[HN Gopher] Military Cryptanalytics, Part III
___________________________________________________________________
Military Cryptanalytics, Part III
Author : oedmarap
Score : 62 points
Date : 2021-01-06 10:07 UTC (2 days ago)
(HTM) web link (www.schneier.com)
(TXT) w3m dump (www.schneier.com)
| arithmomachist wrote:
| Fascinating to see the highest state of the art of pre-digital
| cryptography, right before it was rendered obsolete. Very
| evocative that volumes 4-6 were planned but never completed,
| presumably because the first crop of modern encryption schemes
| were already outdating theses volumes as they were being written.
|
| I wish the NSA would declassify more records of what it managed
| to break in the pre-digital era, now that the methods are out of
| date and the people involved are mostly dead. It would be great
| for historians to see both what the agency was capable of in that
| period, and how its methods, together with its successes and
| failures, shaped history in the early Cold War.
| [deleted]
| _wldu wrote:
| _" If there is any lesson for today, it's that modern
| cryptanalysis is possible primarily because people make
| mistakes"_
|
| Here's a toy one-time pad implementation I did (years ago) in
| C++. I just recently implemented it in Go too. These are pretty
| simple to write, but I wonder if I've made mistakes.
|
| code: https://github.com/62726164/padder
|
| blog: https://www.go350.com/posts/padder-a-one-time-pad-
| implementa...
| enriquto wrote:
| How do you transmit the pad in the first place? I guess you
| have to specify that if you propose a complete system.
| RcouF1uZ4gsC wrote:
| > How do you transmit the pad in the first place?
|
| That's one advantage that a military crypto system has over a
| civilian one in that they already have well established
| physical identity and authentication. They can take advantage
| of that to deliver the one time pad. For example, before a
| ship goes on deployment, it can be loaded up with the one
| time pad. Similarly for a division being deployed.
| 35fbe7d3d5b9 wrote:
| Military crypto systems have rarely been based around one-
| time pads. One time pads are difficult to use and extremely
| slow in practice because you have to work by hand to
| decrypt a message. A cipher machine is hard to make
| mistakes with and can disseminate information quickly in
| both directions. That's why you don't load up ships with
| hundreds of pages of OTPs, you put an Enigma (or modern
| equivalent ;)) on board.
|
| One time pads are useful for _espionage_ , and you can see
| examples of how they are used here[1]. They took advantage
| of how most espionage worked (and who knows, may still
| work!): different channels for sending and receiving. The
| numbers station read you a short message, and if you needed
| to send a message back you signaled your handler to meet in
| person at a prearranged place.
|
| The same thing that makes OTPs suck on ships make them
| excellent for sending short messages to spies. You can't
| hide an Enigma in a walnut, after all!
|
| [1]: https://www.cryptomuseum.com/crypto/otp/index.htm
| todd8 wrote:
| One time pads are difficult to use in Military settings
| because rarely is communication going on between just two
| participants. With the number of units needing to
| communicate some foolproof means for not using
| overlapping sequences of the one time pads between
| different parties is essential. Otherwise, a technique
| known as multiple anagramming can be used to reveal the
| plaintext.
|
| Generating a secure paper and pencil one time pad is very
| easy on a computer and can be expected to be completely
| secure if used properly. Of course, distributing,
| coordinating, and updating the pads is a weakness of such
| a system.
|
| In the electronic era, messages can still be encrypted
| with digital one-time pads and this was the case years
| ago when the secure "hot-line" between the Soviet
| Leadership and the US president used such a system to
| communicate. (The hot line wasn't a phone but a
| teletype.) This was a perfect use case, a single pair of
| end points resulting in an unbreakable use of the digital
| one time pad.
| jandrese wrote:
| One time pads don't necessarily have to be pen and paper.
| You can distribute a MicroSD card with 128GB of random
| bits that is used to encode/decode messages. An
| additional advantage of a system like this is the OTP can
| be encrypted so if it is captured it can't be used to
| decrypt old messages without further getting key material
| from the end user (possibly with a pipe wrench).
|
| The biggest problem is that no matter what, the OTP ends
| up being some sort of physical medium that requires
| shipping to the end user. But really it's a scaled up
| version of the key distribution problem.
| 35fbe7d3d5b9 wrote:
| > An additional advantage of a system like this is the
| OTP can be encrypted so if it is captured it can't be
| used to decrypt old messages without further getting key
| material from the end user (possibly with a pipe wrench).
|
| That problem has already been solved and the websites you
| visit today (should!) be working the same way:
|
| https://en.wikipedia.org/wiki/Forward_secrecy
|
| > the key distribution problem
|
| That is _the_ hardest problem, especially in a system
| where you 've got military units in unfriendly areas.
| mikewarot wrote:
| Erasing the parts of the pad that have already been used,
| overwriting them with new hardware generated random
| numbers would seem to help out forward secrecy. Or am I
| missing something?
| adolph wrote:
| One of the fun things about using the Army one time pads
| is that depending on how much leeway one had with the
| words in the message, you could adjust things to spell
| out stuff in the encrypted string.
| Mvandenbergh wrote:
| Also worth noting that most military communications are
| only sensitive if broken quickly, secret messages sent in
| espionage might need to stay secret for decades against
| potentially new mathematical attacks and hardware
| developments.
| baud147258 wrote:
| I think the ship would be loaded with a big stack of one
| time pad, not just one, because that'd severely limit the
| number of message they could send
| filleokus wrote:
| I don't have any knowledge about this, but an 8 TB SSD
| would probably last quite a while, especially for a ship
| with limited bandwidth out at see. (Of course there are
| probably multiple disks, not least for redundancy, since
| the space/weight concern is completely negligible)
| lb1lf wrote:
| Uneducated guess - the ability to quickly completely and
| utterly obliterating the pad would probably be a much
| more significant concern than space or weight.
|
| After all, you don't want your cipher desk, OTP and all
| to be overrun by opfor just as you are encoding "we are
| being boarded!"
| todd8 wrote:
| In World War II, navy code books were bound with lead
| covers to make it easy to safely jettison the books
| overboard if necessary.
|
| Such code books where a bit like dictionaries containing
| random alphanumeric sequences for each useful plaintext
| word. This was then subjected to an additional layer of
| encipherment. Such a code was generally beyond the
| ability of foes to break.
|
| Many years past the battle of Midway, it was finally
| revealed that the US had broken the Japanese Navy code
| known as "Purple", explaining the United States lucky
| outcome in that important battle. I believe it was
| through a combination of obtaining one of the code books
| and cryptanalysis.
| TheAdamAndChe wrote:
| The nice thing about a OTP is that it's only used once,
| unlike a typical cipher. If pads are lost, well that's
| fine because they weren't going to be used with anyone
| else.
| lb1lf wrote:
| True, but with the (used) pads you can reconstruct past
| messages.
|
| (Provided you intercepted those, that is.)
| jandrese wrote:
| Sure, but it's also easy to have a system where the pad
| is destroyed after it is used. This would help insure
| that nobody messes up and uses the same bits twice as
| well.
| _wldu wrote:
| You can also have a separate set of pads that decrypt the
| messages to something entirely different from the real
| messages. I'm not aware of another crypto system that
| allows for this. Here's an example: $
| padder -d -m c2wrbumxvj8gob34mxn46pxg29a6kxnwfhcaam3en-
| hr-2v -p ryxrvqnlhz04icqq6eg56cuhg10vlx5dff3ba44wg6ic-kd
|
| PlainText: we-are-moving-north-and-will-attack-at-the-
| pass $ padder -d -m
| c2wrbumxvj8gob34mxn46pxg29a6kxnwfhcaam3en-hr-2v -p
| zifs6d9dgk36k94m9d5x77jhj277ip59gw9btmv4j7in-kc
|
| PlainText: our-group-fled-south-to-the-city-we-sailed-
| east
| krisoft wrote:
| Ships receiving key material for a deployment is how you
| get a John Walker spy ring situation. You are right that
| the military has some advantages regarding key
| distribution, but it's still not a trivial task.
| TedDoesntTalk wrote:
| Number stations :)
| bee_rider wrote:
| Well, they do call it a toy implementation.
___________________________________________________________________
(page generated 2021-01-08 23:01 UTC)