On Tue, Jul 30, 2013 at 01:15:15PM -0500, Karl Fogel wrote: > Andy Isaacson <[email protected]> writes: > >> OneTime 2.0-beta is ready for review and testing, as threatened [1]. See > >> > >> http://red-bean.com/onetime/ > > > >At a quick glance, it appears you have not added any message > >authenticity to the system, correct? Do you have any thoughts on how to > >add tamper resistance to onetime? > > Well, I figured the pad is the authentication. If the message decrypts > at all, then the person who sent it to you must have the pad you expect > them to have, so they must be the person you think they are :-). > > (Or did you mean something else, like message integrity?)
Yes, I'm thinking of the bit flip attack. Is a message still authentic if it's been modified in transit? (Agreed that message integrity is a more accurate term.) Ah, I see that you're compressing the plaintext before OTP, so many simple bitflips result in a decompression error. However if the attacker knows (part of) the plaintext or has a good guess, they can still modify the message. -andy -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
