quote:

---

Original post by Validus
What you posted is a very simler to a onetime pad

---

Well, sort of. The one time pad has a key as long as the data to be encrypted. His key is just the seed value. It /is/ similar to the standard ''private key'' encryption scheme, though. DES and the one time pad both use the private key scheme.

quote:

---

witch is the only algorighim that can not be broken with anything better then a bruteforse attack (I think correct my if I am wrong)

---

I''ll correct. The one time pad (OTP) is proven to be unbreakable, even with brute force attacks (It''s a pretty short proof, too). However, the OTP is virtually useless because of the too-long keys that it requires.

quote:

---

however this only holds true if and only if the random number generator is truely random (witch the rand function is far from) in fact most crypto systems are attacked at the random number gen not the algorithim.

---

No rand function is truely random, since they all depend on a seed value.

Most private key crypto systems are actually just a complicated function that turns a short key into a longer one to do XOR operations with. Some rand() implementations are really bad for this sort of thing, but with some implementations it is actually a fairly good crypto technique. There are well-used cryptography algorithms that are really just smart_idiot''s algorithm with a complex rand() function.

quote:

---

So in basicly to make this really scure then you would need to gave it random data == in length to the data as a key, since any algorithim that you can give it a seed value and know the random bits that will be perdused will not be scure (The acual attack is beond my level mathatical understanding but I know that it is not that hard).

---

The general attack you mention occurs when there''s a predictable pattern in the stream of generated bits.

Pseudo-rand functions generally have a repeating pattern that crops up pretty quickly in the data, if you analyze it, so they are wide open for this attack.

Hey, did you know that this is the attack that caught the famous spies, the Rosenbergs? They were using a OTP scheme for their communications, but when they ran out of key bits, they started over at the beginning. This made their encryption quite breakable.

quote:

---

Any way I don''t want to sound like a curmudgen (to late ) but you really are best to stick with a proven algrothim (DES Blowfish, ect.. )

---

I agree heartily. If you''re going to use your CPU resources for crypto, at least use crypto that''s been proven to be secure by peer auditing.

They only possible way for the rand function or anything else similar to not be reproducable is if the seed is random, or very close. The problem with useing psudo random generators is that if someone can determine the seed, then they can reproduce the numbers. Most likely you don''t need to worry this much, unless you''re encrypting for a bank or something .