Customize

Low-Tech Encryption

Discussion in 'Keeping Your Anonymity In Iran' started by Unregistered, Jun 18, 2009.

  1. You may need to communicate, for whatever reasons, via non-computer methods (letters, telephones, television, graffiti, dead drops etc).

    If this is true then One-Time Pad (http://en.wikipedia.org/wiki/One-time_pad) is a suggested encryption cipher that can keep your messages secret. It can also be used as a form of one-time passwords, shared secrets, etc.

    If you need a fast way to encrypt/decode messages try the javascript-based application "Padlock" (http://projects.geekguild.com/padlock/). Just download the page and use it. No information is transmitted over a network. It will even work on off-grid computers (computers not connected to any networks).

    Remember to always keep your key(s) completely random, secret, used ONLY once and properly deleted.
  2. ... the only problem is that the key has to be as long as the message.

    if you need to encrypt anything, use truecrypt (another forum post) instead
  3. no, for example lets have a msg :
    "ABCDEFGHIJK"

    and a key :
    "XYZ"

    the result is:
    A+X B+Y C+Z D+X E+Y F+Z G+X H+Y I+Z J+X K+Y
    1+24 2+25 3+26 ............

    so u see, just repeat this circularly...
  4. twilight Member

    Please! Don't do this. If you use an alphanumeric key of length three, and assumed that you only use letters, the number of key combinations is only 125000. Using a brute force approach such a key will be cracked in microseconds or less. In order to guess the plain text message out of just two letters, only 2500 combinations are needed.

    A one time pad demands a key length exactly as long as the message.
    Although a perfect random one time pad is utterly secure, the problem is of course to pass the key to the recipient.
  5. exactly.

    even if the mechanism utilized something like key generation, the real key would still be completely determined by the short 'passcode'.

    Whatever, this is silly -- use truecrypt.
  6. PLEASE do not try to give cryptography-related advice when you are not qualified!

    I cannot stress this enough. The information given above is not just wrong, it is completely, utterly false. Read any of the thousands of cryptography-related articles for a better understanding. And please, PLEASE don't make matters worse for those in real danger by posting such utter idiocy.

    OTP encryption REQUIRES a key of the same size as the plaintext. For smaller key sizes, advanced crypthography is ALWAYS required. There are many alternatives, GPG is probably the best and most widely available and documented (although somewhat poorly implemented for the Windows platform).
  7. If you're using computer based communication / data storage then yes use Tor, Truecrypt etc.

    HOWEVER if you're using non-computer communication (text message, radio, television, letters etc) then such programs will but of little use since they were made for computers and reside completely in that medium. OTP is platform/environment independent and therefore can be used in any form of communication.

    So, if you need to communicate in a low-tech or human-only (i.e. use of computers is impossible or impractical) channel then OTP can work. It's a low-tech (unbreakable) encryption that's best used in a low-tech field.
  8. Skype?

    Perhaps the easiest way to communicate securely is Skype - all communication is encrypted.
  9. Every day use of one time pad

    Using the encryption algorithm "one time pad" is only secure if you are certain that the receiver of your message is the only one to receive both the encrypted message and the key.

    Thus one time pad fails completely if you transfer the key and the message using the same path, because everyone listening to this path will be able to have both.
    Thus you need to send the key using a different path than when you send the encrypted message.

    Its great to meet in person and create two copies of a dvd with really random bits. Then whenever you encrypt a message you continue using bits from the dvd. You cannot send more than 4.7gb of text until you need to meet again and create a new dvd with random bits, but itl be a while... ;-)
  10. TheONE-IRAN Member

    I understand the desire to offer suggestions but I would NOT advise using this.
  11. skype is not secure

    sorry,but its not
  12. One of the ways I've gotten around the "how the hell do you get the other pad to the recipient" is using thing's that don't look like one time pads, but can be in a pinch. Newspaper headlines, day-calenders with quotes, textbooks, etc. You have to work out the code with someone in person first so they know what to look at, but after that, it becomes easy enough to do whatever you need to do.
  13. Key Management Solution

    One method for distributing a symmetric encryption (such as OTP) key to an agent remotely is via 'secret splitting'.

    With secret splitting you can divide the secret key into two or more pieces and then transmit them via different channels.

    The ONLY way to derive the key is to posses ALL the key fragments. If even one is missing the key cannot be recovered. Therefore an enemy would need to monitor and/or intercept ALL fragments on all the channels you used.

    Various channels could include Internet, Local Network, Ham Radio, Dead Drops, Mail/Courier etc.

    A subset of 'secret splitting' is 'visible encryption'. It is a method in which an image of what appears to be random static of black and white squares can be overlay-ed another similar looking image. When the two images combine they form a picture/message/etc. Since it too is 'secret splitting', all fragments must be possessed in order for the secret to be recovered.

    More info:
    Secret Splitting
    Visual Cryptography
  14. I still think the best way is to hide the message in plain sight. Encoded messages that third parties can recognize as encoded still arise suspicion, and they are going to try and break the code or just go for the source of the message and make them unencode it for them. If you hide the message in a way that does not even bring suspicion, or make anyone become suspicious, then you don't have to worry about that.

    Hard to explain. I don't want to explain it in too much detail anyway. Just use your head. Don't put yourself at any unnecessary risk.

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins