Why does a radio still work inside a metal box?

[nsaspook]

Likewise, Direct Sequence Spread Spectrum has code and chip leakage that is radiated.
Any leakage is like littering. I'm quite happy to wander along behind, picking up the key sequence as it is discarded.

Security is multidimensional. Any weakness in any dimension can implode the security of the entire system, without the user being aware.

Yes, and what's good (Mersenne twister and many others Kiss) for games and statistical or physics simulations is not good for Crypto where you have an attacker.

 

[Jeff Rosenbury]

It's usually the opposite. X system has a hidden fault that's exploited (sometimes you can't read the information directly but you can still use traffic analysis if the random noise cover can be removed on a synchronous data stream) so there's no need to try money, sex or violence (in secret) to decrypt the information as a last resort unless you just like that sort of thing.
As usual North Korea did the stupid thing by resorting to open violence that in the end netted them (including China and the USSR) very little until they had a secret supplier of keying material.

Perhaps I should have said, purely mathematically.

I was thinking of side channel attacks, often involving some engineer/operator making a mistake. A recent example was the flaw in browser security where someone found a way to force browsers to use a less secure legacy encryption system. While I suppose that could be looked at as a mathematical failure of the system, it didn't make the system useless in a mathematical sense, but it did require a software update.

Another example is the Advanced Encryption System's vulnerability to power systems attacks. It seems that someone with a good scope can look at the CPU's power usage while the CPU is encrypting/decrypting and read the key in the waveform. Again, it's somewhat mathematical, but doesn't invalidate the conceptual system. (Though fixing that problem isn't trivial.)

So even with a strong mathematical system, implementation is often weak.

Smart people are needed throughout the development lifecycle. And when someone smarter comes along...

 

[nsaspook]

Smart people are needed throughout the development lifecycle. And when someone smarter comes along...

and they get hired by XXX.
https://p.gr-assets.com/540x540/fit/hostedimages/1389217464/8006750.jpg

 

[nsaspook]

I thought Johnson noise was white and could be used for random key generation. Can you explain what I am missing?

If it's a little 'off WHITE' that's still good as the process turns RED into BLACK. Red/black

http://fas.org/irp/program/security/blacker.htm

 

[Sun E Man]

Here is something to think about. As radio frequencies get higher they act more light and are absorbed or reflected. In Ham radio, re-peters are set on high towers or mountains because line of sight communication is only possible at 147mhz. and above under normal conditions. Try holding a cookie sheet close to your radio between your radio and the transmitting station. You may get nearly the same result as you do inside the tin. Leakage of the tin may not be the problem. Also AM radio stations put out a much stronger signal, in the thousands of watts and most FM stations are less than 1000 watts. If you can you may want to try your test close to a FM station and see what the result is.

 

[Paul Uszak]

That statement demonstrates your complete rejection of the fundamental principles of the Nyquist–Shannon sampling theorem.
https://en.wikipedia.org/wiki/Nyquist–Shannon_sampling_theorem
You are not discussing physics in the real world, you are in the realm of wishful thinking and science fiction.

Edit:
See; https://en.wikipedia.org/wiki/Entropy_in_thermodynamics_and_information_theory

I think that this is a good point, and I've broken it out somewhat into another thread: https://www.physicsforums.com/threads/can-pocket-fm-radio-output-at-50khz.819734/

Depending on how that one goes, I think that I might just be discussing physics in the real world, it's just that I think you've miss-understood the conditions under which the Nyquist–Shannon sampling theorem applies. Figure 1 of your wiki rebuttal captures it in a nutshell. The sampling rate (therefore the information content) is dependent on sampling a source which has a limited Fourier transform. The bandwidth may be broader than you've stated.

 

[Paul Uszak]

So if you have low quality entropy and a good secret to hash that with it can increase the confidence

This is a common fallacy that people have fallen for.

Fly by night companies are always saying they have a super dooper security algorithm, but they won't tell you how it works or publish the source code. For "Security" they say. Security through obscurity is no security at all. All the cryptographic algorithms in mainstream use are entirely in the public domain. They rely on the inherent mathematical principles they are based upon, not any "clever" secret. My extraction code is free for anyone to inspect. The more people inspect it, the more people will trust it and develop confidence in the final product. Trust does not equal secrecy. Rather the opposite. Think your Government.

The quality of an entropy source is irrelevant to the quality of the final random output. It just means than weak entropy sources produce truly random numbers at a slower rate than strong sources.That's why radio noise and fish work as strong random number generators (End on picture of a fish, not a kiss.)

 

[nsaspook]

This is a common fallacy that people have fallen for.

Fly by night companies are always saying they have a super dooper security algorithm, but they won't tell you how it works or publish the source code. For "Security" they say. Security through obscurity is no security at all. All the cryptographic algorithms in mainstream use are entirely in the public domain. They rely on the inherent mathematical principles they are based upon, not any "clever" secret. My extraction code is free for anyone to inspect. The more people inspect it, the more people will trust it and develop confidence in the final product. Trust does not equal secrecy. Rather the opposite. Think your Government.

I mainly agree, we always assumed the USSR had serial #1 of any new device we used. Obscurity of principle doesn't provide security unless that obscurity is protected by force as a part of the key. Fly by night companies can't kill you or lock you up for long periods of time but Governments can. An important aspect of obscurity (in the right place and done right) is not that it provides ultimate security but how it can increase the 'effort' to possibly decode in a timely fashion when it it's possible the system can be compromised in some way. Most critical information is time sensitive so if you can increase the decode time from a day to a week by secretly swapping cards by trusted personnel to force a reanalysis of the system, that's a win if you understand the capabilities of the attacker in a tactical situation.

 

[Baluncore]

"Remember, the Enemy also listens".

"To transmit is tantamount to Treason".

 

[arydberg]

How do you reconcile this thesis with the results of my experiment, whereby FM reception was totally blocked by the thin tin..?

Please try grounding the can to the ground on the radio.