One-Time Pad is actually a Two-Time Pad

codeandsec / VernamTunnel

TCP tunnel with Vernam Encryption

Other

26 stars 5 forks source link

One-Time Pad is actually a Two-Time Pad #1

Closed thejh closed 9 years ago

thejh commented 9 years ago

It seems like ClientThread() and TunnelThread() both use the same keyfile, at the same offset. This means that key material is used twice, not once, enabling a MITM attacker to recover plaintext. You might want to only use key material once, not twice.

thejh commented 9 years ago

Whoops, looks like I got that wrong. Sorry for the noise.