Security Basics mailing list archives
Re: One-Time Pad software?
From: FocusHacks <focushacks () gmail com>
Date: Wed, 14 Feb 2007 08:34:13 -0600
Thanks to everyone who gave some input on this. I thought I'd share my findings with the list, hopefully someone will find it slightly interesting. If not, just ignore me. I found that newLISP offers an "encrypt" function which is an XOR that will loop the key if it is shorter than the clear. I did tinker around a bit with doing a manual XOR of two strings in newLISP as follows: (set 'ccharlist (map char (explode "secbasics"))) -> (115 101 99 98 97 115 105 99 115) (set 'kcharlist (map char (explode "P45$w0rd!"))) -> (80 52 53 36 119 48 114 100 33) (set 'cryptostring (join (map char (map ^ ccharlist kcharlist)))) -> "#QVF\022C\027\007R" Where non-printables are \xxx I came up with the following all-inclusive script: #!/usr/bin/newlisp (cond( (< (length (main-args)) 5) (println "USAGE: crypt.lsp [pad] [file] [output] [pad-remainder]") ) (true (map set '(pad target output remainder) (rest (rest (main-args)))) (write-file output (encrypt (read-file target) (read-file pad))) (write-file remainder (slice (read-file pad) (length (read-file target)))) ) ) (exit) The only thing that needs to be done is to secure-erase the original pad and clear files once done with them. [pad] = any file, text or binary, for random data. Could be a dd dump from /dev/urandom for all it cares. [file] = Cleartext file to encrypt, or encrypted file to decrypt against the pad. [output] = resulting encrypted or decrypted file [pad-remainder] = remaining contents of the one-time pad file to use for future communications. If both parties have a copy of the original pad, and always use [pad-remainder] for the next encryption or decryption operation, the pads will stay in sync. Most linux distributions come with shred(1) to securely erase files. Mac OS X has srm(1) - Secure rm OpenBSD (and other BSDs?) accept the -P flag to rm(1), which isn't quite as flexible as shred or srm, but it does overwrite the files before erasing them. I believe you'd need a third party tool on Windows to securely erase files. That's neither here nor there, though. I chalk this exercise up to paranoia. :P -- http://www.focushacks.com/focushacks-gpg.txt - My GPG encryption key
Current thread:
- One-Time Pad software? FocusHacks (Feb 02)
- Re: One-Time Pad software? Thierry Zoller (Feb 02)
- Re: One-Time Pad software? profeten (Feb 02)
- Re: One-Time Pad software? Atom Smasher (Feb 05)
- Re: One-Time Pad software? FocusHacks (Feb 05)
- Re: One-Time Pad software? Atom Smasher (Feb 05)
- Re: One-Time Pad software? FocusHacks (Feb 05)
- <Possible follow-ups>
- Re: One-Time Pad software? profeten (Feb 05)
- Re: One-Time Pad software? FocusHacks (Feb 14)