One-time pad with PRNG's?

Once upon a time, this (XOR encryption):

Ever since I started that thread, I was wondering about whether or not to translate the utility into C++11 and post it as an article.

What stopped me back then was that the random library in GCC was incomplete.

What stops me now is that I'm unsure if PRNG's can be trusted to do a job as good as "true" RNG's. What's worse, one does not simply securely store the one-time pad information on a computer.

What do you think about all of this?
Last edited on
boost wrote:
It uses one or more implementation-defined stochastic processes to generate a sequence of uniformly distributed non-deterministic random numbers

I'm confused. How can a non-deterministic RNG be uniformly distributed? Aren't those mutually exclusive?
I think you're confusing the probability distribution with the actual distribution of a finite number of samples. An ideal coin is both truly random and uniformly distributed, but it's possible to encounter a different number of heads and tails after a finite number of tosses. The uniformity merely implies that heads(n)/tails(n) tends to 1 as n tends to ∞.
Ah, yes. Thanks helios.
What's the benefit of using Boost.Random if the C++11 random library is available?
True, for this case I guess either library is adequate. Boost just has some better (very) long period deterministic generators. I'm not so clear on why the whole of that boost library was not included into C++11...
Last edited on
The question remains (and perhaps I should have made it clearer in the first post) how secure would it be, cryptographically, for a program to use the C++11 random library to generate one-time pads?

That's the basis of the XOR encryptor: for any file to be encrypted generate a file of exactly the same size filled with "random" data then XOR them to create the "ciphertext", if you will.

I'm trying to understand if I would be lying to readers by claiming that the method is secure. (Obviously side channel attacks and snooping are a different topic.)
No, it is not secure.

One-time work when the attacker cannot easily find or generate the pad text. Using common PRNGs defeats that.

Of course, they are also secure when the attacker has no idea how the pad is obtained... but a PRNG can be broken.

Back to the movie.
Topic archived. No new replies allowed.