[midas007]

Indistinguishable from a PRF A good block cipher satisfied this property, otherwise it's not a PRF and insecure.

Hair-splitting, really. Actual OTP is an imaginary construction that requires an endless supply of truly random bits that have to be securely stored or somehow recreated during decryption. It shifts the hard part to that fn, and just XORs the result with the pt or ct block.

[tptacek]

No. What you've done here is redefined "OTP" to mean "any stream cipher". No.

[midas007]

That's the whole point of OTP as an imaginary construction!

It's a way to take any block cipher and turn it into a stream cipher with the power of XOR.

(I'm only going to ask this nicely once: cease and desist stalking and harassment.)

[tptacek]

No, you have your terminology thoroughly confused. An OTP is an information-theoretically secure cipher where the key is as long as the plaintext. The only relationship between a one-time pad and CTR is the XOR operation. Furthermore, the article you're responding to explains what's wrong with simple stream ciphers for disk sector encryption.