Encryption Followup
BY Herschel Smith
11 years, 1 month ago
I’m not going to get detailed in why I am saying what I am about to say. Go and read this post – Encryption Via A One-Time Pad – at Dan Morgan’s place. Also, all of this is courtesy of Mosby via WRSA.
The post is interesting, especially the more rudimentary methods of communication, which I think are far superior to the high tech methods. Then again, this kind of stuff is interesting to me, and perhaps few others. I suspect that this kind of thing would be useful under certain circumstances, but not me, and not right now.
If I had ever wanted to be anonymous, that ship left port years ago. I have been tracked by CIA, NSA, FBI, DIA, DHS, Department of State and *.mil network domains ever since I posted real examples of the sinfully restrictive ROE in Iraq and Afghanistan (from folks who were there). I’ve seen it from network domains that visited my site. Eventually, I lost interest in that and simply assume that I’m being watched all of the time on everything. Again, that horse left the barn a long time ago. I cannot ever be anonymous again. I have given some thought to how I might return to normal life again, but only thoughts.
But regarding the post on encryption, the issue of random number generators comes up. Morgan says some of the random number generators are “pseudo-random number generators.”
I have to get all pointy head here, and I fear that the more I do this, the larger the chance is that I give away who I am and what I do. I just want to keep that separate from my blogging if I can. But here it goes. There are guys who do their entire post-doctoral work on developing random number generators at the National Labs for Monte Carlo computer codes. There are tests for randomness – ten in all the last time I read the papers and listened to the presentations.
Listen. All random number generators are pseudo-random number generators. None are truly random. With a given random number seed, a random number generator will generate the same sequence of numbers every time it is launched. Monte Carlo computer code users are constantly aware of whether they are exceeding the random number stride with any specific calculation. There are tricks used as work-arounds if they do, such as choosing a random number seed that happens to be different than the default value, or different than the one they chose earlier. But the simple question is this: Do you understand that you cannot just launch the application and assume that you get “random numbers?”
But also listen to me on this. The folks that propose to rule us have access to all of these random number generators. If you use a random number generator like it’s a black box and generate the same sequence of “random numbers” every time you use it, your communications will become predictable.
What’s the point? Just be aware that you cannot use a piece of technology as a black box. You have to be at least semi-educated in order to make proper use of any technology, and don’t assume that you are any more than one step ahead of your opponent, even if you’ve changed what you did since the last time you did it.
Okay. End of pointy head lecture.
|
|
On October 2, 2013 at 9:52 pm, scott s. said:
In Naval PG School as a CS student I took some Ops Analysis courses, including a course on modeling and simulation and we had to go through tests on random number generators. I understand NSA sabotaged the random number generators that form a part of NIST encryption standards.
On October 2, 2013 at 10:13 pm, Herschel Smith said:
I find that believable. I’m sure that they didn’t have any effect on the algorithms in the National Lab codes, but they know what they are. If I do because I have the source code along with thousands of others, then the NSA does too.
On October 3, 2013 at 8:21 am, Paul B said:
One time pad cipher is tough. the beale letter is still not decoded. Grab a random book and take the letters you need from the pages using a numbering scheme to denote the letter.
If you do not have the book, knowing the pattern of the cipher does you no good.
You could use this in e-mail type transmissions if you set the book to be used earlier. Course if you are being watched such behavior will just trigger the defend response in your watcher.
On October 3, 2013 at 10:22 am, Mark Matis said:
I believe I have posted here a way to NOT let them know what you are doing, should that be your desire. I won’t spam again unless someone wants it. Again, even if you DO what I suggest, if the OTHER end of your connection is someone who is infiltrating to incite and indict, then it won’t do any good. THAT is the biggest problem for anyone who wants to be other than a lone wolf.
On October 3, 2013 at 4:42 pm, Bill St. Clair said:
Want truly random numbers? Roll some dice. Real. Physical. Dice.
On October 3, 2013 at 4:54 pm, Herschel Smith said:
Bill. Word. Old school thinking is best.
On October 3, 2013 at 5:21 pm, Phelps said:
Not entirely true. A lot of the generators being made now don’t use a default seed — using the audio coming from the sound card input or a webcam mic is common. If you want a truly random seed, you use something like a cosmic ray detector.
On October 3, 2013 at 5:22 pm, Phelps said:
Gotta make sure that your dice are not worn, are properly balanced, are being thrown far enough, and have enough bounces. Look to Vegas for your examples.
On October 3, 2013 at 6:34 pm, Herschel Smith said:
But Phelps, that’s my point. Some random number generators are made with a default seed with the express purpose of repeatability. Knowing this is important. And remember that *they* have all of the algorithms we have. All of them.
On October 3, 2013 at 7:37 pm, Jedburg said:
Multiple 10 sided gaming dice.
Check the Communications page.
Brigandage.net
On October 4, 2013 at 10:46 am, Herschel Smith said:
Additional thoughts. So let’s say that you’re communicating to someone with a random number generator. You must use a seed for the calculation. If you choose the same seed over and over and over again, you generate the same “random number” sequence every time, and your communications become quite easily deciphered and predictable. If not, then you must also figure out how to covertly communicate to the person to whom you are communicating the random number seed you used so that they can use the same one and your communications make any sense at all.
Understand?
On October 4, 2013 at 12:59 pm, PJ said:
“Multiple 10 sided gaming dice. ”
You can always use regular dice, then convert the base 6 numbers into base 10 (or any other base you need) using a spreadsheet or a calculator. Don’t forget to subtract 1 first since dice go from 1 through 6 rather than 0 through 5. The math function you want is called “modulus” which is nothing but the remainder after a division.
There are base conversion utilities on the internet but I would NOT use any such thing for an important password or other secure use since your access to them may be monitored. But they are OK to use just to see how base conversion works.
On October 4, 2013 at 2:09 pm, Mark Matis said:
Please note my comment on Dan Morgan’s post about using a computer that is connected to the Internet and running Microsoft, Apple, Google, or Facebook software to generate your OTPs.
On October 4, 2013 at 8:56 pm, Joseph P. Martino said:
My son’s PhD dissertation was on a scheme for generating random numbers by counting photons that strike a 2-dimensional grid. That will generate truly random numbers. I don’t know if his method has ever been implemented, though.
Back in the 1960s I was assigned to an R&D outfit. One of our officers was going after a PhD. His dissertation was on simulating neutron paths through nuclear reactor shielding. He was doing the simulations on a VAX, generating huge numbers of “random numbers.” He finally realized he wasn’t doing many different “events,” because the computer was producing only pseudorandom numbers, so he was getting the same sequence of events over and over. He wrote to his adviser about the problem and went on leave. He came back to find his desk covered with notes to call various people. It turned out that just about everyone in the nuclear business was doing the same thing he was, without realizing that because their simulations required so many numbers, their pseudorandom sequences were repeating over and over. I don’t know what he eventually did, but I recognized the problem. I’ve been aware of it ever since.
On October 4, 2013 at 9:39 pm, Herschel Smith said:
Joseph. Random number stride. Solution? Variance reduction. It’s a very long, long story.
On October 5, 2013 at 6:34 pm, Neal Evans said:
True randomness come from physics. Radio noise. Radioactive decay. Plenty of truly random sources. Someone needs to put it on an arduino with a USB interface. :)
On December 24, 2013 at 11:08 am, random said:
please be aware that using the MODULUS operation to convert random numbers to another base is wrong as it leads to statistical bias.
The simple but inelegant solution is to throw away the samples that are too large.
E.g. if convert dice throws from base-6 (0…5) to base-5 (0…4), you will encouter that there are about 16% more “0” samples than the others because 5 mod 5 = 0. However, if you merely throw away the bad samples, you’ll get a flat distribution. Assuming your dice isn’t weighted of course.