That’s why you make a stack of them. Generate hundreds up-front and you don’t need to generate new every time.
Hmm yea cool, problem is, its not reusable. You have to generate new keys every time. Kinda not easy to constantly exchange new keys if you are… say a group of revolutionaries hiding from the government. 👀
Nemo@slrpnk.net 4 weeks ago
IDKWhatUsernametoPutHereLolol@lemmy.dbzer0.com 4 weeks ago
Hmm okay I was actually thinking of using this for journaling… so keeping a stack of OTP codes right next to my journal isn’y quite useful…
gotta keep my evil plans for world domination a secret… MUAHAHAHAHA 😈
SmoothOperator@lemmy.world 4 weeks ago
Hmm, you’re probably going to get a lot of answers assuming you wanted to do secure communication, not secure journaling. Different beasts I would think.
m0darn@lemmy.ca 4 weeks ago
I’m certainly not an expert.
But could you generate pads from mutually accessible data sources?
Like use hit_me_baby_one_more_time_not_a_virus.mp3 appended with a password, as a seed in a pseudo random number generating algorithm, then do the same thing with another data source, repeat however many times, then XOR the generated numbers together, and use the result as a pad?
pageflight@lemmy.world 4 weeks ago
Steganography may be interesting in that vein. Hiding data within larger images / sound files etc.
ricecake@sh.itjust.works 4 weeks ago
That’s no longer a one time pad. That’s closer to a homebrew stream cipher with the weakness of having a key that you just hope no one notices.
m0darn@lemmy.ca 4 weeks ago
Neat, yeah Wikipedia says steam cipher approximate one time pads but can also be completely insecure.
I think it would take one hell of an effort to crack, it would be like 3MB encryption right? Or if they guessed the scheme they could try all mp3s ever torrented XOR’ed in every possible combination.
Idk I think there’s something workable there but I only having a casual knowledge
Also I think OP wanted pen and paper so maybe use a book instead digital files.
ricecake@sh.itjust.works 4 weeks ago
So, the size of the key doesn’t directly relate to the size of the cipher, which also doesn’t directly relate to security. AES is 128 bit , can have 128, 192, or 256 but keys and is currently not known to have any workable weaknesses.
Largely a cipher isn’t weak if guessing the key is the only weakness, since every cipher is vulnerable to brute force. It’s weak if you can figure out the message without needing the key.
rowanthorpe@lemmy.ml 4 weeks ago
In-band periodic key-exchange. Pre-arrange that keys expire every X messages, and that the last (Xth) message is dedicated to sending the new key encrypted by the previous one.
yoevli@lemmy.world 4 weeks ago
This is how all modern cryptography works. A deterministic cipher is functionally no different from pig Latin when it comes to actual security. A modern solution like public key cryptography is infinitely more secure. If you’re especially paranoid you can generate the cryptotext locally and send it by email; that would be infinitely more secure than anything you could achieve by hand.
otacon239@lemmy.world 4 weeks ago
I would think mailing a flash drive with the key and sending the message electronically would be safer. One requires knowledge of the other.
yoevli@lemmy.world 4 weeks ago
That’s assuming the key and message are entirely independent. If you or the recipient isthe type of person or doing the types of things that would attract surveillance from a nation state (because realistically that’s the one of the only scenarios where non-esoteric privacy practices might not cut it), it’s not unrealistic that they’d intercept both your digital and physical mail and would be able to correlate them.
otacon239@lemmy.world 4 weeks ago
And that’s why if you’re in that position, you should have already shared your public key with them long in advance and your private key stays encrypted on an air-gapped laptop running Tails + CoreBoot. The message stays encrypted and you’re the only physical device and knowledge to decipher it.
But that all comes down to security vs convenience. I’m super glad passkeys are starting to become available in a lot more places. They’re super convenient and if you use a password manager responsibly with a hardware key, they’re just as secure as the locks on your house.
Which is to say, not very, because ultimately nothing beats a $5 wrench.