Hi. In Python 2.x, I have been using /dev/urandom through os.urandom. -Teemu
2014/1/14 Kevin <kevinsisco61...@gmail.com>: > On 1/14/2014 7:55 AM, Teemu Väisänen wrote: >> >> Thank you Kevin for your comments! >> >> One-time pad offers perfect secrecy, but yes, it is not much used in >> practice mainly because of several problems/challenges I am sure you >> in this list are well aware of. >> >> About the XEP proposal: if Prover and Verifier clients are running in >> same device or even in same application, amount of one-time pad >> related problems decreases, because the keys can be used, transmitted, >> stored and deleted, e.g., inside one running program. Randomness that >> is good enough for cryptography is of course problematic. Usage of >> one-time pad would be very different than we have learned from crypto >> books. A new key and message to be encrypted could be randomly >> generated every time when authenticating. No long pads are >> used/needed/stored so it has still been quite fast in my tests. >> >> But would one-time pad actually give any additional security when >> compared just using a random string (key part from one-time pad >> without the encrypted message)? >> >> Can anyone find threats related to the XEP proposal? Like from message >> authentication? For example, one-time pads do not provide any message >> authentication, would it be more secure to to use random key to >> encrypt a randomly generated message or understandable message? Is >> there any difference? >> >> At the moment message authentication is provided using a mechanism >> where the Verifier processes only a message coming from a known Prover >> containing a known secret. If there is errors in the sender or in the >> secret, the message is not processed as authentic. In addition XMPP's >> E2E security could be used for encryption/authenticity. >> >> -Teemu >> >> 2014/1/10 Kevin <kevinsisco61...@gmail.com>: >>> >>> I have looked over the 2-factoring mechanism and I feel the need to point >>> something out: >>> The one-time pad, while great in theory, proves somewhat unrealistic in >>> practice. It can be slow, especially if used in hardware. So if used in >>> a >>> router could possibly lag the network. Again, the one-time pad is great >>> in >>> theory; I personally like it. Realistically, however, I'd replace it with >>> something else. Just my thoughts. >>> >>> -- >>> Kevin >>> >>> _______________________________________________ >>> cryptography mailing list >>> cryptography@randombit.net >>> http://lists.randombit.net/mailman/listinfo/cryptography > > If you are still wanting to use a one-time pad, I can't help but wonder what > you use as your source of entropy for the randomness. > > > -- > Kevin > _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
