[Cryptography] Practicality of codebook in current-day secret communications

Michael Kjörling michael at kjorling.se
Wed Feb 24 17:02:45 EST 2016 

On 24 Feb 2016 20:58 +0100, from mok-kong.shen at t-online.de (mok-kong shen):
> Consider e.g. the hypothetical situation where
> a manager has to securely correspond with his representative who is
> negotiating with the customer in a bid under rival competitions.

Why do the competitors have access to the communications in the first
place?

How does needing to refer to some kind of code book, whether
electronic or on paper, mitigate this threat? Ideally in a way that,
say, an active VPN and a (possibly further encrypted) corporate IM
service cannot, _if_ real-time communications with others during the
negotiations are even needed?

Remember that the idea of cryptography is to transform large secrets
(sensitive plaintext, for some definition of sensitive) into small
secrets (keys), because small secrets are easier to keep secret.

It seems to me that surely an adversary which is able to subvert and
monitor an active VPN link in more or less real time is quite capable
enough to get their hands on a code book as well.

> It
> seems that the essential instructions and responses could be
> realistically formulated as sentences and phrases of an appropriately
> designed codebook having entries of, say, 256 in number.

This ties back into the above point on whether real-time communication
is needed. Why does "essential instructions and responses" need to be
exchanged between the negotiator and the far-away manager during
negotiations? Why can't the negotiator have a mandate to _negotiate_,
within some given bounds? ("Get the best offer you can, Joe, but
whatever you do, do not accept a bid below $42 trillion.")

If the manager does not trust the negotiator with such a mandate,
maybe the manager should go to the negotiations instead.

Cryptography can be useful, but it should be used to solve real
problems. Your proposed hypothetical situation where a code book could
be useful seems like one where plenty of easier options exist.

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)

More information about the cryptography mailing list