curtwill

I have other hardware that looks very similar to the pineapple MK4 anyway. It could be real embarassing for you if you grabbed me in public. So my advice would be to do nothing.

The entire one time pad thing is, of course, massive overkill. I like a program called FineCrypt. There used to be both free and paid versions out there. The reason I like it is availability of the Mars and RC6 algorithms. A lot of people don't use FineCrypt because of problems with the key generation part of the program. Not random; not secure. I figured out the format for FineCrypt generated keys and started generating my own, then infuse them into the program. Now I have key generation that is as random and secure as I can make it, combined with 2048 bit RC6 or 1248 bit Mars encryption. Way overkill for anyones needs unless your name happens to be Osama.

Yes indeed. XOR can make a fine one time pad if you can share the key securely. There are ways to do this. I'll give some hints and leave the rest to the student as an exercise. First think about what a one time pad is. You start out with a source file, which can be anything (including a cyphertext). You then need a keyfile at least as large as the source file. It must be entirely random (or in our imperfect world, as random as possible). Each byte of the source file is XOR'd by a byte from the padfile. So, a six million byte source file requires a six million byte key. Attacks against this method include attacking the key generator or exploiting anomolies when same pad is repeatedly used. I am told that some US security agencies generate keying material by shifting a gps stream in a particular way. This is rumoured to be the method used to encrypt the US/Moscow hotline. Both sides sync up and read the gps stream; then do something special to it. Ensuring that "something special" is unpredictable and produces a unique random stream every time is the trick. So think about how you can do the same thing using something other than the gps data. There must be something that both sides have access to (the more random the better). Then you transform it (into a temporary keystream) in a way that isn't known to the bad guys, ensuring that it becomes "more random" than it was when it started. Then you XOR. Afterward you destroy the pad. Simple. So put some creativity into developing ways to do this. You need a reference signal of some sort, the more random the better, and a way to sync it so both parties can access it identically. Then you have a preshared means to transform the reference signal. Then you XOR. Then you destroy all traces.

Of course, encrypting it at all might attract unwanted attention. So use any file level encryption with 256 encryption with a cypher feedback mode. Set up a throw-away email account at both ends and run through a proxy server like tor for setting up the bogus accounts and sending/receiving the emails. Also, go to a busy starbucks when you set up the bogus accounts or access them, preferably not near home. Or better yet, set up a single bogus email account and manually share account name and password with your friend. Instead of emailing them the message just save it to the drafts file. That way it never hits the grid except when you create and read it. Follow all other rules as above. I'm told some US black ops groups are communicating this way.This method makes the key distribution problem harder, but if you have a small number of friends it might not be a problem. Once you're finished communication this way, you can erase your memory of the message by applying a 4000 volt shock......

Oh, nobody trusts State. After all, they're all ivy league faggots over there in the Truman Bldg.

I used to work for US Department of State. We spent more time securing computers and communications againt attack by CIA than by any foreign government. Stae doesn't trust CIA; CIA doesn't trust DIA; DIA doesn't trust CIA; NSA spies on everybody.....

I'm a complete noob to wifi pineapple so I might be full of it here; but I do have about 30 years experience with various unix and unix-like systems. In the old days before we had unix systems administrators to worry about running our machines, we used to type "sync" three times before powering down a unix box. My fingers just automatically do it without thinking. Interestingly, I just ssh'd into my pineapple and issued "shutdown -h now" and found that the pineapple doesn't understand shutdown. It does understand both reboot and sync. Reboot doesn't help when you want to power down the box, so I don't see an alternative to unplugging the power supply. Wifi Pineapple is definitely the coolest toy I've had to play with in a while. I'm already thinking about building a clone on the ODROID X2. The lust for power never diminishes.