EEVblog Electronics Community Forum
General => General Technical Chat => Topic started by: tooki on February 12, 2020, 05:06:18 pm
-
...well, if you can consider it a bombshell after decades of clear signs (https://www.baltimoresun.com/news/bs-xpm-1995-12-10-1995344001-story.html).
CIA documents got out documenting decades of secret CIA and BND ownership of Crypto AG, once one of the world’s leading vendors of military/government encryption gear. Through this ownership, the CIA was able to get Crypto AG encryption products sold to all but a small handful of countries to use NSA-designed encryption that was easy to break. (The selected few, which included USA, Germany, Switzerland, and the UK, got the versions that actually met the claimed security standards.) This deception happened for decades, ending only in 2018, when the company was liquidated following its sale from the CIA. (Without direct cash payments from the CIA, the company wasn’t actually profitable!)
Of the three news organizations involved in analyzing and publishing the story, the Washington Post, ZDF, and SRF, the first has by far the most detailed piece so far:
https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ (https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/)
For those in Switzerland, SRF is broadcasting its big report tonight at 8pm in Rundschau. This whole debacle having taken place here, they have better access to ex-employees than the other organizations.
-
The new owners of former Crypto AG, now renamed Crypto International Group, are really scrambling to let everybody know that they are a "completely different company"... Well, that's technically true. They just acquired the brand name and the assets, not the company shell, it seems. ::)
https://www.crypto.ch/en (https://www.crypto.ch/en)
-
What is so special with the article? I see nothing new in there.. Who will buy a crypto stuff from an XYZ company and think it is safe? Because you got Rolex watch from the sales guy? A joke..
-
Well, Crypto AG was the name in the business for decades -- until strong cryptography algorithms became more well-published, and widely available microprocessors became powerful enough to implement them. They go back to Hagelin in the 1930s, and have delivered cryptography equipment to many (many!) governments and commercial customers.
-
Well, Crypto AG was the name in the business for decades -- until strong cryptography algorithms became more well-published, and widely available microprocessors became powerful enough to implement them. They go back to Hagelin in the 1930s, and have delivered cryptography equipment to many (many!) governments and commercial customers.
Yeah.
Now even without knowing the ties with the CIA, for any country to deal with a commercial company for solutions that can have an impact on national security is madness. And when this company is not even based in your own country, and it deals with many other countries for similar purposes, it's not just madness, it's pretty dumb. How is it even possible to assume there would never be any influence from one of the big "customers", never any "leak", and how is it possible to trust any company THAT much to begin with?
-
Any CAG customer deserves to be spied.. At least they got Rolex watch. That is the quality I would trust :)
-
Hindsight helps a lot in making those assessments. ;)
Who would you turn to if you need encrypted communications for your embassies and don't have the technology capabilities yourself? A company based in Switzerland, run by Swiss and Swedes, with their reputation and their whole business existence on the line if they mess with their customers' cryptography, is not the most absurd choice in my mind.
Anyway, the point was not whether or not it was a smart decision by those dozens of governments. The point is that it indeed qualifies as a big deal that the meddling of the US and German secret service at Crypto AG has now been confirmed.
-
Ironic, since the CIA has "and ye shall know the truth and the truth shall set you free" on a wall in its lobby.
-
Ironic, since the CIA has "and ye shall know the truth and the truth shall set you free" on a wall in its lobby.
Terry Pratchett, The TruthThe Truth Shall Make Ye Fret.
(context important, but appropriate here :) )
-
Anybody surprised by this, lacks the necessary imagination to defend any secret.
Of *course* CIA would try to backdoor the only trusted 'independent' vendor of cryptographic equipment, it's practically in their job-description to do precisely that!
Do people really not ask themselves "If I were director of CIA or NSA, how would I get most bang for the buck out of a billion dollars a year budget ?"
My answer is in a talk I gave titled "NSA Operation Orchestra"...
-
I look at it this way. It's either the NSA (for technology originating from the USA and likely EU, UK, etc) or the genocidal communists (for technology originating from china). I'd mention Russia but they already destroyed themselves with communism and there doesn't seem to be much worry here for now. If I can only choose from one of the two, I'd rather it be the NSA since I'm fairly certain they won't be genociding us any time soon. Maybe if you're in china and don't understand the value of liberty (not that we have much of that left in USA, but there is still some, no one has come for my AR-10 yet), then you think you'd rather be under the control of the commies but that always ends badly, so...
I'm more worried about data brokers vacuuming up all of our information and making billions selling it every year without our control. Maybe this will change in time, but for now, NSA seems to be more preoccupied with hoarding ALL THE DATA for their deep state activities and helping their friends go after the bad orange man.
-
I have not watched the SRF but if Government Officials were involved in this I hope they get brought to Justice swiftly.
This is a huge Image damage for this Country. >:(
-
"This deception happened for decades, ending only in 2018, when the company was liquidated following its sale from the CIA. (Without direct cash payments from the CIA, the company wasn’t actually profitable!) "
Anyone asking themselves why the CIA would sell such a useful asset?
One might guess, because it had become not-useful.
What would make the CIA no longer interested in maintaining backdoors in commonly used crypto products?
How about, because the CIA has managed to develop quantum computing systems able to break strong encryption algorithms despite their lack of engineered backdoors.
-
Ironic, since the CIA has "and ye shall know the truth and the truth shall set you free" on a wall in its lobby.
Those privileges usually reserved for insiders >:D
-
This is nothing new.
The UK kept the WW2 breaks secret for as long as they could - till the mid 1970s or so when it came out.
You have to assume the CIA/NSA can read everything you have. It is certain they can read DES/3DES in real time. AES256 probably too. There are reportedly more Grade 1 mathematicians working inside the NSA than in the rest of the world outside.
Personally, I don't care if the NSA can read my emails etc. I just don't want chinese hackers getting into the servers which I am responsible for, and most of those are done via weaknesses in... wait for it... open source software :)
I doubt quantum computers actually exist, in any useful form. The NSA will have an advantage in cryptanalysis methods which we will hear about say 30 years from now. Then the world will discover AES256 is about as strong as DES is today. Still strong enough for your email etc but not against a State agency. The history of this business seems to be just that. The methods they use today may become known 30 years from now. They just keep ahead.
The problem of course is that if the enemy intercepts messages and decodes them 30 years later, they can still get useful stuff. Look at VENONA. That ran until about 1980, on messages which could not be broken after about 1947.
-
The British kept their WWII crypto stuff secret till 70ties because of German technology which became popular in Eastern Block after WWII. The EB countries did some small improvements here and there, but the machines were still the same principle, or rather 1:1 copies of the German WWII technology. Thus "easy" to read.
When you get a chance to talk with experts from that crypto community (especially those veterans from cold war time) you will get the basic rule - what is not home-made is always considered unsafe. Even home-made systems were always handled with pretty paranoia (the another basic rule - all the designers of your home made crypto systems are infiltrated agents of Dr. No).
-
What would make the CIA no longer interested in maintaining backdoors in commonly used crypto products?
Because China and Russia weren't buying any more and standard security practices everywhere else have become so laughable it's completely unnecessary?
-
Sun Tzu lived around 6th century BC. That's a really long time ago.
He said among other things: "All warfare is based on deception. "
The playbook is ancient. Almost as old as dirt.
So why is everyone soooo surprized , crying "deception" and freaking out in the 21st century?
Geez!
-
Well, Crypto AG was the name in the business for decades -- until strong cryptography algorithms became more well-published, and widely available microprocessors became powerful enough to implement them. They go back to Hagelin in the 1930s, and have delivered cryptography equipment to many (many!) governments and commercial customers.
Nothing new, if I am not wrong the British kept all the Enigma cracking operation secret for many, many years, and they offered recycled Enigma machines to some countries, maybe former colonies.
-
Personally, I don't care if the NSA can read my emails etc. I just don't want chinese hackers getting into the servers which I am responsible for, and most of those are done via weaknesses in... wait for it... open source software :)
Remember that getting a cryptosystem right is much harder than it seems. It doesn't matter how strong your algorithms are if your application of them has some weakness.
Remember OpenSSL severely compromised because of two apparently harmless lines of code were removed, which resulted in a dramatic drop of the entropy of the random generated keys.
Now, good luck making such kind of software or even auditing it. Some weaknesses can be extremely subtle!
-
The Brits made sure most of the 3rd World used enigma-like machines, enabling Britain to optimise its foreign policy ;)
Yes indeed, you can have strong crypto but get key leakage via variable execution time, etc.
-
I was about to ask (and it may have been answersed in the preceding post) that if algorithms are known, what stops someone from programming a higher-bit version of a known encryption algorithm (e.g. If keys only go up to 256 or 512, maybe you implement 1024, 2048, 4096 or even longer), or running the encryption through several algorithms iteratively (so the cypher text is even harder to crack if you don't know which and the order of algorithms applied), or spinning their own solutions (bad idea) even though it may be "illegal" by the government (is this what happened to TrueCrypt)? Surely the NSA and CIA and FBI and whoever else wants to crack these things can do a lot... but they can't do it all... yes they have sophisticated tools and huge mathematical and computational muscle but let's not believe just because they have some secrets that they have all of them. I don't think they can get into everything and that scares them. I also think part of the mass collection of information may be to scan for new "outliers" of stuff that seems to be using a stronger cypher so they flag these and investigate further that communication channel, which can then be hard-surveyed (actually seeing on the ground where it is coming from and who are the actors). There are probably easier screw-ups by the people that do them in than by the algorithms chosen... like using the same Internet cafe which then gets infiltrated with a camera system that lets the state see who is frequenting the place. I watch too many spy movies. :-DD
-
edy: There is actually an unbreakable encryption: XOR your data against a random data. Problem is the exchange of the random data :) If you exchange a 16TB drive filled with random data with your counterpart you wish to talk with, you are safe to send 16TB. After that it gets tricky :)
-
though it may be "illegal" by the government (is this what happened to TrueCrypt)?
Few months back the German BSI had to publish the report on TrueCrypt analysis they ordered long time back (the analysis was done before its "end"). People say they use it modified. You may download the document, afaik.
Afaik nobody is cracking your very secrets brute force today (it may work such way since 80ties). They do by collecting the additional information about the target who is using the encryption, leveraging entirely the human factor as the major weakness of the system - soon or later you do a mistake when operating the system. Thus in the moment as they get a knowledge you do mess with an encryption of your "secrets" you are basically lost..
-
In another thread on this forum (the one about shortwave radio) I recently posted that I "discovered" spy transmissions of data and numbers over the shortwaves from Cuba and other countries. This has been going on for many decades, I am just new to shortwave so it was exciting to hear for the first time. There is a good page and guide here which I found while Googling what I was listening to:
http://priyom.org/number-stations (http://priyom.org/number-stations)
The specific station I happened to find (at 2am by the way on 9330 kHz) was this one (they have a sample audio clip on that page you can play... a woman's voice saying numbers in Spanish followed by chirpy squeeky modem/fax like digital data sounds known as RDFT):
http://priyom.org/number-stations/digital/hm01 (http://priyom.org/number-stations/digital/hm01)
Here's another article on it, and on RDFT mode:
https://shortwavearchive.com/archive/tag/Spy+Numbers+Station (https://shortwavearchive.com/archive/tag/Spy+Numbers+Station)
https://www.sigidwiki.com/wiki/Redundant_Digital_File_Transfer_(RDFT) (https://www.sigidwiki.com/wiki/Redundant_Digital_File_Transfer_(RDFT))
It was remarkable listening to this stuff... something I thought wouldn't be done anymore with the advent of the internet and satellite. Anyone with a $20 shortwave radio can hear the number codes and data transmission and decode it on their computer into a file of garbled data. What to do with the resultant file is another issue altogether, but certainly the USA has the means to decrypt all this stuff. Or maybe not?
I am puzzled to understand why they broadcast this stuff over the public airwaves... in plain radio (not SSB) and regularly on a schedule and on frequencies that are known for that matter... so that anyone can hear it. I guess it's because they know the numbers and data can easily be intercepted even on the internet, and so there is no secret to hiding the transmission itself. May as well make it as open and easy to intercept by field operatives as possible. The trick is that they must have pre-existing one-time random pads that they know to use. Perhaps the numbers that are being transmitted by a woman's voice PRIOR to the actual file data is the pad to use (it is a 5 or 6 digit number so that is a lot of random pads the field operatives have available to them). It could also be some algorithm or some other "key" to figuring out where they should start (or which direction they should go, or what number of spaces they should jump on each character) in a huge random pad they have shared at one time. There is a lot of stuff you could do that would be extremely difficult to crack.
Fascinating stuff! Cat and mouse game. I agree the mathematical/computer/algorithmic side of things can be made ridiculously strong but ultimately the human social factors may be easier to crack.
-
I was about to ask (and it may have been answersed in the preceding post) that if algorithms are known, what stops someone from programming a higher-bit version of a known encryption algorithm
It impacts performance and may have other issues such as compatibility with other users and applications.
-
I "discovered" spy transmissions of data and numbers over the shortwaves from Cuba and other countries.
I am puzzled to understand why they broadcast this stuff over the public airwaves... in plain radio (not SSB) and regularly on a schedule and on frequencies that are known for that matter... so that anyone can hear it.
I thought that the whole point is that this is indeed "broadcasting" of information to agents in the field. Anyone (well, any agent) is supposed to be able to hear it, without the need for any specialized equipment -- which they might not have, or which might compromise their mission if it were discovered.
-
(https://musicart.xboxlive.com/6/cfbe3b2b-0000-0000-0000-000000000009/504/image.jpg?w=960&h=540)
-
I "discovered" spy transmissions of data and numbers over the shortwaves from Cuba and other countries.
I am puzzled to understand why they broadcast this stuff over the public airwaves... in plain radio (not SSB) and regularly on a schedule and on frequencies that are known for that matter... so that anyone can hear it.
Edy too many spy movies from 50's, you should cut on watching them man ;)
This sort of telemetry exists for decades, i trust the systems and people transmitting it are not hiding in the bushes with their vacuum tube transmitters and telescopic antennas. As to why it is still done in an archaic way, well, ask the big banks for instance why some are still using the software developed back in 60's.
-
It was remarkable listening to this stuff... something I thought wouldn't be done anymore with the advent of the internet and satellite. Anyone with a $20 shortwave radio can hear the number codes and data transmission and decode it on their computer into a file of garbled data. What to do with the resultant file is another issue altogether, but certainly the USA has the means to decrypt all this stuff. Or maybe not?
They don't have the means to decrypt that unless the system is really sloppy or maybe they captured an operative.
I am puzzled to understand why they broadcast this stuff over the public airwaves... in plain radio (not SSB) and regularly on a schedule and on frequencies that are known for that matter... so that anyone can hear it. I guess it's because they know the numbers and data can easily be intercepted even on the internet, and so there is no secret to hiding the transmission itself.
The reason is simple. A professional communications receiver can be a real liability in many countries. An ordinary cheap radio is not. If the message is well protected making the encrypted text public is really harmless.
And periodic, scheduled transmissions make the system actually more secure. I am sure they send a standard length "lorem ipsum" when there's nothing to communicate at all. That way an eavesdropper has no way to correlate transmissions to certain events (or lack of them).
One of the things the British did in WWII was called, if I remember well, "gardening". If they wanted the German Navy to send an encrypted message with known text (message format an content was strictly standardized) they for example dropped mines on a port, so the Germans would send an "ACHTUNG MINES DETECTED AT HAMBURG PORT" or whatever.
-
Remember that getting a cryptosystem right is much harder than it seems. It doesn't matter how strong your algorithms are if your application of them has some weakness.
Remember OpenSSL severely compromised because of two apparently harmless lines of code were removed, which resulted in a dramatic drop of the entropy of the random generated keys.
Now, good luck making such kind of software or even auditing it. Some weaknesses can be extremely subtle!
Extremely subtle especially when intentionally introduced. Even with the bare code chances are well hidden weaknesses won't be easily spotted especially if measures are taken to prevent that. Another example is the attempted backdooring of Linux in 2003.
https://lwn.net/Articles/57135/
-
I "discovered" spy transmissions of data and numbers over the shortwaves from Cuba and other countries.
I am puzzled to understand why they broadcast this stuff over the public airwaves... in plain radio (not SSB) and regularly on a schedule and on frequencies that are known for that matter... so that anyone can hear it.
I thought that the whole point is that this is indeed "broadcasting" of information to agents in the field. Anyone (well, any agent) is supposed to be able to hear it, without the need for any specialized equipment -- which they might not have, or which might compromise their mission if it were discovered.
It is because there is only one key, known only to transmitter and one receiver.
From: https://www.thedailybeast.com/the-stupidly-simple-spy-messages-no-computer-could-decode (https://www.thedailybeast.com/the-stupidly-simple-spy-messages-no-computer-could-decode)
That’s because the message was encrypted using a simple but enormously effective key known only to two parties—the sender and the recipient.
Whomever the numbers were meant for would have been listening to the Numbers Man at the same time as me. “7…6…7…4…3.” He might write the numbers down in a row on a piece of paper. But underneath that, he’d write another row of the same length, using random numbers given to him earlier by the CIA or whatever intelligence agency was running him. These numbers were the key. Going number by number, he’d subtract row two from row one and come up with a third row. And those numbers corresponded to letters, which spelled out a message.
This is just one example of how a listener might decrypt a numbers broadcast. But in all cases, the immutable characteristic of the system is that it’s easy to use. Decoding requires no special skills. No facility with cryptography. Anyone who can listen to a series of numbers, write them down, and perform basic math can do the job. Had I known the key, at age 10, I could have spelled out the spy’s message.
But the numbers are just gibberish without that key, known in spycraft as a one-time pad. As its name suggests, it’s used only once. And that’s what makes it so secure.
A former career U.S. intelligence officer told me that the pads were distributed to agents in tiny booklets composed of dozens of pages filled with numbers. Each day, the agent would rip out one page from the booklet and discard it. The intelligence officer told me that some of the pages were designed to dissolve in water. The agent could flush it down a toilet or even drop it in a glass of water at a café. The CIA reportedly made other pad pages that turned into gum on contact with saliva. I don’t know if they were mint flavored.
Every day, a new key. Even if another spy found that day’s key, it’d be useless come midnight. And if the entire book were compromised, well, just make a new one.
It is the beautiful paradox of the numbers stations that secret messages were literally sent into the air, for anyone to hear, but could only be understood by one person. So long as the pad wasn’t compromised, the numbers station codes were unbreakable. Perfect secrecy. All out in the open.
-
When you get a chance to talk with experts from that crypto community (especially those veterans from cold war time) you will get the basic rule - what is not home-made is always considered unsafe. Even home-made systems were always handled with pretty paranoia (the another basic rule - all the designers of your home made crypto systems are infiltrated agents of Dr. No).
Of course. And that was my point too.
-
Who would you turn to if you need encrypted communications for your embassies and don't have the technology capabilities yourself? A company based in Switzerland, run by Swiss and Swedes, with their reputation and their whole business existence on the line if they mess with their customers' cryptography, is not the most absurd choice in my mind.
You build it. As imo also noted, yes it is "absurd" per se, however good and apparently trustworthy said company looks.
Anyway, the point was not whether or not it was a smart decision by those dozens of governments. The point is that it indeed qualifies as a big deal that the meddling of the US and German secret service at Crypto AG has now been confirmed.
Of course it's a big deal, but how surprising is it? Past history for several decades has shown constant similar meddling from the CIA and NSA. Big deal yes, surprising, absolutely not, and will it have any consequence? Absolutely none IMO, just as with all the other "awful" past stories of meddling.
And yes this is fully the point to me. It's all about responsibilty and how to reasonably deal with national security concerns. Yes this was dumb to trust a third-party for this, and I think it still is. And IMO it's the only lesson to learn here. Again, the fact the CIA has meddled, meddles and will meddle is a sure thing, we all look shocked when we learn about a new one, we get busy talking about it for a couple weeks, and it's done. We move on, you get irritated but nothing else, the US still does whatever they want and we just shut up usually. Point is, from this there's absolutely nothing new to learn, so big deal or not, this is just pointless. This is like playing the victim game, while the CIA will just keep doing it forever. Whining gets us nowhere.
Taking a lesson or two about it for how to deal with national security is more interesting IMO. Just a thought though.
-
And perhaps the final point after this CAG exercise - here is a great web page for all fans of James Bond movies :)
CAG in the Breaking news:
https://www.cryptomuseum.com/index.htm (https://www.cryptomuseum.com/index.htm)
https://www.cryptomuseum.com/intel/cia/rubicon.htm (https://www.cryptomuseum.com/intel/cia/rubicon.htm)
daqq's One Time Pad:
https://www.cryptomuseum.com/crypto/otp/index.htm (https://www.cryptomuseum.com/crypto/otp/index.htm)
Crypto AG machines:
https://www.cryptomuseum.com/crypto/hagelin/index.htm (https://www.cryptomuseum.com/crypto/hagelin/index.htm)
-
Apparently the son of the company founder got murdered, because he wanted to talk:
https://www.20min.ch/schweiz/news/story/Ermordete-Geheimdienst-Sohn-von-Crypto-Gruender--28113650 (https://www.20min.ch/schweiz/news/story/Ermordete-Geheimdienst-Sohn-von-Crypto-Gruender--28113650)
Reminds me of Tron, the hacker, who got epsteined in 1998, because he developed an open source voice encryption device.
https://en.wikipedia.org/wiki/Tron_(hacker) (https://en.wikipedia.org/wiki/Tron_(hacker))
Had symmetric crypto at first, but AFAIK he later wanted to add assymetric crypto, so you could basically talk to anyone without sharing secret keys. Guess CIA/NSA/BND didn't like that.
-
That's been easily possible for many years, with VOIP. One problem is that it is easy to find out who the two ends of the call are, usually... because VOIP uses end to end UDP. It could be passed through intermediate servers but you never know if they are compromised, and any real time traffic (like voice) is obvious in traffic analysis.
You would be amazed how people go to some lengths to obfuscate themselves, with stuff like the TOR browser, and then make really basic mistakes. A classic one is you are up to something nefarious, in a hotel, on 4G, thinking 4G is ok, and then you walk away from the window, lose the signal, and the phone connects to the hotel wifi, on which you were a few days earlier, with another device, when connecting to the site which you are trying to wind up :) Be assured that if you properly p1ss somebody off, they will find those details in their server logs ;) A part of my day job is looking after a site which gets this fairly regularly (sock puppets etc).
Many years ago, with the EFF in the US getting going, "everybody" was getting into PGP etc. I was one of the earliest users of it. Today almost nobody bothers because almost nobody cares if the NSA can read the stuff. And if the UK GCHQ cannot read my emails I would consider them not delivering value for my taxpayer money :)
Switzerland is a funny place. Start a conversation about nazi gold in their bank vaults and see what reception you get :)
Crypto is fascinating, and equally so in how people screw up by doing simple things. Read up on VENONA and the duplicated one time pads, for a classic. Top secret until c. 1987.
-
edy: There is actually an unbreakable encryption: XOR your data against a random data. Problem is the exchange of the random data :) If you exchange a 16TB drive filled with random data with your counterpart you wish to talk with, you are safe to send 16TB. After that it gets tricky :)
The first digital voice scrambler, SIGSALY (https://www.cryptomuseum.com/crypto/usa/sigsaly/index.htm), used random data as a one-time-pad, originated from analog noise, turned into digital values, then recorded as frequency-shift-keyed analog on giant phonograph records. The turntables at each end were super-precise, synched machines that ensured both sides played within something like 1ms of each other, for the whole duration of the record (12 minutes).
They pressed only two copies of each record, then destroyed the master. One copy was sent to each endpoint. After use, the record was destroyed. During WW2, over 3000 calls were placed with SIGSALY, meaning that at absolute minimum, 6000 pairs of records were needed (since it was full-duplex), and in reality probably a lot more, as some calls would have been long enough to require multiple sets of records.
See also https://en.wikipedia.org/wiki/SIGSALY (https://en.wikipedia.org/wiki/SIGSALY)
-
I bet SIGSALY was leaking the key, but in WW2 they didn't have the DSP technology to extract it.
-
I bet SIGSALY was leaking the key, but in WW2 they didn't have the DSP technology to extract it.
How do you figure? It used a one-time pad with a key taken from an analog noise source. The key was as long as the data it encrypted.
-
You could presumably generate "random one-time pads" out of information that anyone in the world might pick up from a number of different places. The trick of WHICH numbers are important are known only to the recipient and the sender.
For example, say you make a list of cities to check the weather... London, Moscow, Beijing, New York, Berlin, Sydney, etc.... You get the temperature high/lows from some weather service that both sender and recipient have access to, at some specific time each day. That combination of numbers would be your random one-time pad for the next 24 hours. You receive a numbers code over the radio, and use the pad to decypher it. Then next day it changes. Weather may not be a good example, but other sources of numbers (stock market, etc) may be better.
That's just one example. You could probably find many other ways to get what you might think of as "random" number pads (or pseudo... as temperatures may co-vary for cities in the same hemisphere). But there could be other methods to get "random" information to use as a pad, all of which is out in the open but only known to the sender/recipient. The algorithm could be easy to memorize, no need for any code books or dissolving pads. It could be limited in length but for a simple message it is easy enough to implement.
Thanks also for linking that article from The Daily Beast... it is extremely entertaining and exactly sums up what I felt (and what most new shortwave listeners probably experience) when we first stumble on this stuff! :-+
It is because there is only one key, known only to transmitter and one receiver.
From: https://www.thedailybeast.com/the-stupidly-simple-spy-messages-no-computer-could-decode (https://www.thedailybeast.com/the-stupidly-simple-spy-messages-no-computer-could-decode)
-
Edy, were you responding to me (the post immediately above yours) or someone else?
If to me: Ummmmmmm... I don't think you understand the concept of a one-time pad, especially not the essentially unlimited-key kind used in SIGSALY.
To be truly, absolutely secure:
1. It must derive the key from a truly random source. In SIGSALY, the analog noise from a rectifier tube.
2. The key must be as long as the message. In SIGSALY, the key is 12 minutes long per record, with pairs of turntables to allow queuing of new records.
3. The key must never be reused. In SIGSALY, the records were destroyed immediately after use.
The situation is that both parties have a record with identical copies of 12 minutes worth of random numbers, generated from a physically random source. During the call, the digitized voice signal is XORed with the key on the sender side, and then XORed again on the recipient. Because the string of random numbers is endless (in that the record is never reused, and a sufficient supply of new records are kept at hand), no amount of signal capture can expose anything about the key.
I think you might be assuming that some short key was used repeatedly to encrypt each word of digitized audio. If that were the case, then it might be breakable. But since every single word was encrypted with a new random key, this is mathematically unbreakable. The downside is the need to physically transport all those records full of keys.
-
Proper key exchange and management tends to be the hard part anyway.
-
Edy, were you responding to me (the post immediately above yours) or someone else?
No, I was not responding to your post. I think I understand what you were saying about the two vinyl records having the same analog noise and having one at the encrypting end and one at the decrypting end.
I was just thinking out loud about how one could possibly come up with small one-time pads for small messages out of what you could consider "random noise" of the world.... for example, temperature high/lows, wind speeds, UV index or other information that is known to anyone but only the sender/recipient know which cities to look up to make their one-time pad for.
For example, say you listed in this exact order Berlin, Tokyo, Beijing, New York, Toronto, London, Sydney, Rome. For each you have both agreed to check some website or other source (that you both have access to at same time of day) and you come up with same numbers... you could make that your one-time pad.
Then you send an encrypted message of several characters over radio using numbers. Since only sender and recipient know how to construct the one-time pad, only they can encrypt and decrypt the message. Each day it changes. This is more random than a pseudo-random number generating algorithm, which may be more easy to crack with computer analysis. Although the numbers may co-vary or repeat because the weather doesn't change that much over a few days or weeks. However, it is just an idea.
-
The attacker may start think on where the random numbers used come from..
After a while he/she finds out the message starts to give some sense when temperatures in Berlin, Tokyo, Beijing, New York, Toronto, London, Sydney, Rome are at specific levels :)
The numbers must be perfectly random, and the sequence should not repeat with each message - that is the fundamental problem of that science. The temperatures in those cities are not random.
-
I reckon SIGSALY was leaking stuff at the boundaries of where it switched over from one "key bit" to the next.
-
I reckon SIGSALY was leaking stuff at the boundaries of where it switched over from one "key bit" to the next.
Huh? Can you be a lot more detailed in what you mean?
-
The attacker may start think on where the random numbers used come from..
After a while he/she finds out the message starts to give some sense when temperatures in Berlin, Tokyo, Beijing, New York, Toronto, London, Sydney, Rome are at specific levels :)
The numbers must be perfectly random, and the sequence should not repeat with each message - that is the fundamental problem of that science. The temperatures in those cities are not random.
City temperatures are anything but random. They're cyclic within very well defined bandwidths and with some values appearing much more often than others. Using those would limit the strength of your cryptography severely.
-
The attacker may start think on where the random numbers used come from..
After a while he/she finds out the message starts to give some sense when temperatures in Berlin, Tokyo, Beijing, New York, Toronto, London, Sydney, Rome are at specific levels :)
The numbers must be perfectly random, and the sequence should not repeat with each message - that is the fundamental problem of that science. The temperatures in those cities are not random.
City temperatures are anything but random. They're cyclic within very well defined bandwidths and with some values appearing much more often than others. Using those would limit the strength of your cryptography severely.
Yes I figured that much... but if there was a source of random enough information that could be gleaned by 2 observers half way around the world from each other, using a simple to remember rule, theoretically it could be the source of their random one-time pad. Weather is not a good option. On the other hand, trying to find a random enough source of data on the planet itself may give away the method... if only a few exist, then it may be easily discovered as well by attackers. Also, if it is obscure enough (say people are checking an online seismic activity chart for some earthquake zone) also and you can track which IP addresses access the information, it may also give away people who are checking it at certain times regularly every day. So not so easy to implement either. Truth is, if you already are going through the trouble of checking some online resource for random information, etc... it has already become too complex and prone to tracking and error that it may be more trouble than it's worth. The only advantage is that it hides in plain site, much like a shortwave radio. So carrying a shortwave radio around or visiting some popular layman's website wouldn't raise any suspicion.
-
Yes I figured that much... but if there was a source of random enough information that could be gleaned by 2 observers half way around the world from each other, using a simple to remember rule, theoretically it could be the source of their random one-time pad. Weather is not a good option. On the other hand, trying to find a random enough source of data on the planet itself may give away the method... if only a few exist, then it may be easily discovered as well by attackers. Also, if it is obscure enough (say people are checking an online seismic activity chart for some earthquake zone) also and you can track which IP addresses access the information, it may also give away people who are checking it at certain times regularly every day. So not so easy to implement either. Truth is, if you already are going through the trouble of checking some online resource for random information, etc... it has already become too complex and prone to tracking and error that it may be more trouble than it's worth. The only advantage is that it hides in plain site, much like a shortwave radio. So carrying a shortwave radio around or visiting some popular layman's website wouldn't raise any suspicion.
I think independently deriving OTPs leads to various potential issues. They're typically exchanged in advance.
-
Yes I figured that much... but if there was a source of random enough information that could be gleaned by 2 observers half way around the world from each other, using a simple to remember rule, theoretically it could be the source of their random one-time pad.
Nope. If the seed (or rule) information required to "glean" the one-time pad is shorter than the message to be sent (and hence the length of a proper one-time pad), then the exchange will be less secure than if done with a proper, pre-generated one-time pad. An adversary could test various "seeds", each of them short, and try to decipher the message with the random number stream corresponding to that seed.
That is assuming that the source of the actual random numbers is generally known and available, and only the seeds constitute the secret. The alternative would be a "security by obscurity" concept; that doesn't count anymore in cryptography these days...
If, on the other hand, the seed information were as long and complex as the one-time pad itself, exchanging (sharing) only the seeds would no longer have any benefits over sharing the OTPs themselves.
-
It was remarkable listening to this stuff... something I thought wouldn't be done anymore with the advent of the internet and satellite. Anyone with a $20 shortwave radio can hear the number codes and data transmission and decode it on their computer into a file of garbled data. What to do with the resultant file is another issue altogether, but certainly the USA has the means to decrypt all this stuff. Or maybe not?
If the encryption is done using a well-made one time pad, it is unbreakable. But, of course, distributing the one time pads to agents in the field is very difficult, and anybody caught in possession of such a pad could end up getting shot.
Yes, with the internet, it sure seems like there would be better ways to send secret messages, but receiving a message requires a two-way connection, while receiving a radio broadcast does NOT reveal where you are.
You ought to read the book Spycraft, it is all about how the CIA communicated with field agents and all the tricks of how they concealed their communications.
Jon
Jon
-
Yes I figured that much... but if there was a source of random enough information that could be gleaned by 2 observers half way around the world from each other, using a simple to remember rule, theoretically it could be the source of their random one-time pad.
Nope. If the seed (or rule) information required to "glean" the one-time pad is shorter than the message to be sent (and hence the length of a proper one-time pad), then the exchange will be less secure than if done with a proper, pre-generated one-time pad. An adversary could test various "seeds", each of them short, and try to decipher the message with the random number stream corresponding to that seed.
Most modern cipher gear use some form of linear feedback shift register to generate the key. Apparently, there is a mathematical process that with a short length of the key, you can figure out the specific polynomial used in the LFSR. So, some schemes have been used to make this more obscure. Just XOR'ing two or more LFSRs together doesn't destroy information, but ANDing or ORing them together does destroy information, and make this much harder.
Jon
-
The British kept their WWII crypto stuff secret till 70ties because of German technology which became popular in Eastern Block after WWII.
One of the results of the British keeping their WW2 cryptography efforts secret after the war was that the US electronics and computing industries got a boost because the US did not.
-
Some reading on the alleged cooperation of Hagelin and NSA
"Secret deal between the NSA and Hagelin · 1939-1969"
https://www.cryptomuseum.com/manuf/crypto/friedman.htm (https://www.cryptomuseum.com/manuf/crypto/friedman.htm)
-
Well, Crypto AG was the name in the business for decades -- until strong cryptography algorithms became more well-published, and widely available microprocessors became powerful enough to implement them. They go back to Hagelin in the 1930s, and have delivered cryptography equipment to many (many!) governments and commercial customers.
These mechanical rotor machines were obsolete during WW-II, and anybody who bought them for anything more sensitive than personal communications was a total idiot.
The British (with some American help to up the speed) were cracking Enigma messages in 4 minutes each toward the end of the war. GCHQ was breaking SZ-42 messages
in something like 30 minutes with the Colossus machines, also during WW-II. So, you didn't need an "in" to these machines to break the cipher fairly quickly. NSA had a system called
Harvest that was likely used to break a lot of this traffic in a massively wide fashion.
NSA developed much more advanced Vernam cipher machines in the mid 1950's using electronic key generators based on linear feedback shift registers. These would be a lot harder to crack, but still with modern computing gear, are probably no longer secure.
Jon
-
It was remarkable listening to this stuff... something I thought wouldn't be done anymore with the advent of the internet and satellite. Anyone with a $20 shortwave radio can hear the number codes and data transmission and decode it on their computer into a file of garbled data. What to do with the resultant file is another issue altogether, but certainly the USA has the means to decrypt all this stuff. Or maybe not?
They don't have the means to decrypt that unless the system is really sloppy or maybe they captured an operative.
I am puzzled to understand why they broadcast this stuff over the public airwaves... in plain radio (not SSB) and regularly on a schedule and on frequencies that are known for that matter... so that anyone can hear it. I guess it's because they know the numbers and data can easily be intercepted even on the internet, and so there is no secret to hiding the transmission itself.
The reason is simple. A professional communications receiver can be a real liability in many countries. An ordinary cheap radio is not. If the message is well protected making the encrypted text public is really harmless.
And periodic, scheduled transmissions make the system actually more secure. I am sure they send a standard length "lorem ipsum" when there's nothing to communicate at all. That way an eavesdropper has no way to correlate transmissions to certain events (or lack of them).
One of the things the British did in WWII was called, if I remember well, "gardening". If they wanted the German Navy to send an encrypted message with known text (message format an content was strictly standardized) they for example dropped mines on a port, so the Germans would send an "ACHTUNG MINES DETECTED AT HAMBURG PORT" or whatever.
The German tendency to end telegrams with HEIL HITLER didn't hurt either.
-
Well, Crypto AG was the name in the business for decades -- until strong cryptography algorithms became more well-published, and widely available microprocessors became powerful enough to implement them. They go back to Hagelin in the 1930s, and have delivered cryptography equipment to many (many!) governments and commercial customers.
These mechanical rotor machines were obsolete during WW-II, and anybody who bought them for anything more sensitive than personal communications was a total idiot.
The British (with some American help to up the speed) were cracking Enigma messages in 4 minutes each toward the end of the war. GCHQ was breaking SZ-42 messages in something like 30 minutes with the Colossus machines, also during WW-II. So, you didn't need an "in" to these machines to break the cipher fairly quickly.
Obviously it remained unknown for a few more decades that Enigma had been cracked by the British, so mechanical cipher devices remained in wide use throughout the '50s and '60s. Heck, NATO was using the KL-7 into the '80s!
In the 1960s Hagelin/Crypto AG did make the transition to electronic devices -- with technical help from the NSA, apparently, who made sure that non-friendly governments only obtained compromised implementations. There was a period (late '60s to late '80s, I would say) when typical crypto technology was already electronic, but still proprietary, rather than based on generic microprocessor hardware and published algorithms. Crypto AG continued to be a market leader during that period.
-
edy: There is actually an unbreakable encryption: XOR your data against a random data. Problem is the exchange of the random data :) If you exchange a 16TB drive filled with random data with your counterpart you wish to talk with, you are safe to send 16TB. After that it gets tricky :)
That is the good old OTP (= "one time pad" encryption). IMHO the only unbreakable encryption. I would consider all encryption methods (public or not) and most "computer stuff", including all types of operating systems, to be backdoored or easily attackable.
Just think of what 50000 of very clever NSA employees (what little info is known, they reach only out for *very* clever people) could create or break, while working full time on it. Then add the same sort and number of People for Russia, for China and again for the rest of the world...
-
That is the good old OTP (= "one time pad" encryption). IMHO the only unbreakable encryption.
That, and occasionally sending out completely random data, nicely padded to give blocks of 256bits and made to look like a message. Just for fun. If no one's listening nothing happens, if someone is and knows how to decrypt AES256 and similar, they'll be WTFied.
-
That, and occasionally sending out completely random data, nicely padded to give blocks of 256bits and made to look like a message. Just for fun. If no one's listening nothing happens, if someone is and knows how to decrypt AES256 and similar, they'll be WTFied.
Or take it to an extreme as was proposed by Ron Rivest when the US was considering making all unauthorized encryption illegal:
https://en.wikipedia.org/wiki/Chaffing_and_winnowing
-
edy: There is actually an unbreakable encryption: XOR your data against a random data. Problem is the exchange of the random data :) If you exchange a 16TB drive filled with random data with your counterpart you wish to talk with, you are safe to send 16TB. After that it gets tricky :)
That is the good old OTP (= "one time pad" encryption). IMHO the only unbreakable encryption. I would consider all encryption methods (public or not) and most "computer stuff", including all types of operating systems, to be backdoored or easily attackable.
Just think of what 50000 of very clever NSA employees (what little info is known, they reach only out for *very* clever people) could create or break, while working full time on it. Then add the same sort and number of People for Russia, for China and again for the rest of the world...
Unbreakable to the limit of human error. Look up the Venona decrypts, which were largely enabled by Soviet operators misusing one time pads. Key word is "one time"...if this principle is violated all bets are off when facing a nation state adversary.
-
Unbreakable to the limit of human error. Look up the Venona decrypts, which were largely enabled by Soviet operators misusing one time pads. Key word is "one time"...if this principle is violated all bets are off when facing a nation state adversary.
It was not a problem of the operators.. Soviets printed out several identical copies of the one time pads booklets.. Because of being in hurry during Nazi invasion.
-
Unbreakable to the limit of human error. Look up the Venona decrypts, which were largely enabled by Soviet operators misusing one time pads. Key word is "one time"...if this principle is violated all bets are off when facing a nation state adversary.
A one time pad used twice isn't a one time pad. It's literally in the name.
-
Unbreakable to the limit of human error. Look up the Venona decrypts, which were largely enabled by Soviet operators misusing one time pads. Key word is "one time"...if this principle is violated all bets are off when facing a nation state adversary.
A one time pad used twice isn't a one time pad. It's literally in the name.
Yeah, no shit. ::)
-
Unbreakable to the limit of human error. Look up the Venona decrypts, which were largely enabled by Soviet operators misusing one time pads. Key word is "one time"...if this principle is violated all bets are off when facing a nation state adversary.
It was not a problem of the operators.. Soviets printed out several identical copies of the one time pads booklets.. Because of being in hurry during Nazi invasion.
So what? They misused them, and paid for it. You're just splitting hairs.