[liberationtech] scrambler

Andy Isaacson adi at hexapodia.org
Fri Aug 30 11:38:28 PDT 2013 

On Thu, Aug 29, 2013 at 12:15:17PM -0700, Michael Hicks wrote:
> ok so I guess I just send u guys the links and u check out my software
> and Vet it? This was made for people to be able to protect their
> privacy and the NSA can't hack it No One can it's impossible. all the
> information is at scrambler.webs.com

Your description of how a OTP works is not correct.  At
http://scrambler.webs.com/how-does-it-work you write:

> The drawback of the one-time cypher pad encryption method is that to
> encrypt a message without reusing the one-time cypher pad requires it
> to be 256 times the size of the message.  Encrypting a one megabyte
> file without reusing the one-time cypher pad requires it to be 256
> megabytes.

This is incorrect.  A one-time pad needs to be the same size as the
message being encrypted, not 256 times as large.  OTP implementations
such as onetime (http://red-bean.com/onetime/) implement this properly,
using one byte of pad to encrypt one byte of plaintext.

Making such a fundamental mistake in the basic definition of the cipher
you're promoting is not a good sign that you're capable of implementing
it securely.

Continuing on, though...

> While it is recommended that you do not reuse one-time cypher pads,
> Scrambler will do so.

Well, that's a really bad idea, because reusing a OTP makes it
completely trivial to break.  Instead of the method you've described, I
would recommend that you look at how onetime tracks which pad bytes
have been used, and ensures they are never reused.

> After Scrambler has completed encrypting the message that required it
> to reuse the one-time cypher pad chosen for encryption, Scrambler will
> notify you that the one-time cypher pad was reused and should be
> discarded.

> Scrambler can be used to encrypt a file up to
> approximately 1.84E19 bytes in size without reusing the one-time
> cypher pad (18,400,000,000,000,000,000, or 18 quintillion bytes; or
> about 18,400,000 1 TB hard drives). Of course, the one-time cypher pad
> will need to be 256 times 1.84E19 bytes in size to do so without
> recycling through the one-time cypher pad. 

This paragraph is nonsensical if you're actually implementing a OTP.
The description you give makes me think that you're actually
implementing a stream cipher with 256x ciphertext expansion.

Could you clarify how Scrambler generates its cypher pads?  Explaining
that might help us understand how your system works in practice.

-andy

More information about the liberationtech mailing list