Encryption Followup

BY Herschel Smith
11 months, 2 weeks ago

I’m not going to get detailed in why I am saying what I am about to say.  Go and read this post – Encryption Via A One-Time Pad – at Dan Morgan’s place.  Also, all of this is courtesy of Mosby via WRSA.

The post is interesting, especially the more rudimentary methods of communication, which I think are far superior to the high tech methods.  Then again, this kind of stuff is interesting to me, and perhaps few others.  I suspect that this kind of thing would be useful under certain circumstances, but not me, and not right now.

If I had ever wanted to be anonymous, that ship left port years ago.  I have been tracked by CIA, NSA, FBI, DIA, DHS, Department of State and *.mil network domains ever since I posted real examples of the sinfully restrictive ROE in Iraq and Afghanistan (from folks who were there).  I’ve seen it from network domains that visited my site.  Eventually, I lost interest in that and simply assume that I’m being watched all of the time on everything.  Again, that horse left the barn a long time ago.  I cannot ever be anonymous again.  I have given some thought to how I might return to normal life again, but only thoughts.

But regarding the post on encryption, the issue of random number generators comes up.  Morgan says some of the random number generators are “pseudo-random number generators.”

I have to get all pointy head here, and I fear that the more I do this, the larger the chance is that I give away who I am and what I do.  I just want to keep that separate from my blogging if I can.  But here it goes.  There are guys who do their entire post-doctoral work on developing random number generators at the National Labs for Monte Carlo computer codes.  There are tests for randomness – ten in all the last time I read the papers and listened to the presentations.

Listen.  All random number generators are pseudo-random number generators.  None are truly random.  With a given random number seed, a random number generator will generate the same sequence of numbers every time it is launched.  Monte Carlo computer code users are constantly aware of whether they are exceeding the random number stride with any specific calculation.  There are tricks used as work-arounds if they do, such as choosing a random number seed that happens to be different than the default value, or different than the one they chose earlier.  But the simple question is this: Do you understand that you cannot just launch the application and assume that you get “random numbers?”

But also listen to me on this.  The folks that propose to rule us have access to all of these random number generators.  If you use a random number generator like it’s a black box and generate the same sequence of “random numbers” every time you use it, your communications will become predictable.

What’s the point?  Just be aware that you cannot use a piece of technology as a black box.  You have to be at least semi-educated in order to make proper use of any technology, and don’t assume that you are any more than one step ahead of your opponent, even if you’ve changed what you did since the last time you did it.

Okay.  End of pointy head lecture.

Trackbacks & Pingbacks



  • scott s.

    In Naval PG School as a CS student I took some Ops Analysis courses, including a course on modeling and simulation and we had to go through tests on random number generators. I understand NSA sabotaged the random number generators that form a part of NIST encryption standards.

  • http://www.captainsjournal.com/ Herschel Smith

    I find that believable. I’m sure that they didn’t have any effect on the algorithms in the National Lab codes, but they know what they are. If I do because I have the source code along with thousands of others, then the NSA does too.

  • Paul B

    One time pad cipher is tough. the beale letter is still not decoded. Grab a random book and take the letters you need from the pages using a numbering scheme to denote the letter.

    If you do not have the book, knowing the pattern of the cipher does you no good.

    You could use this in e-mail type transmissions if you set the book to be used earlier. Course if you are being watched such behavior will just trigger the defend response in your watcher.

  • Mark Matis

    I believe I have posted here a way to NOT let them know what you are doing, should that be your desire. I won’t spam again unless someone wants it. Again, even if you DO what I suggest, if the OTHER end of your connection is someone who is infiltrating to incite and indict, then it won’t do any good. THAT is the biggest problem for anyone who wants to be other than a lone wolf.

  • http://billstclair.com/blog/ Bill St. Clair

    Want truly random numbers? Roll some dice. Real. Physical. Dice.

  • http://www.captainsjournal.com/ Herschel Smith

    Bill. Word. Old school thinking is best.

  • http://phelps.donotremove.net Phelps

    Not entirely true. A lot of the generators being made now don’t use a default seed — using the audio coming from the sound card input or a webcam mic is common. If you want a truly random seed, you use something like a cosmic ray detector.

  • http://phelps.donotremove.net Phelps

    Want truly random numbers? Roll some dice. Real. Physical. Dice.

    Gotta make sure that your dice are not worn, are properly balanced, are being thrown far enough, and have enough bounces. Look to Vegas for your examples.

  • http://www.captainsjournal.com/ Herschel Smith

    But Phelps, that’s my point. Some random number generators are made with a default seed with the express purpose of repeatability. Knowing this is important. And remember that *they* have all of the algorithms we have. All of them.

  • http://Brigandage.net Jedburg

    Multiple 10 sided gaming dice.

    Check the Communications page.

    Brigandage.net

  • http://www.captainsjournal.com/ Herschel Smith

    Additional thoughts. So let’s say that you’re communicating to someone with a random number generator. You must use a seed for the calculation. If you choose the same seed over and over and over again, you generate the same “random number” sequence every time, and your communications become quite easily deciphered and predictable. If not, then you must also figure out how to covertly communicate to the person to whom you are communicating the random number seed you used so that they can use the same one and your communications make any sense at all.

    Understand?

  • PJ

    “Multiple 10 sided gaming dice. ”

    You can always use regular dice, then convert the base 6 numbers into base 10 (or any other base you need) using a spreadsheet or a calculator. Don’t forget to subtract 1 first since dice go from 1 through 6 rather than 0 through 5. The math function you want is called “modulus” which is nothing but the remainder after a division.

    There are base conversion utilities on the internet but I would NOT use any such thing for an important password or other secure use since your access to them may be monitored. But they are OK to use just to see how base conversion works.

  • Mark Matis

    Please note my comment on Dan Morgan’s post about using a computer that is connected to the Internet and running Microsoft, Apple, Google, or Facebook software to generate your OTPs.

  • http://www.book-resistancetotyranny.com Joseph P. Martino

    My son’s PhD dissertation was on a scheme for generating random numbers by counting photons that strike a 2-dimensional grid. That will generate truly random numbers. I don’t know if his method has ever been implemented, though.

    Back in the 1960s I was assigned to an R&D outfit. One of our officers was going after a PhD. His dissertation was on simulating neutron paths through nuclear reactor shielding. He was doing the simulations on a VAX, generating huge numbers of “random numbers.” He finally realized he wasn’t doing many different “events,” because the computer was producing only pseudorandom numbers, so he was getting the same sequence of events over and over. He wrote to his adviser about the problem and went on leave. He came back to find his desk covered with notes to call various people. It turned out that just about everyone in the nuclear business was doing the same thing he was, without realizing that because their simulations required so many numbers, their pseudorandom sequences were repeating over and over. I don’t know what he eventually did, but I recognized the problem. I’ve been aware of it ever since.

  • http://www.captainsjournal.com/ Herschel Smith

    Joseph. Random number stride. Solution? Variance reduction. It’s a very long, long story.

  • Neal Evans

    True randomness come from physics. Radio noise. Radioactive decay. Plenty of truly random sources. Someone needs to put it on an arduino with a USB interface. :)

  • random

    please be aware that using the MODULUS operation to convert random numbers to another base is wrong as it leads to statistical bias.

    The simple but inelegant solution is to throw away the samples that are too large.
    E.g. if convert dice throws from base-6 (0…5) to base-5 (0…4), you will encouter that there are about 16% more “0″ samples than the others because 5 mod 5 = 0. However, if you merely throw away the bad samples, you’ll get a flat distribution. Assuming your dice isn’t weighted of course.

  • Pingback: The Captain's Journal » NSA Spying


You are currently reading "Encryption Followup", entry #11325 on The Captain's Journal.

This article is filed under the category(s) Intelligence and was published October 2nd, 2013 by Herschel Smith.

If you're interested in what else the The Captain's Journal has to say, you might try thumbing through the archives and visiting the main index, or; perhaps you would like to learn more about TCJ.

26th MEU (10)
Abu Muqawama (12)
ACOG (2)
ACOGs (1)
Afghan National Army (36)
Afghan National Police (17)
Afghanistan (675)
Afghanistan SOFA (4)
Agriculture in COIN (3)
AGW (1)
Air Force (28)
Air Power (9)
al Qaeda (83)
Ali al-Sistani (1)
America (6)
Ammunition (13)
Animals in War (4)
Ansar al Sunna (15)
Anthropology (3)
AR-15s (36)
Arghandab River Valley (1)
Arlington Cemetery (2)
Army (34)
Assassinations (2)
Assault Weapon Ban (26)
Australian Army (5)
Azerbaijan (4)
Backpacking (2)
Badr Organization (8)
Baitullah Mehsud (21)
Basra (17)
BATFE (44)
Battle of Bari Alai (2)
Battle of Wanat (15)
Battle Space Weight (3)
Bin Laden (7)
Blogroll (2)
Blogs (4)
Body Armor (16)
Books (2)
Border War (6)
Brady Campaign (1)
Britain (25)
British Army (35)
Camping (4)
Canada (1)
Castle Doctrine (1)
Caucasus (6)
CENTCOM (7)
Center For a New American Security (8)
Charity (3)
China (10)
Christmas (5)
CIA (12)
Civilian National Security Force (3)
Col. Gian Gentile (9)
Combat Outposts (3)
Combat Video (2)
Concerned Citizens (6)
Constabulary Actions (3)
Coolness Factor (2)
COP Keating (4)
Corruption in COIN (4)
Council on Foreign Relations (1)
Counterinsurgency (214)
DADT (2)
David Rohde (1)
Defense Contractors (2)
Department of Defense (114)
Department of Homeland Security (9)
Disaster Preparedness (2)
Distributed Operations (5)
Dogs (5)
Drone Campaign (3)
EFV (3)
Egypt (12)
Embassy Security (1)
Enemy Spotters (1)
Expeditionary Warfare (17)
F-22 (2)
F-35 (1)
Fallujah (17)
Far East (3)
Fathers and Sons (1)
Favorite (1)
Fazlullah (3)
FBI (1)
Featured (160)
Federal Firearms Laws (14)
Financing the Taliban (2)
Firearms (250)
Football (1)
Force Projection (35)
Force Protection (4)
Force Transformation (1)
Foreign Policy (27)
Fukushima Reactor Accident (6)
Ganjgal (1)
Garmsir (1)
general (14)
General Amos (1)
General James Mattis (1)
General McChrystal (38)
General McKiernan (6)
General Rodriguez (3)
General Suleimani (7)
Georgia (19)
GITMO (2)
Google (1)
Gulbuddin Hekmatyar (1)
Gun Control (193)
Guns (540)
Guns In National Parks (2)
Haditha Roundup (10)
Haiti (2)
HAMAS (7)
Haqqani Network (9)
Hate Mail (7)
Hekmatyar (1)
Heroism (4)
Hezbollah (12)
High Capacity Magazines (11)
High Value Targets (9)
Homecoming (1)
Homeland Security (1)
Horses (1)
Humor (13)
ICOS (1)
IEDs (7)
Immigration (33)
India (10)
Infantry (3)
Information Warfare (2)
Infrastructure (2)
Intelligence (22)
Intelligence Bulletin (6)
Iran (169)
Iraq (378)
Iraq SOFA (23)
Islamic Facism (33)
Islamists (37)
Israel (17)
Jaish al Mahdi (21)
Jalalabad (1)
Japan (2)
Jihadists (71)
John Nagl (5)
Joint Intelligence Centers (1)
JRTN (1)
Kabul (1)
Kajaki Dam (1)
Kamdesh (8)
Kandahar (12)
Karachi (7)
Kashmir (2)
Khost Province (1)
Khyber (11)
Knife Blogging (2)
Korea (4)
Korengal Valley (3)
Kunar Province (20)
Kurdistan (3)
Language in COIN (5)
Language in Statecraft (1)
Language Interpreters (2)
Lashkar-e-Taiba (2)
Law Enforcement (2)
Lawfare (6)
Leadership (5)
Lebanon (6)
Leon Panetta (1)
Let Them Fight (2)
Libya (11)
Lines of Effort (3)
Littoral Combat (7)
Logistics (47)
Long Guns (1)
Lt. Col. Allen West (2)
Marine Corps (229)
Marines in Bakwa (1)
Marines in Helmand (67)
Marjah (4)
MEDEVAC (2)
Media (22)
Memorial Day (2)
Mexican Cartels (20)
Mexico (24)
Michael Yon (5)
Micromanaging the Military (7)
Middle East (1)
Military Blogging (26)
Military Contractors (3)
Military Equipment (24)
Militia (3)
Mitt Romney (3)
Monetary Policy (1)
Moqtada al Sadr (2)
Mosul (4)
Mountains (10)
MRAPs (1)
Mullah Baradar (1)
Mullah Fazlullah (1)
Mullah Omar (3)
Musa Qala (4)
Music (16)
Muslim Brotherhood (6)
Nation Building (2)
National Internet IDs (1)
National Rifle Association (13)
NATO (15)
Navy (19)
Navy Corpsman (1)
NCOs (3)
News (1)
NGOs (2)
Nicholas Schmidle (2)
Now Zad (19)
NSA (1)
NSA James L. Jones (6)
Nuclear (53)
Nuristan (8)
Obama Administration (205)
Offshore Balancing (1)
Operation Alljah (7)
Operation Khanjar (14)
Ossetia (7)
Pakistan (165)
Paktya Province (1)
Palestine (5)
Patriotism (6)
Patrolling (1)
Pech River Valley (11)
Personal (17)
Petraeus (14)
Pictures (1)
Piracy (13)
Police (105)
Police in COIN (3)
Policy (15)
Politics (134)
Poppy (2)
PPEs (1)
Prisons in Counterinsurgency (12)
Project Gunrunner (20)
PRTs (1)
Qatar (1)
Quadrennial Defense Review (2)
Quds Force (13)
Quetta Shura (1)
RAND (3)
Recommended Reading (14)
Refueling Tanker (1)
Religion (73)
Religion and Insurgency (19)
Reuters (1)
Rick Perry (4)
Roads (4)
Rolling Stone (1)
Ron Paul (1)
ROTC (1)
Rules of Engagement (74)
Rumsfeld (1)
Russia (27)
Sabbatical (1)
Sangin (1)
Saqlawiyah (1)
Satellite Patrols (2)
Saudi Arabia (4)
Scenes from Iraq (1)
Second Amendment (136)
Second Amendment Quick Hits (2)
Secretary Gates (9)
Sharia Law (3)
Shura Ittehad-ul-Mujahiden (1)
SIIC (2)
Sirajuddin Haqqani (1)
Small Wars (72)
Snipers (9)
Sniveling Lackeys (2)
Soft Power (4)
Somalia (8)
Sons of Afghanistan (1)
Sons of Iraq (2)
Special Forces (22)
Squad Rushes (1)
State Department (17)
Statistics (1)
Sunni Insurgency (10)
Support to Infantry Ratio (1)
Survival (9)
SWAT Raids (48)
Syria (38)
Tactical Drills (1)
Tactical Gear (1)
Taliban (167)
Taliban Massing of Forces (4)
Tarmiyah (1)
TBI (1)
Technology (16)
Tehrik-i-Taliban (78)
Terrain in Combat (1)
Terrorism (86)
Thanksgiving (4)
The Anbar Narrative (23)
The Art of War (5)
The Fallen (1)
The Long War (20)
The Surge (3)
The Wounded (13)
Thomas Barnett (1)
Transnational Insurgencies (5)
Tribes (5)
TSA (10)
TSA Ineptitude (10)
TTPs (1)
U.S. Border Patrol (4)
U.S. Border Security (11)
U.S. Sovereignty (13)
UAVs (2)
UBL (4)
Ukraine (2)
Uncategorized (38)
Universal Background Check (2)
Unrestricted Warfare (4)
USS Iwo Jima (2)
USS San Antonio (1)
Uzbekistan (1)
V-22 Osprey (4)
Veterans (2)
Vietnam (1)
War & Warfare (210)
War & Warfare (40)
War Movies (2)
War Reporting (18)
Wardak Province (1)
Warriors (5)
Waziristan (1)
Weapons and Tactics (57)
West Point (1)
Winter Operations (1)
Women in Combat (11)
WTF? (1)
Yemen (1)

about · archives · contact · register

Copyright © 2006-2014 Captain's Journal. All rights reserved.