Sciencemadness Discussion Board

Hushmail open to Feds with court orders.

WizardX - 10-11-2007 at 18:36

Hushmail open to Feds with court orders. US federal law enforcement agencies have obtained access to clear text copies of encrypted emails sent through Hushmail as part a of recent drug trafficking investigation.

http://www.theregister.co.uk/2007/11/08/hushmail_court_order...

Sauron - 10-11-2007 at 18:45

Anyone who communicates by any means more complex than two Dixie cups and a length of twine is subject to interception. The telecoms industry and the national-security establishments have been intertwined since Day One.

So anyone who thinks bullshit blandishments about encryption by free email providers will protect them from law enforcement and allow them to conduct criminal conspiracies with impunity is...naive. Dense. Dim. Dead from the neck up.

Remember, the US Government (specifically ARPA which is part of the DOD, the Pentagon) created the Internet.

The right of privacy, to the extent that it exists at all in cyber, does not give anyone a license to engage in crime.

S.C. Wack - 10-11-2007 at 19:43

http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.htm...
As the original article says, this only applies if you're not running the crapplet. Any moron who would disable Java before signing in and thus expose themselves get what they deserve.

Sauron - 10-11-2007 at 20:21

Hushmail's spam filter, which originally was quite effective, is now less than 50% effective.

Anyway, Hushmail is a Canadian company and the court orders it has complied with are Canadian court orders.

Despite that I seriously advise anyone not to think that any applet is going to protect anyone from national-agency level access, period, full stop.

[Edited on 11-11-2007 by Sauron]

chemrox - 10-11-2007 at 22:09

I'm going to take issue with my friend Sauron's implication that using hushmail and relying on it for privacy implies involvement in crime is dead wrong. It is like saying that putting your letters in an envelope indicates your having something to hide. I had a hushmail address so I could comunicate with a partner on patent application matters. I might not want some publication starved prof reading my geochem reports either. And, I'm sure this is quite common, what if my sexual mores don't conform and I don't want that made public? In Amerika, and I love the country my forefathers founded, nearly everything is proscribed and/or required by some statute, regulation, code, registration, ..etc. We're due for another revolution. The Supreme Court of the US, in Roe v. Wade, found that the 1st, 2nd, 4th, and 5th Amendments collectively created a right to privacy. Furthermore the whole concept of a free people means a right to privacy without which the word "freedom" is meaningless. The biggest threat to a democratic society is the citizen who believes, "if you have nothing to hide... " Am I passionate about this? Yes! Sorry for the blog but this is important to me. Now having sounded off as I have, I agree with Wack for a change, if a guy is dumb enough to rely on server side provided privacy *he* gets what *he* deserves. (I love English grammar too.) After agreeing that the guys were stupid to carry on crimes assuming they were over the internet using a privacy service, it is still a sad day and evidence of how far a controlling corrupt misguided administration will go toward its less than admirable ends. As a practical matter, wouldn't regular email and rigorous use of PGP have been a better choice? I only got the hushmail because my buddy had trouble managing his PGP files.


[Edited on 10-11-2007 by chemrox]

Sauron - 10-11-2007 at 22:43

God damn it, that is NOT what I said.

What I said was that "free encrypted email" is not really secure, and that ANYONE who thinks it is secure from official scrutiny is living in a fool's paradise.

I'm a Hushmail user myself, so I would hardly equate using Hushmail per se with criminality.

However, clearly, the email provider is perfectly willing to cooperate with legitimate government demands and that is perfectly fine with me.

What astonishes me is the naivete of anyone who ever thought otherwise.

Encryption

MadHatter - 10-11-2007 at 23:04

Using encryption on the server side was clearly what got these idiots caught. No
encryption system is perfect but damn it, I'll encrypt from MY side. Those guys also
impress me as being lazy.


[Edited on 2007/11/11 by MadHatter]

Sauron - 10-11-2007 at 23:20

chemrox, my advice is that if you want to protect your proprietary business information, then encrypt it onto a flash drive on a standalone machine and courier it to your partner or lawyer and have him decrypt it on his own standalone. Putting anything on the Net or on a network and relying on encryption for security is false security. Physical security is better, and encrypting en route keeps prying eyes out.

chemrox - 10-11-2007 at 23:33

thanks Sauron - I agree- our (net) conversations have been very conceptual btw but you're right. Madhatter, I couldn't agree more. Still I wish Hushmail had put up more of a fight, on principle..

Sauron - 11-11-2007 at 00:05

Hushmail would have been cited for contempt of court in a NY minute if they had refused to comply with a lawful court order.

That tends to make the judge see red.

WizardX - 11-11-2007 at 15:00

Quote:
Originally posted by chemrox
Still I wish Hushmail had put up more of a fight, on principle..


I concur! On the principle that Hushmail allowed a weakness on their system, that the Feds exploited.

Hushmail should force the downloading and execution of the java applet period, to ensure the highest secure cryptology.

Sauron - 11-11-2007 at 15:12

As a Hushmail user, I can assure you that should Hushmail make the use of their Java applet mandatory instead of at the discretion of the user, I would drop my Hushmail account like a hot rock.

I set up that account because I was tired of being poked and prodded by Microsoft (Hotmail) "for my own good" so I am sure as shit not going to sit still for Hushmail forcing me to use encryption that I neither want nor need.

WizardX - 11-11-2007 at 15:48

When using this secure web-based email system, you have the option of enabling or disabling Java support. Turning on Java provides an additional layer of security, but is not necessary for secure communication using this system. To learn how to install Java, click here (recommended).

https://www.hushmail.com/hushmail/showHelpFile.php?file=comp...

Sauron - 11-11-2007 at 16:12

I repeat: I have no need for "secure communications"

I especially have no need for insecure "secure communications" in which the "security" is a cynical and transparent mendacity.

Anyone who NEEDS truly secure communications and communicates on the Internet, is a fool. One might as well shout his secrets from the rooftops. Or put them on a web page.

A federal agent friend told me, oh, thirty years ago, that if criminals would just wise up and stop talking on the telephone, they'd be a lot harder to catch.

He was not particularly referring to wiretapping or NSA intercepts, but to simple phone logs - lists of calls sent from and received by a particular number, and which are maintained by every telephone service provider. Federal agencies can obtain these just by administrative subpoena - not a court order, but merely a written request from the agency to the phone company.

Let's see, who was President at that time? Jimmy Carter. And it was nothing new.

My point is: telecommunications and REAL security do not happily coexist. The government spends a great deal of money making sure that their commo is secure and another great deal of money making sure that no one else's is. And they succeed to an extent you are never likely to know.

I put as much faith in Hushmail's "secure" email as I do in the protection afforded to someone against knives and guns supposedly afforded by certain Buddhist amulets. What a quaint notion!

Phosphor-ing - 12-11-2007 at 07:46

What do you think about Stealth Message?

http://www.stealthmessage.com/

I personally like the self destruct feature. doesn't allow anyone to keep sensitive information.

vulture - 12-11-2007 at 07:50

Just use fucking PGP?

JohnWW - 12-11-2007 at 08:05

If you were REALLY smart, you would use TWO forms of encryption to conceal the content of incriminating emails: - one encryption using PGP; and the other consisting of a special code made up in advance between the parties to the communication, in which incriminating words are replaced by innocuous code-words (e.g. "missile" replaced by "chicken"). A third type of encryption could be added to these, in which letters and numerals are replaced by others chosen from not only alphanumeric characters but also other symbols from the ASCII character set. Commonly-used letters like "a" and "e" could be replaced by several different code-characters used at random, so as to foil frequency-analysis decrypting.

Sauron - 12-11-2007 at 21:08

People who believe in unbreakable encryption available to the public remind me of Hitler's faith in the Siegfried Line.

Misplaced and illusory in both cases.

chemrox - 12-11-2007 at 22:01

PGP is theoretically breakable by brute force but the investment in computer resources is formidable even for NSA and it would have to be a high alert NSA issue for a successfull PGP attack. Like Asama Bin Laden's whereabouts or plans.

Sauron - 12-11-2007 at 23:26

That's the conventional wisdom from outsiders. The insiders are happy to aid and abet that assumption. Personally I would not give a plugged nickle for the accuracy of that statement.

The French used to believe in the Maginot Line, at one time. As Patton said: fixed fortifications are monuments to the stupidity of man.

not_important - 13-11-2007 at 07:55

If the NSA had anything better than massive hardware arrays to crack compromised encrypted messages, I doubt that Clinton's Clipper Chip and the "crypto is munitions" nonsense would have come about. Better to just be quite and let cryto algorithms the the NSA knows how to lockpick get widely used.

Not every crypto-nerd is a amoral geek working for the NSA or its kin, there's a number of independent workers who have gone over the leading algorithms looking for weaknesses. So far there's only been minor weaknesses found when using poor keys, special message strings, or limited versions of the algorithms.

Brute force decodes with an iterated key, looking for output that meets statistical tests for being meaningful. As most encryption gives output that is close to random noise, encrypting with one algorithm and key, then encrypting the output with a different key and perhaps algorithm makes brute force much more difficult; each attempt on the outer coding must have its result test via brute force to se if the outer key has been found. The result 2^400 or larger number of trials to break the coding still takes a long time with any known existing hardware.

The NSA is interested in quantum computers as a way to speed up brute force attacks, but there's no evidence that they've some breakthrough; given the nature of the US government in this century it's likely such work would have been farmed out on a no-bid contract to politically connected companies, who would do the same quarter-assed job as they done with other such contracts. The story may be different if the Chinese and Indians start cooperating on such tasks, but the NSA won't be getting the results of that research. The current US administration is more likely to declare the people involved with the crypted message to be terrorists and pack them off to some corner of the world where they can be waterboarded into revealing what the message was, or at least to saying that the message was what the government wants it to be.

Polverone - 13-11-2007 at 09:58

Quote:
Originally posted by Sauron
That's the conventional wisdom from outsiders. The insiders are happy to aid and abet that assumption. Personally I would not give a plugged nickle for the accuracy of that statement.

The French used to believe in the Maginot Line, at one time. As Patton said: fixed fortifications are monuments to the stupidity of man.


Thanks, not_important, for saving me the effort of typing out what you did. As another piece of evidence against the capability of governments to just decrypt whatever messages they please, cases against high-level mob figures and drug chemists who used encryption have involved planting keyloggers on the suspect's computer. There's no evidence of the government breaking strongly encrypted messages at-will and all open academic research suggests that sort of capability would be extremely expensive, even when compared with the large budgets of national intelligence agencies. Believing that the NSA can easily read any message it pleases is akin to believing that NASA has secret manned bases on Mars -- unsupported by any empirical evidence and strongly suggested against by the facts that are available.

That's not to say the government can't eventually get people who use encryption, if it's important enough, but the attack will be an end-run around your security (trojans, keyloggers) rather than a frontal assault on it.

unionised - 13-11-2007 at 10:21

"People who believe in unbreakable encryption available to the public remind me of Hitler's faith in the Siegfried Line."
How do you propose to crack one time pad?
Last I heard it was still secure. A pita, but secure.

WizardX - 13-11-2007 at 15:18

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Quote:
As of 2006, the only successful attacks against AES have been side channel attacks. The National Security Agency (NSA) reviewed all the AES finalists, including Rijndael, and stated that all of them were secure enough for US Government non-classified data. In June 2003, the US Government announced that AES may be used for classified information:

"The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use." — [2]
This marks the first time that the public has had access to a cipher approved by NSA for encryption of TOP SECRET information. Many public products use 128-bit secret keys by default; it is possible that NSA suspects a fundamental weakness in keys this short, or they may simply prefer a safety margin for top secret documents (which may require security decades into the future).


Cryptanalysis.

http://en.wikipedia.org/wiki/Related-key_attack
http://en.wikipedia.org/wiki/Chosen-plaintext_attack
http://en.wikipedia.org/wiki/Side_channel_attack

WizardX - 13-11-2007 at 15:47

Side channel attack. http://en.wikipedia.org/wiki/Side_channel_attack

In cryptography, a side channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than theoretical weaknesses in the algorithms (compare cryptanalysis). For example, timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information which can be exploited to break the system. Many side-channel attacks require considerable technical knowledge of the internal operation of the system on which the cryptography is implemented.

Attempts to break a cryptosystem by deceiving or coercing people with legitimate access are not typically called side-channel attacks: see social engineering and rubber-hose cryptanalysis. For attacks on computer systems themselves (which are often used to perform cryptography and thus contain cryptographic keys or plaintexts), see computer security.


One simple intelligence gathering that will drastically increase a brute force attacks is knowing how many characters in the password.

Example. Let's assume this password: cGd6uB91V4ma

In a password field box it will look like this: ************

12 characters in the password cGd6uB91V4ma

Therefore, you can narrow a brute force attack to a 12 character password, as you know the password has ONLY 12 characters. Of course, you will need to generate ALL passwords with upper & lowercase alphabet, 0-9, symbols and hex.

Polverone - 13-11-2007 at 17:06

Quote:
Originally posted by WizardX
One simple intelligence gathering that will drastically increase a brute force attacks is knowing how many characters in the password.

Example. Let's assume this password: cGd6uB91V4ma

In a password field box it will look like this: ************

12 characters in the password cGd6uB91V4ma

Therefore, you can narrow a brute force attack to a 12 character password, as you know the password has ONLY 12 characters. Of course, you will need to generate ALL passwords with upper & lowercase alphabet, 0-9, symbols and hex.

That's true, but for PGP/GPG and other "good" standalone cryptographic products, that sort of password guessing is possible only after the user's private keyring is captured. Good products will also use something like an iterated hash transformation of the user's passphrase to make the guessing process computationally expensive.

Breaking intercepted email messages without access to the private keyring requires the much harder task of trying 2^128 to 2^256 symmetric keys (ludicrous) or breaking the asymmetric keys used to encrypt the symmetric keys (RSA, El Gamal, etc.). That's merely "staggeringly hard" instead of ludicrous, and special purpose hardware has been proposed to break 1024 bit public keys after a runtime of one year for only a few tens of millions of dollars.

Of course these frontal attacks can all be bypassed if you have a keylogger or trojan in place on the target's computer, or can capture EMF or optical data from the keyboard/computer/monitor, or if analysis reveals a weakness in a particular product's implementation of cryptographic techniques.

WizardX - 13-11-2007 at 18:24

Quote:
Originally posted by Polverone

That's true, but for PGP/GPG and other "good" standalone cryptographic products, that sort of password guessing is possible only after the user's private keyring is captured. Good products will also use something like an iterated hash transformation of the user's passphrase to make the guessing process computationally expensive.

Breaking intercepted email messages without access to the private keyring requires the much harder task of trying 2^128 to 2^256 symmetric keys (ludicrous) or breaking the asymmetric keys used to encrypt the symmetric keys (RSA, El Gamal, etc.). That's merely "staggeringly hard" instead of ludicrous, and special purpose hardware has been proposed to break 1024 bit public keys after a runtime of one year for only a few tens of millions of dollars.

Of course these frontal attacks can all be bypassed if you have a keylogger or trojan in place on the target's computer, or can capture EMF or optical data from the keyboard/computer/monitor, or if analysis reveals a weakness in a particular product's implementation of cryptographic techniques.


Yes, I concur! That's why encryption software that ONLY uses passwords to encrypt without keys or password hashes should be avoided.

Attachment: keystroke protection.pdf (763kB)
This file has been downloaded 926 times

Sauron - 13-11-2007 at 18:36

Unionized, one time pads work well, but are generally not available to the public. Last time I heard about an OTP was when a certain journalist was apprehended in Pakistan with Soviet OTPs (during the Russian occupation of Afghanistan). He was a West German national, and working for CBS. Everyone I knew in Washington at the time, where I was then, took this to be prima facia evidence that this fellow, Kurt Lobeck, trusted by Dan Rather and friends, was actually a KGB or GRU agent.

So you see OTPs are not innocuous notepads. Possession of professional OTPs is regarded by intelligence professionals as strong evidence that one is an opposition intelligence officer.

PGP/OTP

MadHatter - 13-11-2007 at 19:57

Sauron, I remember the required once a year briefings I had with one of the Federal
agencies when I held a security clearance. One point was clear to us: Any person,
holding a security clearance, who was caught with an OTP, or worse - a roll camera,
was assumed to be spying against the U.S. for a foreign intelligence sevice.

As for PGP, PGP Corporation stresses that you should never export your private key.
A long, not obvious, passphrase helps. Someone once suggested encrypting even
routine messages just to strain NSA's computers. Sounds like a plan to me.

[Edited on 2007/11/13 by MadHatter]

Antwain - 13-11-2007 at 21:16

Isn't there a really really safe encryption method based on multiplying 2 VERY large prime numbers together and using that as the key. I can't remember how it works but the guy who was telling us this used to R&D for the American defense forces, and does not strike me as a bullshitter. You only need the multiple to encode, but both primes to decode. apparently it is used by banks for internet transactions, where they send the encrypt key and you do whatever, then they can decode it. Apparently it is crackable..... in like 10^ something fricking huge years, since you need to factorise some stupidly big number.

The context of this was that if quantum computers can be made to work then it would b e crackable instantly. Ahhh... quantum cryptology.

Polverone - 14-11-2007 at 11:14

Quote:
Originally posted by Antwain
Isn't there a really really safe encryption method based on multiplying 2 VERY large prime numbers together and using that as the key. I can't remember how it works but the guy who was telling us this used to R&D for the American defense forces, and does not strike me as a bullshitter. You only need the multiple to encode, but both primes to decode. apparently it is used by banks for internet transactions, where they send the encrypt key and you do whatever, then they can decode it. Apparently it is crackable..... in like 10^ something fricking huge years, since you need to factorise some stupidly big number.

The context of this was that if quantum computers can be made to work then it would b e crackable instantly. Ahhh... quantum cryptology.

It sounds like he was describing the widely used RSA public key algorithm. Common "strong" keys are 1024 bits, but you can force PGP/GPG to generate larger keys than that if you think that the NSA has implemented TWIRL or something like it and that your messages might be under attack.

GPG (not sure about PGP) uses El Gamal, not RSA, by default. Breaking those keys requires solving the discrete logarithm problem for very large numbers -- conceptually similar to integer factorization, but not identical. I don't know if special-purpose hardware for the discrete logarithm problem is any more or less practical than integer factorization. Note that the special purpose hardware mentioned earlier is not known to be implemented but could be built with standard fabrication techniques (no many-qubit quantum computing breakthroughs required).

hinckleyforpresident - 26-11-2007 at 09:59

Quote:
Originally posted by Polverone
GPG (not sure about PGP) uses El Gamal, not RSA, by default. Breaking those keys requires solving the discrete logarithm problem for very large numbers -- conceptually similar to integer factorization, but not identical.


IIRC, PGP uses IDEA. Although you can also use AES, RC4, and RC6. I've heard that PGP version 7 and up are far less safe than the older versions due to some back doors.

WizardX - 26-11-2007 at 17:00

Microprocessor math bugs pose security risk, warns cryptographer.

Shamir, who along with two other cryptographers developed the RSA encryption code and later founded RSA Security Inc., last week described how attackers could take advantage of a simple math error in a microprocessor to easily undo cryptographic protections on millions of PCs simultaneously. The original paper was meant to be "quietly circulated" among colleagues, but after The New York Times carried a story about it last Friday, the research note was widely reported elsewhere.

Shamir's paper described a hypothetical attack in which an attacker could send a corrupt encrypted message to a computer with a flawed microprocessor to unscramble the public-key cryptographic protections on it. All that's needed for someone to launch an attack is to know about the math flaw, he noted in his paper.

"If some intelligence organization discovers (or secretly plants) even one [mathematical error in] a popular microprocessor, then ANY key in ANY RSA-based security program running on ANY one of the millions of PCs that contain this microprocessor can be trivially broken with a single chosen message," Shamir wrote. Almost all presently deployed public security schemes could become vulnerable to such an attack, he said.

http://www.computerworld.com/action/article.do?command=viewA...

[Edited on 27-11-2007 by WizardX]

-jeffB - 8-12-2007 at 07:34

Quote:
Originally posted by MadHatter
Sauron, I remember the required once a year briefings I had with one of the Federal
agencies when I held a security clearance. One point was clear to us: Any person,
holding a security clearance, who was caught with an OTP, or worse - a roll camera,
was assumed to be spying against the U.S. for a foreign intelligence sevice.


What exactly constituted "an OTP" according to these briefings? I mean, if I've sent my buddy a cute video of my kittens, maybe "they" will do a noise analysis careful enough to reveal whether I've encoded a message into the low bits of the signal -- but if those bits are truly statistically-sound noise, which happens to constitute a perfectly optimal one-time pad, how are they going to catch on?

Sauron - 9-12-2007 at 02:59

An OTP is a One Time Pad. A cipher system for transposition, that changes from message to message (page to page.) The sender and receiver have identical pads. This is a professional crypto tool issued to intelligence professionals or their agents. It has zero to do with noise analysis of your baby video. Nor is it something you can cobble together yourself.

I won't bother going into the precise technucal requirements for an OTP encrypted message to be very difficult to decipher to decrypt. Suffice it to say that even if you are an amateur cryptographer, something you put together on your own would not be mistaken by the cognizent authorities to be hostile OTP.

It is the possession of authentic hostile-service OTPs that is prima facia evidence of espionage activity. The other side(s) do not pass them around willy-nilly.

-jeffB - 10-12-2007 at 10:00

Quote:
Originally posted by Sauron
An OTP is a One Time Pad. A cipher system for transposition, that changes from message to message (page to page.) The sender and receiver have identical pads. This is a professional crypto tool issued to intelligence professionals or their agents. It has zero to do with noise analysis of your baby video. Nor is it something you can cobble together yourself.

I won't bother going into the precise technucal requirements for an OTP encrypted message to be very difficult to decipher to decrypt. Suffice it to say that even if you are an amateur cryptographer, something you put together on your own would not be mistaken by the cognizent authorities to be hostile OTP.


I believe you're focusing on the OTP implementations that you're familiar with. A generalized OTP is something you can cobble together yourself. If you've made an OTP with truly random content, and no copy gets intercepted, it's truly secure -- nobody, not even the NSA, can untangle your message from it. (Rather, they can, but there's no way for them to distinguish your message from any other message with the same length, so they can't know when they've got it.)

The precise technical requirements are very simple: the OTP must be truly random, it must be kept secret, and it must not be reused (thus "one-time"). To keep it secret, make it unrecognizable -- thus, the quip about low-bit noise in a video. (In real life, one wouldn't transmit an OTP over the Internet in any form, but would pass it along out-of-band.) Making it truly random does require some deeper work, but it's well within just about anyone's capabilities.

If I'm still misunderstanding you, please clarify further. But a cryptographic OTP as standardly defined is not very technical, not very difficult to understand or use, and is absolutely secure against cyphertext attack. The only way you lose is if They get a copy of your pad, or you don't do a good job of generating and distilling randomness for it.

Jadebug - 10-12-2007 at 19:46

Oh... the days....when Jap was truely an anonymous proxie....The Hive was still buzzing and Hushmail actually was safe. Hmmmm.....

DerAlte - 10-12-2007 at 19:52

@-jeffB

I can speak with only very modest authority. I have been tangentially involved with crypto, being mainly involved with error correction coding and simple scrambling for randomization of data streams in digital modems. But in secure communications one does have to understand the basics.

Yes, you are right. A One Time Pad (OTP) is theoretically unbreakable for the reasons you stated. It is easy to see why. The ‘pad’ is known to only sender and recipient. It might be a piece of paper with a series of words or it might be a known book, for example. The sender then sends a list of, e.g., numbers which select the message by reference to the pad, e.g. line x, word y on page z would be coded xyz. Unless you know the book or have the piece of paper you’d have to search all the world’s libraries for all the copies of all books to find the key. If paper is used, it must be destroyed of course – hence ‘one time’.

Thus you have three components, the plain text message, the pad , and the coded (enciphered) message. If you have the coded message and the pad, you can derive the message. If you have message and get the coded message, you have a part of the pad; or if you have the message and the pad you can create the coded message (not that you’d care: all you really want is the plain text message). Without the pad the enciphered message is useless. It must be destroyed too because any plain text message obtained with it reveals part of the pad.

Sauron may be correct that possession of a suspicious jumble of words or symbols is likely to cause further action against the already suspect.. The spooks are easily spooked!

One time pads have been used since the dawn of civilization and the invention of writing. The Roman military was fond of them. A more modern variant was tried by the British in WWII using a recorded analog sample of thermal noise multiplied with a wanted (audio) signal of the same bandwidth. (IIRC). The recipient had a record of the same noise and could decode a message that sounded like random noise (The maths of this eludes me at present – I can see a way to do it but not with 1940’s technology).

The OTP has severe disadvantages. First, the recipient must have a copy of the pad, and only he. As Sauron says, this makes him vulnerable. An OTP also restricts the plain text message length to a maximum of its own length for obvious reasons. Each symbol or word cannot use the same coded symbol more than once because this opens it up to standard crypto frequency analysis. So the pad has to be somewhat longer than the plain text if words are repeated in it. Two messages coded with the same pad exhibit correlations, the code breaker's delight, so it can only be used once with security….To name but a few shortcomings. For short messages, however, it is without peer, security wise.

Analog telecommunication methods are not easy and prone to error. Such as were used are simplistic, such as frequency inversion or crude frequency hopping. Digital methods are based on two other age old methods, substitution and translation, in the form of block codes and stream codes. They use pseudorandom sequences, which tend to exhibit patterns which can lead to decryption in the hands of the experts. For details on these and the public key system, see the available literature on the web, for example.

Der Alte

Jadebug - 10-12-2007 at 19:56

And I say again....
Oh... the days....when Jap was truely an anonymous proxie....The Hive was still buzzing and Hushmail actually was safe. Hmmmm.....

OTP

WizardX - 11-12-2007 at 16:31

An Encoder/Decoder For One-Time Pads http://www.red-bean.com/otp/

OTP is an open source encryption program that uses the one-time pad algorithm to allow two parties to communicate securely, without worrying about unauthorized people listening in. OTP compresses plaintext input to save pad, has features that assist with the bureaucracy of pad management, and comes with built-in help. It is written in the Python programming language and requires a Python interpreter to run.

len1 - 11-12-2007 at 17:38

The RSA algorithm is based on the difficulty of inverting the coding algorithm

code = text^e (mod n)

where n is a large product of two primes. No method other than factoring n into its composite primes is known. Breaking the algorithm would require finding a different solution to this very simply stated problem in number theory. The problem was known two centuries ago well before RSA came along. A quantum computer - properly set up, could solve it brute force, unfortunately they are still the territory of dreams.

Sending coded messages does not necessarily need to involve sending what is overtly obvious to an extraneous observer as being such. Embed the code in a jpg file at the noise level, you can even use the background jpg picture as a one time pad. Done properly the existance of such code is impossible to detect.

[Edited on 12-12-2007 by len1]