Search the Community

​INTRODUCTION Do you want to try a simple method for the only unbreakable form of encryption known (if implemented properly), even if your computer system is currently back-doored?* Do you want to play Jason Bourne for fun? Do you need to send a message to your lawyer (or other contact) that actually forces compliance with constitutionally protected rights concerning personal communications? Are you willing/able to share a pad of unique encryption keys with your intended communication target, in person, for the purpose of sharing messages/data that you can't afford the Stasi to read/intercept? Do you want a method that doesn't require any reliance upon computers for generation of the perfect encryption key or any other steps in the process, except transmission/receipt of the encrypted block? Are you tired of computer experts talking down to you in their incomprehensible gibberish about encryption when you try to ask simple questions about practical applications of certain protocols? Do you have six or ten-sided dice at home or willing to print templates out to use? Can you do basic addition and subtraction calculations by hand? Do you just want to piss off the powers that be with communications they can't read in their Borg-like systems, just because you can? 4th amendment anyone? If you answered yes to the above, then read on and lets have some fun... mathematicians/cryptos on the forum are more than welcome to point out any errors in the proposed implementation, and I will correct it. * This method described below is unbreakable, but doesn't prevent malicious modification of the cipher text by an adversary, given it does not utilise message authentification protocols. ONE TIME PAD ENCRYPTION - BASIC BACKGROUND ​ The reason there is "Perfect Forward Secrecy" achieved by this (often impractical) method is as follows: ​ Essentially, the mathematics suggests that even advanced adverseries with almost unlimited computatational power, over an infinite period, can't bust your cipher down. In other words, you use the laws of physics to take back your inalienable rights. Who doesn't want to give 'the mathematical bird' to lurking, uninvited government strangers/peeping toms with paranoid fantasies about the citizenry? AUTHENTICATION - IMPOSSIBLE WITH MANUAL ONE-TIME PAD METHOD IMPLEMENTATION Because we are not using standard computer protocols*, we cannot achieve message authentification manually. That is, encryption programs like OTR, OpenVPN and so on use a message authentification code (MAC) to authenticate messages/data and provide an integrity check to see whether there have been any changes to the content. MAC can be achieved in multiple ways, for example, crytographic hash functions, universal hashing and block cipher algorithms, but these are not possible with purely manual methods. Consequently, if a message is corrupted (doesn't make sense when decrypted), you don't know if this was due transmission errors across the network or whether an adversary has modified the cipher text, with it remaining the exact same size as the original message. For the joy of unbreakable encryption, we can live with this scenario.** * Due to the threat of widespread viruses, spyware, worms and Trojan Horses frequently found in 'trusted' and 'secure' computers. ** We also don't use very large one-time pads for multiple messages e.g. a computer disk full or random data, as it is inconvenient and poses other security risks. ONE-TIME-PAD ENCRYPTION PRE-REQUISITES Ciphers are only unbreakable if the following conditions are FULLY MET: - One-time pad values are actually random (not pseudo-random).* - Secure messages must have one-time pad values that are at least as long as the message/data to be encrypted. - Encryption keys are never used more than once by the sender or receiver. - Encryption keys are immediately destroyed by the sender/receiver after use.** - One-time pads used by communicating parties are kept secure at all times. - Key and plaintext are calculated modulo 10 (digits), modulo 26 (letters) or modulo 2 (binary). - There should only be two copies of the key: one for the sender and one for the receiver (some exceptions exist for multiple receivers)*** * Randomness is harder to generate then you think and simple computer functions designed for this purpose can't be trusted. This is why we will resort to physical measures for entropy instead of pseudo-random number generators in deterministic computer systems, or the use of insecure 'random' bits of data transmitted across the internet (and most probably already captured by advanced adversaries e.g. Random.org and other sites). ** This is another reason we don't use /dev/random or /dev/urandom in Linux or Mac to generate our keys in this instance - traces of computer activity are generally left all over the place. Plus, we remove the ability of any eavesdropper to capture the unique key during the generation phase. *** For simplicity, communication between only two parties is used in this instance. RESOURCES NEEDED FOR ONE TIME PAD WITH NUMBERS 1) Two (or more) six-sided dice OR 1 to 5 x ten-sided dice.* 2) A pencil and single sheets of paper to write unique keys on. 3) An agreed-upon 'checkerboard variation' (see below) for conversion of plain text into digits. 4) The mental ability to calculate simple addition/subtraction to encrypt/decrypt messages (modulo 10 for numerical keys; modulo 26 for alphabetical keys). 5) A computer and pre-agreed communication chanel to relay the encrypted message.** *From game sets or printed templates that can form paper dice e.g. see http://timvandevall.com/printable-paper-dice-template/ ** Obviously not sent/recieved at your home IP address if you are a legitimate target and evidence of encrypted messages poses a risk in itself. For instance, a cautious target would probably use: - A non-persistent TAILS USB stick (freshly installed; new USB stick bought with cash). - Utilise MAC spoofing in TAILS. - Disconnect all peripherals or HDD/SSDs in second hand computer gear that has never been used before for communications. - Disable/cover/physically disconnect all webcams/microphones. - Use a new wi-fi dongle (bought with cash). - Use public wi-fi spot in a physical environment that doesn't have a million cameras, webcams or other peripherals due to time-stamps associated with communications. - Utilise (perhaps) a one time account that allows registration via Tor nodes under a free trial e.g. Hushmail or similar to send the message. - And more (this is a complex topic in itself).... If you don't care about who knows you use encryption, then you can always send the ciphertext via gmail or another corporate bitch who scans every line, since it is unbreakable. However, a more sensible method would be to hide the cipher text in plain looking messages or letters using steganography (see further below). NOTE ON 'TRUE RANDOMNESS' ​ This is the topic of heated debate in Linux, including the developers of the kernel itself, but will be the main reason we won't use a host of techniques capable of providing 'random' numbers/strings at the terminal that could be used for our purpose e.g. in Linux: ​ and so on. THE POOR MAN'S ONE-TIME PAD METHOD - PRACTICAL EXAMPLE Note: in this example, we are going to use numbers 0-9 (modulo 10) instead of applying the method with letters (modulo 26), since it is just easier. STEP 1) Create unique keys using six or ten-sided dice for our one-time pad. ​See the example picture below. Each pad would be used in turn for each message. ​ To generate your set of 50 groups, roll 5 x ten-sided dice, 50 times. If you are using 2 x six-sided dice, then you must take special care: ​ Use this table below to generate true random numbers between 0-9 when using six-sided dice (throws with a black six are discarded): This is my example, 'secret' encryption key - 25 groups of 5 random digits (1/2 the required size for illustration purposes; normally 50 groups of 5 random digits). This was generated just now using multiple dice rolls, '00021' is the pad number/identifier and is not used in the encryption process, but forms the first 5 digits of the message, so the receiver knows which pad to decrypt with: ​ Obviously you would repeat this process further - 50 groups of 5 - for each message pad entry that would be needed for future use. We use keys of this size which should suffice for most messages. Store this information in a small pad at all times and NOT on computer media e.g. USB sticks, CD roms, HDDs etc. STEP 2) Choose a checkerboard that you will use to prepare you plain text message for encryption. Before we can perform the calculations with the plaintext message and key to turn it into cipher (encrypted) text, we need to convert the plain text message into digits. There are various ways to do this. A most basic method is to assign a two-digit value to each letter (eg. A=01, B=02 and so on through Z=26). ​ It DOES NOT matter which checkerboard you use, so long as the recipient also uses the same one. Knowledge of the checkerboard method DOES NOT assist the adversary in decryption, because this conversion is not a type of encryption and offers absolutely NO PROTECTION whatsoever! In this example, w will use the CT-37c conversion table (see below) which is very easy to use: ​ In this example, I want to encode as a secret message: SNOWDEN DOCUMENTS AT SECRET ONION ADDRESS. DOWNLOAD BY 3PM. Using the CT-37c table for encoding, this message becomes in digit form (no code book used in this example to shorten messages; also note the triple repeat of numbers and use of 'fig' brackets around it): ​ We re-arrange this into groups of five, leading to: ​ Note that the last group of 5 is filled with full stops if there are any spaces, hence the 9191 in this case above. STEP 3) Encryption and decryption. ​ Plain : KEYID 83458 67224 72571 84792 46831 68327 18226 54354 17272 82283 83917 25864 78517 27088 90333 90807 99191 OTP (-): 00021 98730 87323 64946 18612 59989 79735 92849 98243 70861 66958 11555 33694 79075 51087 68904 00212 27328 Result : 00021 95728 80901 18635 76180 97952 99692 26487 66111 47411 26335 72462 92270 09542 76001 32439 90695 72873 Now destroy the pad you just used, including any of the unused part! We send the message in the set groups of 5 as per the pad design, with the first five numbers indicating the key ID. This leads to: ​ To decrypt the message, the receiver verifies the first group of the message to ensure that he uses the correct one-time pad sheet. Next, he writes the proper one-time pad digits underneath the ciphertext and adds the key to the ciphertext, digit by digit, without carry (e.g. 9 + 6 = 5 and not 15). The first group is skipped as it is only used to identify the key. Ciphertext : 00021 95728 80901 18635 76180 97952 99692 26487 66111 47411 26335 72462 92270 09542 76001 32439 90695 72873 OTP Key(+): 00021 98730 87323 64946 18612 59989 79735 92849 98243 70861 66958 11555 33694 79075 51087 68904 00212 27328 Plain text : KEYID 83458 67224 72571 84792 46831 68327 18226 54354 17272 82283 83917 25864 78517 27088 90333 90807 99191 Now we have the plain text, we simply re-use CT-37c table (decode side) to covert the numbers into the message, giving: SNOWDEN DOCUMENTS AT SECRET ONION ADDRESS. DOWNLOAD BY 3PM. Success my paranoid friends! PITFALLS TO AVOID - Like PGP and other methods that generate private keys, secure key management is essential to this technique. - Reminder: don't store keys on computers or print them out etc for convenience. This is a poor method if you are serious. Same goes for USBs, CDs, HDD/SSDs and so on - you can't ever be sure all traces will be removed from the system. - Reminder: don't use pads more than once! - Enough key material must be available for potentially years in advance, depending on your situation. Make sure pads are numbered with a key ID so there is no confusion. - Do your calculations by hand and only ever enter the cipher-text into a computer for communication purposes, NOT for encrypt/decrypt calculations. COMBINING STEGANOGRAPHY WITH ONE-TIME PADS If you want to hide the cipher-text in a normal looking email and have full deniability, you could attempt the WPS method: ​ Continuing with our 'Snowden example', if you didn't want to arouse suspicion, you could bury the first five digit cipher (95728) in the following series of sentences: ​ WPS = 14, 10, 12, 7, 13. WPS (-5) = 95728 Because sentences less than 4 words are ignored, the recipient would understand that the first cipher buried in the message is 95728. Of course this method requires you writing a substantial amount of material to your 'friend' to bury the message, but is worth considering for the most hard-core. CONCLUSION If you want it bad enough, you can have perfect encryption and bury it in innocent looking emails or hand written letters. The Stasi can't break the laws of mathematics, so you are not completely powerless it seems. Happy encrypting! SOURCES http://www.cyberciti.biz/faq/bash-shell-script-generating-random-numbers/ https://en.wikipedia.org/wiki/Message_authentication_code https://en.wikipedia.org/wiki/One-time_pad http://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/ http://timvandevall.com/printable-paper-dice-template/ http://users.telenet.be/d.rijmenants/D10.pdf http://users.telenet.be/d.rijmenants/en/onetimepad.htm http://users.telenet.be/d.rijmenants/en/otp.htm