Newer
Older
<title>OneTime 2.x Changes and Compatibility Notes</title>
<meta name="viewport" content="width=device-width,initial-scale=1">
<link rel="stylesheet" href="css/pills.css">
<link rel="stylesheet" href="css/styles.css">
<link rel="icon" type="image/png" href="images/logo/onetime-logo-color-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="images/logo/onetime-logo-color-16x16.png" sizes="16x16">
<h2><span class="title" >OneTime 2.x Changes and Compatibility Notes</span></h2>
<center><a href="./"
><img style="vertical-align: middle;"
src="images/logo/onetime-logo-color-32x32.png"
alt="OneTime logo" /></a></center>
<p class="notice" >As of 2016-10-29, OneTime 2.0 is in beta testing.</p></h4>
<h3 style="text-decoration: underline;" >Changes in 2.0</h3>
<ul style="list-style-type: circle; ">
<li><p>Pad IDs have changed, because they are calculated differently
now. The IDs in your <tt>pad-records</tt> file will be upgraded
automatically; you do not need to do anything.</p>
<p><span style="font-style: italic; font-weight: bold;" >Important
note to 2.x beta testers</span>: Pad IDs changed
<span style="text-decoration: underline;" >during</span> the
development process for 2.0 too, so if you used interim 2.0 beta
~/.onetime/pad-records file — otherwise there is a
danger of pad range reuse! For each of your pad files, run the
command "<tt>onetime -p PAD_FILE --show-id</tt>"
with whatever 2.0-beta version of onetime you were using, save the
outputs, and then upgrade onetime to 2.0-beta12 or later and run
the same command for each pad. Use the two output sets to
manually update the pad IDs in ~/.onetime/pad-records.</p></li>
<li><p>Message authentication and integrity checking, based on an
embedded SHA-256 digest in the ciphertext and on the message's
position within the ciphertext being based on surrounding pad data.
This combination protects against the situation where someone who can
interfere with the transmission channel would have both a possible
bit-flipping attack on message integrity and a known-plaintext
message-substitution attack. (Thanks to Andy Isaacson for
pointing out these problems in a
<a href="https://mailman.stanford.edu/pipermail/liberationtech/2013-July/010405.html"
>discussion</a> on the Liberation Tech mailing list.)</p></li>
<li><p>New output format (<a href="example.onetime" >example</a>), to
support the above new features and for more efficient pad usage.
OneTime 2.x can still read 1.x output, but 1.x and older versions
cannot read 2.x output.</p></li>
<li><p>New <tt>--show-id</tt> option displays a pad's ID.</p></li>
<li><p>New <tt>--pad-help</tt> option tells how to generate pads.</p></li>
<li><p>There is no more automated version control of pad metadata.
This is for many
<a href="https://code.librehq.com/kfogel/onetime/-/commit/e343a860123a01c6ddb3f7ce2537325efe17238f"
>reasons</a>, among them code simplicity and the
<a href="https://en.wikipedia.org/wiki/Principle_of_least_astonishment"
>Principle of Least Astonishment</a>. You can still keep your
<tt>~/.onetime/</tt> area under VC manually, of course.</p></li>
<li><p>The <tt>--no-vc</tt> option is therefore removed.</p></li>
<li><p>OneTime's license is now an <a href="LICENSE" >MIT-style free
software / open source license</a>, to avoid various
<a href="http://opensource.org/faq#public-domain" >problems</a>
with the public domain in certain jurisdictions.</p></li>
<li><p>New <tt>--license</tt> option displays the license.</p></li>
<li><p>A bug with with saving the pad-records file on Microsoft
Windows <a href="https://code.librehq.com/kfogel/onetime/-/issues/13"
>is now fixed</a>.</p></li>
<tt>make install --prefix=SOME_INSTALLATION_PREFIX</tt>.
(Thanks to <a href="https://code.librehq.com/kfogel/onetime/-/issues/12"
<li><p>For developers: <a href="check.sh" >regression test suite</a>
added.</p></li>
</ul>
</div>
<div class="six column">
<h3 style="text-decoration: underline;" >Compatibility between OneTime 1.x and 2.x</h3>
<ul style="list-style-type: circle;">
<li><p>Messages encrypted with OneTime 1.x will always be decryptable
by 2.x and higher versions.</p></li>
<li><p>Message encrypted with 2.x are <em>not</em> decryptable by 1.x
versions.</p></li>
<li><p>The latest testing version on the 2.x line
is <a href="onetime-2XVERSION" >2XVERSION</a>, released
<li><p><span style="font-style: italic; color: red;">There have been
incompatible format changes along the 2.x line during the course of
2.x development and beta testing.</span> If you're having trouble
decrypting a message encrypted with one of the previous beta versions,
just backdate along the 2.x line until you find a version that can
decrypt that message (but please don't use those old versions to
encrypt anything new).</p></li>
</ul>
</div>
</div>