Voice over GPRS?

Paul Wouters paul at xelerance.com
Sat Feb 3 18:00:56 CET 2007

On Sat, 3 Feb 2007, Ian Stirling wrote:

> Even a really anemic processor can manage AES or whatever at 8Kbit/sec, in
> realtime.
> However, as a near-zero CPU option, you could always use one-time-pads from
> the SD.
> Key management is substantially more annoying - you need 3M or so of pad per
> person per hour, and you can't reuse it.
> However, as long as nobody copies the pad, or compromises the phone, it's
> perfectly secure, even from advances in decryption.
> Overwrite the flash several times as the pad is read, and then take out and
> crunch the SD between your teeth if you need to destroy it.

The pad can be stolen from both ends, and you'd have no perfect forward secrecy.

Using a onetime pad directly is inheritantly dangerous. You are better of
using the one-time pad to authenticate a diffie-hellman key exchange, and then
use session keys which are never stored to flash, written to disk, and can be
safely intercepted.

And that's all provided your onetime pad is truly random, which it won't be,
and that people won't accidentally use the same page twice.


More information about the community mailing list