4

I have read the Vigenère cipher is secure as long as the key length is the same as the length of the data to be ciphered.

Is this true when the same key is used multiple times? In such cases, after how many uses would the key be considered insecure?

Patriot
  • 3,132
  • 3
  • 18
  • 65
Yavor Shahpasov
  • 151
  • 1
  • 3
  • 6
    If the key has the same length as the message and it used only once, then it is called a One-Time-Pad. And that is information theoretically secure. If you re-use the key, security is gone. And that's true for any key-length of Vigenere: Re-using a key means that security has left the building. – tylo Jul 24 '14 at 14:51
  • 3
    @tylo: I can't think of anything else anyone could add (except for possibly the mention of Venona as an example) -- why don't you convert your comment into an answer? – poncho Jul 24 '14 at 15:12
  • 7
    The key has to be perfectly random to be an one-time-pad. – Nova Jul 24 '14 at 15:13
  • @Nova To the attacker, anyway :P – Maarten Bodewes Jul 24 '14 at 20:13
  • @owlstead, no, it has to be cryptographically unpredictable. If it's "random to the attacker", just because the attacker can't predict the sequence today doesn't mean he can't discover how to predict it tomorrow. – John Deters Jul 24 '14 at 21:52
  • @JohnDeters If he can predict it tomorrow, it would not be perfectly random to him, now wouldn't it? I meant that somebody probably has to remember the key; so it isn't fully random to the keeper. Sorry bad joke, but the comment stays. – Maarten Bodewes Jul 24 '14 at 22:00
  • In most examples of Viegenere I've seen, an actual word is used as the key (but maybe this is just to illustrate the concept). If this was practiced, it would still be insecure as dictionary words of a fixed length is not too large of a set to brute force through. – retterermoore Jul 25 '14 at 00:47
  • 1
    It pretty much looks like this is a duplicate of http://crypto.stackexchange.com/questions/2249/how-does-one-attack-a-two-time-pad-i-e-one-time-pad-with-key-reuse – e-sushi Jul 25 '14 at 15:56

2 Answers2

4

Forming my comment into an answer:

If the key has the same length as the message and is used only once, it is basically a One-Time-Pad. This means, that in theory you can match any ciphertext to any plaintext with $a key$. If this key has to match certain criteria (e.g. be a word of a certain language), the information theoretic aspect will be lost. It depends on the actual keyspace if this is a problem.

However, the re-usage is more tricky, because all security is lost in Vigenere once a key is reused. If you have two ciphertexts created by the same key, you can just combine them and have the key eliminated. Then you are left with the combination of the two plaintexts, which is easy to deal with by using frequency analysis.

tylo
  • 12,654
  • 24
  • 39
-1

If the Key is completely random, used only once and the same length as the plain text then it is a One time Pad. It may NOT be secure though, for example if the message is very short.

If the Message is short, and your Key is a word or a couple of words then it is unsecure, because there are what ? a few thousand words to try to brute force. So I think a good Key should be the same length as the plaintext AND truly random OR use a sufficient number of words (around 12 minimum) selected randomly, along the lines of battery, horse, staple....and used only once, otherwise patterns may emerge in the resultant ciphertexts.

Adrian
  • 151
  • 5
  • OTP will give you nothing to confirm your guess, so brute force is no more effective that simply guessing the plaintext without having seen a ciphertext at all. [Ignoring the length leak] 2) Random words are not random bits unless you massage them quite a bit. So your suggestion doesn't work.
    • – CodesInChaos Feb 27 '17 at 16:01
  • If you only consider words in language for a key, that is not an OTP. There are no "good keys" in OTP either, there was a question about this a few weeks ago here. For OTP (with its necessary assumption about a truly random key and no re-usage), there is no brute-force attack. Both re-usage of the key or using a smaller keyspace (like words in language) do not only lower security, there is no security left at all. – tylo Feb 27 '17 at 16:30
  • Bitcoin and cryptocoin wallets have gone to using 12 or more words (eg battery horse staple...) as the security phrase rather than a conventional password, I presume those in the know believe this to be a more secure method of encrypting data. Presumably, more secure means more permutations. – Adrian Feb 27 '17 at 16:35
  • @Adrian That has absolutely nothing to do with OTP. And those applications use a key-derivation-function to generate a key from the passphrase, never ever use a password instead of a key directly. Those algorithms are considered secure (if used correctly and the assumptions are met), but it can not simply be explained by "more permutations". In your other question you have a perfect counter example in monoalphabetic substition ciphers: Number of permutations is high enough, security is nonexistent. – tylo Mar 01 '17 at 13:25