Look at this as a chance to test the hypothesis that one-time pad systems aren't very useable in practice... :-)
OneTime 2.0-beta is ready for review and testing, as threatened [1]. See http://red-bean.com/onetime/ for download information, etc. OneTime is meant to make one-time pad encryption useable -- or as useable as it can be, anyway. You have to supply the pads (make sure you get truly random data), but OneTime tries to handle the bookkeeping to keep track of which parts of which pads have been used up. Version 1.x has been out for some years, and is packaged in Debian. Naturally it's hard to know who's been using it, though I've heard of a few instances anecdotally. Although this release changes the encryption output format [2], OneTime 2.x can still read 1.x files, and I tried to make the upgrade path as automatic as possible. Most users should be able to just start using 2.x and have the only noticeable consequence be that their interlocutors also need to upgrade. I'm calling it "beta" until it's gotten some review, and won't update the Debian package until there's been some time for review. One-time pads are so simple that implementing them in software doesn't count as the sin of "writing your own crypto", IMHO -- though sharp-eyed reviewers could certainly prove me wrong :-). The point of OneTime is just to provide a UI and a standard format. But that doesn't mean it can't have bugs, of course; please note that neither OpenITP nor any other organization I'm affiliated with is responsible for such bugs. I'll be offline for a few weeks on vacation starting around now, so please just post comments as issues in GitHub (or Gitorious, if you prefer; it's hosted in both places and I'll check both). And if you're a user, I'll be happy to exchange pads with you the next time we see each other at a conference. Best, -Karl [1] https://mailman.stanford.edu/pipermail/liberationtech/2013-July/009981.html [2] It's a long story why the output format needed upgrading -- it has to do with making more efficient use of pad space; 2.x is noticeably better than 1.x in this regard, except for plaintexts that were already compressed. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
