Ottools: tools for encrypting files with one-time pads
Project page: http://xyne.archlinux.ca/projects/otextract/
Update
The package was originally named "otsplit" as it only contained that tool. I have since added "otextract" (and maybe others by the time you read this) and renamed the package "ottools". The original post follows. For up-to-date information, check the project page.
Original Post
otsplit (one-time split) is a file-splitting utility based on the idea of one-time pads. There are two splitting modes. One will use a random input source (/dev/urandom by default) to generate n-1 files and then generate 1 file that can be combined with them to recreate the original file. The other mode will use a pre-existing one-time pad to generate a single output file.
In the first case the file can only be recovered with all of the generated files. In the second case it can only be recovered with the single output file and the input pad. Note that this means that if even one of the required files is lost, the data will be completely unrecoverable. That is a feature, not a bug.
I wrote this a while ago as a quick distraction while procrastinating on something else. After rediscovering it today I decided to clean it up and release it. I expect that there are common tools that do this already, possibly with security features that I have not even considered.
Some usage ideas:
Exchange a one-time pad on a CD/DVD/usb drive with someone in person and then use otsplit to securely share files via email etc.
Create an archive of files that no one should see until after your death and distribute the files to people you know. Leave instructions and a list of people who received files to be read out at your funeral. Laugh maniacally as you ponder their obliviousness before the paranoia slowly consumes you and you frantically devise a plan to ensure the destruction of at least one file.
Use it to securely host tar archives across different cloud storage providers (assuming that no provider can access the other files).
Become an international (wo)man of mystery with a 70s wardrobe and use it as one of many tools to combat comically incapable supervillains with underwater lairs.
Smuggle information out of countries with oppressive regimes.
Speak with a heavy stereotypical Russian accent while using it and refer to file recipients as comrades of the glorious people's revolution.
Don't.
Last edited by Xyne (2013-02-28 06:53:28)
I like the idea of otptunnel. It's too bad that it can't be used to transfer pads (I mean, each transferred bit would cost one pad bit resulting in zero net gain)
Then again, you could use that to mask network traffic. Whenever the connection is not transferring encrypted data it could transfer a new encrypted pad equal in length to the remaining pad. The network stream would appear constant to eavesdroppers with no indication of where the actual data begins or ends. In essence you would be recycling the remaining pad. I'm just thinking out loud here so I may be missing something glaringly obvious, but I don't think it would have any effect on security provided each new pad is itself secure (truly random, etc.)
Reading through your page also made me realize that I had not considered securely wiping the pad. In most cases that should probably be left to the user to ensure that the best method is used, but otextract shifts the file data forward and just truncates the end of the file. I'll look into zero-padding the end and syncing to disk before truncating.
I've seen entropy collectors for sound cards before too and they are indeed interesting. There are approaches that use webcam input too (e.g. video_entropyd), and there's also havage (with matching package in the repos). What are your thoughts on those? What about multiplexing the signals from multiple sources? Essentially, if you get just one random bit from any source in the combined stream then that position is random. The more streams you have, the greater the chance of a given bit being truly random (obviously depending on quality of the sources).
(yeah, I ramble when I'm tired)
Similar Messages
-
CSV file for users who have one-time password email address
Hi Guys,
I am trying to extract the list of users who have one-time password email address in FIM or users who have registered with one-time password reset authentication workflow. I need to get their email addresses in CSV file.
Regards
Sarwar
SarwarTake a look at:
http://social.technet.microsoft.com/wiki/contents/articles/3616.how-to-use-powershell-to-export-all-users-who-have-registered-for-self-service-password-reset-sspr.aspx
The script queries a WorkFlow called "Password Reset AuthN Workflow" and returns its ObjectID, then uses it to do a new query searching for "Users" with these parameters:
AuthN WorkFlow Registered = ObjectID of "Password Reset AuthN Workflow"
The script exports these details to a CSV.
Also, all OTP email addresses should be stored in the "msidmOneTimePasswordEmailAddress" attribute in the FIM Portal. -
When trying to burn a DVD it will go through the encoding step and at 98% we see the message 'data rate for this file is too high for DVD. You must replace this file with one of a lower data rate". We need help to correct this so we can complete burning to DVD.
What did you export from Premiere?
Did you use the MPEG2-DVD preset... and did you make any changes to the preset?
CS5-thru-CC PPro/Encore tutorial list http://forums.adobe.com/thread/1448923 may help -
I am having issues today with my Adobe Lightroom 5.6 today that was working fine yesterday except for te files from one of my cameras showed up on import but wouldn't download, today I'm getting the message "Lightroom cannot start because it cannot create files in the temporary file location /var/folders/jv/2bct456j0yg4ys681fxk9zq00000gn/T " don't know what has happended in 24 hrs except I did check my permissions on my main directory to ensure that I had extended permissions to all the folders contained within my main drive on my IMac running OSX 10.10
Use the trackpad to scroll, thats what it was designed for. The scroll bars automatically disappear when not being used and will appear if you scroll up or down using the trackpad.
This is a user-to-user forum and most people will post on here if they have problems. You very rarely get people posting to say there update went smooth. The fact is the vast majority of Mountain Lion users will not be experiencing any major problems with the OS, or maybe with apps which are not compatible, but thats hardly Apple's fault if developers don't update their apps. -
Rarcrack - how long for the file with 400 MB ?
Hi everyone
I'm trying to get the password in the encrypted file with 400 MB. It's more time I thought.
If someone have used the program, rarcrack, can you tell me know that get the password with special characters ?
For example:
The encrypted file with 400MB + the passwords "?_123_123_abc_@theworld".
How long for that ?
Thank you very much.
Last edited by luckybc (2014-12-26 06:29:07)Does rarcrack know how long the pass-phrase is or not?
Also, are you using a dictionary/removing obvious choices of pass-phrase to help speed up the process OR are you brute-forcing every single pass-phrase from the ASCII alpha-numeric alphabet + punctuation?
TL;DR: Assuming I've done the Maths correctly, a damn sight longer that you might have thought
Since you haven't said, I'm going to assume YES to the first question and I'm assuming you're brute forcing, to make the maths simpler.
For one character position you're looking at about 26 lower case + 26 upper case + 10 digits + 10 punctuation marks of some sort. So that's 72 characters. You've got 22 characters in the passphrase, so that's a potential of 72^22 = 7.26632672153 x 10^40 pass-phrase combinations.
Now let's assume you're doing this on modern hardware, with an SSD on a single machine which can process something at the rate of 200MB/s. That's two seconds a pass. That'll take you about 2.01842408931 x 10^37 hours.
Disclaimer: I'm working off the assumption that encryption has been used, and that rarcrack would decrypt the whole file on each attempt (pass-phrase protection and encryption are different things...). I don't actually know how it works, but for those that do know how it does, you can probably work out the time from the number of pass-phrase combinations.
Last edited by clfarron4 (2014-12-26 12:01:20) -
Reset SAP GUI passwords for number of users one time
Dear,
i need your help in how to Reset SAP GUI passwords for number of users one time, as we have non-SAP users, only ESS users that they are currently using Portal ESS, but we need to reset thier GUI passwords so that they will not be accessing the GUI.
we need to do it one shot, one time for more than 600 users.
is there any way?
thank youYou can also create an ABAP program which can be used to do a mass user password change.
Here are the functions that will do what you need
SUSR_GENERATE_PASSWORD - Generates a Password. Use this function only if you want to do random passwords. Otherwise you can upload your own password.
BAPI_USER_CHANGE - You can use this BAPI to change just the password of a user
Here is an example of some abap code. There may be some syntax errors and possible other issues. I just typed this out and didnt check it. You upload a comma delimited file which is the username,password. If the password field is blank the program will generate its own. Hope this helps
constants: con_comma TYPE c VALUE ','.
data: it_tab TYPE filetable,
gd_subrc TYPE i,
v_filename_string TYPE string,
p_npass like XU400-NEWCODE.
DATA: BEGIN OF itab OCCURS 0,
dLine(40) type c,
END OF itab.
DATA: begin of it_Users occurs 0,
UserID like BAPIBNAME-BAPIBNAME,
Password Like XUBCODE,
end of it_Users.
parameters: p_file like rlgrap-filename default 'c:\users.txt' LOWER CASE.
AT SELECTION-SCREEN ON VALUE-REQUEST FOR p_file.
*& FILE_OPEN_DIALOG METHOD *
CALL METHOD cl_gui_frontend_services=>file_open_dialog
EXPORTING
window_title = 'Select File'
default_filename = '*.txt'
multiselection = ' '
CHANGING
file_table = it_tab
rc = gd_subrc.
LOOP AT it_tab INTO p_file.
ENDLOOP.
v_filename_string = p_file.
START-OF-SELECTION.
*& GUI_UPLOAD function *
Upload file to internal table
CALL FUNCTION 'GUI_UPLOAD'
EXPORTING
FILENAME = v_filename_string
FILETYPE = 'ASC'
HAS_FIELD_SEPARATOR = 'X'
TABLES
DATA_TAB = ITAB
EXCEPTIONS
FILE_OPEN_ERROR = 1
FILE_READ_ERROR = 2
NO_BATCH = 3
GUI_REFUSE_FILETRANSFER = 4
INVALID_TYPE = 5
NO_AUTHORITY = 6
UNKNOWN_ERROR = 7
BAD_DATA_FORMAT = 8
HEADER_NOT_ALLOWED = 9
SEPARATOR_NOT_ALLOWED = 10
HEADER_TOO_LONG = 11
UNKNOWN_DP_ERROR = 12
ACCESS_DENIED = 13
DP_OUT_OF_MEMORY = 14
DISK_FULL = 15
DP_TIMEOUT = 16
OTHERS = 17.
IF SY-SUBRC <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
Loop through internal table and split the comma delimited file
LOOP AT ITAB.
SPLIT ITAB-dLINE AT con_comma INTO it_Users-UserID
it_Users-Password.
APPEND it_Users.
ENDLOOP.
LOOP AT it_Users.
if it_users-Password is initial.
CALL FUNCTION 'SUSR_GENERATE_PASSWORD'
IMPORTING
PASSWORD = p_npass
else.
p_npass = it_users-Password.
endif.
CALL FUNCTION 'BAPI_USER_CHANGE'
EXPORTING
USERNAME = it_users-userid
PASSWORD = p_npass
PASSWORDX = 'X'
TABLES
RETURN = it_ret2.
Loop at it_ret2.
if it_ret2-number = 039.
write: / 'password changed'.
else.
write: / it_ret2-message.
endif.
endloop.
Write: / ''.
refresh it_ret2.
ENDLOOP. -
Is it possible to pay for more than one year of membership in advance? Would I be able to pay for 3 years at one time?
In individual CC the maximum purchase can be done for 1 year,
However: An Enterprise Term License Agreement (ETLA) is ideal for organizations that manage large deployments of Adobe software and prefer a direct relationship with Adobe. An ETLA provides custom software licensing options and pricing for volume purchases, access to advanced customer support programs, and streamlined IT administration tools to package and deploy Adobe apps and services across the enterpris with an agreement of three years.
Business Enterprise Term License Agreement | Adobe Buying Programs
http://www.adobe.com/volume-licensing/education/enterprise-term-license-agreement.html
Regards
Rajshree -
How can I convert multiple files at one time and not one at a time
How can I convert multiple files at one time and not one at a time
Hi Plissey1950,
Sorry for the lengthy delay to a response. Are you trying to convert multiple files to individual PDF files at the same time? (not combine them). If so, you'll need to use Adobe Acrobat for this function. The CreatePDF service does not have the ability to convert multiple files to multiple individual PDF files.
Thanks,
David -
Print out of RFQ with One Time Vendor
My customer wants print out of RFQs with one time vendor.
As per my understandings as like other vendors this one time vendor data is not stored in any table.This data is in table ADRC. And for one time vendor no master data is there.I can see this one time address in particular RFQ.
Now, my customer wants this one time vendor address to be printed in all RFQs.
Is any body come across this scenario ever ?Please guide my it is urgent.
With Best Regards,
RajeshHi,
The vedor(OTV or Regular vendor) will be decided after the price comparision only.
Once the OTV (account group:CPD/CPDL) is finalised as the final vendor for procurement create a new vendor master record (With A/c group:0001) and maintain Inforecord and source list and create PO.
Maintain all the conditions in the Inforecord from the quotations (you have the update info option from price comparision itself)
regards,
Kannaiah Naidu -
How to process the PDF files at one time
Hello,
I'm using WebDynpro for ABAP and Adobe Interactive Forms as offline forms.
I collect PDF files from received e-mails.
I want them to be taken in at one time.
(for example,
system job read PDF files and create data in ERP,
or I upload the files one time.)
Please let me know
- How to process the PDF files at one time.
Best regards,
KojiWhen you click the edit button in recents, try clicking the clear button in the upper left.
-
How do i delete a large amount of locked files at one time?
How do i delete a large amount of locked files at one time or batch unlock the files to delete them?
Drag them to the Trash and hold your Option key down when selecting Empty Trash.
17" 2.2GHz i7 Quad-Core MacBook Pro 8G RAM 750G HD + OCZ Vertex 3 SSD Boot HD
Got problems with your Apple iDevice-like iPhone, iPad or iPod touch? Try Troubleshooting 101 -
Multiple selections to multiple layers or multiple files with one go ?
Hi,
how to convert multiple selections to multiple layers or multiple files with one go ?
Thanks!You may want to ask over at
http://forums.adobe.com/community/photoshop/photoshop_scripting?view=discussions
or
http://ps-scripts.com/bb/
I think there are Scripts about for the task or at least ones that could be adapted without too much problems.
The usual approach is, I think, creating a Work Path from a Selection and then using (expanded) Selections based on the individual subPathItems to intersect with the original selection.
Of course there are possibilities for bad results … -
HT3775 I can't open MPEG 4 -movie files with Quick time or VLC
I can't open MPEG 4 -movie files with Quick time or VLC
VideoLAN - Download official VLC media player for Mac OS X
-
If i sign up for itunes match with one apple id can i get the other apple id songs
if i sign up for itunes match with one apple id can i get the other apple id songs
I'm assuming you mean can you access the purchased songs from another apple id. No you cannot. You will need to download these on another computer and then transfer the hard files into your itunes library that you are using icloud with and let icloud match them.
You cannot access two different id's from one match account. Also, if you sign out of the match account that you are signed into to another to download purchases you will not be able to sign back into your match account for three months. So do not do this either. Just use a friends computer or another way. -
Batch Sequences can't convert 10.000 pdf-files at one time
I have Acrobat Professional 7.0 and I am running on Windows XP.
To convert from PDF to EPS I am using Advanced - Batch processing - Batch Sequences.
Every week I have around 5.000 PDF-files which have to convert to EPS without any problems.
Sometimes I have more than 10.000 PDF-files. After converting to EPS I thought Acrobat Pro was finishing to convert all the PDF, but if I look at the number of EPS, it seems Acrobat Pro didn't convert them all and it didn't give any error message.
This always happened when I have more than 10.000 PDF-files.I think Batch sequences cannot convert above 10.000 files at one time.
Is this a known issue? Is there any solution?File > Export > Export Multiple Files will work as well.
You can choose your conversion settings in Edit > Preferences > General > Convert from PDF.
Maybe you are looking for
-
Blank page generated from export to pdf but not when sent to viewer
I have a report where I am suppressing a subreport when no data is found and it works correctly when sending it directly to the CrystalReportViewer. However if I Export it directly to a pdf it is creating a blank page. Can someone please tell me ho
-
Updating the firmware of an older airport extreme
I have an early version of the Airport extreme and, probably 1st gen airport express. Is there anyway to update the firmware on these devices so that they have the most recent firmware versions available to those devices. The only identifying info o
-
ALTER DATABASE RENAME DATAFILE, what really needs to bu run later?
Hi! If I "alter database" and move some datafiles to newly added luns, do I need to run: On DB side: 1) perl adcfgclone.pl dbTechStack (according new luns!) 2) If 1) is yes, then probably have to run "perl adcfgclone.pl dbconfig $CONTEXT_FILE"? On AP
-
If there is no fix for this problem, how do I go back to the previous version?
-
I recently had to reinstall arch linux due to swapping out a dying hard drive. I took the opportunity to make some changes I'd considered before (eg. switching window managers). One of the things I decided to do differently was set up an actual LAMP