Secure society ? You need to be more specific as to what you mean by that. Are you trading freedom for security and in the end getting neither like Benjamin Franklin said.

Actually, using a one-time pad by hand to encrypt your letters would mean that they are unbreakable. The same cannot be said for computer-based encryption methods.

Oldham IS an atrocity. :D

And before that, there were just plain old unrecorded conversations.

However, it was not "trivially easy" to tap into every phone-conversation that might be happening, say, in all of the City of London.

Today, billions of un-encrypted communications are "right there for the taking ... for the slicing and dicing and for the do-who-knows what-with-it ..." and there are no geographic limits at all. If you're in the right spot in the right time, for instance, you might know the exact, up-to-the-second accurate location of every cell-phone carrying person in Chicago. Or A-N-D... anywhere... everywhere... else.

Thus, I say ... "never mind the encrypted communications that you (might) have to "break." That's not your real problem.

Your real problem is surveillance ... by the bad guys ... and the building-up of profiles about "your nation, as individuals." By whoever it may be. For whatever purpose they might claim to have. And, for what purpose they might actually have. (Or, that even one as-yet unrecognized employee that you will never recognize, might have.)

We have allowed vast amounts of information to be accumulated, with no more justification and with no more restriction than "a EULA that nobody reads." We have been naïve to the point of gross negligence in our (non-)regulation of it. We've been clinging to "World War One ideas" just as surely as the French did at Maginot, and calling ourselves secure just for the billions and trillions of dollars that we've spent. (The Maginot Line was expensive, too.)

Theoretically, couldn't you take two flash drives, fill one with random data, copy the randomness to the second one, and use that as your "one-time pad" solution?

As has so-often been said before, "one-time pad" is a theoretical strategy. Unworkable in practice. There are four, among many others, obvious reasons:

(1) It presupposes that the two of you possess an absolutely secure way to exchange two absolutely identical pads. Well, if you could actually do that, you could just as easily use that avenue to exchange your messages, instead.

(2) It presupposes that the two parties have perfect knowledge of each other, and perfect knowledge that the pads which they are using are both identical and non-compromised. It presupposes that both parties are, in fact, communicating directly with one another using actually identical pads (i.e. no "man in the middle"), and that no additional copy of a pad exists.

(3) It presumes that neither party makes a mistake, yet it makes no provision for detecting mistakes. It presumes the parties never get out-of-sync, and provides no secure way for them to re-synchronize if they do. It provides no recourse in the event of any transmission error at all. (And, no way to validate a request to re-transmit or to re-synchronize, which after all might have in fact come from "Eve," not "Bob.")

(4) Possession of a copy of a pad is all that you need to forge messages, or to make forged alterations to a message that you have captured as a "man in the middle."

The key lesson of practical cryptography is that the actual attack will be made to your infrastructure, your procedure, especially the key-management procedure. And, for that matter, your handling of laptops at airport security and of mobile phones in the restroom. (Or, shooting one operative and stealing his cipher-device from his cold, dead fingers without being caught doing it.)

Discussions of "one-time pads" are really meant to point out the many assumptions inherent in such a system ... assumptions upon which the theoretical security absolutely depends ... as a way of discussing and designing practical, pragmatic strategies for secure communication. "The cipher, itself," is the least concern, and in most systems it is replaceable: the parties securely choose which low-level cipher(s) to use.

But they invented the chip shop! :cool:

1) Not quite, you just trade pads at set intervals which are longer than the intervals at which you would like to communicate. Trade a large pad, work with it for a year, trade another. You don't need to use one-time pad if you can meet regularly.

2) If someone makes a copy of the pad then they have the key and all is lost. Same goes for any other key.

3) Not by default, but you can add some parity bits before encrypting which adds both error detection and authentication. It's not as perfect as the one-time pad itself, but better than no error detection and authentication. You can also add a simple CRC on top of that for extra security.

4) see #2 and #3

It's true that it's not easy to implement, but I would say it is safer and can be applied to more communication mediums than any other encryption. It is independent of the communication medium. You can communicate the message via any means easily and you don't have to wonder if your phone or computer are compromised.

I was of the impression that one timepad encryption was in active use to this day in certain niches?
Personally I find public key cryptography is pretty much on a par with one-time-pad as far as key exchange goes but it just happens to mean that a much smaller chunk of data only needs to be exchanged once rather than a large one many times thus making the attack window smaller.
I actually started a thread about SSH keys on here which is tangentially linked to this problem.

One-time-pad is a symmetric cipher, therefore you can't do key exchange; the key (pad) must be preshared. The main point of public key cryptography is that you can exchange keys over an untrusted channel.

In theory, yes, but how is it done in pratice? Say, for example, I want my friend's public key -- how would I go about getting it? Without a trusted channel there is no way of knowing if there is a man in the middle and no crypto system can avoid that.

After those "anti-terrorist" raids in Brussels, it appears that Cameron's silly policy will hurt Belgium first.

One would think (and hope) that people learn from their mistakes, they don't.

Coming back to the question of whether encrypted communication is desirable, the first post mentions the shootings in Paris. As I understand it, the main event took place during some kind of staff meeting, so there were more potential victims in the room than usual. Was that a coincidence, or was it planned? If planned, how did someone who (presumably) didn't work for the organisation find out when the meeting was? Could they have guessed it by looking at publicly-available data? If so, could those data have been encrypted?

I once worked for an organisation that wouldn't allow all of its managers at any one of the higher levels to travel together on the same aircraft, but they did sometimes announce meetings to people who didn't need to be there.

Another question that occurs to me as I write this is, given that the French authorities didn't manage to intercept several automatic weapons (which are, after all, relatively unusual physical objects), how successful would any authorities have been at intercepting whatever communications were involved in planning the attack? Seems like a smaller needle in a larger choice of haystacks to me, especially when you consider how easy it is to hide meanings even in an 'unencrypted' message.

Leaked Intelligence Document Calls For More, Not Less Encryption To Protect Companies And Citizens From Cybercriminals
https://www.techdirt.com/articles/20...riminals.shtml

Something like, oh, I don't know: "Blessent mon cœur d'une langueur monotone." ?