1. Jun 28, 2006

jeffceth

do-it-yourself encryption

Really don't know where to put this, so thought I'd ask all the fine folks here and see if I get a response. One of the curses of being widely read is that sometimes you remember the subject but neither content nor location of something you read once and would really like to find out where it can be found again. I know I've read several 'schemes' for doing encryption(high security, no kiddy stuff, the kind it takes a wealthy adversary centuries to crack) in your head or with a few notes on a piece of paper(which if compromised mean nothing cryptanalytically) but cannot find it anywhere. Any of this ring a bell for someone who can provide a url or summary?

The kind of stuff I'm looking for is probably symmetric(tho assymetric would be great and can require any kind of printout or out-of-mind assistance as long as nothing is given away cryptanalytically on any of it.

If anyone remembers anything like this I'd love to hear about it.

2. Jun 28, 2006

jeffceth

Really don't know where to put this, so thought I'd ask all the fine folks here and see if I get a response. One of the curses of being widely read is that sometimes you remember the subject but neither content nor location of something you read once and would really like to find out where it can be found again. I know I've read several 'schemes' for doing encryption(high security, no kiddy stuff, the kind it takes a wealthy adversary centuries to crack) in your head or with a few notes on a piece of paper(which if compromised mean nothing cryptanalytically) but cannot find it anywhere. Any of this ring a bell for someone who can provide a url or summary?

The kind of stuff I'm looking for is probably symmetric(tho assymetric would be great and can require any kind of printout or out-of-mind assistance as long as nothing is given away cryptanalytically on any of it.

If anyone remembers anything like this I'd love to hear about it.

3. Jun 28, 2006

Gokul43201

Staff Emeritus
Even a simple multialphabetic substitution cipher becomes virtually uncrackable if the length of the key is comparable to the length of the plaintext.

I remember seeing a little Javascript tool somewhere that lets you enter the plaintext/ciphertext and a password (which serves as a pseudo-random key generating seed). The code generates a key that is as long as the text and encrypts it using that key. You can decrypt ciphertext at the same site, if you have the password.

4. Jun 28, 2006

Staff Emeritus
Colonel Abel, the soviet spy who was arrested back during the Cold War, had a one time pad and some simple rules for using it, involving if I recall, an old Russian folk tune. The "unbreakable" feature was the (pseudo)-random sequence of numbers, which he had to carry with him.

I believe a public key system of fairly good resistance could be based on two large prime numbers which hopefully you could memorize and then do a memorized algorithm on with a calculator.

5. Jun 28, 2006

gnomedt

Rot-13 is usually enough for most. ;-)

6. Jun 28, 2006

jeffceth

lol!!!!!!!

7. Jun 28, 2006

chroot

Staff Emeritus
I've never heard of any such thing. At their heart, most ciphers very complicated "bit shuffling," which could not be done in your head. I'm not saying such a thing could not exist, but I'm pretty well read in cryptography, and I've never heard of it.

- Warren

8. Jun 28, 2006

chroot

Staff Emeritus
On second thought, perhaps you're referring to the Solitaire cipher, which was called Pontifex in Neal Stephenson's Cryptonomicon. This cipher can be done with playing cards, but is definitely not "the kind it takes a wealthy adversary centuries to crack."

http://en.wikipedia.org/wiki/Solitaire_(cipher)

- Warren

9. Jun 28, 2006

jeffceth

thanks, gokul, but I think a multialphabetic substitution cipher of decent security would require a prohibitively long shared key for most messages and is, of course, not reusable.

The javascript tools are handy, but fall well within the 'insecure if environment is compomised' zone. if the password is being typed into a computer in unencrypted form, then an environment breach would trivially shatter the security.

one time pads you have to carry with you again leave you dead in the water if physically compromised, and tend to be way too long to memorise. It took me several days to memorise the first 100 digits of pi, so a decent one-time pad would probably be quite the herculean effort.

the reason I don't think an asymetric system is practical is that to be reasonably secure the calculations would have to be too large to do in your head, and in an environment-compromised situation any calculations of that type done on a calculator are cryptanalytically vulnerable.

I don't mean to sound too negative, guys. I really appreciate you taking the time to try and help.

If it helps jog any memories, I think one of the systems allowed for certain things to be written down on a napkin or paper but if the paper was compromised the system was still secure.

10. Jun 28, 2006

jeffceth

thanks, chroot. I'm familiar with the solitaire scheme and how insecure it is. the scheme(s) I seem to recall had nothing to do with a pack of cards. If it helps jog anyone's memories, I'm pretty sure at least one of the schemes allowed for some things to be written on a piece of paper to help with the calculation, but if the paper was compromised it was not cryptanalytically helpful.

11. Jun 28, 2006

chroot

Staff Emeritus
I honestly don't see how such a system could even exist. If you write down intermediate figures in the course of performing an encryption, how on earth could they not be cryptanalytically useful? They indicate, in some respect, the state of the "state machine" in your head.

As I said, even the Solitaire cipher uses a rather complex "bit shuffling" scheme, with real cards, by its numerous cuts and counts. Every other "secure" cryptosystem I have ever seen uses some form of bit shuffling -- and bit shuffling is particularly hard to do in one's head.

I'm interested in learning about such a cipher, if it really exists -- but is there any chance you have just misread something, or perhaps mistook some fictional work for factual?

- Warren

12. Jun 28, 2006

Irresistible_Force

You mean you don't want to use something like a 384 bit encryption
biometric flash drive?

13. Jun 28, 2006

jeffceth

exactly. the idea is that the core part of encryption happens inside your head. the method doesn't have to be easy to remember, but the process has to be able to be done as if you were sitting in the same room with an adversary.

14. Jun 28, 2006

jeffceth

I'm hoping not, but anything's possible.

15. Jun 28, 2006

Irresistible_Force

You need to encrypt notes on the discussion taking place or like large blocks of data in written form?

16. Jun 28, 2006

chroot

Staff Emeritus
And really, if such a cipher existed, I don't know why anyone would use anything else! The largest pitfall in almost all realistic cryptographic applications is key security -- if anyone can steal your laptop, they can get your key, and render the inherent mathematical security of your cryptosystem irrelevant. It's almost always easier to break into someone's house, point a gun at them, and take their computer than it is to break a modern cipher.

If you really could do secure cryptography in your head, with an algorithm strong enough that the computing hardware of major governments could not break it for centuries, then key security issues evaporate. The key is only stored in your head, and with the exception of torture and Star Treak brain scanners, no one can get it.

Why would anyone use any other kind of cryptography if such a "killer app" existed?

- Warren

17. Jun 28, 2006

chroot

Staff Emeritus
Admin note: Two threads with idential original posts have been merged into this thread. My apologies for any conversation that's difficult to follow!

- Warren

18. Jun 28, 2006

Irresistible_Force

Make up your own shorthand note taking system, then assign three digit number codes for every word you may likely need (that's 999 words). Every second use of the same word increments the number by a fourth/fifth digit. Third use next increment and so on. Unusual words could be substituted for with common words that make sense to you, like metal, box, fire, could mean tank.

They have ten tanks. (Shorthand= %= they , *=10 , @,#,$=metal,box,fire) It, them, they, he/she etc. = % converts to 3951 [have can be assumed and left out] ten = * = 7861 @=metal = 3541 #=box =7561$=fire =2931

39517861354175612931

Don't account for spaces, punctuation, common words that can be
assumed. Instead of Incrementing by 1 , you could also go with a 4 digit
number to begin with, and assign two or three numeric values to each shorthand
word and just use them randomly, because they mean the same thing to you.

What do you think? Not uncrackable, but fairly effective with just your brain to work with.
You could also change the proper english usage to something like ten,metal-box-fire,they.
Try to crack this one :273197312391!

Last edited: Jun 28, 2006
19. Jun 28, 2006

chroot

Staff Emeritus
It would probably take a cryptanalyst no more than a half dozen of these messages to crack it completely. In fact, it isn't even a cryptosystem at all, it's just a shorthand, and offers absolutely no mathematical security at all.

The original poster is talking about cryptography that major governments could not crack; this kind of "real-world" cryptography requires expert-level training to design.

- Warren

20. Jun 29, 2006

Irresistible_Force

'Cryptosytem' is not a word. So, you're right.
If you're saying it isn't a cryptographic system , then you're wrong.

cryp·tog·ra·phy
1.The process or skill of communicating in or deciphering secret writings or ciphers.
2.Secret writing.

There is no 'real world' cryptography that only major governments could not crack, which is why we change keys quite frequently. If there were, you most certainly could not do it in your head.

I was only offering a suggestion to the poster of something that could be done in his head. The most secure encryptions are the ones that are unknown to any but the owner. He didn't say he would be sending messages back and forth, he said it had to be done in front of the adversary, without giving anything away.

BTW, I am a cryptologic technician (maintenance) for the Navy, so although not up to the 'expert level of training' you refer to. I am certainly
qualified to offer a suggestion.