Re: [liberationtech] scrambler
I'm really astonished. The method he uses to implement the one-time pad is plain ridiculous. A complete lookup table which maps each possible byte to another is consumed per byte transferred, making the pad 256 times (which could even be optimized to 255) larger than the message. The author has no clue at all. Quoting the Scrambler website: The drawback of the one-time cypher pad encryption method is that to encrypt a message without reusing the one-time cypher pad requires it to be 256 times the size of the message. Encrypting a one megabyte file without reusing the one-time cypher pad requires it to be 256 megabytes. While it is recommended that you do not reuse one-time cypher pads, Scrambler will do so. The author doesn't understand how to construct one-time pads, and flouts the most important rule of using them. Avoid this software like the plague. Cheers, Michael Seth David Schoen sch...@eff.org wrote: Michael Hicks writes: ok so I guess I just send u guys the links and u check out my software and Vet it? This was made for people to be able to protect their privacy and the NSA can't hack it No One can it's impossible. all the information is at scrambler.webs.com It's true that no one can crack a one-time pad, which your software claims to implement. A one-time pad might be useful for some people, though it's possible that they shouldn't then use a computer to encrypt and decrypt, because using a computer introduces new vulnerabilities (like radiofrequency emanations and remote software exploits). There might still be cryptographic vulnerabilities in the random number generation that your software uses. There was recently a high-profile vulnerability in the random number generation provided by the Java implementation on Android, which allowed keys to be compromised. If there were a similar vulnerability in the Java implementations people use with your software, it might have similar consequences -- which might not be the fault of your software, but might still undermine its security. A one-time pad is probably not very useful to most people who need to communicate securely because they have to find a safe way, ahead of time, to distribute and store the key material with each potential party that they may communicate with. That's a pretty heavy burden, especially when people are meeting new contacts and wanting to communicate with those contacts (without having been able to arrange a prior physical key distribution). It also doesn't integrate easily with any form of communications other than exchanging files, although it would be possible to extend it to other things like e-mail or IM if you could manage the sequence numbers properly to avoid reusing key material (something our existing protocols don't really help with). If you read _Between Silk and Cyanide_, there's a good and interesting historical account of wartime military use of one-time pads. One of the messages seems to be that it was quite expensive and cumbersome, though perhaps well worth it for the particular application. It's hard to imagine many audiences prepared to actually bear these costs for many of their communications today. We already see people complaining about the effort and overhead of things like PGP merely because some aspects of the key management are made explicit to the user. For one-time pads _every_ aspect of key management is made explicit -- and manual, and requiring the exchange of physical objects! My intuition is that people who feel that one-time pads are necessary should probably learn to operate them by hand, the way the SOE agents in that book did. -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] scrambler
it's the purpose so that it is Unable to be hacked. trying to use complete privacy for the American people. It's the same thing used by government we know cuz our software designer works for DOD. From: konfku...@riseup.net konfku...@riseup.net To: liberationtech liberationtech@lists.stanford.edu Sent: Friday, August 30, 2013 6:33 AM Subject: Re: [liberationtech] scrambler I'm really astonished. The method he uses to implement the one-time pad is plain ridiculous. A complete lookup table which maps each possible byte to another is consumed per byte transferred, making the pad 256 times (which could even be optimized to 255) larger than the message. The author has no clue at all. Quoting the Scrambler website: The drawback of the one-time cypher pad encryption method is that to encrypt a message without reusing the one-time cypher pad requires it to be 256 times the size of the message. Encrypting a one megabyte file without reusing the one-time cypher pad requires it to be 256 megabytes. While it is recommended that you do not reuse one-time cypher pads, Scrambler will do so. The author doesn't understand how to construct one-time pads, and flouts the most important rule of using them. Avoid this software like the plague. Cheers, Michael Seth David Schoen sch...@eff.org wrote: Michael Hicks writes: ok so I guess I just send u guys the links and u check out my software and Vet it? This was made for people to be able to protect their privacy and the NSA can't hack it No One can it's impossible. all the information is at scrambler.webs.com It's true that no one can crack a one-time pad, which your software claims to implement. A one-time pad might be useful for some people, though it's possible that they shouldn't then use a computer to encrypt and decrypt, because using a computer introduces new vulnerabilities (like radiofrequency emanations and remote software exploits). There might still be cryptographic vulnerabilities in the random number generation that your software uses. There was recently a high-profile vulnerability in the random number generation provided by the Java implementation on Android, which allowed keys to be compromised. If there were a similar vulnerability in the Java implementations people use with your software, it might have similar consequences -- which might not be the fault of your software, but might still undermine its security. A one-time pad is probably not very useful to most people who need to communicate securely because they have to find a safe way, ahead of time, to distribute and store the key material with each potential party that they may communicate with. That's a pretty heavy burden, especially when people are meeting new contacts and wanting to communicate with those contacts (without having been able to arrange a prior physical key distribution). It also doesn't integrate easily with any form of communications other than exchanging files, although it would be possible to extend it to other things like e-mail or IM if you could manage the sequence numbers properly to avoid reusing key material (something our existing protocols don't really help with). If you read _Between Silk and Cyanide_, there's a good and interesting historical account of wartime military use of one-time pads. One of the messages seems to be that it was quite expensive and cumbersome, though perhaps well worth it for the particular application. It's hard to imagine many audiences prepared to actually bear these costs for many of their communications today. We already see people complaining about the effort and overhead of things like PGP merely because some aspects of the key management are made explicit to the user. For one-time pads _every_ aspect of key management is made explicit -- and manual, and requiring the exchange of physical objects! My intuition is that people who feel that one-time pads are necessary should probably learn to operate them by hand, the way the SOE agents in that book did. -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list
Re: [liberationtech] scrambler
Thank you so much we appreciate your opinion and facts. would you have any recommendations? something we could fix? the whle purpose of this software is to give the American people privacy and not have to worry about the NSA's spying. From: Michael Hicks scramblerencrypt...@yahoo.com To: liberationtech liberationtech@lists.stanford.edu Sent: Friday, August 30, 2013 1:43 PM Subject: Re: [liberationtech] scrambler it's the purpose so that it is Unable to be hacked. trying to use complete privacy for the American people. It's the same thing used by government we know cuz our software designer works for DOD. From: konfku...@riseup.net konfku...@riseup.net To: liberationtech liberationtech@lists.stanford.edu Sent: Friday, August 30, 2013 6:33 AM Subject: Re: [liberationtech] scrambler I'm really astonished. The method he uses to implement the one-time pad is plain ridiculous. A complete lookup table which maps each possible byte to another is consumed per byte transferred, making the pad 256 times (which could even be optimized to 255) larger than the message. The author has no clue at all. Quoting the Scrambler website: The drawback of the one-time cypher pad encryption method is that to encrypt a message without reusing the one-time cypher pad requires it to be 256 times the size of the message. Encrypting a one megabyte file without reusing the one-time cypher pad requires it to be 256 megabytes. While it is recommended that you do not reuse one-time cypher pads, Scrambler will do so. The author doesn't understand how to construct one-time pads, and flouts the most important rule of using them. Avoid this software like the plague. Cheers, Michael Seth David Schoen sch...@eff.org wrote: Michael Hicks writes: ok so I guess I just send u guys the links and u check out my software and Vet it? This was made for people to be able to protect their privacy and the NSA can't hack it No One can it's impossible. all the information is at scrambler.webs.com It's true that no one can crack a one-time pad, which your software claims to implement. A one-time pad might be useful for some people, though it's possible that they shouldn't then use a computer to encrypt and decrypt, because using a computer introduces new vulnerabilities (like radiofrequency emanations and remote software exploits). There might still be cryptographic vulnerabilities in the random number generation that your software uses. There was recently a high-profile vulnerability in the random number generation provided by the Java implementation on Android, which allowed keys to be compromised. If there were a similar vulnerability in the Java implementations people use with your software, it might have similar consequences -- which might not be the fault of your software, but might still undermine its security. A one-time pad is probably not very useful to most people who need to communicate securely because they have to find a safe way, ahead of time, to distribute and store the key material with each potential party that they may communicate with. That's a pretty heavy burden, especially when people are meeting new contacts and wanting to communicate with those contacts (without having been able to arrange a prior physical key distribution). It also doesn't integrate easily with any form of communications other than exchanging files, although it would be possible to extend it to other things like e-mail or IM if you could manage the sequence numbers properly to avoid reusing key material (something our existing protocols don't really help with). If you read _Between Silk and Cyanide_, there's a good and interesting historical account of wartime military use of one-time pads. One of the messages seems to be that it was quite expensive and cumbersome, though perhaps well worth it for the particular application. It's hard to imagine many audiences prepared to actually bear these costs for many of their communications today. We already see people complaining about the effort and overhead of things like PGP merely because some aspects of the key management are made explicit to the user. For one-time pads _every_ aspect of key management is made explicit -- and manual, and requiring the exchange of physical objects! My intuition is that people who feel that one-time pads are necessary should probably learn to operate them by hand, the way the SOE agents in that book did. -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest
Re: [liberationtech] scrambler
We have experts in this field working on this problem. It's probably best that you leave it to them. In the meantime, follow Seth's advice if you need the strength of an OTP; do it manually. Bryan From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Michael Hicks Sent: Friday, August 30, 2013 12:51 PM To: Michael Hicks; liberationtech Subject: Re: [liberationtech] scrambler Thank you so much we appreciate your opinion and facts. would you have any recommendations? something we could fix? the whle purpose of this software is to give the American people privacy and not have to worry about the NSA's spying. _ From: Michael Hicks scramblerencrypt...@yahoo.com To: liberationtech liberationtech@lists.stanford.edu Sent: Friday, August 30, 2013 1:43 PM Subject: Re: [liberationtech] scrambler it's the purpose so that it is Unable to be hacked. trying to use complete privacy for the American people. It's the same thing used by government we know cuz our software designer works for DOD. _ From: konfku...@riseup.net konfku...@riseup.net To: liberationtech liberationtech@lists.stanford.edu Sent: Friday, August 30, 2013 6:33 AM Subject: Re: [liberationtech] scrambler I'm really astonished. The method he uses to implement the one-time pad is plain ridiculous. A complete lookup table which maps each possible byte to another is consumed per byte transferred, making the pad 256 times (which could even be optimized to 255) larger than the message. The author has no clue at all. Quoting the Scrambler website: The drawback of the one-time cypher pad encryption method is that to encrypt a message without reusing the one-time cypher pad requires it to be 256 times the size of the message. Encrypting a one megabyte file without reusing the one-time cypher pad requires it to be 256 megabytes. While it is recommended that you do not reuse one-time cypher pads, Scrambler will do so. The author doesn't understand how to construct one-time pads, and flouts the most important rule of using them. Avoid this software like the plague. Cheers, Michael Seth David Schoen sch...@eff.org wrote: Michael Hicks writes: ok so I guess I just send u guys the links and u check out my software and Vet it? This was made for people to be able to protect their privacy and the NSA can't hack it No One can it's impossible. all the information is at scrambler.webs.com It's true that no one can crack a one-time pad, which your software claims to implement. A one-time pad might be useful for some people, though it's possible that they shouldn't then use a computer to encrypt and decrypt, because using a computer introduces new vulnerabilities (like radiofrequency emanations and remote software exploits). There might still be cryptographic vulnerabilities in the random number generation that your software uses. There was recently a high-profile vulnerability in the random number generation provided by the Java implementation on Android, which allowed keys to be compromised. If there were a similar vulnerability in the Java implementations people use with your software, it might have similar consequences -- which might not be the fault of your software, but might still undermine its security. A one-time pad is probably not very useful to most people who need to communicate securely because they have to find a safe way, ahead of time, to distribute and store the key material with each potential party that they may communicate with. That's a pretty heavy burden, especially when people are meeting new contacts and wanting to communicate with those contacts (without having been able to arrange a prior physical key distribution). It also doesn't integrate easily with any form of communications other than exchanging files, although it would be possible to extend it to other things like e-mail or IM if you could manage the sequence numbers properly to avoid reusing key material (something our existing protocols don't really help with). If you read _Between Silk and Cyanide_, there's a good and interesting historical account of wartime military use of one-time pads. One of the messages seems to be that it was quite expensive and cumbersome, though perhaps well worth it for the particular application. It's hard to imagine many audiences prepared to actually bear these costs for many of their communications today. We already see people complaining about the effort and overhead of things like PGP merely because some aspects of the key management are made explicit to the user. For one-time pads _every_ aspect of key management is made explicit -- and manual, and requiring the exchange of physical objects! My intuition is that people who feel that one-time pads are necessary should probably learn to operate them by hand, the way the SOE agents in that book did. -- Seth Schoen sch...@eff.org Senior Staff Technologist
Re: [liberationtech] scrambler
On 08/30/2013 01:51 PM, Michael Hicks wrote: Thank you so much we appreciate your opinion and facts. would you have any recommendations? something we could fix? the whle purpose of this software is to give the American people privacy and not have to worry about the NSA's spying. The American people are going to have to worry about wide-net surveillance into the foreseeable future, because it is the result of wide-net ignorance about the benefits and drawbacks of one's metadata and a large body of one's online messages having zero marginal cost. Furthermore, some of the tools that have cropped up from that ignorance are ingrained and not possible to do in a privacy-preserving manner. Look at the consequences of the NSA giving access to such a large number of contractors, and compare that to the Facebook user with a thousand friends. If a person wants to give that large a level of access to their data, the network design is essentially irrelevant. The data _will_ get used and abused by third parties, not only in ways detrimental to the author of the data but probably also in ways the author didn't anticipate (and possibly far into the future). Last but not least, those centralized networks are designed to make it socially awkward to protect oneself. Most people would worry about offending people if they went from 1,000 friends to somewhere between 10 and 20. That's because, unlike the networks, people are moral actors. What might be effective is a movement to get a bunch of people to cut their amount of Facebook friends down to some agreed upon number. Not only for reasons of resisting surveillance, but also of improving our lives and making the Facebook Wall more meaningful-- i.e., fighting spam. If everyone does it at the same time, hurt feelings are much less likely. And that would make a much bigger impact on surveillance than one-time pads, because it would affect the bottom line of a very poorly-designed social network. Best, Jonathan *From:* Michael Hicks scramblerencrypt...@yahoo.com *To:* liberationtech liberationtech@lists.stanford.edu *Sent:* Friday, August 30, 2013 1:43 PM *Subject:* Re: [liberationtech] scrambler it's the purpose so that it is Unable to be hacked. trying to use complete privacy for the American people. It's the same thing used by government we know cuz our software designer works for DOD. *From:* konfku...@riseup.net konfku...@riseup.net *To:* liberationtech liberationtech@lists.stanford.edu *Sent:* Friday, August 30, 2013 6:33 AM *Subject:* Re: [liberationtech] scrambler I'm really astonished. The method he uses to implement the one-time pad is plain ridiculous. A complete lookup table which maps each possible byte to another is consumed per byte transferred, making the pad 256 times (which could even be optimized to 255) larger than the message. The author has no clue at all. Quoting the Scrambler website: The drawback of the one-time cypher pad encryption method is that to encrypt a message without reusing the one-time cypher pad requires it to be 256 times the size of the message. Encrypting a one megabyte file without reusing the one-time cypher pad requires it to be 256 megabytes. While it is recommended that you do not reuse one-time cypher pads, Scrambler will do so. The author doesn't understand how to construct one-time pads, and flouts the most important rule of using them. Avoid this software like the plague. Cheers, Michael Seth David Schoen sch...@eff.org mailto:sch...@eff.org wrote: Michael Hicks writes: ok so I guess I just send u guys the links and u check out my software and Vet it? This was made for people to be able to protect their privacy and the NSA can't hack it No One can it's impossible. all the information is at scrambler.webs.com It's true that no one can crack a one-time pad, which your software claims to implement. A one-time pad might be useful for some people, though it's possible that they shouldn't then use a computer to encrypt and decrypt, because using a computer introduces new vulnerabilities (like radiofrequency emanations and remote software exploits). There might still be cryptographic vulnerabilities in the random number generation that your software uses. There was recently a high-profile vulnerability in the random number generation provided by the Java implementation on Android, which allowed keys to be compromised. If there were a similar vulnerability in the Java implementations people use with your software, it might have similar consequences -- which might not be the fault of your software, but might still undermine its security. A one-time pad is probably not very useful to most people who need to communicate securely because they have to find a safe way, ahead of time, to distribute and store the key material
Re: [liberationtech] scrambler
On Thu, Aug 29, 2013 at 12:15:17PM -0700, Michael Hicks wrote: ok so I guess I just send u guys the links and u check out my software and Vet it? This was made for people to be able to protect their privacy and the NSA can't hack it No One can it's impossible. all the information is at scrambler.webs.com Your description of how a OTP works is not correct. At http://scrambler.webs.com/how-does-it-work you write: The drawback of the one-time cypher pad encryption method is that to encrypt a message without reusing the one-time cypher pad requires it to be 256 times the size of the message. Encrypting a one megabyte file without reusing the one-time cypher pad requires it to be 256 megabytes. This is incorrect. A one-time pad needs to be the same size as the message being encrypted, not 256 times as large. OTP implementations such as onetime (http://red-bean.com/onetime/) implement this properly, using one byte of pad to encrypt one byte of plaintext. Making such a fundamental mistake in the basic definition of the cipher you're promoting is not a good sign that you're capable of implementing it securely. Continuing on, though... While it is recommended that you do not reuse one-time cypher pads, Scrambler will do so. Well, that's a really bad idea, because reusing a OTP makes it completely trivial to break. Instead of the method you've described, I would recommend that you look at how onetime tracks which pad bytes have been used, and ensures they are never reused. After Scrambler has completed encrypting the message that required it to reuse the one-time cypher pad chosen for encryption, Scrambler will notify you that the one-time cypher pad was reused and should be discarded. Scrambler can be used to encrypt a file up to approximately 1.84E19 bytes in size without reusing the one-time cypher pad (18,400,000,000,000,000,000, or 18 quintillion bytes; or about 18,400,000 1 TB hard drives). Of course, the one-time cypher pad will need to be 256 times 1.84E19 bytes in size to do so without recycling through the one-time cypher pad. This paragraph is nonsensical if you're actually implementing a OTP. The description you give makes me think that you're actually implementing a stream cipher with 256x ciphertext expansion. Could you clarify how Scrambler generates its cypher pads? Explaining that might help us understand how your system works in practice. -andy -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] scrambler
On Fri, Aug 30, 2013 at 9:38 PM, Andy Isaacson a...@hexapodia.org wrote: This is incorrect. A one-time pad needs to be the same size as the message being encrypted, not 256 times as large. OTP implementations such as onetime (http://red-bean.com/onetime/) implement this properly, using one byte of pad to encrypt one byte of plaintext. Making such a fundamental mistake in the basic definition of the cipher you're promoting is not a good sign that you're capable of implementing it securely. Not to imply that this guy understands what he is doing, but this is not a “fundamental mistake” — it is a peculiar suboptimal (and pointless) generalization of OTP when viewed as a stream of substitution ciphers over {0,1}^n (assuming alphabet of {0,1} here, although this can be generalized, too). The real OTP specifies a permutation for each bit (n=1), and you need one bit to specify such a permutation: the bit to which bit 0 is mapped. Coincidentally, this is equivalent to addition in Z_2 (XOR). Scrambler uses n=8, and optimally you would need log_2(2^n) + log_2(2^n-1) + ... + log_2(2) = log_2((2^n)!) = 1684 bits to represent a permutation, whereas Scrambler uses 2048 bits. While it is recommended that you do not reuse one-time cypher pads, Scrambler will do so. Well, that's a really bad idea, because reusing a OTP makes it completely trivial to break. Not “completely trivial”. Reusing OTP lets you know the distance between corresponding letters in a pair of plaintexts for given ciphertexts — XOR for alphabet of {0,1}. So you gather 1 bit of information from 2 corresponding bits in ciphertexts. However, for the {0,1}^n generalization above you would only know whether n corresponding bits of plaintexts are same or different given 2n bits in ciphertexts — cryptanalysis would be much trickier, although in the end you would probably be able to extract the same amount of information (ignoring correlation differences) for a given (repeating) key length. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] scrambler
Michael Hicks scramblerencrypt...@yahoo.com wrote: Thank you so much we appreciate your opinion and facts. would you have any recommendations? Start by reading up on one-time pads. Probably the best source is Marcus Ranum's FAQ: http://www.ranum.com/security/computer_security/papers/otp-faq/ Another, partly my writing: http://en.citizendium.org/wiki/One-time_pad The author doesn't understand how to construct one-time pads, and flouts the most important rule of using them. Avoid this software like the plague. Right. Also, even if you get the OTP part of it right, there are still problems. One is that the system gives no protection against traffic analysis, collection use of what has being called metadata in recent news stories. Another is that, while an OTP system is provably perfectly secure against simple eavesdropping, it is inherently vulnerable to a rewrite attack: http://en.citizendium.org/wiki/Stream_cipher#Rewrite_attacks Finally, there are a whole lot of questions about things like how you generate the random numbers, how a customer can be sure his java app is not tampered with, etc. Quickly perusing your web site, I do not see answers for those. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] scrambler
ok so I guess I just send u guys the links and u check out my software and Vet it? This was made for people to be able to protect their privacy and the NSA can't hack it No One can it's impossible. all the information is at scrambler.webs.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] scrambler
Michael Hicks writes: ok so I guess I just send u guys the links and u check out my software and Vet it? This was made for people to be able to protect their privacy and the NSA can't hack it No One can it's impossible. all the information is at scrambler.webs.com It's true that no one can crack a one-time pad, which your software claims to implement. A one-time pad might be useful for some people, though it's possible that they shouldn't then use a computer to encrypt and decrypt, because using a computer introduces new vulnerabilities (like radiofrequency emanations and remote software exploits). There might still be cryptographic vulnerabilities in the random number generation that your software uses. There was recently a high-profile vulnerability in the random number generation provided by the Java implementation on Android, which allowed keys to be compromised. If there were a similar vulnerability in the Java implementations people use with your software, it might have similar consequences -- which might not be the fault of your software, but might still undermine its security. A one-time pad is probably not very useful to most people who need to communicate securely because they have to find a safe way, ahead of time, to distribute and store the key material with each potential party that they may communicate with. That's a pretty heavy burden, especially when people are meeting new contacts and wanting to communicate with those contacts (without having been able to arrange a prior physical key distribution). It also doesn't integrate easily with any form of communications other than exchanging files, although it would be possible to extend it to other things like e-mail or IM if you could manage the sequence numbers properly to avoid reusing key material (something our existing protocols don't really help with). If you read _Between Silk and Cyanide_, there's a good and interesting historical account of wartime military use of one-time pads. One of the messages seems to be that it was quite expensive and cumbersome, though perhaps well worth it for the particular application. It's hard to imagine many audiences prepared to actually bear these costs for many of their communications today. We already see people complaining about the effort and overhead of things like PGP merely because some aspects of the key management are made explicit to the user. For one-time pads _every_ aspect of key management is made explicit -- and manual, and requiring the exchange of physical objects! My intuition is that people who feel that one-time pads are necessary should probably learn to operate them by hand, the way the SOE agents in that book did. -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.