On 3/20/2015 12:06 PM, Tony Arcieri wrote:
On Fri, Mar 20, 2015 at 4:02 AM, Enrique Soriano <esori...@lsub.org
<mailto:esori...@lsub.org>> wrote:
These days we can buy 128GB pendrives (i.e. very long pads) for $35.
This simple approach seems viable to me:
https://www.codeandsec.com/Poor-Mans-Unbreakable-Encrypted-TCP-Tunnel
Poorly implemented, one time pads are in fact quite dangerous:
1) Extremely great care must be taken to never reuse any portion of
the pad. When reused, the attacker can easily obtain the XOR of the
plaintexts encrypted with the reused portion of the pad
2) Without authentication (i.e. a MAC), one time pads are highly malleable
The author of that software doesn't know the difference between a one
time pad and a stream cipher. There's no practical reason to prefer a
one time pad to a modern stream cipher like ChaCha20, which can be
combined with the Poly1305 MAC to create an authenticated encryption
scheme that isn't malleable like an unauthenticated one time pad.
--
Tony Arcieri
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
I am trying to contact the "company" and it is not easy. They don't
want people looking into them or the product they offer. I guess it's
fraud; I am disillusioned. If you hold real still and listen, you can
here the sound of my bubble bursting.
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
