OneTime 2.x Changes and Compatibility Notes

OneTime logo

As of 2016-10-29, OneTime 2.0 is in beta testing.

Changes in 2.0

  • Pad IDs have changed, because they are calculated differently now. The IDs in your pad-records file will be upgraded automatically; you do not need to do anything.

    Important note to 2.x beta testers: Pad IDs changed during the development process for 2.0 too, so if you used interim 2.0 beta versions, you may need to fix your ~/.onetime/pad-records file — otherwise there is a danger of pad range reuse! For each of your pad files, run the command "onetime -p PAD_FILE --show-id" with whatever 2.0-beta version of onetime you were using, save the outputs, and then upgrade onetime to 2.0-beta12 or later and run the same command for each pad. Use the two output sets to manually update the pad IDs in ~/.onetime/pad-records.

  • Message authentication and integrity checking, based on an embedded SHA-256 digest in the ciphertext and on the message's position within the ciphertext being based on surrounding pad data. This combination protects against the situation where someone who can interfere with the transmission channel would have both a possible bit-flipping attack on message integrity and a known-plaintext message-substitution attack. (Thanks to Andy Isaacson for pointing out these problems in a discussion on the Liberation Tech mailing list.)

  • New output format (example), to support the above new features and for more efficient pad usage. OneTime 2.x can still read 1.x output, but 1.x and older versions cannot read 2.x output.

  • New --show-id option displays a pad's ID.

  • New --pad-help option tells how to generate pads.

  • There is no more automated version control of pad metadata. This is for many reasons, among them code simplicity and the Principle of Least Astonishment. You can still keep your ~/.onetime/ area under VC manually, of course.

  • The --no-vc option is therefore removed.

  • OneTime's license is now an MIT-style free software / open source license, to avoid various problems with the public domain in certain jurisdictions.

  • New --license option displays the license.

  • A bug with with saving the pad-records file on Microsoft Windows is now fixed.

  • You can now do make install --prefix=SOME_INSTALLATION_PREFIX. (Thanks to @DomT4.)

  • For developers: regression test suite added.

Compatibility between OneTime 1.x and 2.x

  • Messages encrypted with OneTime 1.x will always be decryptable by 2.x and higher versions.

  • Message encrypted with 2.x are not decryptable by 1.x versions.

  • The latest testing version on the 2.x line is 2.0-beta15, released 2016-10-29.

  • There have been incompatible format changes along the 2.x line during the course of 2.x development and beta testing. If you're having trouble decrypting a message encrypted with one of the previous beta versions, just backdate along the 2.x line until you find a version that can decrypt that message (but please don't use those old versions to encrypt anything new).