I know theres AES and PGP, but all electronics stuff still has backdoors. You can’t backdoor a piece of paper and a writing utensil.
I know theres AES and PGP, but all electronics stuff still has backdoors. You can’t backdoor a piece of paper and a writing utensil.
Hmm yea cool, problem is, its not reusable. You have to generate new keys every time. Kinda not easy to constantly exchange new keys if you are… say a group of revolutionaries hiding from the government. 👀
This is how all modern cryptography works. A deterministic cipher is functionally no different from pig Latin when it comes to actual security. An electronic solution like public key cryptography is infinitely more secure. If you’re especially paranoid you can generate the cryptotext locally and send it by email; that would be much safer than anything you could achieve by hand.
I would think mailing a flash drive with the key and sending the message electronically would be safer. One requires knowledge of the other.
That’s assuming the key and message are entirely independent. If you or the recipient isthe type of person or doing the types of things that would attract surveillance from a nation state (because realistically that’s the one of the only scenarios where non-esoteric privacy practices might not cut it), it’s not unrealistic that they’d intercept both your digital and physical mail and would be able to correlate them. At least with public key encryption, the private key is never actually in transit.
And that’s why if you’re in that position, you should have already shared your public key with them long in advance and your private key stays encrypted on an air-gapped laptop running Tails + CoreBoot. The message stays encrypted and you’re the only one with the physical device and knowledge to decipher it.
But that all comes down to security vs convenience. I’m super glad passkeys are starting to become available in a lot more places. They’re super convenient and if you use a password manager responsibly with a hardware key, they’re just as secure as the locks on your house.
Which is to say, not very, because ultimately nothing beats a $5 wrench.
That’s why you make a stack of them. Generate hundreds up-front and you don’t need to generate new every time.
Hmm okay I was actually thinking of using this for journaling… so keeping a stack of OTP codes right next to my journal isn’t quite useful…
gotta keep my evil plans for world domination a secret… MUAHAHAHAHA 😈
Hmm, you’re probably going to get a lot of answers assuming you wanted to do secure communication, not secure journaling. Different beasts I would think.
In-band periodic key-exchange. Pre-arrange that keys expire every X messages, and that the last (Xth) message is dedicated to sending the new key encrypted by the previous one.
I’m certainly not an expert.
But could you generate pads from mutually accessible data sources?
Like use hit_me_baby_one_more_time_not_a_virus.mp3 appended with a password, as a seed in a pseudo random number generating algorithm, then do the same thing with another data source, repeat however many times, then XOR the generated numbers together, and use the result as a pad?
Steganography may be interesting in that vein. Hiding data within larger images / sound files etc.
That’s no longer a one time pad. That’s closer to a homebrew stream cipher with the weakness of having a key that you just hope no one notices.
Neat, yeah Wikipedia says steam cipher approximate one time pads but can also be completely insecure.
I think it would take one hell of an effort to crack, it would be like 3MB encryption right? Or if they guessed the scheme they could try all mp3s ever torrented XOR’ed in every possible combination.
Idk I think there’s something workable there but I only having a casual knowledge
Also I think OP wanted pen and paper so maybe use a book instead digital files.
So, the size of the key doesn’t directly relate to the size of the cipher, which also doesn’t directly relate to security. AES is 128 bit , can have 128, 192, or 256 but keys and is currently not known to have any workable weaknesses.
Largely a cipher isn’t weak if guessing the key is the only weakness, since every cipher is vulnerable to brute force. It’s weak if you can figure out the message without needing the key.
So how does generating a one time pad from mutually accessible data fit into this scheme. Is the pad the cipher or the key?
If two people agreed that the pad would be the output of a particular pRNG given the 3rd paragraph of the second article on the third page of that day’s newspaper as a seed.
The attack vector would be shortcomings in the pRNG I guess? Which could result in the possibility of some sort of statistical language attack?
Or the attacker could guess the newspaper text & algorithm.