[Cryptography] One-time pads in modern crypto software?

John Gilmore gnu at toad.com
Sun Feb 14 04:28:20 EST 2021 

Henry Baker wrote:
> 1. One-time pads can't be broken by quantum computation,
> but require incredibly long keys which are hard to manage.

We could certainly automate a bunch of the management of one-time pads
with some free crypto software that supported them.  And maybe some
cheap USB OTP hardware could then bring them to the masses.

I continue to be surprised that nobody has put support for one-time pads
into TLS.  For the small subset of people who want higher reliability
security, it would be straightforward to run standard protocols for web
and email and DNS and such, but with OTP keying rather than depending on
possibly breakable mathematics or quantum theory.  Whether it's
financial traders, diplomats, spooks or black marketeers, you'd probably
find users.  Or maybe they would find a use authenticating the
distribution of keys for high value targets like public-key certificate
hierarchies.  If the OTP TLS traffic looked to wiretappers just like
regular TLS traffic, that would be even better.

Moving a random bitstream of many gigabytes from place to place isn't
hard these days on pocket flash drives.  Keeping many such users'
bitstreams on hard drives in a central server location would work.  You
could bootstrap early protocol users with those.  Then for higher
security than plain drives, somebody could build a reusable USB one-time
keying device.  Consider a flash-based USB device that would let you
write a bitstream to it many times, but only let each block of bits be
read a single time before destroying it with erasure and overwrite.  Or
perhaps the model should be two identical devices that, when plugged
into each other back to back, fill themselves with identical copies of a
newly generated shared random bitstream.  You then unplug them and take
them to two different places, where each can be read out just once, over
USB.  That wouldn't work well for an NxN communication mesh, but for
high volume high security communication, such as working mostly from
home post-Covid, you could easily physically carry a fresh bag of OTP
bits between work and home every few weeks to key your VPN.

Such a device could probably be read, copied, and then reproduced for
use by a hapless victim, by taking it apart and doing decapsulation and
chip probing.  But that would require a targeted attack.  The public
gains privacy and safety every time we upgrade our protocols to require
a targeted attack, instead of a mass surveillance attack that succeeds.

	John

More information about the cryptography mailing list