Hacking Secret Ciphers with Python

358 http://inventwithpython.com/hacking

Email questions to the author: [email protected]

But it turns out that even if she had a computer that was powerful enough to try all the keys, it
still would not break the one-time pad cipher. This is because for any ciphertext, all possible
plaintext messages are equally likely.

For example, given the ciphertext “shomtdec...”, we could easily say the original plaintext was
“The myth of Osiris was of importance in ancient Egyptian religion.” encrypted with the key
“zakavkxolfqdlzhwsqjbzmtwmmnakwurwexdcuywksgorghnnedvtcp”:

Plaintext themythofosiriswasofimportanceinancientegyptianreligion^

Key zakavkxolfqdlzhwsqjbzmtwmmnakwurwexdcuywksgorghnnedvtcp^

Ciphertext shomtdecqtilchzssixghyikdfnnmacewrzlghraqqvhzguerplbbqc^

The way we are able to hack encryption is because there is usually only one key that can be used
to decrypt the message to sensible English. But we’ve just shown that the same ciphertext could
have been made from two very different plaintext messages. For the one-time pad, the
cryptanalyst has no way of telling which was the original message. In fact, any readable English
plaintext message that is exactly 55 letters long is just as likely to be the original plaintext. Just
because a certain key can decrypt the ciphertext to readable English does not mean it was
the original encryption key.

Since any English plaintext could have been used to create a ciphertext with equal likelihood, it is
completely impossible to hack a message encrypted with a one-time pad.

Beware Pseudorandomness

The random module that comes with Python does not generate truly random numbers. They are
computed from an algorithm that creates numbers that only appear random (which is often good
enough). If the pad is not generated from a truly random source, then it loses its mathematically-
perfect secrecy.

The os.urandom() function can provide truly random numbers but is a bit more difficult to
use. For more information about this function, see http://invpy.com/random.

Beware the Two-Time Pad

If you do use the same one-time pad key to encrypt two different messages, you have introduced
a weakness into your encryption. Using the one-time pad cipher this way is sometimes called a
“two-time pad cipher”. It’s a joke name though, the two-time pad cipher is really just using the
one-time pad cipher incorrectly.

Just because a key decrypts the one-time pad ciphertext to readable English does not mean it is
the correct key. However, if you use the same key for two different messages, now the hacker can