calum.org:~#

One time pads

Tags: java crypto programming xor

Added: 2011-04-20T16:29:43

One time pads

We know that all encryption can eventually be broken - it's just how long it takes to break, right?
Wrong.

There is a solution that is unbreakable, purely because you have nothing to compare with to know if you're right.
The one-time pad.

If the cipher text is AGYEG, then how do you know if the answer is APPLE, HOUSE, or LINUX?
In fact, depending on the key material you supply, it *will* decode to any of those answers, and all the other possible combinations as well.

So, why don't we all use one-time pads?

a. You need a totally random set of pad data, at least as big as the message you're wanting to send.
b. You need to make sure that pad data is never copied, and is destroyed after use.

Basically, if you can work out a way to get the key data securely, uncopied, to the recipient, well, you might as well just make that the message.

Monolith posed some very interesting questions, so I thought about the idea of allowing people to transfer large files around using this method.
The problem is, is that if you want to transfer 700MB of data encrypted with a one-time pad, you would need 700MB of data to be the one-time pad.

However, the interwebs are full of randomish* 700MB files.

If I want to transfer 700MB fileA to my friend (Bob), instead of then first having to provide him securely with the 700MB one-time pad, I can now just tell him to download fileB from wherever he likes to download files like that from.

Then, we can use fileB (the common secret) to "encrypt" fileA.

Note the sarcasm tags. This is not really good encryption. But there are a lot of large files on the web.

So, all Bob has to do now, is tell his friend which large binary file is the pad. Which can be done with an SMS - or a short phone call. Saves all the hard work of getting one-time pads transferred around the place.

I've written a little Java app that you can use for this. It's my first foray into AWT, and I'm not really liking it. But it works.

Please try it out. Run with:

wget http://files.calum.org/JaXOR.jar -O JaXOR.jar
java -jar JaXOR.jar
Let me know of any bugs, problems, ideas, etc.Also, it looks shocking. I would like to say that I'll work on making it look better, but I probably won't get round to it.
Function over form, that's my motto. You're lucky it's not just a command-line app! :)

* Randomness is very hard to achieve, and compressed binary files are no-where near random. However, for this, they'll do.

posted by Calum on 2011-04-20T16:45 under

Comments

Comment

If you can send a SMS, you can share a secret key. Internet files are not trully random, so it is not OTP.

Comment

I know that videos, music, or ISOs aren't random. See the asterisk at the end of the post.
Add a comment

Your IP:
Please enter 9255826 here: