One time pads

Bill Stewart bill.stewart at
Thu Oct 17 18:08:20 PDT 2002

At 12:16 PM 10/17/2002 -0700, Morlock Elloi wrote:
>I have a working OTP system on $40 64 Mb USB flash disk on my keychain.

Cute.  Is it available?

How do you prevent other applications from reading the file off your
USB disk, either while your application is using it or some other time?
That's one of the big differences between a computerized OTP
and a Dead Trees (or Dead Silkworms) OTP, which is much harder for
someone or something else to read without you noticing.

Since you say that "Used bits are securely deleted",
does your application distinguish between using the pad to encrypt
and using the pad to decrypt (which are basically the same thing,
except for destroying the key bits the second time)?

>30Mbs are filled with distilled randomness (two video digitizers at high gain
>looking into open input noise, compressed first with LZW then again compressed
>8:1 by taking only byte parity, then XORed together - takes several hours and
>passes diehard)

Landon Noll has done some interesting work taking a cheap PC camera
and keeping it in the dark.  The CCDs try to adjust, and you get noise.

Rather than compressing 8:1 using byte parity,
I'd recommend using a hash function, such as MD5 or SHA,
which means that every bit of the input can tweak any bit of the output.

>judging by the current use it will last us for decades for text messages.

That's the Bic Pen model of "you'll lose it before you use it up" :-)
If you're using it strictly for session key exchange,
that's a lot of sessions (unless you're a big web or email server.)
If you're using it for message encryption, it's obviously not much.

More information about the cypherpunks-legacy mailing list