I was looking at some code on codereview that is far out of my league of underst

Question

I was looking at some code on codereview that is far out of my league of understanding and just screwing around, but it raised a question.

This program (along with many other encryption programs, i assume) uses a keyfile.

Now, if I use /dev/random as my keyfile, it'll (theoretically) never be the same. Therefore, I could never decrypt the output file.

Is this feature unique to One Time Pad encryption tools? How am I supposed to decrypt it?

What do other tools do differently to allow me to decrypt it in the future?

Explanation / Answer

Keyfiles have nothing to do with OTP encryption. Rather, they are, as the name implies, files that each contain a key. Naturally, trying to change the key midway through an encryption round-trip will not work at all, so yes, you have to use a file with identical contents to decrypt.

A good keyfile is a few kibibytes or more of randomized data stored in a largely inaccessible and (if possible) suitably obscure spot, say buried as one photo among a couple thousand mediocre shots of family holidays and the like. (I suppose the randomization could be added steganographically.) It functions much like a very long randomly-generated password stored in a file, and like a password, anyone that knows the right one can decrypt accordingly. But again, just like a password or any other key, you don't simply pipe /dev/random to it and call it a day: you have to keep the random-generated data around.

And to emphasize again: if you have a file with the right contents, you can decrypt; if you don't, you can't. This does mean that backups become just that little bit more important, and perimeter/physical security too.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.