Bitcoin donations to: 1CE9UfWJcHBYkWPns7iqBqZgKhd5xfqEaM thanks!
Buy Bitcoins easily by clicking HERE!


Use coupon radiopreppers for 20% off on the above site.Become a Patron!

Author Topic: Sending Encrypted Messages in Morse Code.  (Read 17741 times)

gil

  • Administrator
  • Hero Member
  • *****
  • Posts: 2910
  • SMeter: +77/-3
    • View Profile
    • Radio Preppers
Re: Sending Encrypted Messages in Morse Code.
« Reply #15 on: January 29, 2018, 08:54:58 AM »

Gil.

cockpitbob

  • Administrator
  • Hero Member
  • *****
  • Posts: 1180
  • SMeter: +39/-0
    • View Profile
Re: Sending Encrypted Messages in Morse Code.
« Reply #16 on: January 30, 2018, 08:11:59 PM »
Nice vid Gil.  I like the white board presentation.  It made things nice and clear.

One idea for a OTP that I kind of like is the news paper.  You and your counterpart agree on something like:  the key starts on the first letter in the first column on page-2 of yesterday's Wall Street Journal.  Not as secure as something truly random, but it has exceptional convenience.  Every day the paper boy (do they still exist?) delivers your pad for tomorrow.  I've also heard of using the text from a novel (starts with 2nd paragraph on pg 132, etc).

gil

  • Administrator
  • Hero Member
  • *****
  • Posts: 2910
  • SMeter: +77/-3
    • View Profile
    • Radio Preppers
Re: Sending Encrypted Messages in Morse Code.
« Reply #17 on: February 01, 2018, 09:02:15 AM »


Nice vid Gil.  I like the white board presentation.  It made things nice and clear.

Thanks Bob :-)

Sent from my SM-G928F using Tapatalk


johno

  • Newbie
  • *
  • Posts: 3
  • SMeter: +0/-0
    • View Profile
Re: Sending Encrypted Messages in Morse Code.
« Reply #18 on: May 15, 2018, 05:45:51 PM »
A little late to the party here, (only 9 months) but as I started reading this I was going to mention the one time pad site by Dirk Rijmenants, which “Quietguy” already did, which is excellent.  I should also tell you about

http://allworldwars.com/German-Radio-Intelligence-by-Albert-Praun.html

which was written by a bunch of Wehrmacht officers with radio intel experience in both WW-1 and WW-2.  One thing I thought was interesting was their mention of the Polish and Czechs pre-war exercises and when the Nazi's were actually on the move, the Poles and Czech's followed the same plans, complete with call signs and marshalling locations, which the Nazi's had already DF'd!  It's a long read and a little dry at times, but definitely is written by people who know their business.

We were always told in the Army to use wirelines between units in cantonment areas (I've laid miles of WD1-TT).   We were also told that about 11 seconds after pushing the mic button, the Russians could DF your position and have artillery on the way.  When we were in Bavaria for REFORGER, as long as we used speech security devices, there was terrific radio jamming from Czechoslovakia.  As soon as we went back to nonsecure and encryption pads, the jamming stopped.  Nowadays, they have frequency hoppers and I'd love to see how those work!

PS:  CW still does the job!

gil

  • Administrator
  • Hero Member
  • *****
  • Posts: 2910
  • SMeter: +77/-3
    • View Profile
    • Radio Preppers
Re: Sending Encrypted Messages in Morse Code.
« Reply #19 on: May 15, 2018, 06:04:23 PM »
Thanks John, nice insight.
Gil

Sent from my SM-G928F using Tapatalk


lpwaterhouse

  • Newbie
  • *
  • Posts: 2
  • SMeter: +0/-0
  • Lawrence Pritchard Waterhouse. Cryptology Nerd.
    • View Profile
Re: Sending Encrypted Messages in Morse Code.
« Reply #20 on: August 03, 2018, 05:04:23 AM »
Hi,

I just discovered the youtube channel and the OTP video drew me here. I'm a bit of a Cryptology nerd and want to chime in on some of the commonly glossed-over details, misconceptions, etc. that are nonetheless surprisingly vital in keeping your communication secret, especially regarding the perfect secrecy of OTPs (which is _far_ more impractical than most people assume). Gil does mention all of the problems, but I think they bear pointing out even more explicitly:

While it is true that a properly generated One-time Pad is information-theoretically perfectly secure, the devil is in the details of that "properly generated". The perfect security ONLY applies when a source of actual, physical, randomness is used, with proper precautions to eliminate biases, etc. The problem is that it is very hard to be sure your source _is_ actually random (Generally nuclear decay, Thermal (Johnson-Nyquist) noise, Avalanche Diodes or the last bit of a microsecond time difference between keystrokes are usually considered "good, as far as we know"). If instead you use any kind of Pseudo-random number generator [PRNG] (e.g. /dev/random, rand(), that formilab site, etc.) then the security guarantees drop from "perfect" to that of an ordinary StreamCipher (in fact "Adding/XORing with an algorithmically generated Key-Stream" is a definition of StreamCipher), subject to the quality of the PRNG, but always lower than "perfect". Some such PRNGs are "cryptographically secure" [CPRNG], meaning that while they aren't "perfect" we _currently_ know no way of breaking them. The majority of PRNGs however are utterly unsuitable for cryptographic purposes, they were designed for statistical properties instead.

So, if you truly want to approach the perfect security of the OTP you MUST use a hardware or "true" RNG [TRNG], and pay attention to whether the cryptographic community considers that particular design "good, as far as we know". Some possible options are http://moonbase.tictail.com/ or https://www.tindie.com/products/WaywardGeek/infinite-noise-true-random-number-generator/.

If you have no access to a TRNG (or you realize that "perfect" is the enemy of "good enough") then you are probably better off using an established cryptographic algorithm, because they a) are likely equal or better than anything you can assemble with a PRNG, even if cryptographically secure, and b) don't share the major drawback of OTPs (or rather: pre-shared key-streams), namely having to _securely_ share a "pad" with the recipient ahead of time, that is at least as long as all messages you ever intend to exchange concatenated (The only advantage of this over communicating securely directly is that it can be shared ahead of time, when circumstances can make it easier, e.g. face to face). There is a good reason even governments/spy agencies don't often use OTPs, exchanging and storing that much highly sensitive "pad" is truly difficult (And then you still have to be extremely careful in using it correctly, or you can easily make non-obvious mistakes that render you encryption surprisingly weak, read up on the "Venona project" for when that happend to the Soviet Union. For example: NEVER EVER repeat the pad! One repetition IS enough to break it, relatively easily even!)

So, what if you only need "good enough"? Meaning something that, according to current research (publicly available only, of course...) would either take longer than the expected life-time of the universe to break, or something that only needs to be secure against non-government adversaries, like your neighbors?

Your best bet is well-established and internationally vetted systems, preferably using public-key algorithms (So you don't even have to exchange the, relatively short, compared to an OTP, key securely), for example RSA with AES.

But those of course require computers and access to cryptographic software (something that many governments consider restricting from time to time...), so you want something that can either be programmed from memory or works without any computer at all, "in the field". I suggest having a look at these two options in particular:

    - CipherSaber-2 (http://ciphersaber.gurus.org/) using RC-4, an easily memorizable algorithm that most programmers can code in a few minutes, with practice. RC-4 itself is considered insecure against determined and knowledgable adversaries, though the modification in CipherSaber-_2_ is likely to alleviate that somewhat. In a SHTF (as opposed to an Orwellian) scenario I wouldn't hesitate to use it.

    - Solitaire (https://www.schneier.com/academic/solitaire/), also known as "Pontifex" (in the "Cryptonomicon" Gil mentioned) working without a computer, using an inconspicuous deck of playing cards. Not much research seems to have gone into the security of Solitaire (though its designer is a respected cryptographer), but its construction suggests it may be vulnerable to the same kind of attacks as RC-4. Still: Certainly good enough against your neighbors. Try it (the password is "GL", which is too short for real use, and I'm not using the optional keying step of setting the Jokers): "LEZVJ RUQLK BCTED"

And last, but not least: In case you want to learn some cryptanalysis and break some ciphers (including a few used by the US army in WW2), have a look at https://www.mysterytwisterc3.org/en/ It can be quite eye-opening...

Regards,
Lawrence
"2° Il faut qu’il n’exige pas le secret, et qu’il puisse sans inconvénient tomber entre les mains de l’ennemi ;" -- Auguste Kerckhoffs

gil

  • Administrator
  • Hero Member
  • *****
  • Posts: 2910
  • SMeter: +77/-3
    • View Profile
    • Radio Preppers
Re: Sending Encrypted Messages in Morse Code.
« Reply #21 on: August 03, 2018, 05:13:56 AM »
Great info, thank you!

I remember reading that AES might have been voluntarily compromised by the NSA, on the random number generator... Also that AES-128 is better than the 256 bit version...

Wouldn't Blowfish be more secure than AES?

Gil

Sent from my SM-G928F using Tapatalk


lpwaterhouse

  • Newbie
  • *
  • Posts: 2
  • SMeter: +0/-0
  • Lawrence Pritchard Waterhouse. Cryptology Nerd.
    • View Profile
Re: Sending Encrypted Messages in Morse Code.
« Reply #22 on: August 03, 2018, 06:02:48 AM »
You're thinking Dual_EC_DRBG, which has nothing to do with AES. NSA only reviewed and approved the AES candidate algorithms, they did not have a direct hand in them like with DES (where they secretly made it more secure) or Dual_EC_DRBG (deliberately sabotaged as part of "Bullrun").

As for 128 vs. 256 the one concern is that 256 seems to be slightly weaker (though FAR from broken) against related key attacks, but given its much greater strength overall I'm not worried by that, both options are sensible, I go with 256 if speed is not a major concern.

If I HAD to pick an alternative today I'd go for ChaCha20 (A Stream Cipher, so not fully comparable), Serpent or Twofish (in descending order of preference), but for the moment I trust AES. Much of that is of course personal preference and gut-feeling, but I read the relevant papers too ;-)
"2° Il faut qu’il n’exige pas le secret, et qu’il puisse sans inconvénient tomber entre les mains de l’ennemi ;" -- Auguste Kerckhoffs

gil

  • Administrator
  • Hero Member
  • *****
  • Posts: 2910
  • SMeter: +77/-3
    • View Profile
    • Radio Preppers
Re: Sending Encrypted Messages in Morse Code.
« Reply #23 on: August 03, 2018, 06:04:23 AM »
Thank you.

Gil.

Sent from my SM-G928F using Tapatalk


Radio Preppers

Re: Sending Encrypted Messages in Morse Code.
« Reply #23 on: August 03, 2018, 06:04:23 AM »