Those who need to know already know what this means:
I have to say you are taking a risk here by using computerized encryption. It’s undoubtedly very strong, perhaps strong enough that it’s not breakable without the key, but one of the things we learned from the Snowden revelations is that they don’t need to be able to break it cryptanalytically, they can get the plaintext directly off your machine, or they can your private key off your machine, making the job that much easier for them.
My suggestion is to go get yourself some very good quality 10-sided dice (like GameScience dice), and make up manual one time pads by rolling the dice and using a manual (not electric) typewriter and some 2 part carbonless blank forms. It’s tedious to build up a significant amount of key material that way, but no more so than other repetitive tasks like reloading, and you can do it while watching TV, etc.
Then you can encrypt/decrypt manually on a piece of paper, and subsequently destroy the key and the worksheet (graph paper works great for that).
If your correspondent is farther away such that it’s not convenient to pass them the pads in person, then you can probably ship them safely in tamper-evident packaging overnight. If it takes too long to get to them or appears to have been tampered with, you can assume the pads are “blown”.
Let me know if you need specific instructions on how to implement something like that.
“Tamper-evident” packaging is probably no more difficult for nation state actors to defeat than computerized encryption. Plus did you know that pictures are made of all letters and packages? That change in procedures was a result of the 2001 anthrax attack. This method obscures the recipient.
I’m familiar with one-time pad encryption. Thank you. I’ve read many books on encryption. I work in computer security. I’m pretty sure I know what I’m doing. Keeping the encryption computer in a safe and never connecting it to a network should make the key immune to all but physical attacks.
Well, that and crazy improbable airgapped attacks. Hear your hard drive making any funny buzzing sounds lately? Better check your IOPS just to be sure, microphones are crazy sensitive nowadays. . . Now where the hell did I put my tinfoil?
Yes, tamper evident packaging can be faked, but it’s harder to do it convincingly *AND* quickly, which is why you ship it next day air. That gives them very little or no time to open them up, copy the pages, and seal it back up and send it on its way. It would be hard for them to do something like this:
“The Do Xa Pads” (page 11)
If it takes significantly longer than the promised delivery time, it can be assumed to be “blown”. Also, tamper evident to your and your correspondent’s eyes isn’t necessarily evident to the eyes of someone else. You just have to detect that it’s been tampered with. The longer it takes to open it up, copy all the pages (helped if you glue the edges together except at one corner), put it all back together, and send it along helps you because it’s not easy to do that kind of thing quickly.
Of course, having a trusted courier take them is probably safer.
The other thing: Physical attacks can also happen. And if it’s something you want to keep secret forever, paper OTP only and burn the plaintext and key when your done. Several Cuban spies were convicted at least in part because data remained on computers, ones that weren’t connected to public networks.
Of course, physical attacks work against OTPs too, but it’s easier to hide pads of paper the size of matchbooks securely than it is to hide a laptop, or even an iPad or iPod-sized device.
/Also work in computer security, and a former signals intelligence professional (Morse interceptor), as well as a student of the history of SIGINT, for what it’s worth.
Something for a QOTD.
Who do I attribute the quote to? And a specific date for the quote?
Jeff Ingebritson sep 17 2016
comment on fox news fb
Pingback: Quote of the day—Jeff Ingebritson | The View From North Central Idaho