# Secure Communications



## Geistmacher

The One Time Pad

The one time pad has been around for many years and is still in use by the elite intelligence operators around the world. If the rules of the game are followed this is a mathematically unbreakable encryption system. Break the rules and you will break the code.

Rule #1, The encryption key must be a randomly generated series of numbers. 
Rule #2, The encryption key must be larger than the message encrypted.
Rule #3, The encryption key must never be used more than once, not even in part.
Rule #4, The encryption key must remain secure.

Computers can not create a truly random series of numbers. The best they can do is create a difficult to predict series of numbers. If you wish to create a random series of numbers, you must use a random source. Dice work well. Because of the encryption key's length, the messages encoded are necessarily short. In practice, the keys are written on a small pad of paper, similar to Postit notes. Two pads make up the key pairs. Once a key is used to code a message, that key is removed from the pad and destroyed. The receiver on decoding the message does the same to his key.

Weakness in the system comes from communication security violations. Never use the same key twice, not even in part. This allows the interceptor to see a pattern that will allow the decryption of the message. Always personally deliver the second one time pad to the other party. If you are under surveillance, this will expose your contact. ( This is where the use of Cut-Outs come in to play. ) Leaving the one time pad insecure can allow copying of the pad. Being caught with a one time pad will give away both the encryption keys and your membership in the organization. This requires compromise in security, by not keeping the one time pad on person, but in a secure location. ( Concealment device, or hidden in plain sight techniques. )

Note on use of computers, smart phones, etc...
Any key generation, or encryption, or decryption, done with a computer or smart phone allows circumventing of the system and exposes the message. Once a message is encrypted it can be sent by computer, or smart phone etc... but allows those that are monitoring to know the sender and the receiver of the message, and that there is a need in these parties for extreme security. You will stick out. Sending the message to many people knowing only the right one can read it is a good technique. Public announcements or boards for example. ( If only everyone used such a system every time they used a computer, the monitors could not see the tree for the forest. Too much information is no information. ) In practice, the one time pad encrypted messages were delivered in prearranged dead drops.

My opinion for what it is worth.

Geist

Rights are not issued by the Constitution to the people. The Constitution recognizing the rights, tells the Government to leave the people's rights alone.


----------



## Fn/Form

I'm not sure if you are aware of this, but the better "random" password computer generators use operator input. The ones I've seen use mouse-over movement as an input; the longer you move the mouse, the better the "random" password.


----------



## Davarm

Geistmacher, I agree with your post but keep in mind that it is probably complete greek to most readers. Only a very few have ever heard of much less used a one time pad and the rest are most likely clueless as to what it is. 

It may be useful to those interested if you could follow up your post with some examples of the OTP's and how they would be used to encrypt/decrypt messages and how to select keys from public sources thus negating the need for risky face to face meetings and eliminating the possibility of lost keys.

"Trade Craft" may well be vital in the times to come.


----------



## Geistmacher

*Tradcraft*

Very good point. I will follow up with a scenario involving such in action. This would illustrate the value of the craft.

Thanks,

Geist

Luck favors the prepared.


----------



## Geistmacher

David and George

David is a prepper living in the rural area
George is a prepper living in the suburbs of a small city, and member of a small band of preppers. 

Scenario:
You are David-
The US dollar has all but become worthless on the international exchange.
You are watching the national news when the story breaks. The president is speaking. He states that as a federal judge ruled in his case, he is not the person he has purported to be. He further states that he is not stepping down as he believes that he is needed for the good of the country. The vice president is standing by him. The speaker of the house has been arrested under the NDAA 2012 by the military. The military has been mobilized for national security use on the streets of the major cities. The Occupy Wall Street Movement shouts support. Looting begins in the major cities.

The TV switches to a government emergency screen. A steady tone is playing. Your computer game is on hold as you pull up your browser. Every web page you enter is showing a server not found error. You step outside the house. You hear silence. You dial George. The phone will not connect. You phone shows a presidential email message. You realize that the government has shut down or censored and monitored all communication. 

You step outside and see a Humvee driving by. The troops look professional and all business. They stop and order you to remain indoors. You re-enter your home.

Your living and working in town at the city hall has given you access to a bit of information. 
A few days go by and limited travel for business is allowed. A curfew is in place for hours of darkness. All people on the street are being stopped and searched for weapons and uncontrolled radios such as shortwave and personal transceivers. Road blocks are set up into and out of all towns and cities. Patrols are common on the rural roads. All food and water in excess of one week is outlawed, and must be turned in to the authorities. All firearms and ammo and other weapons are outlawed and possessors are subject to arrest or being shot.

You have to get the word to George, who is living in the country side, about your time and place of muster, and government actions and plans. You can not allow the authorities to get this vital information. 

You get you one time pad from it's hiding place inside the fake dog poop under the travel trailer near the rear wheel. You quickly but carefully code a short message to George using you onetime pad. The message tells George of the government actions preparations. You then destroy the used key by fire and scatter the ashes in the street and replace the one time pad in it's hiding place. You then place the message inside the concealment device, a modified AA battery, designed to pass current through and allow the light to function, and then place the battery in your flashlight. You place the flashlight in your truck tool box. You keep a spare set of batteries in the tool box. On your way to work, you detour through the country side to the dead drop to place the message near the stop sign as previously arranged. You see a patrol and are quickly pulled over. You are searched and the patrol finds the flashlight. You know that if they discover the coded message inside the battery, you will be detained but the message contents will not be read, exposing your organization. They turn it on and it works. They check the batteries and the inside of the flashlight. They find nothing amiss. You proceed to the dead drop and toss the hollow battery to the base of the stop sign. You throw away the extra battery and replace the batteries in the flashlight. You head for work. Again you are stopped by the patrol. They again search you. They find everything as it was. You continue to work, and report as usual. 


George sees the unfolding of the events of the government take over. The crisis that he had feared so long has come to pass. He knows that the group must quickly muster and make plans to reach the place of safety. George knows that you have arranged to drop a message concealed in a battery at the stop sign on the edge of town. He proceeds on foot to the sign and retrieves the message. Using the one time pad, he selects the appropriate key and decrypts the message. Now he knows that he can not pack up his vehicle and head to the primary muster point. He must, pack light and cache all other equipment and supplies, then carry only on foot to the muster location. 

George takes a magnet and attaches it to a string. He then uncovers the septic tank and fishes for the onetime pad. He had placed the one time pad in a plastic waterproof container and attached a steel washer to the container, and dropped it in the septic tank for safety. George en-crypts a reply and places the message in the battery. George places his one time pad back in the water proof container and attaches a medium size but thick steel washer. George drops the onetime pad down the septic tank and replaces the clean out cover. He then proceeds to the dead drop location near the bridge leading out of town. He is seen by the patrol. He is stopped. He failed to place the battery in a flashlight, exposing the ruse. The battery is checked and the message found. He is detained. The message can not be read no matter how good the code breakers. 

The intell officers show up at George's home. They search most thoroughly, but were not willing to dirty themselves in the septic tank, they miss the one time pad. 

The group is safe because of the use of the one time pad and the concealment device.

Geist


----------



## Davarm

:congrat::congrat::congrat::congrat:

You have a good start on a book there Geistmacher, you ought to keep it going and post it in the story section of the forum.

A contingency plan could be developed for David and George for the loss of their OTP's. A common book such as a specific translation of the Bible or another book that would not raise suspicion or concern if they are detained and searched, could be used as a key. 

The dead drops are good but maybe you could develop a scenario to use a broadcast using possibly CB radio(common and readily available and shouldn't raise suspicion), of encrypted message. Set up specific broadcast times and mutually monitor the frequencies for messages, less chance of being tailed. If he David and George are close, a very low power radio could be used with just a short untuned stub for an antenna. Low power, untuned antena - harder to DF.


Your story could be very useful as a teaching/training tool, not to mention just plain interesting and entertaining. Keep it coming.


----------



## TheAnt

*What about the code*

Interesting stuff (and story) but can you give an example of the kind of encoding/decoding available with these random numbers? Is it a substitution cipher (that could be too easily broken with statistical analysis couldnt it)? What kind of codes are possible?


----------



## Davarm

TheAnt said:


> Interesting stuff (and story) but can you give an example of the kind of encoding/decoding available with these random numbers? Is it a substitution cipher (that could be too easily broken with statistical analysis couldnt it)? What kind of codes are possible?


Ant

I wont give any specifics, its been a while(20+ years) since I was involved with that type of thing and my big concern is that I don't remember what can be discussed in the open. The last thing I need is a uniformed crew knocking on my door and taking 10 years and $10,000 from me.


----------



## TheAnt

Davarm said:


> Ant
> 
> I wont give any specifics, its been a while(20+ years) since I was involved with that type of thing and my big concern is that I don't remember what can be discussed in the open. The last thing I need is a uniformed crew knocking on my door and taking 10 years and $10,000 from me.


Of what use is this 'Trade Craft' if you dont have a cipher to employ? One could use a substitution cipher but in my opinion it would be too easy to break. You could use commonly available computer application to encrypt something digitally but you couldnt easily transmit that on paper and it would still be breakable eventually via brute force (though it might take so long that it would be worthless by the time it was broken). I believe the intent is to have encrypted messaging without technology otherwise why not just use commonly available and hard to break encryption? It could be something that would take months to decrypt even with the fastest NSA computers and it would be enough time as long as your message was time sensitive.

I dont know what you could be worried about but maybe you know something I dont. I am just trying to understand how this can actually be used.


----------



## TheAnt

As an ammendment to what I said above:

Assuming the message is long enough (a short message would be harder to break) I believe the following is true:

If you are just encoding to throw the average person off a substitution cipher would work just fine.

If you are trying to throw off a heavily burndened local/state gov't office or law enforcement for a reasonably short amount of time a substitution cipher would *probably *work fine. I dont know that most local or even state LE or gov't employs code breaking software.

If you are trying to throw off national gov't then a substitution cipher could be broken in hours if not minutes or less. They have the software and its no big deal.


----------



## TheAnt

http://en.wikipedia.org/wiki/One-time_pad give a lot of information about at least one possibility of the cipher used. Very informative! I wont go to prison over this link will I? 

EDIT: And becaue of Rule #2, it doesnt matter how long the message as long as the random encryption code is as long or longer (or *must *it be longer?)


----------



## TheAnt

This may be outside the scope of your discussion and if so just say so but couldnt the use of Public Key Infrastructure get around all the downsides of this particular form of message encryption? In other words why use OTP instead of PKI? Im no expert and have never tried to devise any form of PKI for myself but the concept would be powerful for SHTF communication if you could implement it in a low tech way. It would be able to be decrypted but it would take some time depending on how big the keys are and what encryption is used to create them (if I understand correctly). 

Just a thought... hope I am not stepping on toes -- thats not my intent.


----------



## Davarm

Ant, I know what you are saying but in this case it is not a matter of being afraid of big brother, I signed numerous oaths and "NDA's(non disclosure affidavits) throughout my military service and I am still bound by them. The problem with this is that I simply don't remember what is public knowledge and what remains classified. I was kinda hopen that Geistmacher would volunteer an example, I feel relatively sure that he has had more current exposure than I have had. 

Some of the methods and procedures are public knowledge and can be discussed and practiced by anyone but as for specific methods are concerned, I dont remember which ones are public knowledge.

Direct substitution ciphers can be very safe and secure if your key is sufficiently randomized, no patterns would show through the encryption unless you repeat portions of the key or if you are coding up an encyclopedia, that is the beauty the One Time Pad. 

Lets wait for Geistmacher to chime back in on this and take it from there.


----------



## TheAnt

Fair enough DevArm, this is just a subject that I am interested in.

After a little reading it seems that the mathematical algorithms required to create an asymmetric cipher (which PKI relies upon) are too complex to expect it be done without a computer (though maybe a programmable calculator would work and that calculator replace the "pad" in the OTP concept). Essentially I was thinking an asymmetric cipher (like PKI) would be easier to keep up with and the "pads" twice as secure as (since the key used to encrypt cannot be used to decrypt) a symmetric cipher (where one key is used to encrypt and decrypt) like OTP.

I find OTP interesting! Please tell more Geist!


----------



## Geistmacher

The best public key can be broken given enough computer assets put on the case. 
If you use a computer for key generation, or for en-cryption / decryption, the message and the key is on the computer in the clear at some point. This opens up the interception of the message. The use of computer makes it more difficult to hide the keys or the message, and allows easier search by software and the other side. 

A custom or heavily modified operating system bootable from a SD Micro ( up to 64Gb is available ), and used on a computer that has the hard drive removed, or better yet, disabled during use for encryption, might be a valuable option. The key can be very large, allowing for encryption of very large messages. The card can be concealed almost everywhere. The case of the hollow nickle comes to mind. No trace is left on the computer for recovery. 

Transmitted messages via electronic means can be monitored. Such a encrypted message will flag you immediately. Do not be fooled into thinking that the public key is unbreakable in a short time. All such encryption available on line is compromised. You do indeed bet your life on it. When "they" search you, all computers, disks, and other electronic items, will be confiscated and analyzed. 

The art of encryption is also an art of compromise. You must consider:
The size of the messages to be transmitted. The speed required for timely decryption of critical information. The threat level you face, in assets that might be brought to bare against you, and the danger the information contained, could be to your organization.

The one time pad is a variation of a very old but mathematically unbreakable encryption. Never using the keys, even in part more than once is critical. The physical security of the key pads are critical. Never having a message longer than the key is critical. The algorithm is not important as long as the rules are followed. As simple a system it is, the "powers that be" that understand encryption use it and fear it. If you use a computer you make their job real easy. 

The encryption system is public domain. The ways the government uses the system is not. The trade-craft exposed here, does not give specific examples used in the real world, but rather how they can be used. Hope I have helped a bit.

Remember that too much information is no information. 
You can not find and use in a timely manner the bit of information you must have.
No information is information. 
If you are carrying your cellphone around all the time, and they know that on certain days you do not carry it. This is information most valuable. 

My opinion for what it is worth.

Geist

Just because you are paranoid, don't mean they are not after you.


----------



## Davarm

Thank you, you are more up and current on this than I am, 20+ years is quite a long time and alot has been forgotten, regardless of how well it was known and how much it was used at the time.

Hope you keep story going, David and George can teach us a lot.


----------



## Geistmacher

I am considering a short story to bring a gestalt, a total use of preparations and survivalism in a real world senario. I plan to make it read like a novel with a twist. 

I keep current on intel because of the nature of my past and current employment. Being a survivalist requires preparing the brain as well as tools and supplies.



Geist

The 9mm might expand on impact. The 45 acp will not shrink.


----------



## Geistmacher

*Quick note on communications*

When the SHTF and you have to move quickly, take a lesson from Katrina:
Have a plan in place for using specific public forums, newspapers, tabloids to place a personal ad telling your family members that you are fine and how to contact you. If regular communication is down, phones inoperative, and numbers and addresses changed, this will allow groups and family to contact each other.

Place your personal ad, and look in the prearranged locations for the other personal ads. Coded messages could be of use here, or messages with hidden meaning to disguise the locations and identity of the person placing the ads.

Still working on the story for the tradecraft demo.

Geist


----------



## dataman19

Geistmacher,
KM on your AN.
Request you authenticate my DS.....


----------



## dataman19

Incidentally, One time key pad use and ciphers are "forbidden" on all Amateur Radio Frequencies. (as per the FCC).
...
Licensed Hams are forbidden to use ciphers and secure codes on the Amateur Radio Services.
..
If you want to use Codes and Ciphers, then apply for a Commercial/Private Shortwave Station License (they are available, but hard to justify).
...
Geistmacher, even though the old Cemetary Net is now History. Some of us do still remember the AFKAKs, etc.
....
Dave
Phoenix, AZ


----------



## Marcus

There is a program called PGP (for Pretty Good Privacy) that can generate both public and private keys for encryption. It's export is restricted so it may be unavailable at your location. Instead of using a OTP, I'd suggest using the program with max encryption (2048 bit if I recall correctly) then transcribe the message to a paper form.
The CIA uses (or used to) CDs as encryption keys. These CDs use recorded atmospheric noise for as truly random a number generator as possible.


----------



## CrackbottomLouis

A simpler book code might work well. Especially with a specific number inserted at a known point that would describe to the receiver which book to use and whether each line of code is backwords or forwards or each 3rd word jumps to a different spot. Something like that could easily be worked out ahead of time.

Am I showing ignorance in thinking that would be pretty secure?


----------



## musketjim

I've heard of book codes in the past, but the other is over my head, sorry. But with wife and friends really not on-board it's a moot point anyways..


----------



## swjohnsey

A book makes a decent one time pad. Both ends need identical copies of the book. It is not as secure as a radomly generated one time pad but the only ones likely to break it are the fed's A-Team.


----------



## Pixelphoto

dataman19 said:


> Incidentally, One time key pad use and ciphers are "forbidden" on all Amateur Radio Frequencies. (as per the FCC).
> ...
> Licensed Hams are forbidden to use ciphers and secure codes on the Amateur Radio Services.
> ..
> If you want to use Codes and Ciphers, then apply for a Commercial/Private Shortwave Station License (they are available, but hard to justify).
> ...
> Geistmacher, even though the old Cemetary Net is now History. Some of us do still remember the AFKAKs, etc.
> ....
> Dave
> Phoenix, AZ


Yes illegal when the rule of law is in order. When the rule of law fails and the poop hits the oscillating blades then rules are out the window. I am a general class ham who follows the law and rules currently. But when it all goes to heck in a hand basket I won't be giving out my call sign and I will be talking in code.
If the FCC can send me a ticket when the poop hits the fan then so be it.


----------

