Encrypted Message Practice

внимание! внимание!

15068 34306 50…

(indicator group is 15068)

внимание! внимание!

15068 34306 50…

(indicator group is 15068)

Jason,

I’m sure we all agree.

Dick

30053 01844 32682 80324 39238 99321 18254 42978 83565 85627 29628 17023 57608 43091

58947 09068 74114 68918 48728 59364

58947 09068 74114 68918 48728 59364

29438 61685 03936 41072 01561 61327 96202 86304 83326 46969 00477 70960 04556

29438 61685 03936 41072 01561 61327 96202 86304 83326 46969 00477 70960 04556

Jason, did I mention this to you?

84340 02758 85279 56810 99941 07739 25914 84504 39932

Jason, did I mention this to you?

84340 02758 85279 56810 99941 07739 25914 84504 39932

haha! You made a mistake on this one but I was still able to decrypt the message.

I’m sure you had a good time. I am jealous!

Ok you guys get new OTP’s tomorrow.

Glenn

36347 73728 73490 31243 94282 78798 57106

22244 19900 26573 39299

71393 52663 71004 94529 00751 74881 36530 74282 9233

Because he has no hair.

Close enough I guess.

I am familiar enough with the CT-46 that I can do that part pretty fast. Glenn, I imagine you read the message as you subtract without having to even refer to CT-46?
I’m starting to see 8 2 and know it’s an S without looking. A, E, I… I don’t need to check the chart.

By the way, 100 bucks cash to anyone who can find and identify my OTP next Monday. If you can assemble it by the end of class a hundred dollar bill is yours (or donated to the guild.)

Aloha All,

It is interesting that a system so simple is unreadable even by the NSA or the CIA, or foreign intelligence agencies. Our purpose is to understand the process and how to do it efficiently. As always there are rules and these rules insure the integrity of the system itself. Let’s review a few of the simple rules.

Random number streams used to create the OTP must be generated on a stand alone computer system. This computer must not have any connection to the internet or any peripheral devices. Printers should be turned off until after the streams have been generated. The computer itself should be in a shielded case. When generating the number streams turn off your monitor until after the run is complete. Once the run is complete (time it) turn on your monitor, examine the result and then turn on your printer. Print your streams and then turn off and physically unplug your printer from electrical power. Never save the streams to a file on any computer, thumb drive, or other recording media. Never email the OTP. If someone needs the OTP then set up a personal meet to pass the information.

If you email the OTP you are done, might as well turn in your decoder ring and get ready for the 3 Hots and the Cot at the local prison.

Devise a means to hide all codes and cyphers. Never hide them on a computer, don’t leave them out on the coffee table, don’t hide them in your sock drawer. Use the big computer between your ears to make a plan to secure them where they will not be found in a search specifically looking for them. Once you use up a page, check your work and then burn the page. Do not shred, eat, or toss the page in the trash….burn it in a cup, fill the cup with water, use a spoon to beat the burned page into the water then walk outside and use the water on your plants or spread it around in thick grass.

This goes for anything related to encoding, enciphering, decoding, or deciphering. Once you know the information destroy all materials related to it so there is no evidence that can be used in your trial. This means to prepare.

The best way to do this is the old fashioned way. Don’t use phone aps…. don’t do stupid stuff.

Glenn

Aloha Dick,

The CT-XX will stick in your memory the more you use them. I don’t really need the physical chart in front of me to finalize the clear text. There is value in not being caught with clear text period. It certainly buys you time especially if you are compromised. Let’s say that instead of your message being broken down to clear text that it broke down to di-nomes or tri-nomes that you then could take to a matrix using row and column keys. Individual cells in the matrix would contain generic short messages. This means 2 digits could in fact = 25 words (or so).

When you think of the logistics involved with just the communications of a spy network it can be a bit daunting.

There must be an entity to create OTP’s on a huge scale. This is usually a function of a government communications architecture. Their simple mission is to create OTP’s to meet the needs of their service. The OTP’s must be managed so that the Spy, his/her handler, and their agency all have the same OTP. Diplomatic pouches get the OTP’s into the country, but from there you must have a secure courier method to dead drop the OTP’s for the spy in the field. Spy’s in the field don’t like to meet strangers (ever) so it is unlikely they would accept an OTP from someone they did not personally know in a personal meet.

Glenn

Aloha Dick,

The CT-XX will stick in your memory the more you use them. I don’t really need the physical chart in front of me to finalize the clear text. There is value in not being caught with clear text period. It certainly buys you time especially if you are compromised. Let’s say that instead of your message being broken down to clear text that it broke down to di-nomes or tri-nomes that you then could take to a matrix using row and column keys. Individual cells in the matrix would contain generic short messages. This means 2 digits could in fact = 25 words (or so).

When you think of the logistics involved with just the communications of a spy network it can be a bit daunting.

There must be an entity to create OTP’s on a huge scale. This is usually a function of a government communications architecture. Their simple mission is to create OTP’s to meet the needs of their service. The OTP’s must be managed so that the Spy, his/her handler, and their agency all have the same OTP. Diplomatic pouches get the OTP’s into the country, but from there you must have a secure courier method to dead drop the OTP’s for the spy in the field. Spy’s in the field don’t like to meet strangers (ever) so it is unlikely they would accept an OTP from someone they did not personally know in a personal meet.

Glenn

Glenn,
Why would you ever carry a OTP? Seems like there is no need.

Let’s say I am a spy from Pineland, coming to do my dirty work in Honolulu. When I leave Pineland they tell me, “Your OTP code is 424-2-3.” That’s all you have to remember. Plus maybe there is a rule that you reverse every third set of numbers.

I’m the spy. I get to Honolulu. I listen to the Number Station broadcast from Pineland I write down the numbers. I have the CT-XX memorized, of course. So I am not carrying anything.

Because the OTP code is 424-2-3 I go to page 424 of last year’s Oahu white pages phone book. I go to the 2nd column. I use every third number. There is a way to extract the correct 5 digits from a phone number (could be first 5, or last 5, or first two, last three, or first two, skip one, last two) And just to make it harder, every third set of numbers you reverse the order. I could make a OTP using the phone book and some simple rules.
Why wouldn’t this work?

My offer:

When I arrive at class you can search me. 100 dollars cash to anyone who can find my OTP and assemble it by the end of class Monday night. 7-9:30 pm.

I’ll show it to you when the time’s up. (No body cavity searches. It won’t be there.)
It will be a physical set of numbers, in my possession at class.

Hmm,

Wonder why this thread gets SO MANY more views than other discussions on our bulletin board? About 10X the views, lol.

I know how to get more views on my YouTube channel now- title a video “Secret Encrypted Message”

Aloha Dick,

Don’t underestimate the ability of the massive computer and cryptographic resources that can be levied against book codes or any other less than secure method. The OTP cannot be broken by these resources. To crack your example may take less than a day to get readable text. When Cryptographic Brute Force is applied it is very formidable.

Glenn

Aloha Dick,

Don’t underestimate the ability of the massive computer and cryptographic resources that can be levied against book codes or any other less than secure method. The OTP cannot be broken by these resources. To crack your example may take less than a day to get readable text. When Cryptographic Brute Force is applied it is very formidable.

Glenn

The Internet is a surveillance system. We’re caught in the “web” trapped in the “net” and there is no going back.

www.cnn.com/2013/03/16/opinion/schneier-internet-surveillance/index.html?hpt=hp_c

I will decode this later. They give the OTP on page 90.