every inch of you and your horse." Of course Lancelot's principle isn't actually saying that anything we call armour can block a sword: instead it's saying that something that can't block a sword shouldn't be counted on to serve as armour.
So, let's pick on some random thousand byte polyalphabetic Vigenère cipher. It's been known for over a hundred years how to use frequency analysis to break a polyalphabetic cipher. So long as the message is long enough, this attack takes linear time in the size of the key (whereas key exhaustion takes exponential time). So, it is not that this Vigenère is guaranteed by Kerckhoff's principle to resist anything short of exhaustive key search. Rather a Vigenère algorithm fails the test posed by Kerckhoff's principle, and therefore shouldn't be used as a cipher.
I hope that clears things up.
** If someone with dual interests in crypto and military history turns up to tell me that cloth is surprisingly effective against swords, replace cloth with body paint or something.
answered 2 days ago
Josiah
2915
5
Since you mentioned in footnote - type of cloth has been used as armor either standalone or with mail/plate. That said a) in pre-industrial revolution time for common folk the cloth was still expensive item and b) it would fail Lancelot's principle.
– Maciej Piechotka
2 days ago
add a comment |
Edit: I wrote the below on autopilot with the definition in the question. I have since realised an additional mistaken detail: the rule about no attacks better than key exhaustion is not called Kerckhoff's principle. Kerckhoff's principle is a related rule of cipher design that the key is the only component that can be relied upon to be secret.
When you say "If Kerckhoff's principle holds", I think you might have slightly misunderstood Kerckhoff's principle. It is not a scientific hypothesis about some property of all ciphers so much as a design principle for making good ciphers.
By way of analogy, suppose I have "Lancelot's principle" about suits of armour. Lancelot's principle is really simple: everything covered by armour should withstand three strikes from a longsword. Now it might be tempting to ask "If Lancelot's principle holds, why bother with fancy metalwork? If armour is always going to block a sword, let's just get the local tailor to make cloth** armour that covers every inch of you and your horse." Of course Lancelot's principle isn't actually saying that anything we call armour can block a sword: instead it's saying that something that can't block a sword shouldn't be counted on to serve as armour.
So, let's pick on some random thousand byte polyalphabetic Vigenère cipher. It's been known for over a hundred years how to use frequency analysis to break a polyalphabetic cipher. So long as the message is long enough, this attack takes linear time in the size of the key (whereas key exhaustion takes exponential time). So, it is not that this Vigenère is guaranteed by Kerckhoff's principle to resist anything short of exhaustive key search. Rather a Vigenère algorithm fails the test posed by Kerckhoff's principle, and therefore shouldn't be used as a cipher.
I hope that clears things up.
** If someone with dual interests in crypto and military history turns up to tell me that cloth is surprisingly effective against swords, replace cloth with body paint or something.
answered 2 days ago
Josiah
2915
Edit: I wrote the below on autopilot with the definition in the question. I have since realised an additional mistaken detail: the rule about no attacks better than key exhaustion is not called Kerckhoff's principle. Kerckhoff's principle is a related rule of cipher design that the key is the only component that can be relied upon to be secret.
When you say "If Kerckhoff's principle holds", I think you might have slightly misunderstood Kerckhoff's principle. It is not a scientific hypothesis about some property of all ciphers so much as a design principle for making good ciphers.
By way of analogy, suppose I have "Lancelot's principle" about suits of armour. Lancelot's principle is really simple: everything covered by armour should withstand three strikes from a longsword. Now it might be tempting to ask "If Lancelot's principle holds, why bother with fancy metalwork? If armour is always going to block a sword, let's just get the local tailor to make cloth** armour that covers every inch of you and your horse." Of course Lancelot's principle isn't actually saying that anything we call armour can block a sword: instead it's saying that something that can't block a sword shouldn't be counted on to serve as armour.
So, let's pick on some random thousand byte polyalphabetic Vigenère cipher. It's been known for over a hundred years how to use frequency analysis to break a polyalphabetic cipher. So long as the message is long enough, this attack takes linear time in the size of the key (whereas key exhaustion takes exponential time). So, it is not that this Vigenère is guaranteed by Kerckhoff's principle to resist anything short of exhaustive key search. Rather a Vigenère algorithm fails the test posed by Kerckhoff's principle, and therefore shouldn't be used as a cipher.
I hope that clears things up.
** If someone with dual interests in crypto and military history turns up to tell me that cloth is surprisingly effective against swords, replace cloth with body paint or something.
answered 2 days ago
Josiah
2915
edited 2 days ago
answered 2 days ago
Josiah
2915
answered 2 days ago
Josiah
2915
answered 2 days ago
Josiah
2915
2915
5
Since you mentioned in footnote - type of cloth has been used as armor either standalone or with mail/plate. That said a) in pre-industrial revolution time for common folk the cloth was still expensive item and b) it would fail Lancelot's principle.
– Maciej Piechotka
2 days ago
add a comment |
5
Since you mentioned in footnote - type of cloth has been used as armor either standalone or with mail/plate. That said a) in pre-industrial revolution time for common folk the cloth was still expensive item and b) it would fail Lancelot's principle.
– Maciej Piechotka
2 days ago
5
5
Since you mentioned in footnote - type of cloth has been used as armor either standalone or with mail/plate. That said a) in pre-industrial revolution time for common folk the cloth was still expensive item and b) it would fail Lancelot's principle.
– Maciej Piechotka
2 days ago
Since you mentioned in footnote - type of cloth has been used as armor either standalone or with mail/plate. That said a) in pre-industrial revolution time for common folk the cloth was still expensive item and b) it would fail Lancelot's principle.
– Maciej Piechotka
2 days ago
add a comment |
There's a simple maxim that demonstrates otherwise. It's much much harder to make true random numbers/your 'ridiculous' key than it is to make pseudo random numbers.
A cryptographic strength pseudo random number generator can be instantiated at the drop of a hat (or calling a C++ constructor with a seed value). Based on some experience, a clever DIY guy can probably make 10 megabits per second of true random bits. A modern photonics laboratory can do much better, but most don't have access to those resources. Even then, you have the Brobdingnagian problem of distributing the key between parties. If an unexpected party suddenly wants to join the discourse, you're in trouble distributing said key to expand the conversation.
In the last six months, half a billion people visited Britain's BBC website which is served over HTTPS. Based on a recent page download survey suggesting a mean entertainment page size of 1.7MB , Auntie would have to generate > $10^{15}$ bits of key material/year. Many lava lamps would be required. It would take me 22 boring years to generate that much entropy. And ship it out of channel across international boundaries to ill defined transitory recipients. It's logistically impossible.
You've discovered a one time pad. They have practical applications, but only on very limited criteria.
Slight niggle: A one time pad à la random Vernam cipher is still a cipher.
answered 2 days ago
Paul Uszak
7,04311534
add a comment |
There's a simple maxim that demonstrates otherwise. It's much much harder to make true random numbers/your 'ridiculous' key than it is to make pseudo random numbers.
A cryptographic strength pseudo random number generator can be instantiated at the drop of a hat (or calling a C++ constructor with a seed value). Based on some experience, a clever DIY guy can probably make 10 megabits per second of true random bits. A modern photonics laboratory can do much better, but most don't have access to those resources. Even then, you have the Brobdingnagian problem of distributing the key between parties. If an unexpected party suddenly wants to join the discourse, you're in trouble distributing said key to expand the conversation.
In the last six months, half a billion people visited Britain's BBC website which is served over HTTPS. Based on a recent page download survey suggesting a mean entertainment page size of 1.7MB , Auntie would have to generate > $10^{15}$ bits of key material/year. Many lava lamps would be required. It would take me 22 boring years to generate that much entropy. And ship it out of channel across international boundaries to ill defined transitory recipients. It's logistically impossible.
You've discovered a one time pad. They have practical applications, but only on very limited criteria.
Slight niggle: A one time pad à la random Vernam cipher is still a cipher.
answered 2 days ago
Paul Uszak
7,04311534
add a comment |
There's a simple maxim that demonstrates otherwise. It's much much harder to make true random numbers/your 'ridiculous' key than it is to make pseudo random numbers.
A cryptographic strength pseudo random number generator can be instantiated at the drop of a hat (or calling a C++ constructor with a seed value). Based on some experience, a clever DIY guy can probably make 10 megabits per second of true random bits. A modern photonics laboratory can do much better, but most don't have access to those resources. Even then, you have the Brobdingnagian problem of distributing the key between parties. If an unexpected party suddenly wants to join the discourse, you're in trouble distributing said key to expand the conversation.
In the last six months, half a billion people visited Britain's BBC website which is served over HTTPS. Based on a recent page download survey suggesting a mean entertainment page size of 1.7MB , Auntie would have to generate > $10^{15}$ bits of key material/year. Many lava lamps would be required. It would take me 22 boring years to generate that much entropy. And ship it out of channel across international boundaries to ill defined transitory recipients. It's logistically impossible.
You've discovered a one time pad. They have practical applications, but only on very limited criteria.
Slight niggle: A one time pad à la random Vernam cipher is still a cipher.
answered 2 days ago
Paul Uszak
7,04311534
There's a simple maxim that demonstrates otherwise. It's much much harder to make true random numbers/your 'ridiculous' key than it is to make pseudo random numbers.
A cryptographic strength pseudo random number generator can be instantiated at the drop of a hat (or calling a C++ constructor with a seed value). Based on some experience, a clever DIY guy can probably make 10 megabits per second of true random bits. A modern photonics laboratory can do much better, but most don't have access to those resources. Even then, you have the Brobdingnagian problem of distributing the key between parties. If an unexpected party suddenly wants to join the discourse, you're in trouble distributing said key to expand the conversation.
In the last six months, half a billion people visited Britain's BBC website which is served over HTTPS. Based on a recent page download survey suggesting a mean entertainment page size of 1.7MB , Auntie would have to generate > $10^{15}$ bits of key material/year. Many lava lamps would be required. It would take me 22 boring years to generate that much entropy. And ship it out of channel across international boundaries to ill defined transitory recipients. It's logistically impossible.
You've discovered a one time pad. They have practical applications, but only on very limited criteria.
Slight niggle: A one time pad à la random Vernam cipher is still a cipher.
answered 2 days ago
Paul Uszak
7,04311534
edited 2 days ago
answered 2 days ago
Paul Uszak
7,04311534
answered 2 days ago
Paul Uszak
7,04311534
answered 2 days ago
Paul Uszak
7,04311534
7,04311534
add a comment |
add a comment |
I understand Kerckhoff's principle ...
... then why go through the trouble of creating a cipher in the first place?
I think you misunderstood something:
Kerckhoff's principle does not say that a cryptosystem is secure. The principle says that the cipher used must have certain properties if the cryptosystem shall be secure.
In other words: Kerckhoff's principle won't be satisfied if the cipher used is bad!
An extreme counterexample
We could design the following "cryptographic" system:
- The key consists of any characters but the colon (:)
- To encrypt the text, we simply add a colon followed by the key to the text; the result is our "ciphertext"
- To decrypt the text, we check if the "ciphertext" ends with a colon followed by the key
- If yes, we remove the colon and the key; the result is our plaintext
- If no, our plaintext is "Sorry, wrong key!"
Example:
- The plaintext is: "This is a very secret text."
- Our secret key is: "This is our secret key."
- The "ciphertext" will be: "This is a very secret text.:This is our secret key."
- If we use the correct key for decryption, the decrypted text will be: "This is a very secret text."
- If we use any other key for decryption, the decrypted text will be: "Sorry, wrong key!"
Not using the correct key for decryption will definitely not result in the correct plaintext but in: "Sorry, wrong key!"
Do you think using a very long key will result in a secure encryption?
answered 12 hours ago
Martin Rosenau
1113
New contributor
Martin Rosenau is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
The principle in question states that the system should remain secure even if an adversary knows all of the steps of the algorithm, but does not have the key. The example provided here is broken with a single ciphertext-only attack, even to someone who previously did not know the algorithm.
– Ella Rose♦
4 hours ago
@EllaRose I doubt that there is any algorithm that allows "calculating" the algorithm from any information: Modify "my" algorithm in a way that the number 1234 must be added to every number when the "key" contains the word "hello". The plaintext "My cellphone password is 1111." would become: "My cellphone password is 2345.:Password is hello." If you don't test my algorithm with a number in the plaintext and the word "hello" in the key, you will never find out!
– Martin Rosenau
2 hours ago
@EllaRose ... and of course my intention was to show an example of an algorithm where Kerckhoff's principle definitely is not given.
– Martin Rosenau
2 hours ago
add a comment |
I understand Kerckhoff's principle ...
... then why go through the trouble of creating a cipher in the first place?
I think you misunderstood something:
Kerckhoff's principle does not say that a cryptosystem is secure. The principle says that the cipher used must have certain properties if the cryptosystem shall be secure.
In other words: Kerckhoff's principle won't be satisfied if the cipher used is bad!
An extreme counterexample
We could design the following "cryptographic" system:
- The key consists of any characters but the colon (:)
- To encrypt the text, we simply add a colon followed by the key to the text; the result is our "ciphertext"
- To decrypt the text, we check if the "ciphertext" ends with a colon followed by the key
- If yes, we remove the colon and the key; the result is our plaintext
- If no, our plaintext is "Sorry, wrong key!"
Example:
- The plaintext is: "This is a very secret text."
- Our secret key is: "This is our secret key."
- The "ciphertext" will be: "This is a very secret text.:This is our secret key."
- If we use the correct key for decryption, the decrypted text will be: "This is a very secret text."
- If we use any other key for decryption, the decrypted text will be: "Sorry, wrong key!"
Not using the correct key for decryption will definitely not result in the correct plaintext but in: "Sorry, wrong key!"
Do you think using a very long key will result in a secure encryption?
answered 12 hours ago
Martin Rosenau
1113
New contributor
Martin Rosenau is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
The principle in question states that the system should remain secure even if an adversary knows all of the steps of the algorithm, but does not have the key. The example provided here is broken with a single ciphertext-only attack, even to someone who previously did not know the algorithm.
– Ella Rose♦
4 hours ago
@EllaRose I doubt that there is any algorithm that allows "calculating" the algorithm from any information: Modify "my" algorithm in a way that the number 1234 must be added to every number when the "key" contains the word "hello". The plaintext "My cellphone password is 1111." would become: "My cellphone password is 2345.:Password is hello." If you don't test my algorithm with a number in the plaintext and the word "hello" in the key, you will never find out!
– Martin Rosenau
2 hours ago
@EllaRose ... and of course my intention was to show an example of an algorithm where Kerckhoff's principle definitely is not given.
– Martin Rosenau
2 hours ago
add a comment |
I understand Kerckhoff's principle ...
... then why go through the trouble of creating a cipher in the first place?
I think you misunderstood something:
Kerckhoff's principle does not say that a cryptosystem is secure. The principle says that the cipher used must have certain properties if the cryptosystem shall be secure.
In other words: Kerckhoff's principle won't be satisfied if the cipher used is bad!
An extreme counterexample
We could design the following "cryptographic" system:
- The key consists of any characters but the colon (:)
- To encrypt the text, we simply add a colon followed by the key to the text; the result is our "ciphertext"
- To decrypt the text, we check if the "ciphertext" ends with a colon followed by the key
- If yes, we remove the colon and the key; the result is our plaintext
- If no, our plaintext is "Sorry, wrong key!"
Example:
- The plaintext is: "This is a very secret text."
- Our secret key is: "This is our secret key."
- The "ciphertext" will be: "This is a very secret text.:This is our secret key."
- If we use the correct key for decryption, the decrypted text will be: "This is a very secret text."
- If we use any other key for decryption, the decrypted text will be: "Sorry, wrong key!"
Not using the correct key for decryption will definitely not result in the correct plaintext but in: "Sorry, wrong key!"
Do you think using a very long key will result in a secure encryption?
answered 12 hours ago
Martin Rosenau
1113
New contributor
Martin Rosenau is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I understand Kerckhoff's principle ...
... then why go through the trouble of creating a cipher in the first place?
I think you misunderstood something:
Kerckhoff's principle does not say that a cryptosystem is secure. The principle says that the cipher used must have certain properties if the cryptosystem shall be secure.
In other words: Kerckhoff's principle won't be satisfied if the cipher used is bad!
An extreme counterexample
We could design the following "cryptographic" system:
- The key consists of any characters but the colon (:)
- To encrypt the text, we simply add a colon followed by the key to the text; the result is our "ciphertext"
- To decrypt the text, we check if the "ciphertext" ends with a colon followed by the key
- If yes, we remove the colon and the key; the result is our plaintext
- If no, our plaintext is "Sorry, wrong key!"
Example:
- The plaintext is: "This is a very secret text."
- Our secret key is: "This is our secret key."
- The "ciphertext" will be: "This is a very secret text.:This is our secret key."
- If we use the correct key for decryption, the decrypted text will be: "This is a very secret text."
- If we use any other key for decryption, the decrypted text will be: "Sorry, wrong key!"
Not using the correct key for decryption will definitely not result in the correct plaintext but in: "Sorry, wrong key!"
Do you think using a very long key will result in a secure encryption?
answered 12 hours ago
Martin Rosenau
1113
New contributor
Martin Rosenau is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 11 hours ago
answered 12 hours ago
Martin Rosenau
1113
New contributor
Martin Rosenau is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 12 hours ago
Martin Rosenau
1113
answered 12 hours ago
Martin Rosenau
1113
1113
New contributor
Martin Rosenau is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Martin Rosenau is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Martin Rosenau is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
The principle in question states that the system should remain secure even if an adversary knows all of the steps of the algorithm, but does not have the key. The example provided here is broken with a single ciphertext-only attack, even to someone who previously did not know the algorithm.
– Ella Rose♦
4 hours ago
@EllaRose I doubt that there is any algorithm that allows "calculating" the algorithm from any information: Modify "my" algorithm in a way that the number 1234 must be added to every number when the "key" contains the word "hello". The plaintext "My cellphone password is 1111." would become: "My cellphone password is 2345.:Password is hello." If you don't test my algorithm with a number in the plaintext and the word "hello" in the key, you will never find out!
– Martin Rosenau
2 hours ago
@EllaRose ... and of course my intention was to show an example of an algorithm where Kerckhoff's principle definitely is not given.
– Martin Rosenau
2 hours ago
add a comment |
The principle in question states that the system should remain secure even if an adversary knows all of the steps of the algorithm, but does not have the key. The example provided here is broken with a single ciphertext-only attack, even to someone who previously did not know the algorithm.
– Ella Rose♦
4 hours ago
@EllaRose I doubt that there is any algorithm that allows "calculating" the algorithm from any information: Modify "my" algorithm in a way that the number 1234 must be added to every number when the "key" contains the word "hello". The plaintext "My cellphone password is 1111." would become: "My cellphone password is 2345.:Password is hello." If you don't test my algorithm with a number in the plaintext and the word "hello" in the key, you will never find out!
– Martin Rosenau
2 hours ago
@EllaRose ... and of course my intention was to show an example of an algorithm where Kerckhoff's principle definitely is not given.
– Martin Rosenau
2 hours ago
The principle in question states that the system should remain secure even if an adversary knows all of the steps of the algorithm, but does not have the key. The example provided here is broken with a single ciphertext-only attack, even to someone who previously did not know the algorithm.
– Ella Rose♦
4 hours ago
The principle in question states that the system should remain secure even if an adversary knows all of the steps of the algorithm, but does not have the key. The example provided here is broken with a single ciphertext-only attack, even to someone who previously did not know the algorithm.
– Ella Rose♦
4 hours ago
@EllaRose I doubt that there is any algorithm that allows "calculating" the algorithm from any information: Modify "my" algorithm in a way that the number 1234 must be added to every number when the "key" contains the word "hello". The plaintext "My cellphone password is 1111." would become: "My cellphone password is 2345.:Password is hello." If you don't test my algorithm with a number in the plaintext and the word "hello" in the key, you will never find out!
– Martin Rosenau
2 hours ago
@EllaRose I doubt that there is any algorithm that allows "calculating" the algorithm from any information: Modify "my" algorithm in a way that the number 1234 must be added to every number when the "key" contains the word "hello". The plaintext "My cellphone password is 1111." would become: "My cellphone password is 2345.:Password is hello." If you don't test my algorithm with a number in the plaintext and the word "hello" in the key, you will never find out!
– Martin Rosenau
2 hours ago
@EllaRose ... and of course my intention was to show an example of an algorithm where Kerckhoff's principle definitely is not given.
– Martin Rosenau
2 hours ago
@EllaRose ... and of course my intention was to show an example of an algorithm where Kerckhoff's principle definitely is not given.
– Martin Rosenau
2 hours ago
add a comment |
Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.
Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.
Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.
Will Burghard is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66162%2fif-kerckhoffs-principle-holds-why-do-we-need-a-cipher-at-all%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
5
Related questions: one-time pad: Why is it useless in practice and Is modern encryption needlessly complicated?
– Ella Rose♦
2 days ago
24
Your question is unclear to me; to convert a plaintext and a key (of whatever length) to a ciphertext, you need an algorithm for transformation. That transformation algorithm is called the cipher. Without a cipher, no encryption, full stop. When you say "why not use a ridiculously long key", how do you intend to encrypt the plaintext?
– marcelm
2 days ago
1
@marcelm I assume the encryption would be using a one-time-pad of some sort, which arguably to some extent renders the algorithm so trivial that it's solely the key that's providing security, not the algorithm (probably some variant of XOR).
– March Ho
2 days ago
4
This "ridiculously long key" is exactly a one-time pad, and all of the usual disadvantages apply.
– chrylis
2 days ago
1
@MarchHo & chrylis - Maybe Will was talking about OTP, but I'd prefer to hear confirmation from him; maybe he meant something else. Either way, OTP is still a cipher, however trivial ;)
– marcelm
2 days ago