tech

We are having some technical difficulties with the Radio Free Redoubt Forum Page.
Please be patient, we are aware of the issues. Thank you

 

Guest  

Welcome Guest, posting in this forum requires registration.

Pages: [1]
Topic: Practice Encryption
Guest
Member
Posts: 22

Reputation: 0
Practice Encryption
on: June 22, 2012, 11:58

All of us should be practicing encryption of one form or another. One way of doing that is to send encrypted text via radio.

There might be times when the SALUTE report could be 'sensitive information' and therefore need to be obscured. While not legal on HAM radio bands, MURS is legal for you to gain practice. Just keep all transmissions (encrypted or not) brief. Here is a possible SALUTE


AUTHENTICATION – QHLT


MO 112511 1100CT R-FTX


S=25

A=TNG

L=FB1 Area

U=MM 1-3 HQ

T=Current

E=Rifle & LBE-1


HQ Company in training, chain saw & clearing debris

One known OP, # staff unk. Other OP unk.


Sig – Etech


QHLT /end


After Encryption it would be –


TbwgD8K1vrd3Q2K5nHEXhQBLkoNSJUT/Q9Wk6y085pkZONE+5pohQ7YHC5kz17nabttSw96RuYT4PpPoZ3eDEFfFIfHX4M0yyi/ePx0yXMb5rm6VCfXjnxHwmOyWWzhJ/zkSP6ylXCdFA7IrZugyUk d8dTEvPX43ySKZWVxq5ogr6xnaV8ACoYAB6jTscX1ms2GIWLUyTaunV8cmkNb1RjSx+EoGShC5Zs5vDCbgqiEUNEE0k35PdKFUfpXWc41GPkk6DPJL5sPJ6ztGSD9NMMMyyGzz783jT+42QhYAIm/q PX8hAc3vZ5t/Kf1oJYT7x9TnWJqj5u5U4NKVEXVQnSa4pFhLOTqWKEYYeWaWq6sjB6KEOlpPt24haGOcUFmjOFp/q9dGFDoYjQJk2EEMOmWd8s5H3KnWMhYJPAokAVuL+PoYMp1au8wteloAp6kfBA 3zvZbzkzZG17Y5v0jN6wGm5w+TnomMfHGcbvkLtJk/+K6aUDTsB5QMDBEGTy9pnYG7HcJlagD8a0fRruley3aSoLhk4KQ85KeJdm1fDn01yaxghVfxBAErbERMTIwfZB75XCmbQy2uFajdAL6PmR/m UhQRMrv8ay0AdDG25Lw=


The program I used for this is a small 256 bit AES encryption one. Downloaded from

http://download.cnet.com/AES-256-bit/3000-2092_4-10544070.html?tag=mncol;7

The text/encryption is pasted into the program by using paste=Ctrl-V and copy=Ctrl-C. Left-Right click mouse commands won't work inside this program.

The above encryption is the original text encrypted by using the password Militia1. You could 'unecrypt' by doing the reverse. I prefer using the digital mode program Fldigi as it can use checksums to verify 100% copy and to decrypt you must have 100% copy.

NOTE: Militia1 is not the same password as MILITIA1 or militia1


Practice is essential, as is changing the 'passwords' in real world use.

Just remember, don't use on Ham bands, others are listening…


Guest
Member
Posts: 36

Reputation: 0
Re: Practice Encryption
on: June 22, 2012, 14:13

Etech,


If I recall, the AES encryption standard is a virtual "1 rotor" version of the German Enigma machine from WWII. This can be broken by a brute force in a reasonable length of time if you have the compute power (and 3 letter agencies do). The PGP (Pretty Good Privacy) encryption is better, particularly if you use a 4,096 bit encryption key. But this, too, can be broken eventually. Using a large key just raises the amount of work involved.


Bruce Schneier http://www.schneier.com/ writes a lot about encryption – what works, what doesn't, and how long to expect your encryption to remain safe. I think what he says can be trusted.


Last time I was reading up on this, the summary was that any encryption which is convenient, can also be broken eventually. Those encryption methods which are more secure are inconvenient, and are attacked not through decryption means but through human-factors.


Good luck,


Bear


Guest
Member
Posts: 22

Reputation: 0
Re: Practice Encryption
on: June 22, 2012, 16:56

Bear,


Hopefully you and I will have 'stirred the pot' and get others thinking along the lines of actually using encryption.

You are right in that the AES-256 program isn't the most secure means. What it is – moderately secure and fairly easy to use. Providing an encrypted/decrypted text file for radio use. Not so large as to take excessive transmission times, like the radio DF guys at work. Shoot, Move, Communicate and then move again…


I personally like a combination of some of the more secure versions – used together. Like layers of a onion, peel one layer and there is another. But as you indicated, everything can be decoded, given the time and resources.


Etech


Guest
Member
Posts: 36

Reputation: 0
Re: Practice Encryption
on: June 22, 2012, 17:48

Eteck,


I've heard that a one time pad built with a true random number generator, and used correctly, would be impossible to break because there is no pattern to attack. I don't have the advanced math skills to prove or disprove this, but I think it's intriguing.

The big disadvantage to a one time pad, of course, is that you have to have planned ahead of time and have a one time pad on both ends.

One possible improvement to the one time pad that my little brain has tripped over is the idea of not just having single characters and symbols in the table, but common combinations of letters "tt", "tl", "nn" and even whole common words "the", "is", "an", "move", "go to", to further defeat pattern breaking.


Just a thought.


Bear


Guest
Member
Posts: 22

Reputation: 0
Re: Practice Encryption
on: June 23, 2012, 08:10

Bear,


You are pretty well informed but as you said 'used correctly' is very important and a problem for many. For those wanting more info take a look at http://users.telenet.be/d.rijmenants/en/otp.htm There is a lot of reading there but pretty secure when implemented properly.

I also make use of a supposedly true random number generator, found at http://users.telenet.be/d.rijmenants/en/numbersgen.htm I don't use that program (to generate secure numbers) on any PC that goes on-line. One sequence I generate is a "4 character Authentication code" I generate two 4 character sets one for the 'challange' and (if needed) one for a response. This insures we know exactly who is on the other end of the radio connection. It is very unlikely an enemy (on the fly) can respond with the correct 4 character alpha-numeric combination. Four digits of just alpha characters would yield over 450,000 possible combinations, alpha-numeric increases that possibility to over one million.

It is absolutely imperative those lists stay confidential, never email or disclose via phone. Use different generated lists for different groups, so if one is compromised, all are not.


Guest
Member
Posts: 7

Reputation: 0
Re: Practice Encryption
on: July 13, 2012, 09:07

Bear/Etech,

Good thoughts on encryption. Along with turning up my winmor setup, my plan is to incorporate encryption into my commo needs as well. Any thoughts to get me headed in the right direction?

MCF


Guest
Member
Posts: 36

Reputation: 0
Re: Practice Encryption
on: July 13, 2012, 09:48

mr.carbon.footprint,

You might try to get your hands on the book, "Practical Cryptography" by Niels Ferguson and Bruce Schneier, 2003. ISBN 0-471-22894-X (C), ISBN 0-471-22357-3 (P) this is the paperback version, I think.

This book will get you up to speed pretty quickly on how to think about cryptography. Also, it will help you avoid common mistakes made by use crypto newbies. 🙂

Bear


Guest
Member
Posts: 5

Reputation: 0
Re: Practice Encryption
on: July 13, 2012, 10:57

First, a hearty second on Bruce Schneier's book and anything by Schneier. He just published Liars and Outliars on the subject of trust. He also has a great site at schneier.com with loads of stuff on security issues.


Another thing is email encryption using Gnu Privacy Guard (GnuPG or GPG). This is the open source version of PGP (Pretty Good Privacy). I use Thunderbird so I have a plug in called Enigmail that acts as the interface with GPG. There are plug ins for other email clients as well.


GPG is an asymmetric encryption program. This means that there are two pass keys. One is your private key that you generate with a pass phrase. You never ever give it out. When the private key is generated you also get a public key. Anyone can have your public key and they are available on public key servers.


If you want to send an encrypted email to someone you encrypt the message using the recipient's public key. Only the recipient can decipher the message as he has to use his private key.


The other thing that GPG does is allow the use of encrypted digital signatures. This gives assurance to the recipient that the sender is really who he says he is just in case his email account was hijacked.


To apply a signature you check the box and then apply your private key. The receiver's email client checks your signature against the public key and flags it as valid or bogus.


I can't vouch for other interfaces other than Enigmail but the installation instructions are very good. It takes you about 15 minutes to go through the process. I do use a separate account as you can't use such nice things as html.


Enigmail: http://enigmail.mozdev.org/home/index.php.html


Some other neat resources:


Parisien Research Freeware: encryption, file shredding, etc.

http://www.parisien.org/archive.htm I use VGP as well as the shredder.


Free as well as inexpensive encryption software from Invsoftworks. Kryptel can be used to perform mass encryptions of multiple files. I have used the free Iron Key for encrypted transmissions.


Openstego: http://openstego.sourceforge.net/

Steganography permits you to embed files in images. It alters the least significant bits in the image so that the image looks unchanged. When you decrypt, the hidden file is revealed. Steganography goes back to the Greeks who tattooed messages on the shaved heads of couriers. After the hair grew back they were sent on their mission. This was not for urgent messages. I think the couriers were also one use only.


Of historical interest, a free simulator for the WWII German Enigma machine: http://users.telenet.be/d.rijmenants/en/enigmasim.htm This is a lot of fun to play with.


Guest
Member
Posts: 22

Reputation: 0
Re: Practice Encryption
on: July 14, 2012, 16:59

Hans,


Your post reminded of something I need to check.

A photo/'data' ran via Steganography then sent using Easypal.

For those unaware of Easypal it sends very nice photographs via radio. Similar to SSTV but much better detail. I've sent plain photos on 20m and 2m SSB with great result.


I'm sure most of us know, encryption is not legal for Ham radio, but fine when using MURS. Of course if a serious event happens and they want our guns and food, will it matter? For now though the answer is yes… YMMV


Guest
Member
Posts: 5

Reputation: 0
Re: Practice Encryption
on: July 15, 2012, 05:50

That's been on my list too. Easy enough to try even PC to PC, just haven't gotten around to it.


We're using EasyPal on 2m via repeater and also 6 meters SSB and FM. I'm not sure what the loading of an image does but EasyPal will resize so that's a concern. But, once loaded the actual transmission is digital and error corrected so the transmitted image should be faithful to the original.


Guest
Member
Posts: 7

Reputation: 0
Re: Practice Encryption
on: July 15, 2012, 13:12

Good stuff. I just noticed a new email from Bruce Schnier. Always a good read. It will take me a couple days to digest all the info provided above. THANKS to all!

MCF


Guest
Member
Posts: 1

Reputation: 0
Re: Practice Encryption
on: January 14, 2013, 08:11

This truly is a thread that interests me since I've been using a steganography utility (WINHIP from http://homepage.cs.uri.edu/courses/fall2005/hpr108b/Software.html) to place encrypted data within photos. I figure that, with all the digital picture swapping that folks do, there's no sense in drawing attention to yourself with a pgp announcement on your email text.


As a programmer in a previous life I wrote a short utility that creates One Time Pad (OTP) files of various lengths which can be used to either manually (with pencil and paper) or via the utility (if the medium is electronic) encrypt and decrypt information. The OTP pad file selected is automatically wiped clean (5 pass wipe) after either encrypting or decrypting with it. Obviously, if utilized in the manual method where you've printed the pad file to a piece of paper, you must destroy the evidence yourself.


Having the capability to encrypt or decrypt without the use of a computer would be paramount in many situations and using a relatively secure OTP method would defy all but very intense computer resources.


If anyone is interested in the utility or the code listing (in VB 6.0 or a 'no-frills' version in QBasic) let me know how to get it to you since there's no file depository available within the forum.


Guest
Member
Posts: 2

Reputation: 0
Re: Practice Encryption
on: March 11, 2013, 19:53

Greetings,


Crypto is a big interest of mine. I have heard a couple of myths here that I would like to clear up. When I saw an interest I mean I worked on DRM for AMD, InterTrust and others.


First AES is the new standard encryption protocol. 128 bit AES is for the most part consider unbreakable. 256 bit is totally unbreakable. 256 isn't twice as large as 128 bits, 129 bits is twice as large as 128 bits. With 256 bits you can count the number of atoms in the galaxy.


AES is also not a rotor. It uses sbox which is outside the scope of this post.


Bruce Schneier wrote the bible on encryption.


GPG is good and has been peered reviews so there is a lot of trust with it. I haven't looked at it in years, but will review again, but I would say that should be a standard for us as it is free.


The problem with asymmetric encryption is you have to be able to trust the public key. That is where certificates

come into play. They can be used to validate a public key.

This is what SSL does with your browser going to secure sites. Not only does it encrypt your data, but validates they site is who they say they are.


If we use encryption then we must figure out a cert system.


Stenography is also very interesting, but while some of the programs have encryption built in, the method doesn't imply

encryption.


Also be aware that transmission of encrypted data over ham radio is strictly illegal. Of course it won't matter after it hits fan.


73

-darryl


Guest
Member
Posts: 22

Reputation: 0
Re: Practice Encryption
on: March 15, 2013, 04:55

Good to see a 'pool of knowledge' however the original intent was to get others (zero encryption knowledge) to using some means of securely communicating.

No matter if AES, PGP, Steg or OTP – PRACTICE is an absolute requirement. After a significant event there likely won't be time to practice. People 'attempting' to use encryption will make errors, we all have, practice now and avoid those errors later…


Pages: [1]
WP Forum Server by ForumPress | Lucid Crew
Version: 1.8.2 ; Page loaded in: 0.071 seconds.