Tech Off Thread

4 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Recycling one-time pads?

Back to Forum: Tech Off
  • User profile image
    Tom Servo

    I liked the idea of OTPs, after I found out about 'em in that Messenger thread over in the coffeehouse. They kinda warm my paranoid heart.

    After having decided to add this to my IM client at some point (like 2017), I've been thinking how to keep the usage of those to an single one-time key data exchange.

    The idea's is as follows:

    When one client in a conversation notices that it's running out of key data (because the user chats way too much), it collects a fair chunk of random data, then initiates a recycling at his and the peers end, by sending that random data over to the other peer (not without encrypting it with the remaining key data), then both start at index 0 with the recycled data.

    The recycling may work like this:

    Ki = M(Di) xor R(i mod c) ; for i = 0..n

    K is the recycled data, D the old data, M is a mutator (something that screws with the values), R is the random data chunk, C is the length of the chunk

    Would you think this is a adequately secure way to generate new data? Idea here is that data, that is unknown to beginwidth, gets pseudo-randomized by an algorithm, e.g. SHA1 (20 bytes in, 20 bytes out, maybe even a salt defined by the initiator), and some additional random data gotten by hashing mouse events or something.

    I wanted the client to work with 32kb data minimum, reserving the last 8k to encrypt the recycling data.

    Also, how do you feel about sending indexes in cleartext past the wire? If there's a state discrepancy across two peers, I need to be able to synchronize each other's state.

    Thanks for any comments or ideas.

  • User profile image

    Possibly side-tracking your issue, but why not just use public / private keypairs a'la PGP?

    I'm sure its more resource efficient than using one time pads.

  • User profile image
    Tom Servo

    I'll be putting public keys in there too (which will be real fun, since I know squat about all of it, right now). I'm shifting the focus from "yet another multiprotocol IM" towards "barebones tinfoil IM", at least for now, because there aren't much of those yet. Trillians SecureIM is a mere comedy option, Miranda's plugins are outdated and don't work correctly, the other messengers didn't satisfy me either. SSL on Jabber is also on a per-hop basis, not end-to-end.

    Anyway, the idea of OTPs just sounded cool, but there's also a need to be able to continue a secure discussion when you accidentally run out of key material. I intend to put a counter of average remaining secure messages in (remaining keydata divided through average message length), as warnings about insecure recycled key data and all that, though.

  • User profile image

    Tom Servo wrote:
    SSL on Jabber is also on a per-hop basis, not end-to-end.

    So true... there are Jabber clients which support GPG though, which is end-to-end.

    (EDIT: stupid Firefox-on-Ubuntu/FTB bug...)

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.