Andy Isaacson <[email protected]> writes: >> OneTime 2.0-beta is ready for review and testing, as threatened [1]. See >> >> http://red-bean.com/onetime/ > >At a quick glance, it appears you have not added any message >authenticity to the system, correct? Do you have any thoughts on how to >add tamper resistance to onetime?
Well, I figured the pad is the authentication. If the message decrypts at all, then the person who sent it to you must have the pad you expect them to have, so they must be the person you think they are :-). (Or did you mean something else, like message integrity?) When decryption fails, one sees an error like: "DecodingError: unable to decode (wrong pad?)". There's a regression test for this, by the way. Best, -K -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
