Sunday, July 7, 2013

One Time Pad Encrypted Voice Chat

Keeping things short.

I've seen one time pad encryption ridiculed so many times online as unnecessary precaution.
Also I couldn't find any half decent one time pad encrypting proxies except those that were closed source and sold by military companies.

But listen to this interview and you might change your mind.
http://www.corbettreport.com/interview-685-russ-tice-reveals-the-truth-about-nsa-spying/
Time 1:01:10

Corbett: Is there anything the average person can do to protect there communications.
Tice: Unfortunately no... Um. [The] NSA is very good at what they do. Um. There is no encryption that you're probably going to come up with they don't already have something to deal with it. Um. Or or that they dont have....

I encourage you to listen to the whole interview as it seems the rest of the media is selectively ignoring Mr. Tice. Also the NSA itself appears to use a form of one-time-pad to communicate with it's employees as per other interviews with Mr. Tice.

One time pad can best protect your communication because it is entirely random and only used once. As such no matter what computing capacity a third party might have it grants them no to little benefit in analyzing the data. If time is available I hope to further develop this software but for now I will present some simple tools for anyone who might want ot use them.

1. VOIP software
http://www.linphone.org/

2. A simple one time pad proxy port forwarding script that supports SIP.
http://code.google.com/p/one-time-pad-proxy/

3. Random data generator
http://www.entropykey.co.uk/

The general way to use the proxy is as such.
---- SETUP ----
1) open pinhole.py and modify the lines towards the end
Pinhole( 'server', 'client.pad', 'server.pad', 'server.offset', 'dgram', '192.168.0.4', 5061, '192.168.0.4', 5060, sip_proxy=True ).start()
...
Pinhole( 'client', 'client.pad', 'server.pad', 'client.offset', 'dgram', '192.168.0.4', 5062, '192.168.0.4', 5061, sip_proxy=True ).start()

to read a such
Pinhole( 'server', 'client.pad', 'server.pad', 'server.offset', 'dgram', 'recipient_proxy_tunnel_ip_address', recipient_proxy_tunnel_port, 'recipient_sip_ip_address', recipient_sip_port, sip_proxy=True ).start()
...
Pinhole( 'client', 'client.pad', 'server.pad', 'client.offset', 'dgram', 'client_proxy_local_ip_address', client_proxy_local_sip_port, 'recipient_proxy_tunnel_ip_address', recipient_proxy_tunnel_port, sip_proxy=True ).start()

2) Then you put your client.pad and server.pad random data files in the folder (bigger the files the more you can chat before you need new files.
3) Copy the data to a USB stick or something and take to recipient PC.
4) On recipient PC copy to folder.
---- USAGE ----
1) run linphone no both server and client
2) run "./pinhole.py sip-server" on server and "./pinhole.py sip-client" on client
3) from your client in linphone attempt to connect to sip:username@client_proxy_local_ip_address:client_proxy_local_sip_port
4) your chat should now be being encrypted with one-time-pad.

I strongly suggest you take a look at the source code and push any fixes back to google code that you think are good and check for yourself there are no backdoors in this code!

There are several issues that need to be considered by potential users.
1) packet size can be used to indicate when someone is talking or not, this could be used to construct rought estimates of what is being said based on duration of words and sylables. I would suggest adding a padding mechanism so that all udp's are padded pre one time pad encryption to prevent this (but it will waste bandwidth.
2) Random data is not really random unless generated from outside your PC. Even Intel is about to start integrating random entropy logic into there cpu's so all your random data will come from them. You might be wise to be worried this data might have patterns that would make one time pad weak. I would suggest going out with your digital camera filming a bunch of random stuff then zipping it and using that as a one time pad file perhaps. Maybe even xor afew of those zips to remove any patterns.
3) If your computer is compromised or not behind a firewall it might be compromisable as has been indicated by the NSA whistleblowers.
4) Finally I'm a firm believer that everything in the universe comes from alternate levels of conciousness as such there is no such thing as "secret" information. If the governments can access this global conciousness as I expect they may be able to, even your thoughts would not be private (so just forget about privacy altogether).