I'm basically of the opinion that "one time pad" == "snake oil" and there's not a whole lot left to be discussed from there until we have SAT-solving quantum computers
On Tue, Mar 24, 2015 at 9:25 PM, Joseph Bonneau <[email protected]> wrote: > Beyond the fact that switching to one-time pad addresses such a tiny risk > compared to other risks to users that this is inherently dumb and the app > is almost certainly broken in many other ways, I might assign the following > question to a Crypto 101 undergraduate course: > > "Zendo is using one-time pads, which can remove vulnerability to a > symmetric cipher being cryptanalyzed successfully. However, what are three > ways that Zendo still relies on symmetric crypto primitives for its > security?" > > Answer: > > 1) Most mobile devices can't generate 500k of true randomness in a short > period of time, so they're using a PRNG to generate it. > > 2) They can't transfer 500k of one-time pad over the visual channel (which > they assume is secure) so they transmit an AES-256 key over that channel, > then encrypt the one-time pad and send it over a data channel. > > 3) They are using HMAC, instead of a one-time MAC based on universal > hashing. > > The third one is actually an easy fix, they probably just didn't know > about this and there isn't really library support sitting around. The first > two they can't very easily fix. > > On Mar 24, 2015 5:14 PM, "Tony Arcieri" <[email protected]> wrote: > >> Some delicious http://snakeoil.cr.yp.to/ >> >> On Tue, Mar 24, 2015 at 3:01 PM, Tim Bray <[email protected]> wrote: >> >>> http://techcrunch.com/2015/03/24/one-time-pads-ride-again/ Typically >>> semiliterate write-up. >>> >>> -- >>> - Tim Bray (If you’d like to send me a private message, see >>> https://keybase.io/timbray) >>> >>> _______________________________________________ >>> Messaging mailing list >>> [email protected] >>> https://moderncrypto.org/mailman/listinfo/messaging >>> >>> >> >> >> -- >> Tony Arcieri >> >> _______________________________________________ >> Messaging mailing list >> [email protected] >> https://moderncrypto.org/mailman/listinfo/messaging >> >> -- Tony Arcieri
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
