Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: One-Time Pad software?

from [FocusHacks] Network Security [Permanent Link]
Subject: Re: One-Time Pad software?
Date: Sat, 3 Feb 2007 01:08:34 -0600 
Thanks for the information, guys.  As far as one-time pads being the
same length as the cleartext, I know how it works.   If a spy of days
past had a very long message to encrypt, he may need to use more than
one page of his paper pad.   By the same token, if I have a large
binary file to encrypt, but have stored several small files of random
data to use as my pad (and the receiving party has the same files and
knows in which order to utilize them), I would expect a tool to be
able to handle the task.  It's not convenient to generate a
perfect-length pad file for every ciphertext message I wish to
transmit.  Looping a 20k file over a larger cleartext message would
not be OTP, it'd be a simple running key algorithm that'd be a lot
easier to break with simple heuristics.  Sure, it'd be a 20 kilobyte
key, a lot less trivial than looping an eight-letter lowercase word as
a key, but it wouldn't be nearly as good as a genuine OTP.

The reason I'm thinking small files is because on solid state media
(for instance, volatile storage in a PDA), it's easy to securely erase
one file at a time, which is much like burning the piece of paper you
just used.  correctly implemented, OTP is both computationally trivial
to perform, yet "perfectly secret", so long as the pad remains secure.

I'll definitely look into some of the tools listed, and I'll start
tinkering around on my own, I have a few ideas now.

Cheers!
--Noah
On 2/2/07, Atom Smasher <atom@smasher.org> wrote:

On Fri, 2 Feb 2007, FocusHacks wrote:

> I am looking for software implementations of one-time pad encryption.
> Ideally, these would be cross platform, and command line open-source
> would be even better.  This is mostly for fun, and I've considered just
> sitting down and writing my own, which I may very well do anyways, once
> I see what else is out there.
===========================

command line; open source (GPL); fun:

http://www.freebsd.org/cgi/url.cgi?ports/security/pad/pkg-descr
http://www.freshports.org/security/pad/
http://web.archive.org/web/20011030104813/www.lammah.com/pad/

i've played with it... it's a fun toy, and may be useful for more. not too
many command line options, but the ones it has are very useful. also
useful is that the ciphertext can be broken into more than just 2 shares,
and that you can specify a pad or have one generated on the fly.


--
         ...atom

  ________________________
  http://atom.smasher.org/
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

        "Your password must be at least 18770 characters and
         cannot repeat any of your previous 30689 passwords.
         Please type a different password. Type a password
         that meets these requirements in both text boxes."
                -- Microsoft takes security seriously in
                Knowledge Base Article Q276304.





--
http://www.FocusHacks.com - The Ford Focus Modification Site!
http://www.focushacks.com/focushacks-gpg.txt - My GPG encryption key

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PCI, EFS and the future?, Nick Vaernhoej
Next by Date:  Helpdesk as local admin, WALI
Previous by Thread:  Re: One-Time Pad software?, Atom Smasher
Next by Thread:  Re: One-Time Pad software?, Atom Smasher
Indexes:  [Date] [Thread] [Top] [All Lists]