Home page logo
/

basics logo Security Basics mailing list archives

Re: One-Time Pad software?
From: FocusHacks <focushacks () gmail com>
Date: Sat, 3 Feb 2007 01:08:34 -0600

Thanks for the information, guys.  As far as one-time pads being the
same length as the cleartext, I know how it works.   If a spy of days
past had a very long message to encrypt, he may need to use more than
one page of his paper pad.   By the same token, if I have a large
binary file to encrypt, but have stored several small files of random
data to use as my pad (and the receiving party has the same files and
knows in which order to utilize them), I would expect a tool to be
able to handle the task.  It's not convenient to generate a
perfect-length pad file for every ciphertext message I wish to
transmit.  Looping a 20k file over a larger cleartext message would
not be OTP, it'd be a simple running key algorithm that'd be a lot
easier to break with simple heuristics.  Sure, it'd be a 20 kilobyte
key, a lot less trivial than looping an eight-letter lowercase word as
a key, but it wouldn't be nearly as good as a genuine OTP.

The reason I'm thinking small files is because on solid state media
(for instance, volatile storage in a PDA), it's easy to securely erase
one file at a time, which is much like burning the piece of paper you
just used.  correctly implemented, OTP is both computationally trivial
to perform, yet "perfectly secret", so long as the pad remains secure.

I'll definitely look into some of the tools listed, and I'll start
tinkering around on my own, I have a few ideas now.

Cheers!
--Noah
On 2/2/07, Atom Smasher <atom () smasher org> wrote:
On Fri, 2 Feb 2007, FocusHacks wrote:

> I am looking for software implementations of one-time pad encryption.
> Ideally, these would be cross platform, and command line open-source
> would be even better.  This is mostly for fun, and I've considered just
> sitting down and writing my own, which I may very well do anyways, once
> I see what else is out there.
===========================

command line; open source (GPL); fun:

http://www.freebsd.org/cgi/url.cgi?ports/security/pad/pkg-descr
http://www.freshports.org/security/pad/
http://web.archive.org/web/20011030104813/www.lammah.com/pad/

i've played with it... it's a fun toy, and may be useful for more. not too
many command line options, but the ones it has are very useful. also
useful is that the ciphertext can be broken into more than just 2 shares,
and that you can specify a pad or have one generated on the fly.


--
         ...atom

  ________________________
  http://atom.smasher.org/
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

        "Your password must be at least 18770 characters and
         cannot repeat any of your previous 30689 passwords.
         Please type a different password. Type a password
         that meets these requirements in both text boxes."
                -- Microsoft takes security seriously in
                Knowledge Base Article Q276304.





--
http://www.FocusHacks.com - The Ford Focus Modification Site!
http://www.focushacks.com/focushacks-gpg.txt - My GPG encryption key


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]