[liberationtech] OneTime 2.0 (beta): one-time pad system.
Andy Isaacson
adi at hexapodia.org
Tue Jul 30 18:10:49 PDT 2013
On Tue, Jul 30, 2013 at 01:15:15PM -0500, Karl Fogel wrote:
> Andy Isaacson <adi at hexapodia.org> writes:
> >> OneTime 2.0-beta is ready for review and testing, as threatened [1]. See
> >>
> >> http://red-bean.com/onetime/
> >
> >At a quick glance, it appears you have not added any message
> >authenticity to the system, correct? Do you have any thoughts on how to
> >add tamper resistance to onetime?
>
> Well, I figured the pad is the authentication. If the message decrypts
> at all, then the person who sent it to you must have the pad you expect
> them to have, so they must be the person you think they are :-).
>
> (Or did you mean something else, like message integrity?)
Yes, I'm thinking of the bit flip attack. Is a message still authentic
if it's been modified in transit? (Agreed that message integrity is a
more accurate term.)
Ah, I see that you're compressing the plaintext before OTP, so many
simple bitflips result in a decompression error. However if the
attacker knows (part of) the plaintext or has a good guess, they can
still modify the message.
-andy
More information about the liberationtech
mailing list