One-time padThe most secure encryption system in existence was invented by American Gilbert Vernam early in the XX Century. It was extensively used by American and Soviet spies during the Cold War and is still used today for top-secret diplomatic communications. Amazingly enough, it does not involve a computer but rather a little booklet filled with random-looking numbers.
To encrypt a message, the sender does this:
|
Is it secure?
Yes indeed. In fact, it is perfectly secure against anyone not in possession of the pad, no matter how much computer time they throw at it. We're not talking gazillions of times the age of the universe, we're talking infinite time, which is a heck of a lot longer.
This was proven by mathematician Claude Shannon back in 1951. The proof is actually quite simple. We assume that the digits in the pad are truly random and impossible to predict in any way. Someone attempting to crack a message will guess the content and subtract it from the encrypted message in order to obtain the pad digits. But if those are truly random there is no way to tell which digits are the good ones, and therefore which guess is the good one. Any guess of the correct length will appear to be equally good. Since any string will appear as a valid decipherment, the correct decipherment will never be determined.
This was proven by mathematician Claude Shannon back in 1951. The proof is actually quite simple. We assume that the digits in the pad are truly random and impossible to predict in any way. Someone attempting to crack a message will guess the content and subtract it from the encrypted message in order to obtain the pad digits. But if those are truly random there is no way to tell which digits are the good ones, and therefore which guess is the good one. Any guess of the correct length will appear to be equally good. Since any string will appear as a valid decipherment, the correct decipherment will never be determined.
Convenient?
Not really unless you are a spy, and then there are hazards. Let me list some problems:
|
The solution: use a book
That's it. You can use any regular book, or newspaper, or webpage, or whatever source of text you and your correspondent can get your hands on, in order to make a one-time pad out of it. Then you can send your unbreakably encrypted message along with the chapter and paragraph where you started drawing text (obviously, omitting the title of the book) and your friend on the other side, who knows what book you are using out of millions available will repeat essentially the same steps in order to decrypt it.
Of course, normal text (with the possible exception of political speeches and cellphone bills) is not exactly random, but it does contain some randomness that can be squeezed out in order to make the pad. In the following pages, I show you a few ways to do it with a minimum of effort. We will be drawing chaos out of order, so to speak, hence the name of these pages.
Or, if you are dealing with computer files, use another file as a key. Regular files do contain some entropy, and this can be collected to make your encryption considerably stronger than the typical 256 bits used by today's strongest ciphers.
Of course, normal text (with the possible exception of political speeches and cellphone bills) is not exactly random, but it does contain some randomness that can be squeezed out in order to make the pad. In the following pages, I show you a few ways to do it with a minimum of effort. We will be drawing chaos out of order, so to speak, hence the name of these pages.
Or, if you are dealing with computer files, use another file as a key. Regular files do contain some entropy, and this can be collected to make your encryption considerably stronger than the typical 256 bits used by today's strongest ciphers.