Re: Looking for One Time Pad Software, small with gui for WIN.

From: Kev (kev_at_novercia.f9.co.uk)
Date: 01/11/04 

Date: 11 Jan 2004 13:30:07 -0800

"David Eather" <eather@tpg.com.au> wrote in message news:<3fffa1bf@dnews.tpgi.com.au>...
> Hummm,
>
> I not fully convinced, but I will take it on spec. i suspect that the first
> requirement for secure computer communication is the physical security of
> the computer and the immediate environment.
>
> David Eather

Yes - securing the computer is the key to preventing a side-channel
attack. Such attacks hinge on gaining access (either physical or
remote) to the target machine. If you can't access it, you can't
attack it. So if your OTP is implemented using secure, purpose-built
tamper-resistant hardware, you're pretty much laughing.

But the OP was talking about a OTP on a Windows PC. I think I can
safely say, without fear of contradiction, that a typical Windows PC
is not very secure. The thing to remember is that when you implement a
cryptosystem on a computer, the computer *becomes* the cryptosystem.
And so any weaknesses in the computer become weaknesses in the
cryptosystem. Not much point using a OTP if the plaintext is still
sitting in the swap file. So you need to be aware of the side-channel
attacks (data recovery, key logging, memory sniffing, etc.) and build
in countermeasures to resist them. This is in addition to physically
securing the machine. Any oversight in securing the computer opens a
potential avenue for a side-channel attack which can sidestep (and
therefore defeat) the 'unbreakable' OTP.

Relevant Pages

  • Re: How 2 secure PC-PC data transfer
    ... The assumption that you are going to open your machine to attack is one of the worst ideas ... I have no idea what you mean by "not that secure". ... connecting a parallel port cable from PC to PC will work. ... If you have a front-end software that blocks all incoming FTP requests from the WAN (look ...
    (microsoft.public.vc.mfc)
  • Re: Erasing an OTP file on a SD card.
    ... I implemented One Time Pad under AES 256 bits CBC ... In our system you can't use OTP alone. ... secure than other systems, but in the worst case it has no advantage ...
    (sci.crypt)
  • Re: What is a "perfect secret" ?
    ... strength" means a guarantee of certain truth with respect ... Even if we assume that ideal physical randomness exists, ... >]All real implementations of the OTP are imperfect to ... >]of successful attack in the literature. ...
    (sci.crypt)
  • Re: Ask EU - Norton AV 2006
    ... >>It is true that an attacker could reprogram a network card so that his ... >>knowledge of your network setup before he could construct his attack. ... When you are on a secure site, ... from a "certificate authority" as a means of getting your browser to ...
    (uk.media.radio.archers)
  • Re: My little something...
    ... Its more unlikely that attack on 1024 ECC to subvert it to weaker than ... More secure ofcourse. ... Dont give BS about two cascading ciphers not neccessarely being more ... 10101 as hash. ...
    (sci.crypt)