E-Mail 'Cipher Security- Part 1, by East Sierra Sage' To A Friend

9 Comments

1. Are there programs that can (help) generate OTPs (One Time Pads)?

   1. There are computer programs to generate OTPs but I have read that anything that attaches to the internet can develop a signature and isn’t truly random. The people at AmRRON have recently developed a stand alone machine that will generate and print OTPs that are completely random. https://amrron.com/2018/03/18/amrron-dark-labs-otp/

2. I wish I had been able to have you for a training NCO in my command … well written article, thank you.
   Semper Fi.

3. OTP generator

   http://www.storyhack.com/2016/08/22/send-a-secret-message-one-time-pad-generator-for-pen-and-paper-encryption/

4. https://www.schneier.com/crypto-gram/archives/2002/1015.html#7

   Bruce Schneier is a pretty smart and experienced crypto guy. Worth reading.

   1. Thanks for the link, Totally agree with you about Bruce Schneier. His book Applied Cryptography is a great read, however his criticism of one time pads is directed towards their use in the digital realm.

      Key distribution is indeed a difficult issue and discipline in use is paramount to maintaining integrity of encrypted material ( soviet example, pads were reused ). Notice though that he did not say one time pads were insecure, just the opposite. Once encrypted, the cypher text can be transmitted by any means available to you, email, web page like paste bin, over the air ( radio, numbers stations ) or event painted on a wall or on a billboard. As long as the key is not compromised ( reusing compromises the key ) the message is secure.

      One time pads are a tool, just like PGP encryption, symmetric cyphers, etc… Use the correct tool for the task at hand. In a grid down situation your not going to use PGP or other encryption methods that are computer based, your going to use 10 sided dice or something like this, https://amrron.com/2018/03/18/amrron-dark-labs-otp/ Check it out for your self, schematics and source code are on that page. Don’t trust, verify. ( in the interest of full disclosure, i am involved with that product).

      One time pads are a “meatspace” encryption tool, and that’s where it counts.

5. Another option is the “Book Cipher,” although it’s more suited for “base station” operations than the field.
   Each person has a copy of the same book – same edition, same printing – exactly the same. Best to purchase (with cash) two or more of the books from the same book seller to avoid buying different versions. Buying more than two may require researching a few book stores to ensure their versions are exactly the same, again purchased with cash.
   From there, the code uses page number, line number and letter on that line. For example: 121/32/11 = page 121, line 32, word 11 on that line starts with an “s.” More cumbersome but it works pretty well until the book is compromised…then it’s on to the next book in the cycle. A schedule can be set to rotate between books. Since it also may take more time to encode and decode, as the author says, keep it concise.
   For field operations, you can tear out an agreed upon page and take it with you, but not ideal.
   For numbers, in a time-sensitive situation, use any symbol other than the number, an “* (asterisk)”, “$”, “&” sign before a letter: *a = 0, *b = 1, up to *j = 9. Note that encoding numbers this way does not require the book, but it’s also easily deciphered. The book cipher can be used for numbers that are critical.
   The Book Cipher my not be perfect, but it may be simpler for some to learn and use, and no software involved.

6. From my comment above, “…the code uses page number, line number and letter on that line. For example: 121/32/11 = page 121, line 32, word 11 on that line starts with an “s.”

   I should’ve said, “…line number and first letter of the numbered word on that line.”

   1. I agree that the book cipher is simple and probably impossible to break. And if you pick the right book it’s also enjoyable to read.

Comments are closed.