Silk Road forums
Discussion => Off topic => Topic started by: vlad1m1r on April 13, 2012, 05:06 pm
-
Dear all,
There are extensive tutorials on SR on how to set up and maintain anonymous internet connections and encode your messages with GPG which is right and good if you haven't read these, please do so.
That said, I have always had a fascination with older methods of encrypting messages which while not as secure as AES Encryption make for extremely interesting and useful knowledge.
Why would you want to know about such archaic methods of secret communication?
Firstly, if you luck runs out and you end up in prison, this will in all likelihood be the only way you have of communicating with other inmates and people on the outside safely.
Secondly, if like me you have a large amount of very long and complicated passwords, and can't carry them around inside your head, you can write them down in a coded format in such a way to make it very difficult for anyone who comes across your list to get into your hidden files.
Without further ado, allow me to introduce you to my favourite - the good old "Book Cipher". An extremely simple yet powerful way to protect any message you send.
Firstly you and your friend must agree on a book or piece of text to use to create your cipher. (Obviously if you're using this as a way to safely write down your password don't tell anybody what book you're choosing!).
You need to think about this carefully. If you want to use this method to communicate with a lot of people you might want to choose an easily obtainable book like the same edition of a Bible or a phone directory. If it's just for you or only a couple of people it's better to find an out of print book, or even write a text yourself on a random subject and keep it to yourself.
Next you can use the book to write your message. Simply begin reading the text and count along the words until you come across the one you want and write it down on a separate piece of paper.
So if for example you were to use this text as your key:
I decided not to meet him. Admittedly, I felt a connection between him and me when we met. At first glance he seemed to be everything I was looking for in a life partner. He was tall, charming and had a six figure salary. I sometimes wonder if I might have been able to work out his true nature but we can all be clever in hindsight. By the time I realised what he really was, it was too late...
Let's say the message you want to write is :
Meet me at six. Might be late.
You would write down:
5 - 15 - 19 - 42 - 50 - 64 - 80
Many people find it difficult to count off words individually and use a Bible or Almanac instead, both of which have numbered passages of text. Feel free to devise your own system - the more personal it is to you, the safer you are!
V.
-
Very clever!
I like this idea a lot, using a book means that you can avoid having to exchange cypher pads and so makes it a lot easier.
-
Very clever!
I like this idea a lot, using a book means that you can avoid having to exchange cypher pads and so makes it a lot easier.
Thank you Cache,
This isn't by any means the only cipher of course but it's the simplest and most powerful one I know - it wouldn't stand up to NSA level analysis but would certainly fool your local cop shop. Even your local police grunt would recognise the significance of a code book of some kind sitting on your book shelf but this way it looks like a collection of harmless books - little do they know! :-)
V.
-
Hidden in plain view.
Simple = good
-
Hidden in plain view.
Simple = good
+1 Karma to you my friend. There's a whole branch of Cryptography known as Steganography which is devoted towards disguising illicit messages as something innocent too - there was a big scare on the internet a while back because people believed Terrorists were hiding coded messages as microdots inside pictures of Kittens - and we say they've no heart... :-D
V.
-
Anonymous were using a picture of a kitten to distribute a suite of hacking tools. Google Dangerous Kitten for more info.
-
http://ob-security.info/?p=393
here is one good example of such system called password pad. can be very handy for creating complicated and same time easy to remember passwords.
-
http://ob-security.info/?p=393
here is one good example of such system called password pad. can be very handy for creating complicated and same time easy to remember passwords.
That's an excellent idea using the same principle, thanks! Of course as the article says you would have to use this in combination with a word or phrase you'd memorised to make it extra secure, otherwise you'd be reducing the combinations of passwords considerably.
My concern about using this would be that in countries like the UK, under the Regulation of Investigatory Powers Act (RIPA) a person can face up to two years' imprisonment for failing to divulge their password to the authorities. It would be impossible to deny that you had encrypted data if you had something like this on your person - that said I'm sure it would be possible to use it as a bookmark or keep it somewhere safe where they wouldn't find it.
A friend of mine used to keep a list of his clients in a sealed envelope inside his own mailbox. His house was raided twice and it never occurred to the Police to search there. :-)
V.
-
http://ob-security.info/?p=393
here is one good example of such system called password pad. can be very handy for creating complicated and same time easy to remember passwords.
That's an excellent idea using the same principle, thanks! Of course as the article says you would have to use this in combination with a word or phrase you'd memorised to make it extra secure, otherwise you'd be reducing the combinations of passwords considerably.
My concern about using this would be that in countries like the UK, under the Regulation of Investigatory Powers Act (RIPA) a person can face up to two years' imprisonment for failing to divulge their password to the authorities. It would be impossible to deny that you had encrypted data if you had something like this on your person - that said I'm sure it would be possible to use it as a bookmark or keep it somewhere safe where they wouldn't find it.
A friend of mine used to keep a list of his clients in a sealed envelope inside his own mailbox. His house was raided twice and it never occurred to the Police to search there. :-)
V.
this law it totally stupid and opening wide range of opportunities to be abused by police. By using this law they can get in jail any one they want to, very easily. they can plant encrypted content and if you will not tell the password you in jail. they can send you encrypted files by email, and knock in the door, pretty fucked up.
-
Book ciphers are just as vulnerable to frequency analysis as any other primitive method of cryptography. While admittedly something fun to do for the sake of understanding the history of cryptography, it would be extremely foolish and naive to use this for any actual security purpose. If you have a lot of long, complicated passwords that you need to remember, don't write them down and "encrypt" them with this method. Instead, put them in a file on a flash drive, and encrypt that file using a program like GPG or TrueCrypt.
-
Cool post, reminds me of the old spy novels I read as a kid. Technology isn't necessarily the be all and end all.
-
Book ciphers are just as vulnerable to frequency analysis as any other primitive method of cryptography. While admittedly something fun to do for the sake of understanding the history of cryptography, it would be extremely foolish and naive to use this for any actual security purpose. If you have a lot of long, complicated passwords that you need to remember, don't write them down and "encrypt" them with this method. Instead, put them in a file on a flash drive, and encrypt that file using a program like GPG or TrueCrypt.
And what password would you use to protect that file? You see the dilemma?
Passwords that are easy to remember are shorter and/or based on dictionary words which are vulnerable to a brute force attack. Strong passwords conversely contain mixtures of upper and lower case letters, symbols and numbers. It's true you could have a file containing many such passwords protected by a single weak one but this is simply restating the problem as once the weak password is cracked every single one of your passwords will be exposed!
The way I have suggested using a book cipher works to compliment your existing security methods, not replace them. Also it is not vulnerable to frequency analysis if you're using it to encipher a strong password which in the nature of things would be a random combinations of letters, symbols and numbers from a text. Frequency analysis would also only be possible on a significant portion of text, not a password of say 20 characters.
If you require proof of this I would suggest you Google the "Beale Ciphers" which were based on a book cipher and have eluded the finest Cryptographers in the country, including staff from the NSA. The strength of the cipher lies in the fact that any piece of text can be used - you could even write an essay yourself on Abraham Lincoln for instance and use that as the key text.
Moreover, I would suggest that anyone interested in the field of Cryptography in general should take an interest in classic ciphers for the other reason I mentioned, which is that you may well find yourself in a situation where you need to send a message secretly but are unable to use a computer to do so!
V.
-
Cool post, reminds me of the old spy novels I read as a kid. Technology isn't necessarily the be all and end all.
Thank you Brutusk for your kind words, and you're quite right, technology isn't everything. Naturally we woudn't all be here if it weren't for the wonders of public key cryptography but if the whole thing is protected with a password like "guitarhero" (which would take a desktop PC 6 days to crack according to howsecureismypassword.net) then the whole house of cards comes tumbling down! :-)
What was your spy novel of choice? I'm a big Ian Fleming fan.
V.