[Cryptography] One-time pads in modern crypto software?

[Jerry Leichter]

> 
>> The hard problem is secure deletion.
>> 
>> Reusing a SD card is a no-no, some of the old data will be retained in "unused" sectors. A similar problem occurs once the pad is on a device.
> 
> Now we come to my favorite technique of secure deletion -- thermite. You can probably use a cooler fire with SD cards. But they are so cheap now the destroying them is only a very small part of the real cost of a one-time pad system.
Thermite is overkill.  A device like this is powered and you could easily have a circuit that collects charge to the point where it could physically damage itself beyond recovery.  USB killers are a proof of concept.

However, this doesn't effectively solve the real problem.  Yes, when you've completely used up the device's random bits, you want to destroy it.  But you also want to destroy bits as soon as they are used, and it's not as if you want to plug in a new chip for each message.

A more realistic solution is to recognize that physical protection of devices is something we're pretty good at.  Preventing an attacker from actually getting at a chip inside an appropriately protected encapsulation - with self-destruction as a fallback before he can even get very close - is something we can achieve.  Then it's a matter of straightforward logic within the device to never reuse any of the data.

                                                        -- Jerry