In this article I will show you how to send an encrypted message that can not be broken. All you need is paper and pencil. With our privacy disappearing faster than the Mountain Gorilla, I thought that such knowledge might one day become more than a coffee shop conversation topic. I am referring to the One-Time-Pad described by Neal Stephenson in his novel, "Cryptonomicon." Highly recommended by the way. So, learn it and have fun with your kids. It's kind of like showing them how to start a fire without matches or lighter. It's fun, and who knows, they might have to use it some day..
By the way, this is one more reason to learn Morse code. You can't encrypt your voice, at least not without exotic hardware and software. After a natural or man-made disaster, our country could be a prime target for invasion. I know, extremely unlikely.. So thought many Europeans in 1939. Sending a coded message with a simple and small CW radio might one day be a life saver.
DO NOT send encrypted messages over the airwaves, it is illegal!
I have always been interested in encryption theory. Surprising, since I never liked puzzles or crosswords. Not to mention my poor math skills. For some reason I have always been driven to learn obscure, odd or outdated skills. Even though I am a programmer by trade, the level of complexity in encryption software is way over my head. I've had a PGP key for about fifteen years, but to my dismay, nobody ever sends encrypted messages but for the occasional server password; and that may have been two or three emails in ten years. Had I not insisted on it, I would have received none. You would think this feature would be built in every email program, but it isn't. You must add a plugin to your mail client, if one is even available. I know Evolution on Ubuntu has it built in, and Pegasus Mail on Windows has a plugin, my Mac does too. But computer encryption is not the subject today.
Let's see how it is done. It is pretty easy:
You need a way to produce random letters. These random letters will be the key used to code and decode the message. Do not rely on yourself or a computer to produce true randomness. Typing random keys on your keyboard doesn't work, it won't be truly random. Good for practice, but not for real messages. I would suggest putting letters from a Scrabble game in a bag and shake it vigorously. Pick one letter (without looking!), write it down. Put it back, repeat. Write down your pad in groups of five letters, like so:
GEXOJ AXYEN LOWHD AWQJD UBRWJ
You need as many letters as your intended message. Here is a one-time-pad generator, for practice (set group length and key length to 5).
Now, let's say your message is HELLO. Our first key group is GEXOJ.
HELLO is the message.
GEXOJ is the key, called a one-time-pad because it can be used for only one message.
We are going to count to the position of the letter H, but starting at zero, not one.
A B C D E F G H
0 1 2 3 4 5 6 7........ Etc...
Here is the whole alphabet to help you:
Our first key letter is G, and G = 6.
Add the two: 7+6=13 = N.
We keep going: E=4 + E=4 = 8 which gives I.
L=11 + X=23 = 34 ! Ha, problem! The alphabet has only 26 letters.
No problem, when we hit 26, we go back to A. 27=B, 28=C, etc. So, 34=I.
L=11 + O=14 = 25 = Z.
O=14 + J=9 = 23 = X.
Here is another way to look at it:
Our secret message is NIIZX.
Now, let's decode it:
We do the same thing in reverse...
(If a number is negative then add 26 to make the number positive.)
The encrypted message is as random as the key is. Therefore, as far as I know, there is no code breaking method available that could possibly crack it. Your message is of course only as safe as the key. If the key is truly random, has not been seen by anyone except you and the recipient and was used only once then destroyed, then your message is safe!
Cryptography is one of the most interesting subject in mathematics and logic. When it comes to Amateur Radio, where you rightly point out that we cannot use cryptography or cyphers of any kind, I am reminded of one of my favorite TV series, In Plain Sight. The "Where's Waldo" approach to Amateur Radio communications can be quite useful. Tactical communications are some of the most difficult to "Waldo-ize" but a little thought and a cool delivery can pull it off. You don't have to say, "There is a dead guy in a burned out car in front of the sewer plant!" on local repeater but you can direct the right person to that location with something like "You are needed at 2929 West Lake Ave, please expedite."
When it comes to digital communication, Amateur Radio can Waldo-ize much more thoroughly. This is my preferred list from least Waldo-ish to the most Waldo-ish.
1) VHF Packet (Not commonly intercepted, but easy to do so)
2) Sound card modes: PSK31, Olivia, Thor, MT63, etc. (Easy to intercept, but what casual listener has the equipment?)
3) CW (Who'd bother with so much easier pickings on the local FM repeater?)
4) Pactor III (Expensive and difficult to intercept.)
5) Winlink / Winmor (Very difficult to intercept-- especially peer-to-peer mode.)
I'll +1 K7KEV, and add D-star / All-star. Especially D-star, because come on. NOBODY has that gear.
Security through obscurity, eh??
Formulab has a nice little and free program for generating One-Time Code Pads... Great fun for the kids on a rainy day! 8)
K7KEV I like "hidden in plain sight" CW :)
Nice well thought out post above. 73
QuoteK7KEV I like "hidden in plain sight" CW
Yep, Morse code , I'm for it 100%. Taking a CWOps class right now to up my speed.. I think I'm at about 15wpm, starting to head-copy. I like the privacy Morse code affords, be it on the radio, with a flashlight, or poking someone's arm! Few people who are not Hams, ex military, or merchant marine (from a while back) can decode it or know to download Fldigi and let their computer do it. And there is of course the one-time-pad. Actually, since I am waiting for my first arduino board, I am thinking a true random number generator would be a good starting project to learn the programming interface! I could just use wind input... Send the result directly to a printer maybe.. But that's a bit more involved.. Will I ever use a one-time-pad? I doubt it.. Just like many other archaic skills I've picked up in my life. Morse code however I know will always be useful!
I think I saw this in an old movie once.
Pencil , single sheet of paper on a glass table top (no impressions to read) and your one-time-pad. Write your tableau from memory - it provides no security anyway. Generate your message, burn the pad used for the message and the portion of your paper with WITH the cleartext plus pad on it and 'wash' it's ashes between your hands under the tap until it leaves as dark water - not chunks. The unseen fine screen the VB snitch "maid" checks in your plumbing when you're at work will catch chunks of cypher material and convict you, assuming you're under suspicion and everyone is under suspicion. You didn't forget, and leave your remaining collection of 'pads' out for the 'maid' to see - did you?
Now - all that you have is a cipher message that even YOU are not now able to decipher. "Rubber-Hose Cryptanalysis" will not work in this case because it is impossible to remember 50 groups of random letters/numbers, there is no known mathematical attack either. Because this message is time sensitive, you cannot use one of the dead drops, so it must go by radio. That is why the only remaining key is at your Mother station, safely across the border.
Go to today's transmission location, load your message twice into the burster, destroy the paper message original, then transmit it as an incredibly SHORT "burst" by protocol. PS. If you're working for the East during this long gone era, you'll need 35mm film, old style cellulose is best - Komrade!
Let your team take care of hiding the hardware for it's next use - you won't be back. Follow your protocol for hiding the set in a way & place not easily connected with you. You'll have other sets that you rotate through also. One is none & Two is ONE, they told you. Each transmission is, seemingly random and is indeed from from a different site. Exit the area looking like everyone else on the street, this is much more difficult if you work for cheap-skates who sent you in alone and you've been digging a hide for the radio - wearing normal clothes.
Later that night and during the week, listen for your call-up on the blind transmission broadcast you receive with the common, 'People's Radio' allowed in your target country - no special equipment to make you look suspicious. Use headphones, so the audio is not heard... You don't want to disturb the neighbors; good manners, and all, but you still want confirmation that Mother received and understood your message and what to do next. Eh, wot?
That was old school. I am certain that there's no use for it today, what, with microprocessors in everything, all interconnected across the globe making everything so much easier - right? No use at all. Then again, there can be no back door subroutine to contaminate everything that came in contact with your pencil. . .
de RadioRay ..._ ._
You are slightly twisted, Ray, but I luv ya.
Thanks ArchAngel - Too many years with my headphones screwed on too tight.
Thanks for being part of the walk down the sanitized part of memory lane. That other part we can talk about when we meet on the other side.
>de RadioRay ..._ ._
Slightly simpler would be to use a number-based key instead of a letter-based key. In the example, instead of taking GEXOJ and converting it to numbers each time you want to encode/decode, just use 6-4-23-14-9 as the key.
Also, you could just repeat the key for longer messages. So the key for "hello world" would be 6-4-23-14-9-6-4-23-14-9. Sure, if it is used enough, that increases the possibility of decryption, but it certainly won't be easy.
Other things you could do would be to have words in the open that give an indication of the key used. For example, "day of infamy" could be put out in the open and whoever is receiving would have to know that is Pearl Harbor Day (Dec 7, 1941) and how to format the date (i.e. 12-7-19-41, 19-41-12-7, or 1-2-7-1-9-4-1, etc.) to be used for decryption. That makes decryption easier for someone to figure out, but still not easy and if you use a non-"normal" date/whatever (i.e. day your dog died), it makes it even tougher. But part of the point of this is to be able to change keys easily on the fly as long as the basic rules are set up in advance.
Isn't encryption fun!
I don't think that Ray is so "out there" - or maybe that says something about me instead. :o
Gil: when you get ready to do your randomizing, just remember your chip isn't random enough, and one of the best seeds around to toss in the cooking pot is atmospheric noise.
The OTP software from fourmilelab is a very good one; in fact it is more work setting up how one wants their individual sets cranked out on paper (so many rows, by so many sets on an 8.5x11 sheet most can use). But good stuff. There is one other use often forgotten for OTPs. You can draft a good old-fashioned LETTER to someone and it is no less secure than the same transmission over the air. It can even be delivered by a 3rd party with confidence since they are literally only the transmission medium and have complete deniability.*
5-letter groups? Me? Naw, it must be just some practice text I downloaded off the internet from TM 11-459.
* we had a very good "mail slipping" (out of the envelope for copy) operation against the Abwehr operating out of Bermuda during WW-II. No reason to think that talent doesn't exist still either.
Quote from: RadioRay on September 10, 2013, 03:30:53 AM
Thanks ArchAngel - Too many years with my headphones screwed on too tight.
Did the medics onboard the alien spacecraft really get you to believing that those were headphones?
QuoteGil: when you get ready to do your randomizing, just remember your chip isn't random enough, and one of the best seeds around to toss in the cooking pot is atmospheric noise.
The randomizing would not be done by software. I'd use wind gusts as in input..
There is an interesting crypto web page at
He has a lot of information on older systems there. He also has a software numeric one time pad key generator called "Numbers". He goes into some detail on how it works and steps he took trying to maximize randomness. The nice thing about this one is it is stand-alone, so can be run off-line and the results never see the Internet. It is Windows, but he says it runs under WINE.
I have played with the Numbers generator and it is pretty nice.
Edited to correct Numbers link - apparently today is going to be a copy/paste challenged day.
Another nice thing about morse is all the abreviations we use adds another layer of confusion for the cryptographers.
Nice vid Gil. I like the white board presentation. It made things nice and clear.
One idea for a OTP that I kind of like is the news paper. You and your counterpart agree on something like: the key starts on the first letter in the first column on page-2 of yesterday's Wall Street Journal. Not as secure as something truly random, but it has exceptional convenience. Every day the paper boy (do they still exist?) delivers your pad for tomorrow. I've also heard of using the text from a novel (starts with 2nd paragraph on pg 132, etc).
Quote from: cockpitbob on January 30, 2018, 08:11:59 PM
Nice vid Gil. I like the white board presentation. It made things nice and clear.
Thanks Bob :-)
Sent from my SM-G928F using Tapatalk
A little late to the party here, (only 9 months) but as I started reading this I was going to mention the one time pad site by Dirk Rijmenants, which "Quietguy" already did, which is excellent. I should also tell you about
which was written by a bunch of Wehrmacht officers with radio intel experience in both WW-1 and WW-2. One thing I thought was interesting was their mention of the Polish and Czechs pre-war exercises and when the Nazi's were actually on the move, the Poles and Czech's followed the same plans, complete with call signs and marshalling locations, which the Nazi's had already DF'd! It's a long read and a little dry at times, but definitely is written by people who know their business.
We were always told in the Army to use wirelines between units in cantonment areas (I've laid miles of WD1-TT). We were also told that about 11 seconds after pushing the mic button, the Russians could DF your position and have artillery on the way. When we were in Bavaria for REFORGER, as long as we used speech security devices, there was terrific radio jamming from Czechoslovakia. As soon as we went back to nonsecure and encryption pads, the jamming stopped. Nowadays, they have frequency hoppers and I'd love to see how those work!
PS: CW still does the job!
Thanks John, nice insight.
Sent from my SM-G928F using Tapatalk
I just discovered the youtube channel and the OTP video drew me here. I'm a bit of a Cryptology nerd and want to chime in on some of the commonly glossed-over details, misconceptions, etc. that are nonetheless surprisingly vital in keeping your communication secret, especially regarding the perfect secrecy of OTPs (which is _far_ more impractical than most people assume). Gil does mention all of the problems, but I think they bear pointing out even more explicitly:
While it is true that a properly generated One-time Pad is information-theoretically perfectly secure, the devil is in the details of that "properly generated". The perfect security ONLY applies when a source of actual, physical, randomness is used, with proper precautions to eliminate biases, etc. The problem is that it is very hard to be sure your source _is_ actually random (Generally nuclear decay, Thermal (Johnson-Nyquist) noise, Avalanche Diodes or the last bit of a microsecond time difference between keystrokes are usually considered "good, as far as we know"). If instead you use any kind of Pseudo-random number generator [PRNG] (e.g. /dev/random, rand(), that formilab site, etc.) then the security guarantees drop from "perfect" to that of an ordinary StreamCipher (in fact "Adding/XORing with an algorithmically generated Key-Stream" is a definition of StreamCipher), subject to the quality of the PRNG, but always lower than "perfect". Some such PRNGs are "cryptographically secure" [CPRNG], meaning that while they aren't "perfect" we _currently_ know no way of breaking them. The majority of PRNGs however are utterly unsuitable for cryptographic purposes, they were designed for statistical properties instead.
So, if you truly want to approach the perfect security of the OTP you MUST use a hardware or "true" RNG [TRNG], and pay attention to whether the cryptographic community considers that particular design "good, as far as we know". Some possible options are http://moonbase.tictail.com/ or https://www.tindie.com/products/WaywardGeek/infinite-noise-true-random-number-generator/.
If you have no access to a TRNG (or you realize that "perfect" is the enemy of "good enough") then you are probably better off using an established cryptographic algorithm, because they a) are likely equal or better than anything you can assemble with a PRNG, even if cryptographically secure, and b) don't share the major drawback of OTPs (or rather: pre-shared key-streams), namely having to _securely_ share a "pad" with the recipient ahead of time, that is at least as long as all messages you ever intend to exchange concatenated (The only advantage of this over communicating securely directly is that it can be shared ahead of time, when circumstances can make it easier, e.g. face to face). There is a good reason even governments/spy agencies don't often use OTPs, exchanging and storing that much highly sensitive "pad" is truly difficult (And then you still have to be extremely careful in using it correctly, or you can easily make non-obvious mistakes that render you encryption surprisingly weak, read up on the "Venona project" for when that happend to the Soviet Union. For example: NEVER EVER repeat the pad! One repetition IS enough to break it, relatively easily even!)
So, what if you only need "good enough"? Meaning something that, according to current research (publicly available only, of course...) would either take longer than the expected life-time of the universe to break, or something that only needs to be secure against non-government adversaries, like your neighbors?
Your best bet is well-established and internationally vetted systems, preferably using public-key algorithms (So you don't even have to exchange the, relatively short, compared to an OTP, key securely), for example RSA with AES.
But those of course require computers and access to cryptographic software (something that many governments consider restricting from time to time...), so you want something that can either be programmed from memory or works without any computer at all, "in the field". I suggest having a look at these two options in particular:
- CipherSaber-2 (http://ciphersaber.gurus.org/) using RC-4, an easily memorizable algorithm that most programmers can code in a few minutes, with practice. RC-4 itself is considered insecure against determined and knowledgable adversaries, though the modification in CipherSaber-_2_ is likely to alleviate that somewhat. In a SHTF (as opposed to an Orwellian) scenario I wouldn't hesitate to use it.
- Solitaire (https://www.schneier.com/academic/solitaire/), also known as "Pontifex" (in the "Cryptonomicon" Gil mentioned) working without a computer, using an inconspicuous deck of playing cards. Not much research seems to have gone into the security of Solitaire (though its designer is a respected cryptographer), but its construction suggests it may be vulnerable to the same kind of attacks as RC-4. Still: Certainly good enough against your neighbors. Try it (the password is "GL", which is too short for real use, and I'm not using the optional keying step of setting the Jokers): "LEZVJ RUQLK BCTED"
And last, but not least: In case you want to learn some cryptanalysis and break some ciphers (including a few used by the US army in WW2), have a look at https://www.mysterytwisterc3.org/en/ It can be quite eye-opening...
Great info, thank you!
I remember reading that AES might have been voluntarily compromised by the NSA, on the random number generator... Also that AES-128 is better than the 256 bit version...
Wouldn't Blowfish be more secure than AES?
Sent from my SM-G928F using Tapatalk
You're thinking Dual_EC_DRBG, which has nothing to do with AES. NSA only reviewed and approved the AES candidate algorithms, they did not have a direct hand in them like with DES (where they secretly made it more secure) or Dual_EC_DRBG (deliberately sabotaged as part of "Bullrun").
As for 128 vs. 256 the one concern is that 256 seems to be slightly weaker (though FAR from broken) against related key attacks, but given its much greater strength overall I'm not worried by that, both options are sensible, I go with 256 if speed is not a major concern.
If I HAD to pick an alternative today I'd go for ChaCha20 (A Stream Cipher, so not fully comparable), Serpent or Twofish (in descending order of preference), but for the moment I trust AES. Much of that is of course personal preference and gut-feeling, but I read the relevant papers too ;-)
Sent from my SM-G928F using Tapatalk
Sorry for being so late to the thread, but I'm new to the forum and this thread caught my attention because I've been wondering about encryption and ham radio, specifically encryption used in conjunction with SDR radios.
I know none of this legal to do but fun to theoretically think about.
In my corporate life of a voice engineer, working specifically with Cisco Voice in large Enterprise environments. Many large customers setup encrypted voice for Cisco IP phone to IP communication, the reasons are obvious.
Since the radios are glorified servers specifically designed to act as ham radios.
Could you combine an SDR radio, with built-in encryption so that you could conduct a conversation over the air in a secure manner ??
The other thing that had me thinking along these lines is, I've been thinking of getting a scanner but where I live most of the government agencies use encryption which makes their traffic impossible to hear with a scanner.
Technically you can, but not legally of course. Not much left unencrypted these days... Smaller cities with smaller budgets still use older equipment, but larger ones can afford nicer toys...
I teach cryptography at my university and my research area is information security, and I read this thread with great interest.
It is true that a one-time-pad, correctly used, is absolutely theoretically unbreakable. It's also simple enough to perform by hand (no computers,) and you don't need to trust in the security of some algorithm or hardness of some unsolved problem.
On the other hand, you may notice that barely anyone uses it, despite its simplicity and perfect security, and despite it being well-known for about a century. That's because of its one unavoidable logistical weakness: the sender and receiver both need a copy of the key pad in advance, the pad must be at least as long as the message, and each bit of the pad must only ever be used once.
Taken together, that means that you need to make a giant wodge of random key data for all the potential traffic between you and the receiver, and you need to somehow get a copy of that key data to the receiver by a secure channel. This raises an obvious half-joking question: if I had a secure channel to hand off a huge amount of key data to the other guy, why not just use that opportunity to hand over the message? The answer is that you may be able to give someone a DVD of key data today, and not be able to meet with them later, but the point is that we have a pretty onerous key requirement.
That also introduces a serious vulnerability due to the need for intense key discipline. For example, consider someone who runs out of key symbols and decides to re-use an older part of the pad. It's very easy for an adversary to catch this, and pull out the transmitted message, by comparing all the sent messages. The USA actually used this trick to crack Soviet one-time-pad traffic (see the Venona Project (https://en.wikipedia.org/wiki/Venona_project) for more information.)
In contrast, any other symmetric cipher (like AES) requires a short key that you can simply memorize if you are good at memorizing things. An AES key is 128 bits; if you can memorize a passphrase of eight dictionary words, you can memorize an AES key, and you don't need to carry any volume of stuff that could present a liability. Moreover, modern cryptography uses tricks to generate one-time secret keys on the fly, so that nobody needs to memorize any shared secrets at all. However, none of those tricks can be used with a one-time pad, because of its very stringent key requirements.
Great info Scott, thanks. Certainly, but I would not trust AES. There has been allegations of voluntary weaknesses introcuded to allow possible decoding. I don't remember the details. Bottom line is, I do not understant it enough to be able to determine its security. A one-time-pad is very simple and indeed does not require a computer. In the filed, it would be the simplest way to send an encrypted message. Anyone can learn to do it with pen and paper. The problem is if you have to explain to someone why you carry a long string of seemingly random characters on you... No doubt it would land you in jail forever in many countries, or worse. If I wanted to use a computer encryption cypher I might look at Blowfis/Twofish... That raised a stink when it came out, indicating that it did bother quite a few people... But a cypher sponsored by the NSA, no thanks. Anyways, I have no use for encrypted messaging at this time... If I ever do, and I hope not, a simple one-time-pad would do. Note that you may be able to transfer a long random key file now but not ten years later... For example, you could send a key file encrypted via PGP today by email, but in the event that the internet is no longer available in the future, you would be SOL.
I disagree about AES: the algorithm is actually very transparent and straightforward. It wasn't designed by the NSA either, nor altered to introduce any weakness.
Also, for a one-time pad you can't send someone the key file encrypted using PGP. If you did that it would no longer be a one-time pad, or to be more specific it would no longer satisfy perfect secrecy. It would instead be a theoretically breakable cipher with the same weakness as PGP. For a one-time pad you must transfer the pad material over a channel guaranteed to be secure, no extra encryption allowed.
If I needed a pencil-and-paper cipher I probably wouldn't use a one-time pad, because while the algorithm is super-simple, the key management is horribly complicated, and the one-time pad provides terrible security if anyone is slightly bad at key discipline. It's an example of a cipher that goes from perfect to awful with just a tiny addition of reality.