tag:blogger.com,1999:blog-15110991.post252553919838618460..comments2024-01-13T11:15:30.670+01:00Comments on SIGINT CHATTER: One-time Pad ToolDirk Rijmenantshttp://www.blogger.com/profile/03973502421787834920noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-15110991.post-49127611048107526452020-09-19T09:49:05.959+02:002020-09-19T09:49:05.959+02:00As for one-time pad, Auguste Kerckhoffs' princ...As for one-time pad, Auguste Kerckhoffs' principles learned us that any encryption system should only rely on the secrecy of the key, not rely on secrecy of the system, and must be theoretically or practically unbreakable. Sounds perfect...<br /><br />However, he didn't mention that the non-decrypted ciphertext or the means of transmission should not reveal the content of the message. To his defence, in the 1800s he could not fully grasp the extent of information theory and communications security, and even today, many don't understand it.<br /><br />Compound that with a lack of understanding the importance of procedures and rules and even the perfect one-time pad encryption will become compromised and decrypted, although cryptographically unbroken.<br /><br />The <a href="https://rijmenants.blogspot.com/2010/02/cuban-agent-communications.html" rel="nofollow">Cuban Agent Communications</a> or the <a href="https://rijmenants.blogspot.com/2010/01/venona-declassified.html" rel="nofollow">VENONA project decrypts</a> are some textbook examples. Often completely mistakenly referred to as broken one-time pad messages, they were always implementation errors, each and every time.<br /><br />Those who claim that one-time pad encrypted messages have been broken merely show that even they themselves don't grasp the concept of communications security. It's not because a secure encryption algorithms is used in a bad manner that the encryption is weak. And that's exactly why any kind of encryption is never simple and easy.<br /><br />Believing to be safe because they use unbreakable encryption, or any type of encryption for that matter, is the trap they always fall into.Dirk Rijmenantshttps://www.blogger.com/profile/03973502421787834920noreply@blogger.comtag:blogger.com,1999:blog-15110991.post-91083695702504238532020-09-19T06:07:13.301+02:002020-09-19T06:07:13.301+02:00Agreed, steganography is a great tool to use in co...Agreed, steganography is a great tool to use in conjunction with other methods and OPSEC. You really have to do your homework and understand the best method of getting your encrypted message to the recipient without interception. Chris Hetheringtonnoreply@blogger.comtag:blogger.com,1999:blog-15110991.post-28229231447964841832020-09-10T10:04:33.137+02:002020-09-10T10:04:33.137+02:00@unknown, indeed, and even OPSEC is only a small p...@unknown, indeed, and even OPSEC is only a small part of the whole range of measures to protect communications. COMSEC is more focussed on the technical side (encryption, TEMPEST secure devices, transmission, procedures...) while OPSEC focusses on what the adversary can/will intercept, be it encrypted or unencrypted, and what value he might derrive from piecing together even innocuous information or signals.<br /><br />COMINT and ELINT are some of the methods that enable to derrive vital information from completely "secure" encrypted communications, despite being unreadable. The most common error is to underestimate how many possible ways there are to leak information, and the extensive measures that are required to avoid it.<br /><br />As for not disclosing the use of OTP encrypted text, see <a href="https://rijmenants.blogspot.com/2014/12/wps-secret-numbers-in-letters.html" rel="nofollow">WPS - Secret Numbers in Letters</a>, a basic but solid method to hide information in text. More about signals at the website.Dirk Rijmenantshttps://www.blogger.com/profile/03973502421787834920noreply@blogger.comtag:blogger.com,1999:blog-15110991.post-132867664604614702020-09-10T06:48:13.510+02:002020-09-10T06:48:13.510+02:00Way behind on this response, but the method of enc...Way behind on this response, but the method of encryption isn't the only thing keeping a message secure. OPSEC (Operations Security) is very important, the enemy can't break your code if they don't know you even have a code...Anonymoushttps://www.blogger.com/profile/00737394353892637108noreply@blogger.comtag:blogger.com,1999:blog-15110991.post-54682391912539946512013-09-08T21:44:04.410+02:002013-09-08T21:44:04.410+02:00Hi David,
what you suggest is called a poly-alpha...Hi David,<br /><br />what you suggest is called a poly-alphabetic cipher. These are totally insecure and easily broken by a frequency count of all 1st, 2nd, 3th... letters seperately. All these types of encryption are variants of the Vigenere cipher, and all are insecure.<br /><br />A poly-alpha cipher could be totally secure if you would select a random key letters for each individual message letter, but then, that's what we call a one-time pad.Dirk Rijmenantshttps://www.blogger.com/profile/03973502421787834920noreply@blogger.comtag:blogger.com,1999:blog-15110991.post-88814914276922914032013-09-08T20:44:53.096+02:002013-09-08T20:44:53.096+02:00I'm no cryptographer, but I have been giving s...I'm no cryptographer, but I have been giving some thought to secure encryption.<br /><br />What about a ROT-n encrytion where n represents the position in the alphabet of the letter of the key. For example if my password is "secret" then the first letter would be replaced with its value +19, the second letter would be its value +5, the third letter +3, etc. <br /><br />It would seem to me that in this way you would never be able to figure out which rotation is used without knowing the password. And the larger your password, the more secure it would be.. <br /><br /><br />Anonymoushttps://www.blogger.com/profile/08955452268650129242noreply@blogger.comtag:blogger.com,1999:blog-15110991.post-64955342258897128532008-06-17T21:00:00.000+02:002008-06-17T21:00:00.000+02:00Well, in some cases even a standalone laptop locke...Well, in some cases even a standalone laptop locked in a safe isn't really *the* safest ;)Blaarphttps://www.blogger.com/profile/06154488697470146281noreply@blogger.com