LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Debian (https://www.linuxquestions.org/questions/debian-26/)
-   -   One-time pad cryptography (https://www.linuxquestions.org/questions/debian-26/one-time-pad-cryptography-722087/)

CoderMan 04-27-2009 04:42 PM
One-time pad cryptography
 
Hi. I'm not an expert on encryption, but I was reading about one-time pad cryptography, and I wanted to play around with it. Is there any standard applications for one-time pad encryption in the Debian Lenny repo?

jschiwal 04-27-2009 06:10 PM
You can simply EOR the key with the plain text. You don't need a complicated algorithm. Exclusive OR has the advantage there the same function can be used to encode and decode the message. What is important is that A) The key is as long as the message B) The key is random C) The key is used only once and then disposed of.

The disadvantage is that both the sender and receiver need to have copies of the key. The keys needs to be delivered via a secure method. While the one-time pad is unbreakable, it isn't suitable for electronics communication. If you have a secure method to transport the keys, you could have used that method to transport the message. Coordinating the use of the keys and communicating to a group or between members of a group can't be easy to manage. The one-time-pad system was used by the US Navy for sub communications in WWI. When the sub was in port, they would carry in suitcases full of keys. I don't know if this system allowed for 2 subs to communicate with each other.

Something similar is the OPIE system for one time passwords. A password is used once from a list and not repeated.

CoderMan 04-27-2009 08:19 PM
Quote:
Originally Posted by jschiwal (Post 3522957)
You can simply EOR the key with the plain text. You don't need a complicated algorithm. Exclusive OR has the advantage there the same function can be used to encode and decode the message. What is important is that A) The key is as long as the message B) The key is random C) The key is used only once and then disposed of.

The disadvantage is that both the sender and receiver need to have copies of the key. The keys needs to be delivered via a secure method. While the one-time pad is unbreakable, it isn't suitable for electronics communication. If you have a secure method to transport the keys, you could have used that method to transport the message. Coordinating the use of the keys and communicating to a group or between members of a group can't be easy to manage. The one-time-pad system was used by the US Navy for sub communications in WWI. When the sub was in port, they would carry in suitcases full of keys. I don't know if this system allowed for 2 subs to communicate with each other.

Something similar is the OPIE system for one time passwords. A password is used once from a list and not repeated.
So then is there no program which already does all that for the user? I know it wouldn't be too difficult to code it myself, but no need to re-invent the wheel. I'm also concerned about the randomness aspect of it: From what I heard, if you don't properly ensure that the key is truly random (proper seeding?) then it is possible for someone to figure out the pattern.


All times are GMT -5. The time now is 12:19 PM.