Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypted Pad Storage #8

Open
PowerPress opened this issue May 11, 2014 · 2 comments
Open

Encrypted Pad Storage #8

PowerPress opened this issue May 11, 2014 · 2 comments

Comments

@PowerPress
Copy link

This is a great program idea and I love seeing the old crypto being utilized to work with new computing systems. But I have a suggestion that would greatly enhance your program. SSD/Flash based technology is rapidly taking over magnetic hard drive space and due to wear leveling there is no 100% method to ensure that your pad media once it has been used is destroyed.

  1. Please keep all encrypted pad data stored in a AES256 file type that is opened only when the pad is in use
  2. Once the pad data has been used have it zero out or delete that pad id/section

This way for example if your program and pad data was kept on a flash drive there is no way for an adversary to decrypt past sent messages since even if wear leveling failed to successfully delete the data because it was stored on the flash media or SSD encrypted already that threat vector is solved.

Essentially this enforces the critical rule of one time pad pages being burned/destroyed after use to prevent previously sent messages from being decoded.

There will be no issue as long as you make one pad in each direction per use as you suggestion.

from bob to alice.pad and alice to bob.pad
@kfogel
Copy link
Owner

kfogel commented May 29, 2014

Thanks. It's an interesting suggestion. I think the "decrypt pad in memory, only when it's being used" feature could be implemented without complicating the code too much. (Keep in mind that one of the main purposes of OneTime: for the program's entire code to be small enough and simple enough for a moderately experienced programmer to vet. The worth of any new feature has to be weighed against this, always.)

Right now issue #2 is much more important, and is blocking a 2.0 release, so I have to put this idea on the back burner until then. But that's what issue trackers are for, luckily :-).

Zeroing out the pad is not a behavior OneTime should have, I think. One too often needs to be able to decrypt a message one has sent. Also, it wouldn't do any good for those who keep their pads on read-only media (e.g., CD-ROMs). The ~/.onetime/pad-records file exists to prevent pad range reuse; if for some reason it is unreliable, we should fix that. But I don't think OneTime should ever destroy pad data itself.

@maqp
Copy link

maqp commented Sep 26, 2016

"But I don't think OneTime should ever destroy pad data itself."

That depends on whether the conversation is intended to be ephemeral. Forward secrecy is more or less the norm and PGP gets a lot of critique for lacking it (together with deniability). The classic definition of perfect secrecy in OTPs is to destroy the pad immediately after use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kfogel @PowerPress @maqp