| General > General Technical Chat |
| Crypto bombshell |
| << < (9/14) > >> |
| edy:
You could presumably generate "random one-time pads" out of information that anyone in the world might pick up from a number of different places. The trick of WHICH numbers are important are known only to the recipient and the sender. For example, say you make a list of cities to check the weather... London, Moscow, Beijing, New York, Berlin, Sydney, etc.... You get the temperature high/lows from some weather service that both sender and recipient have access to, at some specific time each day. That combination of numbers would be your random one-time pad for the next 24 hours. You receive a numbers code over the radio, and use the pad to decypher it. Then next day it changes. Weather may not be a good example, but other sources of numbers (stock market, etc) may be better. That's just one example. You could probably find many other ways to get what you might think of as "random" number pads (or pseudo... as temperatures may co-vary for cities in the same hemisphere). But there could be other methods to get "random" information to use as a pad, all of which is out in the open but only known to the sender/recipient. The algorithm could be easy to memorize, no need for any code books or dissolving pads. It could be limited in length but for a simple message it is easy enough to implement. Thanks also for linking that article from The Daily Beast... it is extremely entertaining and exactly sums up what I felt (and what most new shortwave listeners probably experience) when we first stumble on this stuff! :-+ --- Quote from: madsbarnkob on February 13, 2020, 03:06:15 pm ---It is because there is only one key, known only to transmitter and one receiver. From: https://www.thedailybeast.com/the-stupidly-simple-spy-messages-no-computer-could-decode --- End quote --- |
| tooki:
Edy, were you responding to me (the post immediately above yours) or someone else? If to me: Ummmmmmm... I don't think you understand the concept of a one-time pad, especially not the essentially unlimited-key kind used in SIGSALY. To be truly, absolutely secure: 1. It must derive the key from a truly random source. In SIGSALY, the analog noise from a rectifier tube. 2. The key must be as long as the message. In SIGSALY, the key is 12 minutes long per record, with pairs of turntables to allow queuing of new records. 3. The key must never be reused. In SIGSALY, the records were destroyed immediately after use. The situation is that both parties have a record with identical copies of 12 minutes worth of random numbers, generated from a physically random source. During the call, the digitized voice signal is XORed with the key on the sender side, and then XORed again on the recipient. Because the string of random numbers is endless (in that the record is never reused, and a sufficient supply of new records are kept at hand), no amount of signal capture can expose anything about the key. I think you might be assuming that some short key was used repeatedly to encrypt each word of digitized audio. If that were the case, then it might be breakable. But since every single word was encrypted with a new random key, this is mathematically unbreakable. The downside is the need to physically transport all those records full of keys. |
| Mr. Scram:
Proper key exchange and management tends to be the hard part anyway. |
| edy:
--- Quote from: tooki on February 13, 2020, 07:06:07 pm ---Edy, were you responding to me (the post immediately above yours) or someone else? --- End quote --- No, I was not responding to your post. I think I understand what you were saying about the two vinyl records having the same analog noise and having one at the encrypting end and one at the decrypting end. I was just thinking out loud about how one could possibly come up with small one-time pads for small messages out of what you could consider "random noise" of the world.... for example, temperature high/lows, wind speeds, UV index or other information that is known to anyone but only the sender/recipient know which cities to look up to make their one-time pad for. For example, say you listed in this exact order Berlin, Tokyo, Beijing, New York, Toronto, London, Sydney, Rome. For each you have both agreed to check some website or other source (that you both have access to at same time of day) and you come up with same numbers... you could make that your one-time pad. Then you send an encrypted message of several characters over radio using numbers. Since only sender and recipient know how to construct the one-time pad, only they can encrypt and decrypt the message. Each day it changes. This is more random than a pseudo-random number generating algorithm, which may be more easy to crack with computer analysis. Although the numbers may co-vary or repeat because the weather doesn't change that much over a few days or weeks. However, it is just an idea. |
| iMo:
The attacker may start think on where the random numbers used come from.. After a while he/she finds out the message starts to give some sense when temperatures in Berlin, Tokyo, Beijing, New York, Toronto, London, Sydney, Rome are at specific levels :) The numbers must be perfectly random, and the sequence should not repeat with each message - that is the fundamental problem of that science. The temperatures in those cities are not random. |
| Navigation |
| Message Index |
| Next page |
| Previous page |