<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><br><div><div>On Jun 17, 2017, at 5:04 PM, Grant Schultz <<a href="mailto:gschultz@kc.rr.com">gschultz@kc.rr.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div text="#000000" bgcolor="#FFFFFF">
On 06/15/2017 07:32 PM, Grant Schultz wrote:
<blockquote type="cite" cite="mid:mailman.1.1497715201.38987.cryptography@metzdowd.com"><br>
<blockquote type="cite">
<pre wrap="">What if the encryption method was the one-time pad? Naively, you could
carry a one-time pad on paper, along with a pencil. You would perform
the en/decryption manually, and type the message into the phone. (Of
course the smartphone with its cameras would be in your pocket during
en/decryption.)
</pre>
</blockquote>
<pre wrap=""><a class="moz-txt-link-abbreviated" href="mailto:bear@sonic.net">bear@sonic.net</a> wrote:</pre>
</blockquote>
<blockquote>It would work, but you'd want something less unwieldy
than a one-time pad. I think you would want some kind of purely
mechanical device, so that users could verify for themselves that
it is unhacked and unhackable. All parts visible.<br>
</blockquote>
<br>
Yes, the all-parts-visible is the important aspect.
</div></blockquote><div><br></div><div>That won’t help unless you have designed and fabricated it entirely by yourself using 100% hand-operated tools, and if you do that then it will almost certainly be insecure because of something you overlooked. It’s possible to hide a back door even in a mechanical device if it gets complicated enough.</div><div><br></div><div>rg</div><div><br></div></div></body></html>