[Cryptography] one-time pads

Tom Mitchell mitch at niftyegg.com
Mon Jan 20 23:13:06 EST 2014 

On Mon, Jan 20, 2014 at 6:42 PM, Philip Shaw <wahspilihp at gmail.com> wrote:
>
> On 21 Jan 2014, at 5:11 , Tom Mitchell <mitch at niftyegg.com> wrote:
>> The top to bottom structure of the pad makes them a stream
...snip....
> Of course, that makes the reader totally obvious to anyone who looked, but IIRC the device was for use inside embassies or similar facilities, so the pads could be transported by diplomatic courier anyway.
>
> I have had the idea of producing something compatible with an SD reader
.....snip...
> It still wouldn’t be deniable, but it would be trivial to destroy in a hurry.

Trivial to destroy --- Older flash memory had properties that erase
prior to write
was a block operation.   Writing could be bit as a time... any single bit can be
set and other bits remain constant.   This property made for some interesting
file system designs.  Physical cracking the silicon die of a microSD
card with toe
nail clippers, vanishing in grass or any place all are easy because of
the size.  SD card
adaptors are free.   This permits used data to be changed as used
without a block erase.

For tomorrow's embassy:
A modern device would look like a solid state disk but the disk
controller would be modified/ replaced.   Normal SATA read commands
would return then clobber data (pad pages used).   Random read would
be spoofed (spoofable).
Partition data and tables would omit most of the device so common OS
inspection would ignore the bits.   Any modern SATA spinning media
could have the onboard controller modified to 'lie' and match the
external sticker.

A MacBook pro could be modified to be a OTP by cracking the case
replacing the disk with an "improved" device and modified OS.
Keeping a large key internal on a tamper triggered self modifying
device.   The result of tampering is a spiteful pile of angle grinder
abused bits on the desk/ floor of some agency.

One of the jobs I worked on as a contractor was a disk media and disk
head test fixture.   The task was simple once we coerced the
controller to be a tester.  TLA agency budgets would make short work
of this whole process. So disks spinning and SS could all be improved/
hacked/ secured by controler enhancements with modest effort.

The blocks of flash in many Chromebooks are fair game.









-- 
  T o m    M i t c h e l l

More information about the cryptography mailing list