Radio Preppers

General Category => Tactical Corner => Topic started by: gil on August 15, 2012, 10:54:01 AM

Title: Sending Encrypted Messages in Morse Code.
Post by: gil on August 15, 2012, 10:54:01 AM
In this article I will show you how to send an encrypted message that can not be broken. All you need is paper and pencil. With our privacy disappearing faster than the Mountain Gorilla, I thought that such knowledge might one day become more than a coffee shop conversation topic. I am referring to the One-Time-Pad described by Neal Stephenson in his novel, "Cryptonomicon." Highly recommended by the way. So, learn it and have fun with your kids. It's kind of like showing them how to start a fire without matches or lighter. It's fun, and who knows, they might have to use it some day..

By the way, this is one more reason to learn Morse code. You can't encrypt your voice, at least not without exotic hardware and software. After a natural or man-made disaster, our country could be a prime target for invasion. I know, extremely unlikely.. So thought many Europeans in 1939. Sending a coded message with a simple and small CW radio might one day be a life saver.

DO NOT send encrypted messages over the airwaves, it is illegal!

I have always been interested in encryption theory. Surprising, since I never liked puzzles or crosswords. Not to mention my poor math skills. For some reason I have always been driven to learn obscure, odd or outdated skills. Even though I am a programmer by trade, the level of complexity in encryption software is way over my head. I've had a PGP key for about fifteen years, but to my dismay, nobody ever sends encrypted messages but for the occasional server password; and that may have been two or three emails in ten years. Had I not insisted on it, I would have received none. You would think this feature would be built in every email program, but it isn't. You must add a plugin to your mail client, if one is even available. I know Evolution on Ubuntu has it built in, and Pegasus Mail on Windows has a plugin, my Mac does too. But computer encryption is not the subject today.

Let's see how it is done. It is pretty easy:

You need a way to produce random letters. These random letters will be the key used to code and decode the message. Do not rely on yourself or a computer to produce true randomness. Typing random keys on your keyboard doesn't work, it won't be truly random. Good for practice, but not for real messages. I would suggest putting letters from a Scrabble game in a bag and shake it vigorously. Pick one letter (without looking!), write it down. Put it back, repeat. Write down your pad in groups of five letters, like so:

GEXOJ AXYEN LOWHD AWQJD UBRWJ

You need as many letters as your intended message. Here is a one-time-pad generator, for practice (set group length and key length to 5).

Encoding:

Now, let's say your message is HELLO. Our first key group is GEXOJ.

HELLO is the message.
GEXOJ is the key, called a one-time-pad because it can be used for only one message.

We are going to count to the position of the letter H, but starting at zero, not one.
A B C D E F G H
0 1 2 3 4 5 6 7........ Etc...

Here is the whole alphabet to help you:

ABCDEFGHI JKLMNOPQRSTUVWXYZ
012345678910111213141516171819202122232425

H=7.
Our first key letter is G, and G = 6.
Add the two: 7+6=13 = N.
We keep going: E=4 + E=4 = 8 which gives I.
L=11 + X=23 = 34 ! Ha, problem! The alphabet has only 26 letters.
No problem, when we hit 26, we go back to A. 27=B, 28=C, etc. So, 34=I.
L=11 + O=14 = 25 = Z.
O=14 + J=9 = 23 = X.

Here is another way to look at it:

Position74111114
MessageHELLO
Position6423149
KeyGEXOJ
Position138342523
EncryptedNIIZX

Our secret message is NIIZX.

Now, let's decode it:
We do the same thing in reverse...
(If a number is negative then add 26 to make the number positive.)

EncryptedNIIZX
Position138342523
Minus (key)6423149
Equals74111114
MessageHELLO

The encrypted message is as random as the key is. Therefore, as far as I know, there is no code breaking method available that could possibly crack it. Your message is of course only as safe as the key. If the key is truly random, has not been seen by anyone except you and the recipient and was used only once then destroyed, then your message is safe!

Gil.

Title: Re: Sending Encrypted Messages in Morse Code.
Post by: K7KEV on August 17, 2012, 01:54:20 AM
Cryptography is one of the most interesting subject in mathematics and logic.  When it comes to Amateur Radio, where you rightly point out that we cannot use cryptography or cyphers of any kind, I am reminded of one of my favorite TV series, In Plain Sight.  The "Where's Waldo" approach to Amateur Radio communications can be quite useful.  Tactical communications are some of the most difficult to "Waldo-ize" but a little thought and a cool delivery can pull it off.  You don't have to say, "There is a dead guy in a burned out car in front of the sewer plant!" on local repeater but you can direct the right person to that location with something like "You are needed at 2929 West Lake Ave, please expedite." 

When it comes to digital communication, Amateur Radio can Waldo-ize much more thoroughly.  This is my preferred list from least Waldo-ish to the most Waldo-ish.

1) VHF Packet (Not commonly intercepted, but easy to do so)
2) Sound card modes: PSK31, Olivia, Thor, MT63, etc.  (Easy to intercept, but what casual listener has the equipment?)
3) CW (Who'd bother with so much easier pickings on the local FM repeater?)
4) Pactor III  (Expensive and difficult to intercept.)
5) Winlink / Winmor (Very difficult to intercept-- especially peer-to-peer mode.)

73,

Keith, K7KEV
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: Scott on September 02, 2012, 12:51:32 AM
I'll +1 K7KEV, and add D-star / All-star.  Especially D-star, because come on.  NOBODY has that gear.

Security through obscurity, eh??
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: Jonas Parker on September 02, 2012, 12:20:22 PM
Formulab has a nice  little and free program for generating One-Time Code Pads... Great fun for the kids on a rainy day!  8)

http://www.fourmilab.ch/onetime/otpjs.html
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: Archangel320420 on September 10, 2013, 01:11:26 AM
K7KEV  I like "hidden in plain sight"  CW  :)

Nice well thought out post above.  73
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: gil on September 10, 2013, 01:52:27 AM
Quote
K7KEV  I like "hidden in plain sight"  CW

Yep, Morse code , I'm for it 100%. Taking a CWOps class right now to up my speed.. I think I'm at about 15wpm, starting to head-copy. I like the privacy Morse code affords, be it on the radio, with a flashlight, or poking someone's arm! Few people who are not Hams, ex military, or merchant marine (from a while back) can decode it or know to download Fldigi and let their computer do it. And there is of course the one-time-pad. Actually, since I am waiting for my first arduino board, I am thinking a true random number generator would be a good starting project to learn the programming interface! I could just use wind input... Send the result directly to a printer maybe.. But that's a bit more involved.. Will I ever use a one-time-pad? I doubt it.. Just like many other archaic skills I've picked up in my life. Morse code however I know will always be useful!

Gil.
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: RadioRay on September 10, 2013, 02:03:31 AM
Hey -

I think I saw this in an old movie once.

Pencil , single sheet of paper on a glass table top (no impressions to read) and your one-time-pad.  Write your tableau from memory - it provides no security anyway.  Generate your message, burn the pad used for the message and the portion of your paper with WITH the cleartext plus pad on it and 'wash' it's ashes between your hands under the tap until it leaves as dark water - not chunks.  The unseen fine screen the VB snitch "maid" checks in your plumbing when you're at work will catch chunks of cypher material and convict you, assuming you're under suspicion and everyone is under suspicion.  You didn't forget, and leave your remaining collection of 'pads' out for the 'maid' to see - did you?

Now - all that you have is a cipher message that even YOU are not now able to decipher.  "Rubber-Hose Cryptanalysis" will not work in this case because it is impossible to remember 50 groups of random letters/numbers, there is no known mathematical attack either. Because this message is time sensitive, you cannot use one of the dead drops, so it must go by radio. That is why the only remaining key is at your Mother station, safely across the border.


Go to today's transmission location, load your message twice into the burster, destroy the paper message original, then transmit it as an incredibly SHORT "burst" by protocol. PS. If you're working for the East during this long gone era, you'll need 35mm film, old style cellulose is best - Komrade!

(http://www.radiomilitari.com/r350.jpg)

Let your team take care of hiding the hardware for it's next use - you won't be back.  Follow your protocol for hiding the set in a way & place not easily connected with you. You'll have other sets that you rotate through also. One is none & Two is ONE, they told you. Each transmission is, seemingly random and is indeed from from a different site. Exit the area looking like everyone else on the street, this is much more difficult if you work for cheap-skates who sent you in alone and you've been digging a hide for the radio - wearing normal clothes.

Later that night and during the week, listen for your call-up on the blind transmission broadcast you receive with the common, 'People's Radio' allowed in your target country - no special equipment to make you look suspicious.  Use headphones, so the audio is not heard... You don't want to disturb the neighbors; good manners, and all, but you still want confirmation that Mother received and understood your message and what to do next. Eh, wot?

(http://antiqueradio.org/art/tesla308upic.jpg)

That was old school.  I am certain that there's no use for it today, what, with microprocessors in everything, all interconnected across the globe making everything so much easier - right?  No use at all. Then again, there can be no back door subroutine to contaminate everything that came in contact with your pencil. . .



de RadioRay ..._ ._





Title: Re: Sending Encrypted Messages in Morse Code.
Post by: Archangel320420 on September 10, 2013, 02:54:26 AM
You are slightly twisted, Ray, but I luv ya.
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: RadioRay on September 10, 2013, 03:30:53 AM
Thanks ArchAngel - Too many years with my headphones screwed on too tight.

Thanks for being part of the walk down the sanitized part of memory lane. That other part we can talk about when we meet on the other side.



>de RadioRay ..._ ._
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: KC3AOL on September 10, 2013, 11:06:19 AM
Slightly simpler would be to use a number-based key instead of a letter-based key.  In the example, instead of taking GEXOJ and converting it to numbers each time you want to encode/decode, just use 6-4-23-14-9 as the key.

Also, you could just repeat the key for longer messages.  So the key for "hello world" would be 6-4-23-14-9-6-4-23-14-9.  Sure, if it is used enough, that increases the possibility of decryption, but it certainly won't be easy.

Other things you could do would be to have words in the open that give an indication of the key used.  For example, "day of infamy" could be put out in the open and whoever is receiving would have to know that is Pearl Harbor Day (Dec 7, 1941) and how to format the date (i.e. 12-7-19-41, 19-41-12-7, or 1-2-7-1-9-4-1, etc.) to be used for decryption.  That makes decryption easier for someone to figure out, but still not easy and if you use a non-"normal" date/whatever (i.e. day your dog died), it makes it even tougher.  But part of the point of this is to be able to change keys easily on the fly as long as the basic rules are set up in advance.

Isn't encryption fun!
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: KC9TNH on September 10, 2013, 12:27:42 PM
I don't think that Ray is so "out there" - or maybe that says something about me instead. :o

Couple thoughts:
Gil: when you get ready to do your randomizing, just remember your chip isn't random enough, and one of the best seeds around to toss in the cooking pot is atmospheric noise.

The OTP software from fourmilelab is a very good one; in fact it is more work setting up how one wants their individual sets cranked out on paper (so many rows, by so many sets on an 8.5x11 sheet most can use).  But good stuff.  There is one other use often forgotten for OTPs. You can draft a good old-fashioned LETTER to someone and it is no less secure than the same transmission over the air. It can even be delivered by a 3rd party with confidence since they are literally only the transmission medium and have complete deniability.*

5-letter groups?  Me?  Naw, it must be just some practice text I downloaded off the internet from TM 11-459.
 8)

* we had a very good "mail slipping" (out of the envelope for copy) operation against the Abwehr operating out of Bermuda during WW-II.  No reason to think that talent doesn't exist still either.
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: WA4STO on September 10, 2013, 12:29:41 PM
Thanks ArchAngel - Too many years with my headphones screwed on too tight.



Uh, Ray...

Did the medics onboard the alien spacecraft really get you to believing that those were headphones?

73

LH
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: gil on September 10, 2013, 12:39:43 PM
Quote
Gil: when you get ready to do your randomizing, just remember your chip isn't random enough, and one of the best seeds around to toss in the cooking pot is atmospheric noise.

The randomizing would not be done by software. I'd use wind gusts as in input..

Gil.
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: Quietguy on September 10, 2013, 04:41:27 PM
There is an interesting crypto web page at
http://users.telenet.be/d.rijmenants/
He has a lot of information on older systems there.  He also has a software numeric one time pad key generator called "Numbers".  He goes into some detail on how it works and steps he took trying to maximize randomness.  The nice thing about this one is it is stand-alone, so can be run off-line and the results never see the Internet.  It is Windows, but he says it runs under WINE.
http://users.telenet.be/d.rijmenants/en/numbersgen.htm
I have played with the Numbers generator and it is pretty nice.

Wally

Edited to correct Numbers link - apparently today is going to be a copy/paste challenged day.
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: cockpitbob on September 10, 2013, 04:57:17 PM
Another nice thing about morse is all the abreviations we use adds another layer of confusion for the cryptographers.
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: gil on January 29, 2018, 08:54:58 AM

Gil.
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: cockpitbob on January 30, 2018, 08:11:59 PM
Nice vid Gil.  I like the white board presentation.  It made things nice and clear.

One idea for a OTP that I kind of like is the news paper.  You and your counterpart agree on something like:  the key starts on the first letter in the first column on page-2 of yesterday's Wall Street Journal.  Not as secure as something truly random, but it has exceptional convenience.  Every day the paper boy (do they still exist?) delivers your pad for tomorrow.  I've also heard of using the text from a novel (starts with 2nd paragraph on pg 132, etc).
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: gil on February 01, 2018, 09:02:15 AM


Nice vid Gil.  I like the white board presentation.  It made things nice and clear.

Thanks Bob :-)

Sent from my SM-G928F using Tapatalk

Title: Re: Sending Encrypted Messages in Morse Code.
Post by: johno on May 15, 2018, 05:45:51 PM
A little late to the party here, (only 9 months) but as I started reading this I was going to mention the one time pad site by Dirk Rijmenants, which “Quietguy” already did, which is excellent.  I should also tell you about

http://allworldwars.com/German-Radio-Intelligence-by-Albert-Praun.html

which was written by a bunch of Wehrmacht officers with radio intel experience in both WW-1 and WW-2.  One thing I thought was interesting was their mention of the Polish and Czechs pre-war exercises and when the Nazi's were actually on the move, the Poles and Czech's followed the same plans, complete with call signs and marshalling locations, which the Nazi's had already DF'd!  It's a long read and a little dry at times, but definitely is written by people who know their business.

We were always told in the Army to use wirelines between units in cantonment areas (I've laid miles of WD1-TT).   We were also told that about 11 seconds after pushing the mic button, the Russians could DF your position and have artillery on the way.  When we were in Bavaria for REFORGER, as long as we used speech security devices, there was terrific radio jamming from Czechoslovakia.  As soon as we went back to nonsecure and encryption pads, the jamming stopped.  Nowadays, they have frequency hoppers and I'd love to see how those work!

PS:  CW still does the job!
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: gil on May 15, 2018, 06:04:23 PM
Thanks John, nice insight.
Gil

Sent from my SM-G928F using Tapatalk

Title: Re: Sending Encrypted Messages in Morse Code.
Post by: lpwaterhouse on August 03, 2018, 05:04:23 AM
Hi,

I just discovered the youtube channel and the OTP video drew me here. I'm a bit of a Cryptology nerd and want to chime in on some of the commonly glossed-over details, misconceptions, etc. that are nonetheless surprisingly vital in keeping your communication secret, especially regarding the perfect secrecy of OTPs (which is _far_ more impractical than most people assume). Gil does mention all of the problems, but I think they bear pointing out even more explicitly:

While it is true that a properly generated One-time Pad is information-theoretically perfectly secure, the devil is in the details of that "properly generated". The perfect security ONLY applies when a source of actual, physical, randomness is used, with proper precautions to eliminate biases, etc. The problem is that it is very hard to be sure your source _is_ actually random (Generally nuclear decay, Thermal (Johnson-Nyquist) noise, Avalanche Diodes or the last bit of a microsecond time difference between keystrokes are usually considered "good, as far as we know"). If instead you use any kind of Pseudo-random number generator [PRNG] (e.g. /dev/random, rand(), that formilab site, etc.) then the security guarantees drop from "perfect" to that of an ordinary StreamCipher (in fact "Adding/XORing with an algorithmically generated Key-Stream" is a definition of StreamCipher), subject to the quality of the PRNG, but always lower than "perfect". Some such PRNGs are "cryptographically secure" [CPRNG], meaning that while they aren't "perfect" we _currently_ know no way of breaking them. The majority of PRNGs however are utterly unsuitable for cryptographic purposes, they were designed for statistical properties instead.

So, if you truly want to approach the perfect security of the OTP you MUST use a hardware or "true" RNG [TRNG], and pay attention to whether the cryptographic community considers that particular design "good, as far as we know". Some possible options are http://moonbase.tictail.com/ or https://www.tindie.com/products/WaywardGeek/infinite-noise-true-random-number-generator/.

If you have no access to a TRNG (or you realize that "perfect" is the enemy of "good enough") then you are probably better off using an established cryptographic algorithm, because they a) are likely equal or better than anything you can assemble with a PRNG, even if cryptographically secure, and b) don't share the major drawback of OTPs (or rather: pre-shared key-streams), namely having to _securely_ share a "pad" with the recipient ahead of time, that is at least as long as all messages you ever intend to exchange concatenated (The only advantage of this over communicating securely directly is that it can be shared ahead of time, when circumstances can make it easier, e.g. face to face). There is a good reason even governments/spy agencies don't often use OTPs, exchanging and storing that much highly sensitive "pad" is truly difficult (And then you still have to be extremely careful in using it correctly, or you can easily make non-obvious mistakes that render you encryption surprisingly weak, read up on the "Venona project" for when that happend to the Soviet Union. For example: NEVER EVER repeat the pad! One repetition IS enough to break it, relatively easily even!)

So, what if you only need "good enough"? Meaning something that, according to current research (publicly available only, of course...) would either take longer than the expected life-time of the universe to break, or something that only needs to be secure against non-government adversaries, like your neighbors?

Your best bet is well-established and internationally vetted systems, preferably using public-key algorithms (So you don't even have to exchange the, relatively short, compared to an OTP, key securely), for example RSA with AES.

But those of course require computers and access to cryptographic software (something that many governments consider restricting from time to time...), so you want something that can either be programmed from memory or works without any computer at all, "in the field". I suggest having a look at these two options in particular:

    - CipherSaber-2 (http://ciphersaber.gurus.org/) using RC-4, an easily memorizable algorithm that most programmers can code in a few minutes, with practice. RC-4 itself is considered insecure against determined and knowledgable adversaries, though the modification in CipherSaber-_2_ is likely to alleviate that somewhat. In a SHTF (as opposed to an Orwellian) scenario I wouldn't hesitate to use it.

    - Solitaire (https://www.schneier.com/academic/solitaire/), also known as "Pontifex" (in the "Cryptonomicon" Gil mentioned) working without a computer, using an inconspicuous deck of playing cards. Not much research seems to have gone into the security of Solitaire (though its designer is a respected cryptographer), but its construction suggests it may be vulnerable to the same kind of attacks as RC-4. Still: Certainly good enough against your neighbors. Try it (the password is "GL", which is too short for real use, and I'm not using the optional keying step of setting the Jokers): "LEZVJ RUQLK BCTED"

And last, but not least: In case you want to learn some cryptanalysis and break some ciphers (including a few used by the US army in WW2), have a look at https://www.mysterytwisterc3.org/en/ It can be quite eye-opening...

Regards,
Lawrence
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: gil on August 03, 2018, 05:13:56 AM
Great info, thank you!

I remember reading that AES might have been voluntarily compromised by the NSA, on the random number generator... Also that AES-128 is better than the 256 bit version...

Wouldn't Blowfish be more secure than AES?

Gil

Sent from my SM-G928F using Tapatalk

Title: Re: Sending Encrypted Messages in Morse Code.
Post by: lpwaterhouse on August 03, 2018, 06:02:48 AM
You're thinking Dual_EC_DRBG, which has nothing to do with AES. NSA only reviewed and approved the AES candidate algorithms, they did not have a direct hand in them like with DES (where they secretly made it more secure) or Dual_EC_DRBG (deliberately sabotaged as part of "Bullrun").

As for 128 vs. 256 the one concern is that 256 seems to be slightly weaker (though FAR from broken) against related key attacks, but given its much greater strength overall I'm not worried by that, both options are sensible, I go with 256 if speed is not a major concern.

If I HAD to pick an alternative today I'd go for ChaCha20 (A Stream Cipher, so not fully comparable), Serpent or Twofish (in descending order of preference), but for the moment I trust AES. Much of that is of course personal preference and gut-feeling, but I read the relevant papers too ;-)
Title: Re: Sending Encrypted Messages in Morse Code.
Post by: gil on August 03, 2018, 06:04:23 AM
Thank you.

Gil.

Sent from my SM-G928F using Tapatalk