Security Basics mailing list archives
Re: One-Time Pad software?
From: profeten <profeten () gmail com>
Date: Fri, 02 Feb 2007 20:11:00 +0100
FocusHacks wrote: > I am looking for software implementations of one-time pad encryption. > Ideally, these would be cross platform, and command line open-source > would be even better.I have only found pseudo-one-time-pad software (like otp4u: http://it.geocities.com/teutoburgo/java/otp4u.html) which compromises the perfect secrecy property by making the key exchange more practical. However, writing such a tool yourself ought to be trivial.
FocusHacks wrote:
Optionally, it would be nice if it had the ability to use multiple "pages" (blocks, files, whatever) of a pad when the file in question is larger than one piece of the pad. For instance, if your "pad" consisisted of many 20k binary files full of pseudo-random data, and you wished to encrypt a 3 megabyte file, it would use as many sequential pad files as needed, as opposed to "looping" one of thepad files to meet the demand.
Any reasonable implementation of a one-time pad crypto would enforce this "optional" feature, i.e. NEVER use the same pad twice (especially not within the same cryptogram!). After all, there is a reason why it's called a ONE-TIME pad. Reusing the key pads (or "looping" them) breaks the crypto and makes crypto analysis a breeze. For example, an analyst could generate a 20K (or whatever he suspect the size of the reused key pad to be) repetition of a single sequence of letters likely to be in the plain-text, like the english (if english plain-text is suspected) word "that", i.e. "thatthatthatthat...". This is the currently guessed plain-text. Then he could used the guessed plain-text and the first 20K of the known cryptogram to generate thecurrently guessed key. Then he decrypts the rest of the crypto-text (which he assumes have been encrypted with the same key as the first 20K block the key was generated from) with this guessed key, which probably will generate a lot of rubbish as plain-text, but there might be some readable sequences here and there. These are then assumed to coincide with some of the correctly guessed "that":s in the guessed plain-text and correct parts of the guessed key.
This is then reapeated three more times so "that" has taken every possible position in the first 20K of the cryptogram by displacing it one character to the right each time, i.e. using the following guessed plain-texts: "_thatthat...", "__thatthat..." and "___thatthat...". Of course, this will generate some false positives when the guessed keys seem to decrypt into some readable sequences but only does so by chance. However, if reapeted with more common words (like "was", "and", "you" etc), and if the readable sequences gained by using the guessed keys are expanded through analysis of their context (e.g. if the guessed key generates "g2DryptogaI4lAv" from some part of the cryptogram he can guess that the real plain-text is "g2cryptogramlAv" or "g2cryptographyv" etc) such faults will be detected as well as more parts of the real key and real plain-text are being approximated. Never reuse your one time pads! PS. There are algorithms that reuse the key pads by mixing them with the crytptext in arcane ways and still retaining strong protection against the above described crypto analysis. However, these algoritms does not keep the rather nice perfect secrecy property of properly used one-time pads. One might just as well use AES, twofish, RSA or any other decent crypto instead.
Current thread:
- One-Time Pad software? FocusHacks (Feb 02)
- Re: One-Time Pad software? Thierry Zoller (Feb 02)
- Re: One-Time Pad software? profeten (Feb 02)
- Re: One-Time Pad software? Atom Smasher (Feb 05)
- Re: One-Time Pad software? FocusHacks (Feb 05)
- Re: One-Time Pad software? Atom Smasher (Feb 05)
- Re: One-Time Pad software? FocusHacks (Feb 05)
- <Possible follow-ups>
- Re: One-Time Pad software? profeten (Feb 05)
- Re: One-Time Pad software? FocusHacks (Feb 14)