The highest level of encryption: passwords that cannot be cracked within one hundred years

It is proved by mathematics that there is an encrypted password that will not be cracked if used correctly, but there is no chance to use it now. This is the one-time key (one-time pad) introduced by the author ).

From our experience, a certain encryption method, no matter how powerful it was when it first appeared, exposes vulnerabilities as it moves over time, from a powerful encryption method to a weak encryption method. Nowadays, people are also worried about using the popular encryption method. They are worried that there will be a shortcut one day, in this way, the seemingly impeccable encryption methods currently used can be cracked in a controllable time.

Even if the currently used encryption methods are not cracked, the time required for brute-force cracking is getting shorter and shorter under the premise of constantly upgrading the CPU clock frequency. For example, a password that took a year to crack a few months ago may take seven or eight months to complete at the current computing speed. Because the computing speed is getting faster and faster, we have greatly reduced the time for brute force password cracking.

Even if it is a more complex and intelligent encryption algorithm built for the purpose of making it difficult to crack through brute force, one day in the future, it is also inevitable to follow the background of those encryption algorithms that have been proved insecure. This is like an arms race during the cold war. One party tries its best to protect its privacy, while the other party tries its best to snoop on its privacy.

In the development of encryption algorithms, many algorithms have been cracked or proved to be insecure. Only one encryption algorithm has been in existence for 93 years. This algorithm is called one-time pad ). In 1917, Gilbert Vernam developed an encryption method called Vernam Cipher, which uses the telex technology to encrypt and decrypt data by using a key tape. The results showed the strongest symmetric encryption technology at that time.

US Army Captain Joseph Mauborgne noted that this is a truly random key and there is no repeated possibility, so Vernam cipher can achieve more powerful results. Therefore, based on the paper key method, a letter or number is printed on a piece of paper, which is used as the key encryption algorithm. The same disposable paper can be used by two people. Each character on each page can only be used once (the password paper is destroyed when the characters or numbers on each paper are used up ), this method avoids brute-force cracking of information by enumeration. Because this method of classified stream data is based on paper that can be destroyed, it is also considered as a one-time key.

Clude Shannon, the father of information theory, once proved through mathematical methods that such a one-time key could not be cracked if used properly. The so-called proper use refers to timely destruction of the key pages used, even if the other party obtains the remaining part of the cipher book, it cannot decrypt it. The same concept can also be used in digital systems, but it is necessary to ensure that the computer has sufficient security measures and Comprehensive considerations to prevent hackers from intruding into the one-time key system. For example, some expensive data recovery systems will restore deleted files, which may recover the one-time key files. Therefore, if you use a digital one-time key system, make sure that the deleted key file is completely deleted and cannot be recovered.

The one-time key encryption method is sometimes very inconvenient, so few people are using this encryption method now. Due to this inconvenience, we actually need some theoretically weak encryption methods, such as AES/Rijndael and Twofish. The inconvenience caused by one key lies in:

Since a one-time key is a symmetric encryption method, both parties involved in encrypted communication need to have exactly the same key data. In some environments, such conditions cannot be met, because to allow both parties to own the key, it means that there must be a safe enough way for both parties to share or transmit key data, with such a security environment, you do not need to use a one-time key. In general, one-time key advantage can be achieved only when the key is transferred physically (for example, handed over to the other party by hand.

The one-time key must be as long as the encrypted one-time key. This means that if you want to encrypt a 3 GB file, you need a 3 GB one-time key.

The same one-time key can only be stored on two people. If more than two people know the key, it is no longer secure. For example, if different information is transmitted between multiple people and the recipient cannot be informed of the Information accepted by others, the encryption effect cannot be completely achieved by using the same key. On the contrary, if asymmetric encryption is adopted, we only need to provide a unique public key for people to encrypt and decrypt data through their own private keys, they cannot obtain the information encrypted by each other unless the private key is stolen or cracked by an increasingly powerful computer system. This is because only the relevant private key can decrypt the information after it is encrypted by the public key.

Reusing a one-time key poses a potential security risk because it faces a known plaintext vulnerability. Kerckhoffs is based on the theory that the premise of ensuring the security of the one-time key system is to ensure the key security. However, this one-time key can be rolled out when the encrypted information and plain text information coexist. Of course, if each key segment is used only once, the security is still normal, because even if the "enemy" obtains both the secret and plaintext, and the key is cracked, this key is also an abandoned key, which is useless for deciphering other information. If the key is reused, the obtained plaintext information can become an important tool for cracking new encrypted information. This is why such an encryption system is called a "one-time" key system.

After a one-time key is used, you cannot use this key to encrypt other data to be sent. If the two sides of the communication are located at both ends of the Earth, this communication method will make people crazy.

There are other factors that make the one-time key system useless in some environments. However, this also gives us a theoretical knowledge to understand why key systems with weak theories are so important.

The one-time key system works in a simple way. It simply performs operations on two groups of data, such as two letters or two numbers, and generates new encrypted data. This operation treats every bit of data in the encrypted data. The calculation process is very simple, one bit of data at a time. For example, the XOR operation can be used for such encryption. The simplest example is to use the XOR operation to encrypt the binary series:

First, you need a piece of information. Suppose we use the word "short" as information, and it is really not long.

Next, convert the information to the binary format. We can use ASCII encoding to convert the word "short". After conversion, we will get the following binary information:

0111001101101000011011110111001001110100

Next, you need a key that is exactly the same as the length of the binary string above. In this example, we can use the following binary string as the key:

5. 0110010101101010001110010010011101100100

Finally, we perform the XOR operation on these two strings, which is basically a simple subtraction. That is to say, the first character in the information is 0, and the first character of the key is 0, so 0-0 = 0. Similarly, the second character in the information is 1, the second character of the key is also 1, 1-1 = 0. In this case, in addition to 0, 1 or-1 may occur in the calculation. In this case, the absolute value of the result, whether 1 or-1, is taken as 1. The calculation process and result are as follows: 0111001101101000011011110111001001110100.

8. 0110010101101010001110010010011101100100

----------------------------------------

10. 0001011000000010010101100101010100010000

Of course, since we do not perform ASCII conversion on the binary string of the result, it is difficult to see what it actually looks like. It is easy to perform ASCII encoding on the computer, but manual encoding is difficult, while manual encoding is easier for digital encoding.

The core algorithm of a one-time key system is obviously quite simple. The new encryption software is truly secure as long as the rest of the encryption software is designed around this core algorithm and an appropriate key usage method is found. In other words, if you want to find an encryption method that is absolutely secure and effective and cannot be cracked, you only need to use the one-time key system, provided that the key is used only once.