It’s not easy to think about the security of your files, but once you’ve started you can’t stop. I’ve read a couple of articles about Zendo, either disproving or proving the use of one-time pads (OTP), can’t really tell. No, you read that right – go to that article, you’ll understand why soon enough. My thing, however, is not about the safety of one-time pads, because they’re safer than everything else, it’s using them as a commercial application, even if it is a messaging app. Stop! Facepalm time.
Kids, stop believing every little crap thrown at you. It’s like holy water, it can’t hurt but can’t help you, either. It’s placebo. Using any public, commercial, widespread encryption software to secure your emails, texts, files or dirty pictures is only making you feel safe, it won’t actually make you safe. Safety can’t ever be achieved for anything involving security, there’s too many vectors of attack to consider. To make it safe, whoever uses one-time pads also hides the actual algorithm of encryption, that way by intercepting messages you only get one thing – the final, encrypted text – this is designed to make brute force attacks impractical. Sure, there’s ways to look at the encrypted text and try to make sense of it, by looking at the frequency of letters in the alphabet (that’s why the US used to encrypt their war time transmissions by using Navajo or Choctaw code-talkers), or others. There’s a point here – if one-time pads are used, well, only once and there’s other software to shuffle the cleartext before encryption through another language, they’re secure. But wait, there’s more.
For instance, let’s talk Zendo – a messaging app that apparently uses one-time pads. Let me tell you a wee little secret here – if something is public, it can be reverse-engineered. There may be code flaws, there could be programming errors, there could be lots of little things that could compromise the security of such an app. Also, one-time pads actually need randomness in order to work, but who’s generating the keys? How are they generated? Are they random? If I were to break it, I’d use it myself not for encryption but to generate several keys and try and see if there’s a rule for them – they might not be so random after all. If the encryption protocol uses just XOR, without cleartext shuffling, you can brute-force it easily, that’s not really a problem. The biggest problem with breaking one-time pads is actually identifying when you’ve got the right answer, actually knowing when to stop. Why? Because there’s an incredible amount of variations that result in cleartext looking valid but incorrect. If all you have is a final answer and you know the calculations, it’s like trying to figure out X and Y when all you know X+Y = 676231924925687000021320201512534899732335492. Eh? Exactly. You’ve got to narrow it down, to create filters and restrictions for your variables because you’ve got too many possible solutions. For instance, knowing that X and Y are integers (long, double, whatever, if you’re a programmer then assume it’s a natural number) actually helps you narrow the selection down by more than 50%. Imagine now that in the above equation there’s not only X and Y as variables, the addition is unknown. It could be +, it could be -, it could be XOR, it could be something else entirely. You’ve just gone supernova. There’s no way to break it. No computer could. Ever. You could even find the right key and the right operation performed on the cleartext and not know it. How could you? There’s no way to identify the successful breaking of the code. You need context. That’s why it’s important to hide both the keys and the algorithm.
There are many ways to make it work, to break unbreakable codes – one way is to gather knowledge on the person using the cypher, assume the cleartext is in a specific language and contains specific words – in other words, you use context against the cypher. You gather a large sample of encrypted messages and look for discrepancies, letters repeating, see if you can identify a source of keys if you can (sometimes they use publicly available books and so on). You look for the resources of the target, if they use a smartphone, a computer, to see if you can exclude things beyond the brain capacity of the target – people can remember a few songs but they can’t remember a few pages of truly random data, things like that. It’s much, much easier to just infect the target’s computer or smartphone than it is to actually decrypt an OTP.
Using a public app to encrypt things actually makes things less secure, regardless of the encryption algorithm used. Because the device you use is insecure, it’s easy to infect phones with malware that records everything. However, that’s not the only insecurity – if the keys are generated online, that’s another vector of attack, even if they’re OTP-s. Then there’s the key distribution, you share them without considering the size of the messages and the restrictions form imposes on these messages. There’s a reason texts are called texts – you need them readable so you won’t find many other characters outside the basic 26ish letters in the alphabet and a few other characters (comma, dot, question mark, exclamation sign, ampersand, stuff like that). Yep. About 50 (and that’s stretching it) out of 1.11 million possible code points in UTF-8 encoding. How secure is that? Do they even use padding? And then… You get my point. You know what’s even scarier about that messaging app? Well, that QR code is the AES key that encrypts the OTP, it’s not the pad. That one’s sent from one phone to the other encrypted, but not visually. So. There’s that. It’s a misleading way of saying you share one-time pads but that’s only as safe as your AES-encrypted connection between your two phones. If they broke that one, no amount of OTP-s can save you. Even more, they can force break your messages if they manage to block one message or more – all the messages that follow can’t be decrypted – unless they remember which pad they’re using (and I’m betting they don’t), therefore you have to deploy new keys, face to face, and that’s also another risk – if they control your actions, they can make you share keys in an environment of their choosing. Yub yub, commander.
Security is designed to keep communications safe, not to be idiot-proof. In fact, the non-idiot user is actually a requirement, so anything designed for mass-production implies shortcuts in design and implementation therefore lowering your security, not exactly what you’d want to hear. Then again, one-time pads weren’t so rarely used because they were less secure, but because you can’t use one more than once and everybody knows that the possibility of things going bad is directly proportional with time and use. Murphy’s law or something. Neat, huh?