One time pad perfect security?
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
I've recently come across an open source file encryption tool which claims to use one time pad (OTP) for uncrackable encryption. It only encrypts files, not disks and it requires Java!
Is it possible to use OTP encryption in something like VeraCrypt?
EDIT: VeraCrypt is (a lot) more capable and I trust VeraCrypt 100%. I don't wish to switch to any other encryption utility. I've only mentioned that other tool because of the claimed OTP advantage over ordinary encryption methods.
Read more: https://betanews.com/2019/04/02/finalcrypt/
Last edit: Dave 2019-04-03
OTP encryption requires a key length that is the same size as the data you want to encrypt. So if you want to encrypt a 1 GB container that will require a 1 GB file filled with genuinely random data. Genuinely random as in from a TRNG. There are online TRNGs and modern CPUs (post Haswell) have built in TRNGs, but the real problem is that there is no need to waste so much hard drive space when applications like Veracrypt are able to defeat the NSA according to Snowden. Quantum computers may change this situation but we haven't seen any evidence of those yet.
Also for a true OTP analog you would want to keep that random data very secret and hidden. You would not be able to store it anywhere on your computer really. You'd have to put it on say a microsd memory card and hide that somewhere and that would limit the amount of data you could encrypt to the size of microsd memory cards.
Currently you could encrypt up to 256 GB of data I guess which is not bad, but consider that you are completely dependent on how well you can hide the microsd card. If the adversary finds the card they can read your data. So you may as well just put the data directly on the card without encryption.
I would like to improve the security of Veracrypt even more by giving it the ability to use the output of a TRNG for key generation. The current method is archaic and arguably laughable as the availability of actual TRNG output becomes more and more common.
If your data really is important enough to be put on a microsd card and buried in the woods or put in a hole in a tree or put in a waterproof container at the bottom of a lake or something like that then I would think you would want to also encrypt it with Veracrypt as well using a strong passphrase and TRNG based key. Then even if the adversary finds the microsd card hidden under a rock in a nearby stream they won't be able to do much with it unless they have a quantum computer.
Last edit: Lars 2019-04-05
Thank you for your explanation. Hopefully VeraCrypt will use a TRNG for key generation in the near future. :)
A TRNG generator in hardware is only as valuable insofar as you trust that it's truly random. We already know backdoors have been intentionally inserted into many different types of hardware and crypto libraries. Subverting Intel's TRNG would be high on my to-do list if I were the NSA. Say, by having it output the results of a good PRNG with the seed based on something easily reversed like the date. It would be high on my to-do list because a) it would be almost impossible to detect and b) would be very easy for them to replicate.
The generation of entropy for the initial key doesn't take long and you only need to do it once. I would support adding in hardware entropy, but only as an augment. As in, if you need 512 bits of entropy, then you generate 512 bits through the normal method, then mix it with 512 bits of CPU TRNG entropy. Also, I would suggest using CPU instruction jitter as a hardware entropy source in addition to the above.
Thanks for the info. I hope the VeraCrypt developers are reading your comment. :)