Random Numbers
One-time pads were discussed in an earlier entry. The usefulness of a OTP, and for many other cipher procedures, such as cipher machines, depends on the use of random numbers.
In 1942 the British Government’s Code and Cypher School [part of the British GCHQ, an organization somewhat analogous to the US National Security Agency] found that it was possible to mimic the supposedly random numbers generated by the Lorenz cipher machine used by the German Foreign Ministry as a basis for their OTPs. The related traffic was codenamed FLORADORA, and was read consistently until the end of WWII. Of course, reading the German mail gave excellent intelligence.
During World War II it was also found that the Soviets used OTPs that had identical sheets in OTPs used for many operations. This led to breaking down many of these messages into a source known as VENONA.
The methods used to generate random numbers by the Soviets is unknown. This does raise the question of how secure encrypted messages are that rely on random numbers. A number is random if and only if it has an equal probability as any other number in the population of being drawn. Many experiments have demonstrated that human attempts to call out random numbers produce anything but a random distribution. Most random numbers used in computer programs are pseudo-random, which means they are a generated in a predictable fashion using a mathematical formula. These can be reverse engineered, as was done for the Soviet VERONA ciphers.
In the case of Soviet WWII OTPs, the pressures of war and limited resources may have induced the preparer of the OTPs to use carbon paper to produce the original and the copy. While making one copy, why not make three copies? New pads could be produced faster by inserting pages from other OTPs. Who would ever know? But someone did know and this provided an enormous entry into highly valuable intelligence.
Today a good source does exist for drawing random numbers, and is found at http://www.random.org
RANDOM.ORG offers true random numbers to anyone on the Internet. The randomness comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs. People use RANDOM.ORG for holding drawings, lotteries and sweepstakes, to drive games and gambling sites, for scientific applications and for art and music. The service has existed since 1998 and was built and is being operated by Mads Haahr of the School of Computer Science and Statistics at Trinity College, Dublin in Ireland.
Note 1: The information about OTPs, Venona, and GCHQ is cited from
Note 2: The Government Communications Headquarters (GCHQ) is a British intelligence agency responsible for providing signals intelligence (SIGINT) and information assurance to the UK government and armed forces. Based in Cheltenham, it operates under the guidance of the Joint Intelligence Committee.
No comments:
Post a Comment