Subj : Numbers stations To : Angus McLeod From : Digital Man Date : Mon Aug 15 2005 12:46 pm Re: Numbers stations By: Angus McLeod to Digital Man on Mon Aug 15 2005 01:19 pm > > but the out-of-band delivery is what I found intriguing. In other > > words, if I mail you a CD/flopy of OTP-encoded data, an transmit the > > OTP over the radio at a pre-determined time and frequency, that seems > > like a pretty cool combination that would be extremely difficult to > > crack. > > Yeah, but by broadcasting the OTP via a numbers station would make it far > too 'public' and 'well known' for my liking. I'd be more likely to > conceal the OTP steganographically in an image or something. OTP's are > supposedly as random as possible, right? And the way that stegano- > graphically concealed data is detected is by looking for non-randomness. > So it should be virtually impossible to detect a steganopgraphically > concealed OTP. You could just have a nice, image (or a set of images) on > a website, and rotate them daily. Yeah, but the easy (and common) archiving of public web images (and likely "replayability") is a hole I think. If someone later found that you were using an image file for OTP data (or the ciphertext itself), they could probably find the image archived *somewhere* on the web after the fact. > > The real "key" here would be the OTP transmission time/frequency, but > > once it was missed by any potential eavesdroppers, there would be no perm > > record of the transmission. > > True, but it is feasible for a security system to set up receiver farms > and capture many (if not all) of the transmissions from numbers stations, > and apply them as potential OTP's to signals to see if they give sensible > results. But do you think that's common? Such a system would have to use voice recognition technology to archive and compare the numbers. And it'd have to be constantly scanning all frequencies. Seems unlikely. > I think it would be much more secure to send the OTP via some > un-eavesdroppable mechanism (even sneaker-net) and then use the numbers > stations to send the encrypted signals over the broadcast bands. I agree. But lets for argument's sake, say I want to send some very sensitive data to you (in Barbados) from here (in California). sneaker-net isn't viable. A direct analog modem-to-modem connection would probably be pretty secure, but I have to know your phone number, you have to be setup to receive at a specific time, etc. Obviously, there are many ways to solve this problem of key distribution. I just thought the shortwave radio method sounded cool. And the fact that the numbers traffic has *increased* in the past 10 years means it must be effective. > > The "number stations" sounded mysterious and eery. And to know that the n > > mean something (apparently very important) to someone somewhere, is intri > > I know what you mean. I don't dwell on it -- there lies madness! :-) digital man Snapple "Real Fact" #15: All porcupines float in water. .