[Cryptography] [Announce] Unsnoopable - Completely unsnoopable messaging (was: Brainstorming for encrypted text messaging ideas...with a twist)

Tom Mitchell mitch at niftyegg.com
Sun Jun 25 13:56:01 EDT 2017


On Tue, Jun 20, 2017 at 10:35 PM, Ashish Gulhati
<crypto at ashish.neomailbox.com> wrote:
> You guys are circling close to a scheme for completely unsnoopable
> messaging that I've been trying to turn into a usable solution for
> quite some time (with recent success, I believe).

>
......
> In mid-2014 the idea popped into my head again, and this time I had a
> solution for the sneakernet component, and the need for two
> computers. This solution was along the same lines as Tom described in
> his recent message: use an old model iPod Touch or similar device as
> the air-gapped device, and your regular smartphone as the online
> device.

I know I have mentioned QR codes a number of times over the years.
This link shows how easy this is to do:

http://www.qr-code-generator.com/

>> A single cell phone is difficult.   However two devices could be less hackable.
>> An old cell phone can be side loaded with an application in developer mode
>> and kept in airplane mode and air gaped.

I would note that that QR codes can be used for the input of complex encryption
codes by multiple individuals and be a site useful strategy for key management.

I can visualize a manager and two engineers in a room where the manager can see
that both the physical and digital QR keys for the system are  used.
The manager has a key and the engineer has a key so three or four
padlock keys are needed
in routine use.   Key recovery is enabled by the ability to cut the
four locks or crack the safe
should an individual get run over by a truck.  The physical lock boxes
can have alarms
and remote monitoring.

Complex keys can be transported on paper by multiple individuals to
remote sites or as images
or as known URLs or...  Complex codes can be transported from air
gaped TNG generation supported
systems to production systems that are air gaped or not.

QR codes have simple error detection and multiple modes.  Some use
modes I was unaware of
until I found the above linked site:  URL,  VCard, Text. E-mail,  SMS,
 Facebook,  PDF,  MP3
Many more types could be invented... it is just as packet equivalent.

An embassy only need destroy two bits of paper and pull the power
breaker to digitally wipe all the systems.
A false alarm can be recovered from with duplicate keys sealed with
wax in a mayonnaise jar buried
in a vegetable or rose garden.










-- 
  T o m    M i t c h e l l


More information about the cryptography mailing list