Fun with randomness

By Hal Canary, 2004-03-05 16:09:16 (link)
#computers-code

One-time pads are an old-fashoned way of doing cryptography, not used much these days. On the other hand, they are as secure as the random device is random. (Want a better random device? here's one.)

I've been meaning to write this code for a while now:

#!/usr/bin/perl
## crypt-otp.pl ##
if (@ARGV OUTPUT\n";
    exit 1;
}
my $a_file = shift @ARGV;
my $b_file = shift @ARGV;
open(OTP, "< $a_file");
open(PTX, "< $b_file");
while (read(PTX,$b,1)) {
    read(OTP,$a,1) or die "Out of otp.";
    print $a ^ $b;
}

Here's how to use it.

$ head -c 10k /dev/random > otp.data
$ ./crypt-otp.pl otp.data file > file.crypt
$ ./crypt-otp.pl otp.data file.crypt | less

Here's how NOT to use it:

$ perl -e 'for $x (1..1000) {print "PASSWORD"}' > badotp
$ gzip < file | ./crypt-otp.pl  badotp - > x
$ ./crypt-otp.pl badotp x | gunzip - | less

If /dev/random hangs, jiggle your mouse for a while to build up entropy. If you input file is biger than your OTP, then it won't work. That's the one part of one-time. So make a bigger OTP by changing the argument to head.


(back)