Well I can say to both samoth and Bacterius: I already know OTP is a huge pain, but if used correctly, I don't see why it couldn't work. The problem is that the alternative is any of these other algorithms which, unfortunately, are potentially susceptible to cryptanalysis. All the arguments of it taking several lifetimes to analyse are BS, because:
A: if you wait a few years/decades, who knows what kind of computing technology will be available, which might be able to crack it in a day!
B: Quantum computing threatens to make many algorithms obsolete, and the ones that won't be are often ones that only work ON quantum technology (which frankly, will probably not be available to the persons transmitting these communications). And even those may be cracked at some point.
C: Some algorithms are deliberately given a back door, for the public to only discover too late, after they've been using the algorithm on their "private" data, thinking it was secure! The NSA did this to a particular example, of which I just can't recall the name at the moment.
D: There are trojans that can infect millions of computers worldwide, and force them to perform background jobs that just constantly process cryptanalysis, on the off-chance that one may crack a key. But given enough processors enough time, well, you know what they say about monkeys and typewriters.
So you see, given the circumstances, I don't think wanting perfect secrecy is unreasonable. Maybe impractical, but certainly not unreasonable.
And if you think I don't know anything about cryptography just because I didn't know much about random number generation, it's only because I've studied cryptography, but haven't actually used it before for one simple reason: I don't trust it. And the reason I don't trust it is because it is imperfect. But at a certain point, there comes a time when unfortunately it may be necessary to rely on electronic communications, and when that time comes, you NEED something secure!
To answer your questions, Bacterius:
- My authentication prevents impersonation. The reason I didn't mention it in this post was because I really only wanted to know how to generate truely random numbers. The rest of this just branched off from that.
- Assuming it's authenticated and encrypted adequately, I'm not sure how a MITM attack would happen. Unless I'm missinterpretting your implication.
- The data should go through fine unless there's an error or tampering, in which case the data can be re-transmitted with a different section of the OTP.
- Interactive in what way? I was thinking of having it pretty much automated.
- In this situation, I'm not sure how there would be a replay attack. Do you have an example?
- The entropy of the key is set up ahead of time and there's no way it can be tampered with because it's done completely privately.
- If one party is compromised, we may as well just eat bullets.
- Doesn't need more than 2 users (or computers anyway).
- The encryption is deniable to the extent that no data is ever stored long term and is erased after each session.