I have a working OTP system on $40 64 Mb USB flash disk on my keychain.
Cute. Is it available?
$39 + tax in Fry's.
How do you prevent other applications from reading the file off your USB disk, either while your application is using it or some other time?
I don't care. No one knows about it enough to set a trap in a random PC (and if They do we're in deep shit anyway.) This is the reason for not releasing the (trivial) program. Write your own and let it be your group key ... say, 40-bits worth ? Subverting PGP is far more likely. The only solution would be to have a CPU on the keychain item ... just wait for PDAs to get smaller.
Since you say that "Used bits are securely deleted", does your application distinguish between using the pad to encrypt and using the pad to decrypt (which are basically the same thing, except for destroying the key bits the second time)?
You destroy bits *every* time. The routine that reads bits overwrites them. Messages are fixed size, index into OTP file is a part of the message, each user gets starting offset assigned to avoid synching problems. Yes, there are zillion DoS attacks, but we had none so far. This crypto works only when a crypto programmer is a part of cooperative group, and frankly we don't give a fuck for the rest of the world.
Landon Noll has done some interesting work taking a cheap PC camera and keeping it in the dark. The CCDs try to adjust, and you get noise.
I's suggest a hi-fi video digitizer with analog input. CCDs have dirty randomness.
Rather than compressing 8:1 using byte parity, I'd recommend using a hash function, such as MD5 or SHA, which means that every bit of the input can tweak any bit of the output.
Well, each of 8 bits of byte affect its parity. It's just the different initial block size. But tastes vary.
That's the Bic Pen model of "you'll lose it before you use it up" :-) If you're using it strictly for session key exchange, that's a lot of sessions (unless you're a big web or email server.) If you're using it for message encryption, it's obviously not much.
Did you ever try to type 5 megabytes of text ? Check the size of the text part of your outgoing mail archive. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com