At 03:28 PM 10/12/99 -0600, [EMAIL PROTECTED] wrote:
(quoting the proponent of a puzzle)
>To be clear, the contents of message2.bin were created by xor-ing my
>English plain text with a chunk of a jpg file which is NOT on the web.
>It is a picture I took myself and scanned. I am interested to see if
>anyone can use statistical techniques or special knowledge of jpg's to
>crack this without the key.
This is a OTP with a bad (nonuniform) pad.
Images are locally continuous because surfaces (except for
porcupines..) are. This reduces the search space. Doesn't matter that the
image isn't broadcast; you used an image, and
images have redundancy.
Combine this with message redundancy and <handwave> voila,
enough info to constrain the solution.
[To the dear reader]
If you use a OTP, use a good pad (measure its quality). And explain how
key distribution works, or why your threat model
justifies the classic meet-in-the-park cloak und dagger key exchange.
You *can* derive quality OTPs from images, or sounds, or
radioactive decay, or *nix interrupts, but you *still* have
to 'distill' (irreversibly compress) the data, and measure
the entropy of the result. When you finally get 1bit/symbol
you can think about using the bits. You should hash them before use, to be
safer.
"Randomness is too importance to be left to chance"
