Sorry about the title. This post is motivated by Steven’s comments to the “What is Randomness?” post, where he describes a way that the current paper-and-pencil cipher champion, FibonaRNG, could be broken. Rather than responding with more comments, I thought a whole new post on the issue would make more sense, since it’s going to be rather long. For those who prefer the short version: yes, what Steven says would work, but not very well, although it looks like it should. Read on if you prefer the long version.
(more…)
Current version of URSA
Current version of URSA is: 4.2
Made on 4/18/17
Main source: https://passlok.com/ursa
SHA256 string for web source (single html file):
ea2d-a55c-12fb-1819-c61b-4fd5-b531-3fff-bbd0-8d2f-25fc-d2da-a171-daf0-6d67-3f7b
See the author reading this:
All my apps updated
What started as a small improvement on image steganography has grown into a major update of all my published apps, encompassing PassLok Privacy, PassLok for Email, SeeOnce, URSA, plus two new apps: PassLok Image Encryption, and PassLok Human Encryption. This articles summarizes the changes for those who might be curious. (more…)
Low-tech high-security passwords
You’ve seen this advice many times: use a different password for each website you log into, including lowercase, capitals, numbers, and special symbols. Change it often. If you don’t, a hacker that breaks into one of those websites might be able to get into your bank account and your Facebook page, emptying the first of money and filling the second with child porn. But I’d bet you don’t do it because it’s just too hard to come up with a good password for each website, and then remember it. In this post, I’ll be telling you a paper-and-pencil trick derived from one whose author is none other than Turing award winner Manuel Blum, but far less taxing on your brain. (more…)
PassLok in the News
PassLok is once again getting some attention in the news, so I thought it would be a good idea to collect some of the things that have been said in a post. Some of the titles from major tech outlets: “PassLok Simplifies Email Encryption so Anyone Can Use It” (lifehacker.com), “PassLock (sic): Easy Email Encryption for Everyone” (makeuseof.com). (more…)
Tabula Prava
In Latin, “Tabula Prava” means “crooked table.” This is a play on “Tabula Recta” (straight table), which is a grid full of letters used in a number of classic ciphers, including the Vigenère cipher. Tabula Prava is the straightforward combination of a high-entropy key derivation algorithm, which I published earlier on this blog, and the FibonaRNG cipher, also published here. The result is a very secure cipher that is still quite fast and easy to use with pencil and paper. (more…)
Et Tu, WhatsApp
The “unthinkable” has happened: it is alleged that WhatsApp has a backdoor in its end-to-end encryption, and nobody has actually been getting any security all along. All of this while using the acclaimed “open source” Signal protocol. This article will not break any news, but hopefully will make you think and be safer as a result.
Hint: it has all to do with the quotes in the first two sentences. (more…)
What is randomness?
In this article, I go over the meaning of randomness and end up with yet another couple ciphers, based on the Fibonacci series, which become the new champions for paper-and-pencil strength with simplicity. (more…)
High-security low-tech ciphers compared
Not a totally unlikely scenario: you need to send some extremely sensitive information to someone, using email or whatnot, and you suspect that your phone, your computer, and all electronic devices around you have been bugged. The only thing you have is paper, pencil, maybe some stone as in the picture, and your brains. Some people would prefer that everything is done in your head, but I will presume that you can burn the paper where you did your work afterwards, leaving no traces (hard to do with stone, though). There are a few admittedly low-tech symmetric ciphers that claim to work well in this situation, producing ciphertext that even the NSA would have trouble cracking. I go first over desirable features, then look at the different ciphers and what they have to offer, and conclude with some scores and comparison between them. Nothing prevented their having been invented centuries ago and, had they been available back then the history of the world might have turned out quite different. (more…)
The Scrabble cipher
Back in 1918, John F. Byrne invented an encryption machine, which he called Chaocipher. He tried unsuccessfully to sell it to the US government until his death in 1960 while keeping it a secret. He published some samples of its output in his memoirs, mystifying a whole generation of cryptanalysts. Then, in 2010 his son’s widow decided to release the secret papers describing the inner workings of the machine. It turned out to consist of two rotors with movable letters, which shifted according to a simple pattern. The key was the initial position of the letters in both rotors. Simple and surprisingly effective, although it is somewhat doubtful that Byrne ever built a working machine (the only working prototype was allegedly destroyed (?), and only a cardboard mockup and a blueprint of the original have survived). I ran into the concept a couple weeks ago and I haven’t been able to stop thinking on how to improve it, and I believe I’ve found something as powerful and quite a bit simpler to use. I call it the Scrabble cipher because you can run it with the help of letter tiles. (more…)