| Date: | 2015-05-17 |
|---|---|
| Author: | Roland Smith |
The onepad.py script is a program to use binary one-time pads. This is
a port and simplification of a previous version written in C.
The onepad.py program reads a file and a key and then combines them using
the exclusive-or operation. The resulting data is written to standard output.
Key files and encrypted files are stored as base64 encoded text.
Plaintext is compressed with bzip2 before encryption. Ciphertext is likewise decompressed after decryption.
Keep in mind that this program was written as an exercise. In theory, one-time pads offer perfect security if:
- The used keys are really random.
- Each key is only used only once.
- The keys are only known to the sender and recipient.
In practice using e.g. public key cryptography is much more convenient and probably more secure.
The genpad.py program gets the random data for the one-time pads from
os.urandom. So whether the keys are usable depends on the underlying
implementation. If implemented correctly operating systems gather randomness
from unpredictable events like keystrokes, mouse movements and arriving
network packets. This can be used to (re-)seed a cryptographically secure
pseudo-random number generator. (CSPRNG) But you should investigate the
quality of the keys before trusting them!
The tests now include a randomness test of a large key.
If a key is re-used, the one-time pad is transformed into a running key cipher, which is much less secure. Keys should be destroyed by e.g. overwriting them with zeroes after use.
Since the keys are as long as the message, transporting them securely is a problem. You could e.g. generate a lot of keys, put those on a storage device and courier that to the recipient. But this is only secure if the keys aren't intercepted. So in practice, using public key cryptography is much easier.