NSA & RSA

JT > This is uncrackable.

krw > In theory, reality and theory are krw > the same. In reality, they are not. G > While that axiom is generally true, it's G > not true in the case of this cypher, krw. krw > Wrong. OTPs have been broken throughout history. Cites? krw > The reality is that nothing around the OTP is krw > secure, Are you talking about a weakness of the crypto or a human and physical security problem? It is actually possible for people to act unlike the usual governmental bureaucratic idiocy. krw > primarily because humans are involved. But that's not a fault of the crypto. Sure they are interdependent but let's not blame the crypto for human and physical security problems. G > No amount of supercomputing can decrypt this. G > Such efforts would be in vain for this cypher. krw > Irrelevant. G > The pre-arranged OTP key for each message G > (and in Vernam by extension each character) G > is not so much an exercise in cryptography G > as in keeping the keys secure. krw > ...and there, reality sets in. I think I did my "due diligence" by pointing out the distinction between the pure crypto and human/physical security issues. G > The Vernam One Time cypher looks to be more G > vulnerable to theft of the pre-arranged G > "OTP" keys than to cryptographic decoding. G > The means of delivering the pre-arranged G > OTP keys to the recipient would be the G > most obvious vulnerability. Transmitting G > the keys to the recipient across the G > insecure network would be foolish. G > Theft of keys or tampering with the random G > number generator would both involve more G > "hands on" efforts than pure decryption. G > If a determined eavesdropper were going G > to use that much "hands on" physical G > intrusion then perhaps video surveillance G > /wire tapping would be easier as well. G > This cypher certainly makes use of the G > old axiom about making decryption too G > difficult to be worth doing. G > Jim was right, this one is uncrackable. G > Watch him go off on me for saying that. krw > No, he's certainly *NOT* right. Has the Vernam OTP cipher ever actually been broken cryptographically? I'd love to read about any historical examples where it was! Leaked or stolen keys or rigged random number generators don't invalidate the crypto method itself. While most government bureaucrats fail at human and physical security, there are probably a few who can actually manage to keep it secure. If you were sending a series of keys to a future recipient of messages, how would you send them? Flashdrive VIA UPS/Fedex with a tamper evident seal? Personal courier? In person handed out at a monthly or quarterly meeting? The point is that if you CARED you could manage to keep the human and physical security under control. The Vernam Cipher The Vernam Cipher is based on the principle that the plain text of a messag e is 'mixed' with random text from a One Time Pad (OTP). Because the result ing cipher text is still truely random, it can safely be sent over the air, without the risk of being deciphered by an interceptor. At the receiving e nd, the same OTP is used to 'unmix' the random text from the cipher text, w hich results in the original plain text. One only has to guarantee that the OTP is safe, that there are only two copies of it, and that both copies ar e destroyed immediately after use (see below).

The above became possible after the introduction of digital telegraphy, als o known as Teletype, or Telex. With teletype, each character is substituted by a digital 5-bit code, often represented by the 5 holes in a punched pap er tape that was commonly used with telex machines. Digital codes can also be represented by a series of '1's and '0's, where 1 represents the presenc e of a hole and 0 represents the absense of a hole. This is commonly known as the Baudot code. The OTP was recorded onto a punched paper tape, which was called the key, o r One Time Tape (OTT). The cipher text was generated by applying the logica l XOR operation (Exclusive-OR, or Modulo-2 addition) to the plain text and the key. The advantage of using the XOR operation is that it can be undone with the same operation. In other words: XOR-ing the cipher text with the k ey, would reveal the plain text again.

In mathematics, the XOR operation is called modulo-2 addition. In this case , the individual bits of the plain text are XOR-ed with the key. The result ing bit will only be '1' if the two input bits are different; if they are e qual, the result will be '0'. Let's asume that the letter A is represented by (11000) and that B is represented by: (10011). A bit-wise XOR operation would then yield (01011) which, in the Baudot table, is the letter 'G'. In fact, each bit from the key tells us whether or not the corresponding bit f rom the plaintext should be inverted. Example The principle of the Vernam Cipher is perhaps easier explained by looking a t a message stored on a punched paper tape. In the example below, we want t o transmit the word HELLO which is stored on the plain text tape. We also h ave a pre-recorded key tape, with a series of random characters; in this ca se the sequence AXHJB. The contents of the plain text tape are now XOR-ed w ith the contents of the key tape. The result (KMIVE) is a truely random ser ies of characters which we've stored on the cipher tape. Mixing of the plain text and the key

Now let us see what happens if we repeat this operation on the resulting ci pher tape. In the illustration below, the cipher tape is on the left. It is XOR-ed with a copy of the original key tape. The result is the original pl ain text. Mixing of the cipher text and the key

The process of XOR-ing text and key is often called mixing, and the cipher machines that use the Vernam principle, are therefore often called mixers o r mixer machines. Cipher Security The above procedure is 100% safe if, and only if, the following conditions are met:

There are only two copies of the key-tape, Both sides of the communication path have the same tape, The key-tape is used only once, The key-tape is destroyed immediately after use, The key-tape contains truely random characters.

If any of the above criteria is not met, the cipher will become less secure . This means, for example, that in a battlefield, sufficient supply of key- tapes have to be prepaired well in advance of a transmission. If you are co mmunicating with a station several thousands of kilometers away, it will be very difficult to supply new key-tapes on a regular basis.

In practice, distribution of key tapes always was a big problem, resulting in many violations of the above rules. In some cases a key tape was used mo re than once, or was inserted the other way around (i.e. starting at the en d). There were even cases where an operator would take a piece of key tape and use it as an endless loop, by joining both ends with a piece of cellota pe. Pseudo-random versus OTP Although the OTP was, and still is, the only cipher that is totally secure, many systems based on the Vernam Cipher were replaced by cipher systems th at used a pseudo-random key generator with a very long cipher period. If bo th ends of the communication link configure their pseudo-random key generat ors identically, the Vernam principle can still be applied.

With this method, the configuration of the pseudo-random generator has beco me the key or seed, or initialization vector, which is potentially much sho rter than the message itself. Such a short key produces far less distributi on problems, but also results in a reduced security of the cipher. It all d epends on the secrecy and the strength of the key. Generating OTP key tapes (OTT) It is also very important to consider how key tapes were made. The cipher i s only 100% safe, if the key tape contains evenly-spread truely random char acters. That would be the case if the tape was filled with white noise from , say, a diode or an empty radio channel.

In practice, however, military organisations often used pseudo-random numbe r generators for the creation of the key tape. The simple fact that such a generator is pseudo-random, makes the cipher less secure. There is always t he danger that a potential enemy finds out what algorithm is used to genera te the pseudo-random sequence; either by mathematical methods or by espiona ge. An example of a key tape generator is the EROLET. Mixer machines Cipher machines, intended for operation with teletype signals, that use the Vernam Cipher, are generally called mixers or mixer machines. In most case s, they are equipped with two paper-tape readers. Several such mixer machin es are described on this website. More... Click here for an overview of mixer machines on this website

Invention The Vernam Cipher is named after Gilbert Sandford Vernam (1890-1960) who, i n 1917, invented the stream cipher and later co-invented the OTP. His paten t US1310719 [1] was filed in 1918 and is, according to the NSA, perhaps one of the most important in the history of cryptography.

Snapshot from Gilbert Vernam's Patent US1310719. Click to read the complete document.

Over the years, many have claimed the invention of the mixer machine. In 19

21, the German manufacturer Siemens filed patent DE371087 in which a nearly identical principle is claimed. The patent drawing even shows two puched p aper readers side-by-side. One of Siemens' claims is that it could be used as an online cipher system by driving the telegraph relay directly [2].

Snapshot from German Patent DE371087. Click to read the complete document.

During WWII, the German Army relied on hand ciphers and rotor-based cipher machines, such as the Enigma, the Siemens T-52 Geheimschreiber and the Lore nz SZ-40/42. In 1943, Siemens developed their first online mixer machine ba sed on the above principle. It was named T-43 and less than 50 of them were built. At the end of WWII, the Germans destroyed most of these T-43 machin es. The ones that survived were captured by the Americans and later the Bri tish.

K in Norway [3]. The collaboration of the two engineers eventually resulted in the release of the ETCRRM, a mixer machine that used valves (tubes) rat her than electric relays. The machine was soon adopted by the Americans for communication at the highest level and later also by the newly established NATO. At height of the Cold War, the ETCRRM was used at the heart of the W ashington-Moscow Hotline.

In the late 1950s, the Dutch PTT developed their own range of mixer machine s, again based on the same principle. As the PTT didn't have sufficient pro duction capacity, the machines were manufactured by Philips Usfa in Eindhov en (Netherlands). The first machine to be released in 1656 was the Ecolex I . Like the ETCRRM, it was valve-based. It was followed in 1960 by the fully transistorized Ecolex II. After that, Philips Usfa took over the developme nt of cipher machines, resulting in 1963 in the Ecolex IV. According to a f ormer company director, Philips had to pay royalties to the principal inven tor at the Dutch PTT for many years, for the use of his patents [4]. Modern use of the Vernam Cipher The Vernam Cipher can also be applied to modern computer systems. Instead o f the 5-bit word of a teletype system, computers use 8-bit or even longer w ords. The principle, however, remains the same as the XOR-operation is appl ied to the individual bits of the data word. The use of the XOR-operation i s still at the heart of many cryptographic algorithms today. References

Gilbert S. Vernam, US Patent 1310719 Filed 13 September 1918.

Siemens und Halske, German Patent DE371087 Filed 10 July 1921.

NSM Annual Report 2008 (Norwegian). Noen kryptosuksesser. p. 15.

Anonymous former company director of Philips Usfa Interview at Crypto Museum. April 2013.

Further information

The Vernam Cipher on Wikipedia One-Time Pad (OTP) and One-Time Tape (OTT) The Baudot code Mixer machines on this website

Any links shown in red are currently unavailable. If you like this website, why not make a donation?

07 May 2013 - 10:01 CET Reposted under the FAIR USE exceptions to the US copyright law. Non-profit and for the purpose of discussion.

This is interesting

It seems the top is urn breakable, except for the human element... But the human element is always present.. Mark

To some degree, sure. Not all cryptosystems are created equal and OTPs are particularly bad, in that respect.

Do your own research. There are some fascinating books in this area.

The *system* includes everything to make it useful. OTPs are particularly weak, in practice.

It *sure* is. Cryptography isn't useful in the abstract. It's *only* useful in practice.

Nonsense. You cannot isolate one aspect of a system and declare it "perfect" when the rest is deeply flawed. Nor the other way around.

There is none. It's a *system*.

The pads have been broken.

Nope. Pads used more than once will make decoding trivial. OTPs are particularly susceptible to such errors.

Undefined problem.

If, if, if, if, if. All conjecture. None reality.

--
_I_ certainly can, but perhaps your myopia causes you to believe 
that everyone suffers from your affliction[s].

--
In what way?

[snip] [snip]

Seems like some pe "My point of view has always been... there is NO code that is uncrackable... thus do not E-mail anything you want to be absolutely private. Likewise cellphone conversations or text messages. So NSA can listen in all they want... the most technical discussion they'll catch will be me helping my 13 year old granddaughter with her Algebra homework ;-)" ...Jim Thompson

--
| James E.Thompson                                 |    mens     | 
| Analog Innovations                               |     et      | 
| Analog/Mixed-Signal ASIC's and Discrete Systems  |    manus    | 
| San Tan Valley, AZ 85142   Skype: Contacts Only  |             | 
| Voice:(480)460-2350  Fax: Available upon request |  Brass Rat  | 
| E-mail Icon at http://www.analog-innovations.com |    1962     | 
              
I love to cook with wine.     Sometimes I even put it in the food.

On Wed, 25 Dec 2013 10:48:32 -0600, John Fields Gave us:

He sure convinced the group (well, abse)that I was a troll (all those years ago). And... "Now, I are one."

So, I thought of new experiment.

Containers:

Three, one cubic yard boxes, constructed from that foam sandwiched between card stock poster board material architects use. Paint the inside matte black, or even get actual 'black body' paint from an IR instrument maker.

Sources: 1) Take a toaster element, still wrapped on its card. Mount it on the end of a 15" rod of G10. Lead hi-temp leads outside the box, to be fed by a DC source.

2) Take a short table lamp (metal stalk), and place an old, now banned 100W incandescent bulb in it, to be fed by a DC source. 3) Take 100 1.5 W Cree LEDs, operating at 1 Watt each and make and outward illuminating, like a bowl of flowers. To be powered by a DC source.

Conditions:

Place in a room where there are no drafts and control the temp to a value which will remain stable without much corrective help after getting it there. Once the test begins, no environmental controls are needed (or desired). Cubical type segregations/partitions can be made to keep the boxes' air separated from each other a bit.

Test: Initialize each load "device under test" DUT to the full 100 watt value.

Plot curves for the interior chamber air temperature of each "box under test" over time.

See just where 100 watts goes... and how quickly... or slowly.

That is a "crock"; urns are very breakable - shards of fact.

Why do you want to break urns?

--
Anyone wanting to run for any political office in the US should have to 
have a DD214, and a honorable discharge.

Venona was not really broken, just decrypted using recycled pads and partials recovered from a mostly burned code book. Recycling pads were so idiotic that I wonder if the USSR didn't do that intentionally.

To get the code ashes..

--
I amphora simpler solution.

Aren't there already enough ashholes around here? ;-)

--
Anyone wanting to run for any political office in the US should have to 
have a DD214, and a honorable discharge.

Speaking of the NSA I wonder when the second shoe will fall. Let's do the math, how hard would it be for the NSA to store ALL the data, not just the metadata but the audio content as well?

Mark

A story a friend told me about someone he knew etc. etc., supposed to have happened in the 1970-s in the USSR. Some friend of his spending some time - weeks or months - in the USSR got some phone bill which he thought was too high. He complained; before too he long was contacted by an official who told him he had personally listened through all his call records and the bill was correct...

:D

I don't trust the story more than I would trust a realistically sounding urban legend of course but back 25-30 years ago it did not surprise many who heard it. Then it probably means foreigners were recorded, not everyone. But they must have kept a few tape factories busy.

As nowadays drive manufacturers must be kept busy, not sure the shoe will fall but I would be really surprised if they did not store all the data. Not just that within the US, of course. And not only by the US. We must get used to the fact that everyone can be watched at any time. Any data put on any of the mainstream gadgets is practically disclosed. I like to think my data on my DPS disks are safe but I don't know that, I have to buy the silicon on which these machines run after all...

Dimiter

------------------------------------------------------ Dimiter Popoff, TGI

------------------------------------------------------

completed

the

apparently

to

to

then

Or a seriously disgruntled ex-employee.

?-)

Trimming is good up to a point miso, but when it leaves no clue as to what you are responding to is excessive. Not everybody uses your newsreader / newserver.

?-(

bribing.

Not any more. Too many brute force attacks are easily done.

?-)