[liberationtech] OneTime 2.0 (beta): one-time pad system.
Andy Isaacson
adi at hexapodia.org
Thu Aug 1 08:01:06 PDT 2013
On Thu, Aug 01, 2013 at 07:37:59AM -0700, Andy Isaacson wrote:
> Since a OTP depends critically on never using the same pad to encrypt
> multiple plaintexts, it conversely also depends on the same pad only
> decrypting a single ciphertext. If a onetime implementation implements
> a decryption oracle, an attacker can almost certainly leverage multiple
> decryption attempts with timing or error discrimination to break the pad
> entirely.
Sorry, meant to add --
therefore, it's important that onetime record that a given range of pad
is consumed *on decryption* and is only used, thereafter, to decrypt
the identical ciphertext.
-andy
More information about the liberationtech
mailing list