Wanted: one-time pad software

Discussion in 'privacy technology' started by stap0510, May 21, 2009.

Thread Status:
Not open for further replies.
  1. stap0510

    stap0510 Registered Member

    Joined:
    Aug 5, 2008
    Posts:
    104
    Hi guys,

    I have a question regarding One-time pads, and specifically an application by which one could use this on your own system.
    Let say I have an expensive ($ 500-1000 worth) true random number generator.
    I fill a dvd, of 4,7 gigabytes, of random data. (it would take a while to fill that DVD ofcourse with the random data)
    I then make 1 exact verified copy of that DVD, and give that to someone i wish to communicate with.

    Is there a one-time pad program that can use little chunks of that random data, on the DVD, to use only one time to encrypt (ofcourse) a same-size piece of cleartext data?
    I couldn't find this myself on Google, so here I am to ask you guys.

    I don't care if it is free, open source, or heavily commercial.
    I just want to know if something actually exists.

    Thanks in advance....
     
  2. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Couldent you just make a truecrypt container put the message inside it put that container on the disk, Give it to who your comunicateing with and tell them the password?
     
  3. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    This is a way of encrypting data. Using a one-time pad is a DIFFERENT way, that serves different purposes.
    So, suggesting a different approach, might not be a smart answer in some cases.
     
  4. stap0510

    stap0510 Registered Member

    Joined:
    Aug 5, 2008
    Posts:
    104
    I'm looking for a one-time pad solution, nothing else.
    I'm seriously thinking about making something myself, if I really can't find anything usefull.
    But that's a b*tch to make, because of the quite sophisticated system-design.

    The solution I'm looking for should have a management part build in, to manage and keep track of al the used chunks of truly random data from the dvd.
    Not to mention a form of MAC, or preferbly HMAC.
    Making the application aware of where a message begins and ends.
    All those kinds of things, that otherwise shoulds be worked out by me.
    One can see what amount of braincracking it requires to make that actually work.
     
  5. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Have you thought about using something like PGP/GPG ?

    You could always generate new keys for each piece of data, if you so wished, altrhough that's not really necessary.
     
  6. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    I'm curious why you consider a computerized version of the one-time pad to be a worthwhile endeavor. Don't you consider the existence of a DVD full of random keys to be a pretty big security risk?
     
  7. stap0510

    stap0510 Registered Member

    Joined:
    Aug 5, 2008
    Posts:
    104
    Thirst of all thank you for still replying to my thread.

    I'm looking for a solution that is by definition uncrackable.
    No matter how much of a math-wizz you are, or how much (quantum/secret) computational power you have.
    The initial idea is that:
    - 2 parties meet
    - They use one TRNG to fill/create a "disk" full of purely random data
    - Every time one of the parties sends the other a message they use a chunk of the same random data
    - The chunk of data is then marked as being "used", and can no longer be used anymore by either sides.
    - A chunk can only be used once. See the venona-project (google is your friend).
    - The management of chunks is sequential, each chunk of bits bein used after the other.

    One-time pad encryption is still being used by intelligence agencies.
    If it would have no further use anymore, why else would it still be in use within certain agencies?
    And I'm certainly not looking for any symmetric or assymmetric encryption-cipher.
    The problem resides in 2 things:
    - Implementation of such algorithms is hard to verify that no programming-flaws were made.
    - The never ending guess what all the big super-secret 3-letter agencies actually CAN crack. We, the general public, knwo nothing more then what they tell us, which isnt much at all.

    In the end it all boils down to certainty: a one-time pad gives me the certainty that actually no-one on earth can crack it.
     
  8. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    If I were your three-letter adversary then I would intercept every encrypted transmission that you sent, plus I would secretly break in to your facility or your recipient's facility and copy the DVD containing the random keys. Now I can decipher all of your past and future messages and you aren't even aware of it. What's so secure about that?
     
  9. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Stap0510, note that true random numbers may be obtained for free here.

    You and your party with whom you wish to exchange information could agree to use a segment of bytes from the shared random number file based on today’s Julian day number (J1) relative to the day on which the file was exchanged (J2), for all transmissions occurring on a specific date. For example, if the byte size is B, then have a mutually agreed upon rule to use bytes from (J1-J2)*B through (J1-J2+1)*B-1 as the symmetrical encryption/decryption key.

    P.S.: On a side note, it isn't clear how or why this approach would be more secure than using public key cryptography, all else being equal.
     
  10. stap0510

    stap0510 Registered Member

    Joined:
    Aug 5, 2008
    Posts:
    104
    Come on, Pleonasm.
    You are smarter then that.
    Public key cryptography's strength is based upon mathematics.
    You can crack it, it is just very, very hard to do so.
    The biggest advantage that a one-time pad/vernam cipher has over any other encryption-methode is that it is not crackable, unless you have the exact random data-set aswell.
    You can not brute-force it, or launce an entropy-attack upon it to gain information about the content of the message.
    Neither will math help you out on this.

    @ Dantz: the DVD is in near-vicinity when in use.
    When the DVD, with the random data, is not in use it is stored in a physical safe.
    So there are 2 placed where the DVD is, either with me, or in the safe.
    I'm not going to argue the fact that a safe can be opened, but it will always make a very good temper-seal.
    With the more expensive and bulkier safes, you can really see when it had been openend with by someone with force.
    Usually explosives are involved to get that job done.....so thats a no-brainer.
     
  11. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Stap0510, perhaps I read the posts in this thread too quickly. I was (incorrectly) assuming that your intention was to supply each party in the transmission with the same set of keys (based on random characters), which were to be used in conjunction with a symmetric encryption algorithm (e.g., AES), thereby solving the key exchange problem and also having no more than one message at risk if any single key were exposed.

    For those interested in this subject, the following articles may be of interest:

    I am unaware of any commercial tool that implements this technique, unfortunately.

    P.S.: FYI -- You might be interested in the ComScire R2000KU Hardware Random Number Generator.
     
Loading...
Thread Status:
Not open for further replies.