Search posts, tags, users, and pages
I had a related idea of how to do encrypted messaging: horcruxencryptedmessaging.jperla.com
For that system, you have to have a system you trust to make a cryptographically secure one time pad. If that software or hardware is compromised your entire system falls down still.
Obviously that's true of any system you write your message on....
Joseph No, if the computer you write the message on isn't attached to the internet, you don't really care that much if it's a bad actor as long as it isn't expected that it has updates that might specifically target your scheme, but if you are going to question the security of the hardware in general, you should also be questioning the security of whatever you are using to generate your pad.
If you do accept things at the algorithmic level but not the client/protocol level, then you can get pretty close to the same by just nesting encryptions of a root key and use something like AES as well.
Mostly I was just pointing out that if you don't trust the cryptographic principles of your own clients, you still have a single point of failure on the cryptographic principles of the offline "magic wand", if you do trust the cryptographic principles of the machine, then you don't need the in-between steps necessarily.
I already mention that the Magic Wand is an offline not internet connected device.
This supports the security attack profile even if the NSA for example has cheated and fixed your cryptosystem.
Joseph But it doesn't fix it. Even if offline, if the NSA has put a pattern in to the CNG of Windows for example and you use the randomness from that machine, they may be able to defeat it and thus defeat your one time pad.
Granted, you might be able to get around this by having multiple systems work together to form the one time pad, all offline.
Please read the website. I already say the hardware should have a good random (ideally hw source) source of randomness.