I just uploaded the new software tool CT-46 OTP to perform one-time pad encryption. The training tool takes a plaintext and one-time pad key, converts the plaintext into digits and calculates the ciphertext. The CT-46 checkerboard is used to convert the text into digits. The program contains instructions on how to use the pencil-and-paper version and the conversion table.
The software is meant for training purposes only, as we all know there's no such thing as a secure computer. The only secure computer is a stand-alone laptop, stored in a 100% burglar proof vault. It's useless to run a perfect crypto system, or any crypto software for that matter, on a normal computer, given the many viruses, trojans, spyware and countless unidentified processes. The software however is ideal to train your encryption skills. The only truly secure way to apply one-time pad encryption still is simply with pencil and paper.
More about one-time pads at my one-time pad page, including an extensive Guide To Secure Communications with One-time Pad (pdf). The freeware CT-46 Tool is available at my download page.
CT-46 OTP Training Tool (click to visit download page) |
The software is meant for training purposes only, as we all know there's no such thing as a secure computer. The only secure computer is a stand-alone laptop, stored in a 100% burglar proof vault. It's useless to run a perfect crypto system, or any crypto software for that matter, on a normal computer, given the many viruses, trojans, spyware and countless unidentified processes. The software however is ideal to train your encryption skills. The only truly secure way to apply one-time pad encryption still is simply with pencil and paper.
More about one-time pads at my one-time pad page, including an extensive Guide To Secure Communications with One-time Pad (pdf). The freeware CT-46 Tool is available at my download page.
7 comments:
Well, in some cases even a standalone laptop locked in a safe isn't really *the* safest ;)
I'm no cryptographer, but I have been giving some thought to secure encryption.
What about a ROT-n encrytion where n represents the position in the alphabet of the letter of the key. For example if my password is "secret" then the first letter would be replaced with its value +19, the second letter would be its value +5, the third letter +3, etc.
It would seem to me that in this way you would never be able to figure out which rotation is used without knowing the password. And the larger your password, the more secure it would be..
Hi David,
what you suggest is called a poly-alphabetic cipher. These are totally insecure and easily broken by a frequency count of all 1st, 2nd, 3th... letters seperately. All these types of encryption are variants of the Vigenere cipher, and all are insecure.
A poly-alpha cipher could be totally secure if you would select a random key letters for each individual message letter, but then, that's what we call a one-time pad.
Way behind on this response, but the method of encryption isn't the only thing keeping a message secure. OPSEC (Operations Security) is very important, the enemy can't break your code if they don't know you even have a code...
@unknown, indeed, and even OPSEC is only a small part of the whole range of measures to protect communications. COMSEC is more focussed on the technical side (encryption, TEMPEST secure devices, transmission, procedures...) while OPSEC focusses on what the adversary can/will intercept, be it encrypted or unencrypted, and what value he might derrive from piecing together even innocuous information or signals.
COMINT and ELINT are some of the methods that enable to derrive vital information from completely "secure" encrypted communications, despite being unreadable. The most common error is to underestimate how many possible ways there are to leak information, and the extensive measures that are required to avoid it.
As for not disclosing the use of OTP encrypted text, see WPS - Secret Numbers in Letters, a basic but solid method to hide information in text. More about signals at the website.
Agreed, steganography is a great tool to use in conjunction with other methods and OPSEC. You really have to do your homework and understand the best method of getting your encrypted message to the recipient without interception.
As for one-time pad, Auguste Kerckhoffs' principles learned us that any encryption system should only rely on the secrecy of the key, not rely on secrecy of the system, and must be theoretically or practically unbreakable. Sounds perfect...
However, he didn't mention that the non-decrypted ciphertext or the means of transmission should not reveal the content of the message. To his defence, in the 1800s he could not fully grasp the extent of information theory and communications security, and even today, many don't understand it.
Compound that with a lack of understanding the importance of procedures and rules and even the perfect one-time pad encryption will become compromised and decrypted, although cryptographically unbroken.
The Cuban Agent Communications or the VENONA project decrypts are some textbook examples. Often completely mistakenly referred to as broken one-time pad messages, they were always implementation errors, each and every time.
Those who claim that one-time pad encrypted messages have been broken merely show that even they themselves don't grasp the concept of communications security. It's not because a secure encryption algorithms is used in a bad manner that the encryption is weak. And that's exactly why any kind of encryption is never simple and easy.
Believing to be safe because they use unbreakable encryption, or any type of encryption for that matter, is the trap they always fall into.
Post a Comment