He states: "Assuming there are about 200 pads floating around. The number of files which can be obtained by XORing 6 pads is ober 50 billion." This is false for the simple fact that in order to introduce a new piece of data into the system, you must XOR it with a number of pads to create a new pad. Therefore, with 200 pads floating around you can have at maximum 200 documents.
The idea is that if someone wants to TRY and combine all those files to see which combinations create protected documents, that someone will have an impossibly difficult job at hand. Without the pointers, you can't find out what documents are stored.
One needs there to be more "innocent pads" (his term) out there than pads derived from data, or a brute force attack becomes feasable. You could just start XORing random things, and come up with something "hidden" a sizable fraction of the time.
Yeah, like 200 out of 50 billion. No problem there :)
Assuming the person creating data pad used N random pads to create his new data pad, one could simply try all possible combinations of XORing N-1 pads.
You need to work on your math skills. If N = 2, you can't "XOR 1 pads". If N = 3, and the total number of pads is 200, you'll have 19.900 combinations to work with. Which is already pretty sizeable.
Since data is padded with zeroes, the ends of the pads will be identical.
The whole idea breaks because of your assumption. The same out-of-band info that leads the "good guys" to the daya ("combine random1.bin with random5.bin and random27.bin to get Metallica-One.mp3") can also indicate the correct length of the result ("btw, the result must be 3,603,127 bytes"), so the files can be padded with random data.
[ Parent ]