betabug... Sascha Welter

home english | home deutsch | Site Map | Sascha | Kontakt | Pro | Weblog | Wiki

27 September 2006

Playing with One-time Pads

A crypto steckenpferd

"One-time pad" encryption is something between the holy grail and the torture chamber of cryptography. On one hand it is the only encryption method which is provable secure, on the other that security comes with a clause: "...if handled properly". The "proper" way to use one-time pad encryption makes it extremely unpractical, solves the wrong problem in today's crypto needs, and if ill-used OTP encryption may become as insecure as a children's "decoder-ring" from a cereal box.

In other words, a nice toy for me to play around with. My interests goes first to the "understanding it" stage, then to the "trying it out" stage, passing by "is it really good for anything", and finally to the "can I write some code for it" stage. Some thoughts on this follow...

No need to bore you with what exactly is One-time pad encryption and the details on how it's done (see e.g. wikipedia). The principle is that the encryption algorithm is simple, but the key is completely random and as long as the message. There is a beauty to that. While many crypto-enthusiasts have an everlasting love affair with OTPs, Bruce Schneier made a big point against them.

Scrambled SMS

I like OTP encryption, because it is something that you can try out yourself, with a pen and paper. You can make pairs of little sheets with keys to carry in your wallet, and -- if done properly -- you can send SMS messages to your friends that are completely unreadable to anyone without the corresponding key. The practical purpose of this exercise currently evades me, but it might be fun if you have a friend who is interested in these kind of games. For real life purposes it might be more useful to install GnuPG and send mails with PGP encryption.

Totally impractical

Why do I consider OTP encryption to be so impractical? First of all, it's a hell of a lot of work to generate the key pair papers properly. It might be good for short messages (ideal for today's SMS), but anything longer than 10-15 words needs a lot of patience. Then there is the real life aspect of the security of a OTP: Let's assume you want to hide a message from an overly authoritarian teacher. A search of your possessions will reveal the "pad" with all the keys. You will either loose them or risk sending messages that can be read. With a PGP key you run the risk that the software or encryption system may be compromised in some way, but at least when your key falls into the adversaries' hands, you can hope on your secret passphrase protecting the key.

Read once

The teacher example doesn't stop there: After sending your message you have to destroy your copy of the key being used. Now you can't read the message any more yourself! You could keep a cleartext copy around, but that could fall into your teachers hands. Same with answers you received: You can read them once, then you have to decide if you want to destroy them (making them unreadable forever) or risk having the decrypt papers discovered. This endpoint problem makes OTP more suitable for diplomatic missions, where the messages can be filed away in a safe. If you had that luxury in the teacher example, you could likely find other means of evading said teacher anyway. Of course spies use OTP encryption too, but their stakes are higher.

But useful without a computer!

Using OTP encryption may have a small level of usefulness, for example when traveling without a computer. You could send small, important data very confidential in SMS messages with your mobile phone (or even read them out over a normal phone. When you visit a company in a foreign country and have to tell your own company back home your "buy or sell" decisions without others knowing, this could be a valid scenario. OTP encryption is very simple (if tedious) and can be done with paper and pencil, no need for a computer.

Get into trouble

But in this scenario you have to take very much care of your "pad". A former employer of mine was once strip searched (and questioned while naked), and had his computer taken away only to be given back days later, on traveling to Israel. That certainly isn't the scenario where you want to have a couple of one-time pads discovered on you. Not only would your bit of business secrecy have been taken away, the "interrogators" would also certainly assume that you are a spy or worse. So better play that game at home.

Back to playing

One-time pad encryption requires large amount of random data, to be used as the encryption key. Apparently the "quality" of the randomness should be very high to foil statistical attacks. Computer generated "pseudo random" numbers won't do. There are true hardware "random number generators" out there, but for me to get into the spirit, some simple dice can do the work. They are also much more at the level of old fashioned spy stories, where the "sheets" for the OTP are generated by some poor soul sitting in a room and drawing numbers all day (e.g. in Neal Stephenson's Cryptonomicon).

My choice are some simple dice. I have them anyway, for playing Backgammon and for computing good passphrases and passwords after the diceware system. Dice produce numbers in the range 1 to 6, classical one-time pads need numbers in the range 0-24 (or 1-25 or the letters A-Z). I certainly don't want to generate fake random numbers with a computer, and I'm enough into the paranoia spirit in this game not to print out the key pads with a printer, but writing some code to fix up the key is fine for me.

Writing some code

So I spend an hour or so writing a little python script I call dicepad. It just takes the input you give it while rolling dice and then prints out the generated random number in form suitable for old fashioned one-time pad use. It's not really elegant, but simple enough to understand and change if you need it different. I didn't consider any security aspects of the program (except for working properly). For me this is enough of a game to keep considerations about compromised memory or libraries out of the way. If your computer is rooted, playing with OTP encryption won't help anyway. Enjoy and don't come crying to me when you are thrown in jail!

Posted by betabug at 19:42 | Comments (0) | Trackbacks (0)
ch athens
Life in Athens (Greece) for a foreigner from the other side of the mountains. And with an interest in digital life and the feeling of change in a big city. Multilingual English - German - Greek.
Main blog page
Recent Entries
Best of
Some of the most sought after posts, judging from access logs and search engine queries.

Apple & Macintosh:
Security & Privacy:
Misc technical:
Athens for tourists and visitors:
Life in general:
<< betaBUMM... so, what happened? | Main | Besuch auf dem Lycabettos >>
There are no comments.
You can trackback to:
There are no trackbacks.