Skip to main content
Cryptography

Return to Revisions

4 of 7
added 274 characters in body
zuallauz
zuallauz
  • 314
  • 2
  • 8

Would this simple encrypted chat program be feasible using One Time Pads?

Lets say I want to build a simple chat program that has encryption that is impossible to crack for anyone, even a theoretical government with a massive super computer. Ok here's my idea. You'll need to read all the points to get the whole picture I think.

  • Only two people can communicate with each other with the chat program. No group conversations.
  • The people will be communicating over the internet and darknets.
  • The chat program will just handle basic characters, numbers and symbols that are on a standard US keyboard. This is to keep things simple.
  • We'll say there's a limit of 160 characters per single chat message. But obviously being a real-time chat program over the internet you can type up more than one message. Chat person #1 (Bob) generates a large list of secret random keys (or pads). Each one time pad is 160 characters long. So we end up with a long list of pads. These get put in a SQLite database or something with primary keys numbered from say 1 to 5000.
  • Bob copies the database to a USB drive/CD/DVD/Blu-ray and meets chat person #2 (Alice) in person and gives them the database. Alice loads that database up on her computer. Then they secure erase the USB drive or burn/smash the CD/DVD/Blu-ray. Anyway now they both have the same list of one time pads on their computers.
  • Ok Bob, seeing he generated the list, he uses the odd numbered primary key pads to encrypt and send messages to Alice (#1, #3, #5 etc). Alice being the person who loaded the list, uses the even numbered primary key pads (#2, #4, #6 etc) to encrypt and send messages back to Bob.
  • Each person's program always keep a record of which numbered pad they've used, so that a message doesn't get encrypted twice with the same pad. There's no mixup in one person using the same pad as the other because they're using odd and even numbered pads. The number of the pad to be used for decrypting the message could be tacked onto the end of the message. The number of the pad to be decrypted wouldn't necessarily need to be encrypted either it could just be on the end of the message eg "#123".
  • Now to secure the session, and provide a layer of protection against MITM attacks, the whole chat session could be encrypted with SSH or SSL maybe.
  • After each message is sent by the user it and the pad is secure-erased from their device. Once the receiver has read the message it is secure-erased from their device as well.
  • Pads are stored on the device using combination of 3 strong block ciphers and a strong user password that is required to be entered before the chat program will run.
  • If a user thinks they will very soon become compromised they can secure-wipe the pads on their device quickly with a button. This will also notify the other chat user that they should wipe their pads as well. Secure wipe algorithm probably something like Gutmann 35 pass.
  • Now suppose the chat session gets intercepted by an attacker (Eve) who wants to interfere with the communications, maybe trick Bob into sending another message again with the same pad so they can figure out what was said. Well she won't be able to because Bob is maintaining a list of all the pads he's used and all the numbered pads that Alice has sent him. If attacker Eve tries to send a different message to Bob to pretend it's from Alice then she can't because an HMAC of the message and pad is sent along with the ciphertext. The receiver will verify the HMAC matches at their end to ensure no tampering has occurred.
  • If Eve tampers with the number on the end specifying the pad to decrypt with then the receiver will try and decrypt that message and realise the message is garbled so they will know something is up. If she tried to re-use an old pad then Bob would know too as that message has already been received indicating tampering. Also if the number increased significantly from the last message received eg last message received was #200 and the next one received was #230 then you'd know there's been missing messages or someone playing man in the middle.
  • When the two parties have used up their 5000 messages then the chat session is ended and they'll need to regenerate a list of pads again and give them to the other chat party in person so they can continue chatting. Obviously 5000 pads is an arbitrary number. You could in theory generate a million pads and have communication with them for a life time.

Ok so that's my idea in a nutshell. Are there any potential flaws or weaknesses, or possible attack vectors you can see? What improvements would you make to the idea?

Update: NSA running around with their hair on fire running damage control and digging up this old thread 8 months later to cast dispersions on the idea because they realise if everyone starts using OTPs and not their weak AES algorithm then their PRISM programme is worthless.

zuallauz
  • 314
  • 2
  • 8