One time pads

Bill Stewart bill.stewart at
Fri Oct 18 01:05:14 PDT 2002

At 10:52 PM 10/17/2002 -0700, Morlock Elloi wrote:
> > >I have a working OTP system on $40 64 Mb USB flash disk on my keychain.
> >
> > Cute.  Is it available?
>$39 + tax in Fry's.

I don't mean the disk - there are lots of those.
I mean your software.
Also, can your tool use floppies instead of USB keys?
There are problems with KGB-quality attackers recovering overwritten data
which are probably much more serious for disks than flash rom,
but they're nearly universal and good shredders work well on them.

> > How do you prevent other applications from reading the file off your
> > USB disk, either while your application is using it or some other time?
>I don't care. No one knows about it enough to set a trap in a random PC 
>(and if
>They do we're in deep shit anyway.) This is the reason for not releasing the
>(trivial) program. Write your own and let it be your group key ... say, 
>40-bits worth ?

USB key disks look like an obvious target for eavesdropping in general.
(They're also the best medium for re-inventing the floppy-disk virus:-)

> > Since you say that "Used bits are securely deleted",
> > does your application distinguish between using the pad to encrypt
> > and using the pad to decrypt (which are basically the same thing,
> > except for destroying the key bits the second time)?
>You destroy bits *every* time. The routine that reads bits overwrites them.
>Messages are fixed size, index into OTP file is a part of the message, each
>user gets starting offset assigned to avoid synching problems.

You need to use each bit twice - once to encrypt, and once to decrypt.
Destroying them after the first use is a bad idea....

More information about the cypherpunks-legacy mailing list