SoylentNews is people
SoylentNews
The hidden world in short-wave.
I was interviewed a few weeks back for my website priyom.org [Javascript recommended] which is a community that tracks and logs Numbers Station and military radio stations from all over the world.
The article on The Daily Beast can be found here: http://www.thedailybeast.com/articles/2016/03/06/the-stupidly-simple-spy-messages-no-computer-could-decode.html
When I was 10 years old, I found a shortwave radio in a crumbling old leather trunk where we kept family photos and other memorabilia. As I spun the dial, tinny, modulating noises, like the song of an electronic slide whistle, emanated from the radio's small speaker. Staticky cracks and pops competed for airtime. The sounds swished and swirled, unintelligible and unremarkable. But then, emerging through the clamor, was a voice.
I might have run right over it with the dial, but the voice's rhythmic, steady pacing caught me up short. It wasn't a deejay. Nor a commercial. And he wasn't singing. He was just speaking. The same line, over and over again.
"7...6...7...4...3." Pause. "7...6...7...4...3."
I don't remember if those were the exact numbers. But they were numbers. A repeated sequence which had no obvious meaning, and was entirely devoid of context. To find him here, amidst the screeches and howls of the shortwave frequencies, was like coming upon a man standing in the middle of a forest, talking out loud to no one.
How long had he been here? Who was he talking to? He had that officious tone of the recorded telephone operators who chastised you for dialing a wrong number. "Please hang up, check the number, and dial again." And the same distracting static I'd heard in those messages filled the background. I wasn't sure if he was speaking live, or if he'd been recorded and set loose to play into the air.
It's well-written and a good introduction into the world of number stations and short-wave. I think the Soylent community will enjoy the article, maybe prompt some of you to dig a radio out of your attic and have a listen. Alternatively, you can listen to some stations online. Different stations broadcast at different times; check out the listings on the station schedule page (Javascript required).
Some other resources to check out on the scene:
Enigma 2000 group http://www.brogers.dsl.pipex.com/enigma2000
Simon Mason's website http://www.simonmason.karoo.net/
[Ed. addition.] These stations apparently depend on previously-distributed one-time pads:
In cryptography, the one-time pad is an encryption technique that cannot be cracked if used correctly. In this technique, a plaintext is paired with a random secret key. Then, each bit or character of the plaintext is encrypted by combining it with the corresponding bit or character from the pad using modular addition.
(Score: 3, Informative) by edIII on Friday April 29 2016, @01:55AM
Not basically unbreakable, but purely and provably impossible under all conditions forever. That being said, OTP is flawed and subject to several forms of attack if not performed *perfectly* every single time.... and even then is still subject to stream cipher attacks.
What's implied here is that every single bit is completely and totally unrelated to every single other bit. What this means is that the entire algorithm has no deterministic properties. For example, the elliptical curve cryptography algorithm provably provides an association of the 1st bit with the 9,999th bit, as well as the 17th bit.
All combinations of the OTP key with the plaintext are 1:1, not 1:many. Therefore, if all of the random numbers provided to construct the OTP key are non-deterministic in nature, and provably very high in entropy, then on a mathematical basis nothing can be proved about anything.
If you have 1,000,000 bits of OTP encoded data, you have 1,000,000 bits in combination, or 2 raised to the millionth power possibilities that are equally possible. You're working with all possible datasets that can be constructed by the length of the ciphertext. Which incidentally, they're all the same length too, which is why OTP is not viable for large scale use today. Using a shorter length key to a longer length plaintext... is just regular encryption which is provably breakable over time.
OTP literally provides you with an insanely, and astronomically huge, amount of different possible plain texts from the cipher text/OTP key combinations. All of which are mathematically provably to be exactly equal in probability :)
Unbreakable is actually an understatement.
OTOH, what I find more interesting is the rumor that these number stations have been found since the very beginning, even by the inventor of radio. Either that, or a plot from a Fringe episode :)
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by stormwyrm on Friday April 29 2016, @02:32AM
AES with a 256-bit key for instance already provides you with just about 2256 possible keys. That is pretty much more keys than there are sub-atomic particles in the known universe, which is astronomically huge by any standard. A one-time pad is worse yet. If your random key is as long as the plaintext, then every possible plaintext of the same length becomes equally likely. For instance, if we had this 17-character one-time pad encrypted message:
NGUTxX/BLtcRRtqlj
Then any of the following possible decryptions are equally likely:
The answer is yes
The answer is no!
You are an idiot!
The same is true any other possible string that is 17 characters long. There is no way to prove that any decryption is the right one!
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by sjames on Friday April 29 2016, @04:51AM
And to be really evil, there can be null (ignored) characters sprinkled through the plaintext.
(Score: 2) by fnj on Friday April 29 2016, @10:42AM
2^256 = 1.2x10^79 approximately.
The number of atoms in just the observable part of the universe is estimated to be between 4×10^79 and 4×10^81. This translates to a bare minimum of 8x10^79 sub-atomic particles, even if you assume every atom is hydrogen, and you do not break down the protons into quarks.
So, no, the number of available keys is not quite "pretty much more" the number of sub-atomic particles in the universe. It does, however, invite pondering how you could ever find enough energy in the universe to brute-force try all the keys. Just once, for one encrypted message.
(Score: 2) by tangomargarine on Friday April 29 2016, @02:08PM
It does, however, invite pondering how you could ever find enough energy in our universe to brute-force try all the keys.
More quantums! Don't gimme that "she cannae take more", Scotty!!
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by c0lo on Friday April 29 2016, @02:39AM
For certain OTP en/decryption algos, it's easy to see that applying the specific and appropriate sequence of OTP on the very same cypher text would result in, say, the entire Shakespeare work being "decrypted".
(e.g. for XOR OTP encryption, the pad and the cypher text are interchangeable. Therefore you can construct your "appropriate sequence of OPT" by encrypting chunking Shakespeare work and encrypting it with your target sole cypher text).
I wonder if there are OTP algos for which there exists a given pair of plain/cypher text so that t is NOT possible to derive a OTP that maps one to the other.
If there are no such algos, it would mean that starting from a single cypher text and applying all possible QTP-es, one should be able to derive any and all the books that were, are and will ever be created.
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 2) by edIII on Friday April 29 2016, @03:00AM
As long as the plain/cypher is the same size (which it must be) that would seem to be impossible. You wish to construct a plaintext that cannot be calculated from a ciphertext with *any* OTP key correct? If so, I believe that to be impossible, since there are no restrictions on the OTP key. Meaning, that through modular addition all you need to do is "choose" the difference between the plaintext and the ciphertext to obtain OTP. Nothing can be done mathematically to stop that, or preclude the selection of any one number over another.
It's 1:1, or bit to bit, so the OTP bit is literally just a mathematical operation performed on the other two bits. How can you stop that?
Therein lies the strength of OTP. Any ciphertext can generate all books, documents, images, and other datasets that could ever be created, that were also the same size, or less than the ciphertext. Which interestingly enough, also includes all traditionally encrypted representations as well as anything compressed. If less, nothing says you can't encrypt whitespace......
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by c0lo on Friday April 29 2016, @03:23AM
Correct, but I have a feeling that it isn't impossible.
Suppose an encryption scheme which will map the clear text alphabet over always-odd codes. If I'm presenting a cypher text containing all-even codes, you won't be able to decipher it
With the note that, if you allow concatenation of multiple decryption steps and repetitions in the OTP sequence, the same size or less restriction becomes superfluous (the problem degenerates into a "One-Time-Stream encryption")
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 1) by khallow on Friday April 29 2016, @10:19AM
I wonder if there are OTP algos for which there exists a given pair of plain/cypher text so that t is NOT possible to derive a OTP that maps one to the other.
Sure, but why would you want to break (as in make not work) OTP that way? The charm of a proper OTP algorithm is that it can be anything of that length.
If there are no such algos, it would mean that starting from a single cypher text and applying all possible QTP-es, one should be able to derive any and all the books that were, are and will ever be created.
Which for a proper OTP system should be the case. The catch here is that you can't have that many OTP in our universe. There are some strong information limits to what we can have lying around.
(Score: 2) by JoeMerchant on Friday April 29 2016, @03:40AM
So, short form, you can't know what OTP decrypts to because with different pads, you can decrypt to literally any message of the same size as the cipher text.
BTW, the Mersenne Twister is a nice source for OTP pads, well studied to be "perfectly random," as long as you're not so careless as to initialize it with all zeroes or ones.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 1) by ComaVN on Friday April 29 2016, @07:57AM
No it's not. Mersenne Twister has good randomness properties for simulations and the like, but is NOT cryptographically secure: http://crypto.stackexchange.com/questions/12426/is-a-mersenne-twister-cryptographically-secure-if-i-truncate-the-output [stackexchange.com]
(Score: 2) by JoeMerchant on Friday April 29 2016, @04:40PM
And there's a cryptographic variant of Mersenne which is more appropriate for crypto applications.
Now, if you have a 19937 bit key, you can choose any of 2^19937 - 1 starting points in the Mersenne sequence, which would take quite some time to brute force, but has the vulnerability that once guessed, the attacker can be reasonably sure they have the correct key. Using the cryptographic variant removes that predictability.
Either is ridiculously secure as compared to asymmetric prime factor schemes.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by stormwyrm on Saturday April 30 2016, @01:05AM
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by JoeMerchant on Saturday April 30 2016, @11:35AM
I lived/worked through the era where the officially promoted crypto protocols (endorsed by "professional" widely published cryptographers) were later exposed as vulnerable and even containing back doors for government agencies.
The essential property of a OTP that makes it resistant to analysis is randomness. Certainly use your asymmetric scheme to exchange keys, if you must, or more secure methods, if you can. My assertion is that the symmetric (OTP) scheme is superior for bulk transfer of data, especially large streams of data that would be vulnerable to frequency analysis if the masking key were not random.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by stormwyrm on Saturday April 30 2016, @01:05PM
But do make sure you use a REAL one-time pad, not one that is effectively a stream cipher designed by amateurs as you have tried to recommend. If you really do care so much about your security and are that paranoid, build the hardware for your own true random number generator yourself (since you really shouldn't trust any third party to do this properly, since they could give you a fake random number generator and you'd be none the wiser) and use its output as the key for your OTP. An avalanche diode or a radioactive isotope should do nicely. Using an algorithm to generate "random numbers" is essentially equivalent to using a cipher algorithm designed by someone who might or might not know what they are doing.
A true random sequences is one which cannot be expressed as the output of a program shorter than the size of the sequence itself. This is the only definition of randomness that will give you all of the very strong security guarantees of a one-time pad. The digits of Pi for example, by this definition, are NOT random, because you can write a very short program that will produce them. The output of your favoured Mersenne Twister is equally not random by this definition, because there is a short program that can generate it. Look up the definition of Kolmogorov complexity and look into a field called algorithmic information theory if you really want to understand what randomness really means. Gregory Chaitin has several very accessible books on the subject.
I'd wonder what cryptographic algorithms you are thinking about that have been shown to have weaknesses or back doors for government agencies. There's the Dual_EC_DRBG CPRNG algorithm endorsed by NIST which was suspected to contain an NSA back door ever since it was published, and no one was ever foolish enough to use. That's the only example I can think of that actually contains a back door, and no one who had a choice in the matter ever used it. Notably the NSA did not recommend its use by classified government systems despite its being a FIPS. AES/Rijndael has withstood fifteen years of cryptanalytic attempts and has received an NSA endorsement that allows it to be used to protect US government classified data. The NSA would not do such a thing if they found any major weaknesses in it or if it had a back door, as the chance that a foreign intelligence agency or a sufficiently clever academic cryptographer might someday figure it out independently are rather high. Even DES has remained solid enough that the best known attack against it is hardly better than brute force, and it's only because brute force is now feasible with today's hardware that nobody uses it.
The TLS/SSL suite has its problems, mostly thanks to government meddling in the days of Crypto War I. But other cryptographic protocols out there have been shown to be even worse mainly because they were designed by amateurs who make amateur mistakes, and were shown insecure after a pro had a look at them.
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by JoeMerchant on Saturday April 30 2016, @08:11PM
DES was highly suspect in the early 1990s, elliptic curve was pushed in every academic course as a "standard" around that time, too. I think DES proved somewhat legit, while elliptic curve was never thought to be any good by "people who cared." Then there was the whole NSA deal with this: https://en.wikipedia.org/wiki/Dual_EC_DRBG [wikipedia.org]
I do live in a world where "good enough" randomness is, infact, good enough. The secrets I protect are not to be shrouded for all time, and noone would likely bother to try to break ROT-13 on most of it. However, I also live in a world exposed to "common attacks" which are developed on commonly used algorithms, so, when someone breaks a standard tool - if we happen to be using said standard tool, our names will be dragged through the press as "insecure, negligent, etc." As such, a little creativity, even if it results in something less secure, is often preferable to following on the bandwagon of the latest idea of unbreakable. Assuming quantum computers continue to develop at a roughly Moore's Law rate, they'll likely be breaking most current asymmetric key schemes before I retire... but, as inadvisable as it is in many circles, a touch of security through obscurity will keep the standard hacks from forcing a recall on our products.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by stormwyrm on Sunday May 01 2016, @01:54AM
DES was suspect until academic cryptographers (re)discovered differential cryptanalysis in the late 1980s, and found that when they applied it to DES, they found that the S-boxes for it seemed to have been chosen in such a way as to make their new attack nearly useless, when it positively destroyed other contemporary ciphers. Later, some guy from IBM fessed up and told everyone that they knew all about differential cryptanalysis in the 1970s, the NSA's mysterious change in the S-boxes was guided by it, and that the government then told them it was classified. I mentioned Dual_EC_DRBG, and also said that no one who had any choice in the matter tried to use it, as not only was it a couple orders of magnitude slower than most other CPRNG algorithms, it also made use of magic numbers that no one could explain that made everyone strongly believe that it had a back door put there by the NSA.
The thing is, the only reason we know that ciphers are any good is that people study and analyse them for weaknesses. This is, like many fields, a difficult and specialised one that takes years to master, and we laypersons can only know that the specialists in the field are any good by looking at track records of what they have done. It's the same as in any field where expertise is difficult to obtain. To imagine that one is able to do better than folks like Schneier, Rijmen, or Rivest just by reading a few random articles from a Google search is an instance of something called the Dunning-Kruger Effect.
While yes, doing the odd bit of security by obscurity may help keep you secure, but if you're trying to communicate securely with anyone outside of yourself at some future time, you have to convince them to use your non-standard system. That is easier said than done, and if the circle of people with whom you wish to communicate becomes large enough, your enemies will also obtain your encryption tools and study them for weaknesses. If you don't really know what you're doing, and chances are you don't (see above), your enemies will eventually find one or more weaknesses and penetrate your security. So much for security by obscurity.
There is plenty of research being done on post-quantum cryptography and hopefully before quantum computers become practical they will see wide use.
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by JoeMerchant on Sunday May 01 2016, @02:40AM
Of course, we accept our vendor's word that their "certified security" is as good as they say, and we, along with dozens of our competitors, use them to tunnel packets under this wonderful blanket of VPN goodness.
Judging from their technical depth in other areas, I'm assuming that a flaw will be found in their implementation sooner than later, and when it happens I want the people who start looking at our AMQ packets to see mostly white noise, instead of names, addresses, etc. in plaintext. The vendor will scramble and figure out a patch in a month or two, we'll all have a big rollout circus, and things will get back to normal. I just want our department to be able to answer the questions from on-high with "yes, we use them, but our additional layer of security will prevent any exposure." With all the other crap out there in plaintext during the breach, I doubt anybody will care enough to grab our internal communications and try to get into them, and even if they do - we should be clearly shown to be trying harder than the next guy... Yes - this is really only good in closed systems, but when you have the luxury of operating a closed system, why not take advantage of the low hanging fruit?
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by tangomargarine on Friday April 29 2016, @02:19PM
as long as you're not so careless as to initialize it with all zeroes or ones.
This was basically how they cracked Enigma back in WWII. The encryption system itself was great, but there were several different things about how the Germans initialized it that made it easier to attack.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Monday May 02 2016, @03:22AM
"The encryption system itself was great"
The hell it was. Enigma would never output an input character unchanged. That is a HUGE flaw.
(Score: 2) by stormwyrm on Saturday April 30 2016, @12:50AM
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by edIII on Sunday May 01 2016, @03:55AM
There's another way to say it, one I've found simpler.
You want to add something to the encryption process?
1) Is it deterministic?
2) Is it non-deterministic?
If #1, slap yourself in the head, and think of something new until it's #2. That's the real strength of OTP; Non-deterministic everything. The second you try to get cute and smart about it, and think I can add this here and this there, you've more than likely added deterministic properties to it. We kind of suck at making something purely non-deterministic. It's not easy, and that's also why OTP is nearly impossible to implement on anything approaching large scales and distance.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by Webweasel on Friday April 29 2016, @08:54AM
Yup, its the monkeys and typewriters scenario.
Funniest bit is, if you do do all the permutations, you will get the message. But how doe you know which message is the real one?
A simple example is:
KILL THE SPY
LOVE THE SPY
Same number of letters, both would be valid decodes. Which message was the intended one?
In the community there are rumours of Number Stations being used from the first world war onwards, but no real evidence of them until the 1970's.
The real issue was the lack of the internet at the time, the only way for the community to gather was around HAM radio magazines. This prompted the original Enigma group in the UK who operated from the late 80's to the early 90's.
We were lucky enough to obtain the original newsletters which we have scanned in and are available on the site. There is also some historical recordings available on the websites I linked in the summary, going back to the late 70's.
So the earliest evidence we have is the late 1970's, we cannot prove any activity before that point.
Priyom.org Number stations, Russian Military radio. "You are a bad, bad man. Do you have any other virtues?"-Runaway1956