InstantOTP


screenshot
InstantOTP

An instantly deployable
one-time pad encoding system for unbreakable encryption

www.corticalcafe.com
screenshot


InstantOTP summary

InstantOTP creates an instantly deployable one-time pad encryption/decryption environment on a non-networked computer while simultaneously handling some of the more cumbersome aspects of pad management.

Features:

  • tiny self-contained USB bootable operating system with persistence
  • boots in just a few seconds
  • works on old hardware
  • graphical UI for file management tasks
  • creates/manages pads for multiple users and rotates pads over time
  • only 3 commands:  createpads, encodeOTP, decodeOTP
  • contains features to prevent pad re-use and to obfuscate message start
  • wraps OTP encodings in symmetric encryption for subtlety


Get InstantOTP


Latest Version: 

InstantOTP_20140802.iso (ISO image, see below for use)

$ md5sum InstantOTP_20140802.iso             bc1dd55b7aa80be472c9f6e3564070e2
$ sha256sum InstantOTP_20140802.iso         fdb5cdcd94502c038e7b1bee1d34d8cbf57001bb5387101ce600d44de963a875


InstantOTP background

One-time pad encoding is an encryption method that cannot be cracked.  It allows communication of encrypted data through insecure channels (eg, Internet) with no possibility of surreptitious decryption.  It works by modulating the plaintext stream with a "one-time pad" stream composed of random values.  The cipher pad is not re-used, hence the name, one-time pad encryption. 

While OTP encoding is uncrackable, it requires that you share the pad with your message recipient apriori.  Since any attempt to share a pad through traditional network methods instantly compromises the integrity of the communications, you must share this information with your partner "out of band".  For example, you can give them the pad on a disk when you meet them in person or by mailing them a memory card.  Despite the intense focus on on-line surveillance, exchanging data via physical media is largely undetectable due to the prohibitive cost of physical surveillance.  A low-cost micro-SD card will easily hold gigabytes of one-time pad.  The total amount of encrypted data that you can send is the amount of one-time pad that you have available. 

Once you've shared your one-time pad to your partner, you may communicate your encrypted text (aka "cipher-text") to your partner over network without the possibility of decryption.  Since your communications may still be compromised by any number of other attack vectors, InstantOTP is intended to be used on an "air-gapped" computer; one that is NEVER connected to a network.  This greatly reduces the likelyhood that someone will be able to intercept your information when it is in plaintext form.  You should move information on/off your OTP system via removeable media like a USB flash drive.

One-time pad management is cumbersome.  InstantOTP makes this easier because it can create and manage one-time pads to support bi-directional communications with multiple partners.  Since you may only have a single opportunity to exchange pads, InstantOTP allows you to create enough pads for all your future communications.  It has a mechanism for automatically changing pads each month, which allows you to have a large number of pads, while keeping the size of each pad manageable; corruption of a pad will make all related communications inaccessible.  InstantOTP uses "onetime" to do the actual one-time encoding.  This package automatically manages offsets within a pad to ensure that you don't use the same section of pad more than one time.

After the one-time pads are initially created, OTP encryption doesn't take much processing power.  InstantOTP will run on very modest hardware that is many years old.  Extra CPU power and networking hardware aren't advantageous and can be used to compromise your communication, so you are advised to use an older computer.

Because the use of one-time pad encryption itself may draw attention, InstantOTP wraps your OTP encrypted messages with standard symmetric encryption.

InstantOTP use

Use OTP with the following steps:

  • Write the InstantOTP ISO to a bootable flash drive.  Instructions at http://unetbootin.sourceforge.net .
  • Boot InstantOTP.  On my machine, it boots to a usable GUI in < 10 seconds!
  • Open a shell via the icons at the bottom.
  • Create one-time pads in InstantOTP, for example:
    • createpads alice
    • createpads bob
  • Copy the ~/.instantotp directory to a second instance of InstantOTP so Bob can take the same one-time pads to his castle
  • Alice creates encrypted messages on her machine:
    • encodeotp alice mymessage.txt
  • Alice sends Bob the ciphertext (mymessage.txt.bin)
  • Bob decrypts Alice's message
    • decodeotp alice mymessage.txt.bin
  • Bob encrypts his response
    • encodeotp bob myresponse.txt
  • Bob sends Alice the ciphertext (myresonse.txt.bin), and so on...

Tips

  • Once booted, you can remove the bootable flash drive, if desired.  You can store pads on a different flash drive and just copy them to ~/.instantotp, or you can create persistence within tcl .
  • Beyond being quite handy at file operations, the emelFM2 filebrowser serves as an editor, launcher, and other essential utilities.
  • TinyCoreLinux is incredibly powerful, yet incredibly tiny.  See the website for details.
  • Share the *entire* ~/.instantotp directory with your partner, it has the symmetric encryption passphrase in it.
  • TCL has a few different persistence options, but using "backup" to mydata.tgz is probably one of the easiest.
  • A new one-time-pad is selected each month.  You won't have any problems if your message is encrypted and decrypted within the same month.  But decoding will fail if the messages are encoded/decoded over multiple months.  In this case, you can force the use of a particular pad by passing it as a second argument.  The format is decodeOTP TAGNAME YYYYMM .  For example, the pad used in July of 2014 could be accessed using decodeOTP alice 201407.
  • Each person originating messages should use their own one-time pad.  InstantOTP supports creation of multiple one-time pads by giving a short name to each pad to identify it's user when creating it with the createpads command.  This allows bi-directional or multi-party communication using one-time pads.
  • The createpads script has a provision for creating pads for any time period/year.  Simply run it a second time and it will explain how to create additional pads.
  • The InstantOTP scripts are crude, but should be pretty simple to hack if you want to change something.   


Creating Persistence

  • The easiest way to create persistence is to run the "Apps" program on the icon bar at the bottom.  When it opens, press the "Set" button in the lower right hand corner.  All system disk drives including the USB that you've booted from are listed on the left hand pane.  Choose the desired partition; you probably want the USB drive you just booted.  Congratulations, you've just selected the location where the "mydata.tgz" file will be created to store your files between sessions.  When you shutdown using the "Exit" in the icon-bar, your desktop will be backed up to the location you just selected.
  • On subsequent reboots, you can select the select the same disk partition as above, and use the "Backup/Restore" tool in the "Control Panel" to restore your session.


InstantOTP commands

createpads - This command creates the one-time pads and related files.  You only need to run it once and it will produce 12 months of one-time pads and a passphrase file (used for symmetric encryption).  You'll need to share these files with your recipient so they can decode your messages.

Usage:    createpads TAG [YYYYMM]

TAG is a short descriptor string used to identify the pads used for encryption/decryption.
YYYYMM is a timestamp which can be used to force production of additional pads.

Examples:
Create pads intended to be used for encryption to "Montag" for the next 12 months:
    createpads Montag
Create additional pads for communication with "silentsquare" in Jan 2016:
    createpads silentsquare 201601


encodeotp - This command encodes an OTP message.  You run it each time you want to encode a file, and it will produce an OTP and symmetrically encrypted file as output.

Usage:    encodeotp TAG FILENAME [YYYYMM]

TAG is a short descriptor string used to identify the pads used for encryption/decryption.
FILENAME is the file you wish to encrypt.  The output will be FILENAME.BIN
YYYYMM is a timestamp which can be used to force use of a specific pad.


decodeotp - This command decodes an OTP message.  You run it each time you want to decode a file, and it will decrypt the symmetric and OTP encryption. 

Usage:    decodeotp TAG FILENAME.BIN [YYYYMM]

TAG is a short descriptor string used to identify the pads used for encryption/decryption.
FILENAME.BIN is the file you wish to decrypt.  FILENAME will be written to the current directory. 
YYYYMM is a timestamp which can be used to force use of a specific pad.


Type any command without arguments to get help.


InstantOTP directory structure


  • /home/tc - default home (~/.) under TinyCoreLinux
    • ~/.instantotp - InstantOTP pad files and shared passphase
    • ~/.onetime - onetime pad management files (pad offset and hashes)
    • ~/.local/bin - InstantOTP and onetime scripts
    • ~/onetime-2.x - onetime project files (for reference)


You'll need to create a persistent session to make sure that ~/.instantotp and ~/.onetime are available between sessions.  Alternately, you could just copy your .instantotp directory to a flash drive for archival.

InstantOTP Components


InstantOTP is a remaster of TinyCoreLinux (tcl) v5.3, an amazing and amazingly small linux distro that boots up in seconds.  InstantOTP automatically loads a few relevant extensions necessary for processing:

  • emel2 (file browser)
  • openssl (used for symmetric encryption)
  • python (used by onetime)
  • InstantOTP is powered by "onetime", an excellent python script which does the actual one-time pad encoding.  It already includes some pad management features such as discouraging pad reuse.  It is commented very well and highlights some great topics such as the use of /dev/random vs /dev/urandom. 
  • The InstantOTP commands are shell scripts which patch everything together.


Like any privacy technology, you shouldn't take anything on faith.  You can only trust the parts which you can examine, hence it is important that all components of InstantOTP are free-software which is distributed under standard FOSS licenses.  

Don't trust anyone for privacy/security issues; always audit the chain-of-trust to the best of your abilities. 



Further info:


History:

  • 20140721 - Initial version, restored everything from mydata.tgz, boot is > 30 sec
  • 20140722 - mydata.tgz only contains ontime, TCEs now loaded via ezremaster's "Extract TCZ to in to initrd" option.
  • 20140724 - scripts to create pads, encode, decode.  Using openssl to do symmetric encryption.
  • 20140726 - added TAG argument to permit pad management between multiple OTP users
  • 20140802 - corrected OTP label on CLI output.  Removed broken truecrypt module.

Contact:  Let me know if you find this software interesting, or can point out vulnerabilities.

License:  Unless otherwise noted, this work is released under the GPLv3 .

Disclaimer:  This software is provided without warranty of any kind, either express or implied.  There is no guarantee of fitness for any particular purpose.  No-one should use this software, and it almost certainly doesn't work, anyway.

If you find these programs of value, take a minute to consider to understand and support the concept of Free Software. Without your awareness and support, the day is nearing when software patents will force these projects to be taken down under threat of litigation.

Home | Feedback | About
© 2007