[liberationtech] OneTime 2.0 (beta): one-time pad system.
Karl Fogel
kfogel at red-bean.com
Tue Jul 30 11:15:15 PDT 2013
Andy Isaacson <adi at hexapodia.org> writes:
>> OneTime 2.0-beta is ready for review and testing, as threatened [1]. See
>>
>> http://red-bean.com/onetime/
>
>At a quick glance, it appears you have not added any message
>authenticity to the system, correct? Do you have any thoughts on how to
>add tamper resistance to onetime?
Well, I figured the pad is the authentication. If the message decrypts
at all, then the person who sent it to you must have the pad you expect
them to have, so they must be the person you think they are :-).
(Or did you mean something else, like message integrity?)
When decryption fails, one sees an error like: "DecodingError: unable to
decode (wrong pad?)". There's a regression test for this, by the way.
Best,
-K
More information about the liberationtech
mailing list