Enemies of Liberty are ruthless. To own your Liberty, you'd better come harder than your enemies..

Sunday, December 8, 2013

OTP Comms Security


Forgive my ignorance - maybe someone can help.

My understanding the most secure comm method is the One Time Pad.

Downside: Both the sender and the receiver must have the same set of keys.

If this is accurate, how does the sender get the key to trusted allies far across the country without making the trip and putting it in his hand?  Do you trust a generic UPS or FedEx package?  This is a bit of tradecraft I never bothered with learning.

K

17 comments:

  1. I know nothing of this, but have wondered about secure messaging often. What of sealed letters, with couriers used in between or mail, depending on content. With sender and receiver knowing of the seals used.

    ReplyDelete
    Replies
    1. A couple of the III 300 Patriots have been discussing old-fashioned wax seals. While certainly not tamper-proof, it is a layer of security. One of our Citadel Steering Committee guys also outlined a method that helps.

      How about you guys who have been in this business - how would you get OTP Keys to allies across the country? Would you trust simply sending via snail mail given current realities on the ground?

      Delete
    2. Wax seals are a bad idea. The diverter gates in the automated sorting machinery can catch on the seal and tear the envelope to shreds. Same deal with keys, coins, jewelry, etc. I've seen it and sometimes there isn't enough left to figure out where it came from or where it was going.

      VJ, III Citadel

      Delete
  2. I know this will sound contrary to all things most people have come to believe about secure post, but, I’ve been doing business with a company that only accepts cash as payment, when I make a payment it is through the USPS and is sent “Priority”, by “LAW” once the envelope is sealed only the recipient is allowed to open it, that actually applies to all mail handeled by USPS. This company is engaged in the business of educating & representing people in avoiding voluntary contributions to the IRS, so there is an established reason for .gov to attempt interception of their mail, to hinder comerce, up to now that has not happened. My scepticism is still unchanged even though I’ve witnessed first hand this to be true, old biases die hard, use this information as you choose.
    Richard R Deaver
    III

    ReplyDelete
  3. UPS and Fedex are slightly less risky than USPS, and shipping it using a relay of trusted people would give a better security margin.

    ReplyDelete
  4. I generally have somebody else mail a key to a friend of the recipient who hand delivers it.

    ReplyDelete
  5. There are lots of ways to tell if a package has been tampered with. That's not the challenge; the challenge is to pass coded information through channels that are 100% trusted not to crack it. Hence it's the trust that counts, since anything is crackable.

    I happen to enjoy challenges, so I'm working on it.

    ReplyDelete
  6. You cannot guarantee the security of one time pad info, and a lack of compromise, unless there is a trustworthy chain of custody,-person to person to end user. Without this you would always wonder if compromise occurred, and you won't be able to trust it.

    ReplyDelete
  7. Just get granny to wrap the pad in multiple envelopes and have her send it UPS to a friend of the recipient. It's not perfect but it's probably safe right now, as long as those involved in sending/receiving are not associated with FreeFor. That's what I'd do. * have granny take a photo of the wrapping pattern or write something on the inside of the tape as a tamper check.

    ReplyDelete
  8. 95% plus of private letter mail gets scanned by optical recognition software to determine the delivery address. If you mail a fat envelope (about 1/2 inch thick or so) it won't go through the current machines. That is being upgraded all the time, however.

    The automated machines can look for specific names and addresses. That is part of the mail forwarding system. However, in 16 years running those machines I have never seen anything to make me believe there is, even now, any automated system that could cull a specific person's letter out (either sender or receiver) and redirect it, other than to a change of address. I imagine that it could be redirected to a government address, but then all of that person's mail would take significantly longer to arrive. The forwarding system has been centralized which means it is slower than it used to be because everything has to be shipped to the central location first. The primary place it would be vulnerable would be at the carrier who is going to deliver it. It still goes through his hands and could still be pulled out at the point of delivery. Same goes for any parcels, as far as the delivery point vulnerability.

    If you want to know if a letter went through the automated scanning process, look on the back. If you see an orange, fluorescent bar code, it went through a machine.

    Realistically, face to face is the only absolutely sure way to guarantee no compromise of information.

    VJ, III Citadel

    ReplyDelete
    Replies
    1. VJ: Realistically, would you trust your life that s one-time-pad made it through without being compromised? Life or death.

      Delete
    2. No. If .gov wanted to monitor your mail they could do it without you knowing. Person to person is the only absolutely secure method.

      VJ, III Citadel

      Delete
  9. Trusted Curriers are the key, in fact they are downright necessary.

    ReplyDelete
    Replies
    1. Downright. A guy either meets the next guy live, else he has a courier in between who's completely trusted. Or two or three, but that trust level drops exponentially.

      Delete
    2. agreed, many longnightriders will be needed

      Delete
  10. This long night rider is currently in Philly. Anything going back to western PA by this Friday let me know. ;)

    Also, for what its worth, I used to work for UPS and at this time of the year claims are higher due to belts be overloaded which ultimately overloads the loader in the trailer. The result is magnificent as you get to see the ECT (Edge Crush Test) of the box fail when pressure of boxes begin to pile up this causing an instant accordian matching box set and that Fragile' item is now scrap.

    In Liberty,
    Israel
    III

    ReplyDelete
  11. I am no expert but I have done a bit of reading on the subject.
    The quality of the key is a function of the randomness of the key generator. Computer use pseudo random number generators. These keys can be cracked by the government.
    Another point is that if they want to get you and you won't give up the key, they can always say they have the key and make up any message they need to put you away.

    ReplyDelete

Please post anonymously and include your recognized online handle in the body of the comment.