[Cryptography] Brainstorming for encrypted text messaging ideas...with a twist

Ray Dillinger bear at sonic.net
Fri Jun 16 16:58:44 EDT 2017 


On 06/15/2017 07:32 PM, Grant Schultz wrote:

> What if the encryption method was the one-time pad?  Naively, you could
> carry a one-time pad on paper, along with a pencil.  You would perform
> the en/decryption manually, and type the message into the phone.  (Of
> course the smartphone with its cameras would be in your pocket during
> en/decryption.)

It would work, but you'd want something less unwieldy than a one-time
pad.  I think you would want some kind of purely mechanical device, so
that users could verify for themselves that it is unhacked and
unhackable. All parts visible.

A copy of the M-209 cipher device could be manufactured on a desktop
mill. The cost for one or two units would be an undue burden, but in
small runs of a score or so the cost could be much more reasonable.
Especially if it's distributed in kit form and the purchaser assembles
it themselves - which could be a good idea anyway, as a way for the
purchaser to knowthe device is unhacked.

However, the cipher it generates can be broken by computer given a few
kilobytes of ciphertext. It would only be secure for short messages or
for very few messages per key.

I don't really know of any pocket-size devices which are more secure
than that, unfortunately.

I know a couple of Pen & Paper ciphers that are more secure than that
(never successfully cryptanalyzed) but they're REALLY annoying to use
(fractionation, double interrupted transposition, defractionation with
different table).  You could print out instructions on a sheet of paper,
but nobody would routinely use it because it would take ten minutes to
encrypt/decrypt a tweet.

And neither of these methods gets around the difficulty of typing random
characters into a smartphone.

				Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170616/e8acbecd/attachment.sig>

More information about the cryptography mailing list