Added exponential padding to increase security.
This commit is contained in:
25
README.md
25
README.md
@@ -43,6 +43,7 @@ One-time pads can be trivially encrypted and decrypted using pencil and paper, m
|
||||
## Features
|
||||
|
||||
- **Perfect Security**: Implements true one-time pad encryption with information-theoretic security
|
||||
- **Traffic Analysis Resistance**: Exponential bucketing with ISO/IEC 9797-1 Method 2 (Padmé) padding hides message lengths
|
||||
- **Text & File Encryption**: Supports both inline text and file encryption
|
||||
- **Multiple Output Formats**: Binary (.otp) and ASCII armored (.otp.asc) file formats
|
||||
- **Hardware RNG Support**: Direct entropy collection from TrueRNG USB devices with automatic detection
|
||||
@@ -58,14 +59,14 @@ One-time pads can be trivially encrypted and decrypted using pencil and paper, m
|
||||
|
||||
### Download Pre-Built Binaries
|
||||
|
||||
**[Download Current Linux x86](https://git.laantungir.net/laantungir/otp/releases/download/v0.3.47/otp-v0.3.47-linux-x86_64)**
|
||||
**[Download Current Linux x86](https://git.laantungir.net/laantungir/otp/releases/download/v0.3.48/otp-v0.3.48-linux-x86_64)**
|
||||
|
||||
**[Download Current Raspberry Pi 64](https://git.laantungir.net/laantungir/otp/releases/download/v0.3.47/otp-v0.3.47-linux-arm64)**
|
||||
**[Download Current Raspberry Pi 64](https://git.laantungir.net/laantungir/otp/releases/download/v0.3.48/otp-v0.3.48-linux-arm64)**
|
||||
|
||||
After downloading:
|
||||
```bash
|
||||
# Rename for convenience, then make executable
|
||||
mv otp-v0.3.47-linux-x86_64 otp
|
||||
mv otp-v0.3.48-linux-x86_64 otp
|
||||
chmod +x otp
|
||||
|
||||
# Run it
|
||||
@@ -189,8 +190,23 @@ git tag v1.0.0 # Next build: v1.0.1
|
||||
- Custom 256-bit XOR checksum for pad identification (encrypted with pad data)
|
||||
- Read-only pad files to prevent accidental modification
|
||||
- State tracking to prevent pad reuse
|
||||
- **Message Length Hiding**: Exponential bucketing (256B, 512B, 1KB, 2KB, 4KB...) prevents traffic analysis
|
||||
- **ISO/IEC 9797-1 Method 2 Padding**: Standard-compliant Padmé padding with 0x80 marker
|
||||
- **Zero external crypto dependencies** - completely self-contained implementation
|
||||
|
||||
### Message Padding
|
||||
|
||||
All encrypted messages and files are automatically padded using exponential bucketing to resist traffic analysis attacks:
|
||||
|
||||
- **Minimum size**: 256 bytes
|
||||
- **Bucket sizes**: 256B → 512B → 1KB → 2KB → 4KB → 8KB → ...
|
||||
- **Padding method**: ISO/IEC 9797-1 Method 2 (Padmé padding)
|
||||
- Appends `0x80` byte after message
|
||||
- Fills remaining space with `0x00` bytes
|
||||
- Unambiguous padding removal during decryption
|
||||
|
||||
**Example**: A 10-byte message is padded to 256 bytes, while a 300-byte message is padded to 512 bytes. This provides strong protection for small messages where length leakage matters most, with logarithmic overhead for larger messages.
|
||||
|
||||
## Project Structure
|
||||
|
||||
```
|
||||
@@ -205,6 +221,7 @@ otp/
|
||||
│ ├── ui.c # Interactive user interface and menu system
|
||||
│ ├── state.c # Global state management (pads directory, preferences)
|
||||
│ ├── crypto.c # Core cryptographic operations (XOR, base64)
|
||||
│ ├── padding.c # Message padding (exponential bucketing, Padmé padding)
|
||||
│ ├── pads.c # Pad management and file operations
|
||||
│ ├── entropy.c # Entropy collection from various sources
|
||||
│ ├── trng.c # Hardware RNG device detection and collection
|
||||
@@ -217,6 +234,7 @@ otp/
|
||||
├── pads/ # OTP pad storage directory (created at runtime)
|
||||
├── files/ # Encrypted file storage (created at runtime)
|
||||
└── tests/ # Test scripts and utilities
|
||||
└── test_padding.sh # Padding implementation tests
|
||||
```
|
||||
|
||||
## Architecture
|
||||
@@ -227,6 +245,7 @@ The OTP cipher uses a modular architecture with clean separation of concerns:
|
||||
- **ui.c**: Interactive user interface, menus, and terminal management
|
||||
- **state.c**: Global state management (pads directory, terminal dimensions, preferences)
|
||||
- **crypto.c**: Core cryptographic operations (XOR encryption, base64 encoding)
|
||||
- **padding.c**: Message padding implementation (exponential bucketing, ISO/IEC 9797-1 Method 2)
|
||||
- **pads.c**: Pad file management, checksums, and state tracking
|
||||
- **entropy.c**: Entropy collection from keyboard, dice, files, and hardware RNG
|
||||
- **trng.c**: Hardware RNG device detection and entropy collection from USB devices
|
||||
|
||||
Reference in New Issue
Block a user