Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] OneTime 2.0 (beta): one-time pad system.

Andy Isaacson adi at hexapodia.org
Tue Jul 30 18:10:49 PDT 2013


On Tue, Jul 30, 2013 at 01:15:15PM -0500, Karl Fogel wrote:
> Andy Isaacson <adi at hexapodia.org> writes:
> >> OneTime 2.0-beta is ready for review and testing, as threatened [1].  See
> >> 
> >>   http://red-bean.com/onetime/
> >
> >At a quick glance, it appears you have not added any message
> >authenticity to the system, correct?  Do you have any thoughts on how to
> >add tamper resistance to onetime?
> 
> Well, I figured the pad is the authentication.  If the message decrypts
> at all, then the person who sent it to you must have the pad you expect
> them to have, so they must be the person you think they are :-).
> 
> (Or did you mean something else, like message integrity?)

Yes, I'm thinking of the bit flip attack.  Is a message still authentic
if it's been modified in transit?  (Agreed that message integrity is a
more accurate term.)

Ah, I see that you're compressing the plaintext before OTP, so many
simple bitflips result in a decompression error.  However if the
attacker knows (part of) the plaintext or has a good guess, they can
still modify the message.

-andy



More information about the liberationtech mailing list