[liberationtech] scrambler
Sandy Harris
sandyinchina at gmail.com
Fri Aug 30 20:52:48 PDT 2013
Michael Hicks <scramblerencryption at yahoo.com> wrote:
> Thank you so much we appreciate your opinion and facts. would you have any
> recommendations?
Start by reading up on one-time pads.
Probably the best source is Marcus Ranum's FAQ:
http://www.ranum.com/security/computer_security/papers/otp-faq/
Another, partly my writing:
http://en.citizendium.org/wiki/One-time_pad
>> The author doesn't understand how to construct one-time pads, and flouts
>> the most important rule of using them. Avoid this software like the
>> plague.
Right.
Also, even if you get the OTP part of it right, there are still problems.
One is that the system gives no protection against traffic analysis,
collection & use of what has being called metadata in recent news
stories.
Another is that, while an OTP system is provably perfectly secure
against simple eavesdropping, it is inherently vulnerable to a
rewrite attack:
http://en.citizendium.org/wiki/Stream_cipher#Rewrite_attacks
Finally, there are a whole lot of questions about things like how
you generate the random numbers, how a customer can be
sure his java app is not tampered with, etc. Quickly perusing
your web site, I do not see answers for those.
More information about the liberationtech
mailing list