Hacker 10 – Security Hacker

Tag: One Time Pad encryption tools

  • Zendo a One Time Pad encryption messaging app

    Zendo a One Time Pad encryption messaging app

    Zendo is a free iPhone and Android app for encrypted chat, users communicate directly with each other using One Time Pad encryption keys that will have previously exchanged in person.

    After installing the app you will see two options on the screen, one displaying a QR code and a second button to scan other people’s codes. Pointing your camera phone to the QR code seen on the screen of your friend’s phone authenticates both devices via Wi-fi direct and encrypts the connection with AES256, it then exchanges multiple One Time Pad encryption keys (o.5MB). If anybody listened nearby and captured the exchange you would not have to worry as the connection was initially encrypted.

    The strength of One Time Pad encryption is that a new key is used for each one of your messages, this is why you need multiple keys, and why if anybody managed to crack one of the keys they would only be able to read a single message, to be able to decipher a whole conversation taking place your adversary would have to crack hundreds or thousands of encryptions keys.

    smartphone encrypted chat Zendo
    smartphone encrypted chat Zendo

    Another security feature is that the messages and photos you send are encrypted before they leave your phone, to extend the longevity of One Time Pad encryption keys, photos are encrypted with AES256bit.

    In advanced settings an “Out-of-Band Messaging” option enables you to send encrypted Zendo messages via email or SMS, you are not required to use Zendo servers to deliver messages to other users you have exchanged keys with, another option deletes all messages on close, ticking the box will automatically erase all messages and photos when you close the app while keeping your contacts and encryption keys you have exchanged, and a third option steps up security to paranoid level allowing you to exchange large encryption keys, this choice will reduce phone performance in low end devices.

    For privacy, Zendo servers do not log any IP, they are quickly erased, and you never facilitate the company any email address or phone number, contact list, messages and photos remain in your phone and not in Zendo servers. The company can’t spy or help anybody spy on you with the information and capabilities they have.

    One Time Pad encryption app Zendo
    One Time Pad encryption app Zendo

    When you run out of One Time Pad encryption keys you will have to meet again in person and top up, this will seem annoying to many people but it is a good excuse to have a face to face meeting with somebody, there is a certain social element in Zendo. This is an app to communicate with people you know in real life and are close to you. The biggest downside of high security is usability as Zendo proves, you can’t use this app to chat with people you just met, keys can not be sent over the Internet.

    Zendo is a niche app where the person you are chatting with will be as overtly suspicious about privacy and security as you are, I see next to zero options to convince my friends to use it otherwise. The app is not open source but the code was opened for an independent audit. The developers say that Zendo will always be free, monetization will be made in the form of premium features to be added in the future.

    Before using this app remember that, no matter how secure your messaging app is, if somebody manages to introduce a virus in your smartphone, they will be able to read everything, security has to be implemented all over the device.

    Visit Zendo in the Apple Store or Visit Zendo in Google play

  • List of One Time Pad encryption programs

    List of One Time Pad encryption programs

    One Time Pad encryption, also known as the Vernam or perfect cipher, is the holy grail of encryption security, when used correctly it makes cryptanalysis nearly impossible because it is not possible to compare old messages. As long as the one time pad is perfectly random all the clues on what coding was used for encryption remain in a single message, it is not easy to accomplish because high quality random numbers are difficult to generate.

    This type of encryption was widely used by spy agencies during World War  II and the Cold War period, protecting diplomatic and military communications, the advantadge of one time pad encryption is that it can done by hand with pencil and paper, without the need to carry any special device compromising undercover operations. A downside for this type of encryption is that the password is made up of as many characters as the text you encrypt, resulting in extremely long passphrases difficult to disseminate. When all rules are followed this one time encryption method remains secure and unbreakable but in order to solve the key transmission problem one time pads have been replaced by symmetric block ciphers and public key encryption.

    I have only managed to find old one time pad encryption tools, most of them developed by a single hobbyist and could be listed as abandonware, you should not assume developer’s claims are truth just because he says so, without truly random numbers one time pad security will be compromised and reusing any part of the pad makes the cipher vulnerable to attack, there is no way to know for sure how secure these programs are but some of them provide the source code for you to look at it.

    CT-46 One Time Pad: An encryption tool that converts text into digits using a conversion table and completing the final group with zeros, the software is meant to be used to learn working with one-time pads and as a training resource, it comes with a complete help manual that tells you how to perform one time pad encryption with pencil and paper.

    CT-46 One Time Pad encryption
    CT-46 One Time Pad encryption

    OneTimePadJava: Written entirely in Java, it comes with the source code but no help manual although it appears to be easy to operate, the tool doesn’t need installation and works across platforms.

    Pidgin Paranoia: A Linux plug in for the Pidgin messenger, providing secure IM conversations using one time pad encryption, the secret message has the same length as the key and it is only used once.

    Solid Encryption($$): A commercial program claiming to be able to perform one time pad encryption, you can try it free for 30 days before being required to buy it. I found the interface to be outdated and not very easy to work with but it comes with a help page.

    One Time Pad Solid Encryption
    One Time Pad Solid Encryption

    Cryptomni: A program to encrypt files using the one time pad cipher, a key file is created using the random generator SecureRandom, the source code is open, this program has not been updated for many years.

    Cryptomni One Time Pad
    Cryptomni One Time Pad

    OneTimePad Net: A one time pad encryption implementation using Visual Basic, an object-oriented computer programming language that needs Microsoft .NET to work, I had to right click and run this program as administrator for it to work, there is no help file but the interface is pretty straight forward.

    One Time Pad .NET encryption
    One Time Pad .NET encryption

    Perfenc: A Unix program to perform one time pad encryption, documentation is included with the software typing man perfenc, you can install it from source with the usual build tools like cmake.

    Emus encryption tool: It uses polyalphabetic methods from the middle ages, texts are encrypted with random codes and fixed passwords but can also be used as one time pad with extreme long random passwords and codes.

    Emus encryption One Time Pad
    Emus encryption One Time Pad

    Fxor: A Unix command line open source tool released under the BSD license that can be used for key file or one time pad encryption. This program is for people comfortable using the command line as you will have to compile it before being able to use the program. A help file is included.