Free One-Time Pad Encryption Software

Discussion in 'privacy technology' started by 16s, Jun 21, 2013.

Thread Status:
Not open for further replies.
  1. 16s

    16s Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    32
    Hello Wilders Security,

    I wrote FreeOTP about a year ago, but didn't do much with it. With the recent privacy concerns in the news, I wanted to share it with others and get feedback and suggestions.

    http://16s.us/FreeOTP/

    An acquaintance of mine, who is a professor of math at Virginia Tech and who teaches cryptography, reviewed the code and encrypted and decrypted some messages, but we didn't do much with it after that.

    It's alpha software, but it seems to work OK on Windows, Mac and Linux. I post test messages on twitter (user FreeOTP) with pads so that anyone can decrypt them. Would be neat if others would encrypt something and send me the pads and encrypted messages so I could experiment more.

    Let me know what you think. Would really appreciate any feedback with regard to the crypto implementation.

    Here is the Twitter feed of messages and pads:

    https://twitter.com/FreeOTP
     
  2. mlauzon

    mlauzon Registered Member

    Joined:
    Aug 9, 2011
    Posts:
    107
    Location:
    Canada
    But now that you've put it out there, you want to bet the NSA is now looking at it!
     
  3. 16s

    16s Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    32
    You should read Shannon's research from the 1940's:

    "While he was at Bell Labs, Shannon proved that the cryptographic one-time pad is unbreakable in his classified research that was later published in October 1949. He also proved that any unbreakable system must have essentially the same characteristics as the one-time pad: the key must be truly random, as large as the plaintext, never reused in whole or part, and be kept secret." - https://en.wikipedia.org/wiki/Claude_Shannon

    Having said that, OTP is not practical for most. However, it is ideal for small messages that *must* be unbreakable.
     
  4. 16s

    16s Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    32
    One other feature of one time pad encryption is that you can make an encrypted message decrypt to any plaintext message you like. So, you could have multiple different plaintext messages from the same ciphertext. Here's an actual working example of this. Notice that the two plaintext messages have the opposite meaning.

    FreeOTP.exe "Flee now" mA0kkAbS e
    String: Flee now
    Pad: mA0kkAbS
    Command: e
    CipherText: RL4ojNpd

    The real message is "Flee now". The real pad is "mA0kkAbS". Here is what it looks like decrypted:

    FreeOTP.exe "RL4ojNpd" mA0kkAbS d
    String: RL4ojNpd
    Pad: mA0kkAbS
    Command: d
    PlainText: Flee now

    Now, this pad "zs41k9Gv" decrypts the exact same ciphertext to a different plaintext:

    FreeOTP.exe RL4ojNpd "zs41k9Gv" d
    String: RL4ojNpd
    Pad: zs41k9Gv
    Command: d
    PlainText: stay PUT

    One time pad encrypted messages are impossible to crack and can be made to decrypt to any string you like. Figuring out the real message is mathematically impossible.
     
  5. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    993
    Location:
    Hawaii
    What approaches would you consider using in order to securely deliver either the ciphertext or the pad, (or preferably both)?
     
  6. 16s

    16s Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    32
    A face to face meeting would be the best way to exchange pads. USB stick, SD card, etc.

    After that, in most cases, the two parties would be geographically far apart. Twitter, image tags on websites, radio, etc. are a few ways in which to send and recieve messages. There are lots of ways to discretely send the ciphertext messages (Tor, ssh, SSL, etc.), but in some cases, you don't have to be discrete at all and can just post them publicly.

    As long as the pads are handled and used correctly then destroyed, there won't be any issues. The ciphertext messages by themselves are impossible to crack. In fact, you should just assume that other people have access to the ciphertext messages at all times.
     
  7. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    What are the limits on password? (i.e. max length, what characters are allowed or does it matter for OTP encryption?)

    Can the plain text it encrypts have special characters like å, Ä, ö, â?

    Thanks for making FreeOTP available to us.
     
  8. justpeace

    justpeace Registered Member

    Joined:
    Sep 21, 2012
    Posts:
    48
    Location:
    127.0.0.1
    So in other words, you could have multiple plaintext messages for different situations - one for the actual communication and another innocent to show law enforcement?

    Interesting, because if implemented correctly such a system would offer absolute plausible deniability but for the stupid who incriminate themselves in other ways.
    If the government compels you to decrypt your data it can't prove the actual contents.
     
Loading...
Thread Status:
Not open for further replies.