Comments on: The One-Time Pad Hard Drive

By: Aaron Toponce : The NSA and Nubmer Stations- An Historical Perspective

Aaron Toponce : The NSA and Nubmer Stations- An Historical Perspective — Thu, 20 Jun 2013 05:49:36 +0000

[…] OTP can be an effective and practical way to send messages securely. I mentioned almost a year ago, of a way to create a USB hard drive with a OTP on the drive. Both the sender and the recipient have an exact copy of the drive, along with a software utility […]

By: Aaron Toponce

Aaron Toponce — Mon, 27 Aug 2012 17:00:35 +0000

Encrypting the hard drive? Well, if the drive is lost or stolen, you don’t want the bad guys to have access to the keys, do you? So, use something like LUKS, TrueCrypt or eCryptfs to encrypt the keys on the drive.

By: Nikos Fotiou

Nikos Fotiou — Mon, 27 Aug 2012 13:56:15 +0000

Can you please elaborate comment 2 a bit more?

By: Aaron Toponce

Aaron Toponce — Mon, 27 Aug 2012 01:09:43 +0000

If the key is not the same length as the message, then it’s not a one-time pad. That’s how it offers perfect secrecy.

By: Alan Bell

Alan Bell — Sun, 26 Aug 2012 20:46:21 +0000

better to use standard length key sizes, and have one set per direction. If you try and match the key size to the message then you give away the exact message length. If they are all 1024 bytes long or some other convenient size then you waste some bits (big deal) but leak less about your message. In fact if your keys are all bigger than any message you might want to send then you are giving away the least. The problem with one time pad is the requirement of distribution of the keys in advance. You can’t really securely negotiate keys over the wire.

By: Aaron Toponce

Aaron Toponce — Sun, 26 Aug 2012 16:24:03 +0000

I thought about that, and the reason I decided against it, is because then every first byte starts with 0 or 1 for every message exchanged. While the rest of the data may be random, that first byte is not.

By: Jason

Jason — Sun, 26 Aug 2012 16:01:19 +0000

I don’t see the benefit of having varying key sizes. Why not just use a drive filled with random data, and use a system where you start at byte 0, and for each message exchanged, you walk through the key bytes and consume whatever is needed for that message size. If we’ve previously exchanged 31337 bytes of messages in the past, then the next message uses key data offset from 31338 through to the exact length of the new message.

There is a race condition problem if you both want to send a message at the same time, you may accidentally start at the same offset. If you both send messages using the same OTP then you’ve just broken the security. But then your proposal has this problem too, so it would need to be solved in any case.