Uncrackable Encryption

Disclaimer

Please do not email me about this project without reading the disclaimer above.

It is a OTP (One Time Pad) system using a simple XOR (exclusive OR) of message and key, using a key equal in length to the message and never reusing a key. See the encrypt utility documentation for more detail on how the scheme works.

A more advanced version of the project requires to you build a peripheral that is a true random number source. Pseudo random number generators are useless for this purpose. Such a device would be useful for creating one-time pads and also in various simulations. Here are several ways it could work. See true random numbers in the Java glossary for more details on how to build on buy one.

Once you have this mechanism in place, you can build an uncrackably secure webphone. You use the standard Java microphone API (Application Programming Interface) to convert sound into numbers, compress them a little, encrypt the numbers and send them over the web in real time. On the other end you reverse the process and play the sound. You logically have two channels, one in each direction. Keep in mind that snoops can still place hidden microphones at either end, or snoop on EMF (Electro-Magnetic Fields) radiation from your computer. It is best to use a laptop which emits fewer clues. However, snoops can’t do anything simply by packet sniffing or intercepting and replacing packets. There is a slight delay as packets wend there way through the Internet, but not that different from a long distance call to Indonesia from Canada.

The advantages of this scheme are:

• The code is simple enough to write yourself. You need not rely on an outside company to provide encryption code to you. It becomes much harder for the CIA/KGB/FBI/LBJ/CSIS (pick your favourite bad guy) to hide a snoop in the code. You can have several people study the code and freshly compile it to ensure it does what it is advertised to do. With ordinary encryption you must trust some company that might be under CIA (Central Intelligence Agency) control.
• The messages themselves cannot be cracked, even in theory. The keys must be intercepted, the decoded messages read or the software compromised.
• The algorithm is very quick.
• With digital signing, it is possible to distribute software over the Internet without worry the CIA has tampered with it. You don’t need to distribute it by secure courier the way you would with private one time pad keys. However, if you think the CIA may have cracked the digital signature schemes, you might want to distribute software by secure courier too, so you might as well distribute a year’s worth of one time pads at the same time.

• You must predistribute bulky keys on CD (Compact Disc). In contrast, in a private/public key encryption scheme, there is no need to transport private keys around.
• If you have more than two parties communicating, you probably want a CD of keys for each pair who might potentially communicate. You need a large hard disk to contain all those keys and software to select the correct key source and make absolutely sure no piece of any key is ever reused.

I have already implemented this, but for contractual reasons, I cannot release the source until 2014-02.

standard footer

	This page is posted on the web at:	http://mindprod.com/project/uncrackableencryption.html
	Optional Replicator mirror of mindprod.com on local hard disk J:	J:\mindprod\project\uncrackableencryption.html
	Please read the feedback from other visitors, or send your own feedback about the site. Contact Roedy. Please feel free to link to this page without explicit permission.
	Canadian Mind Products IP:[65.110.21.43] Your face IP:[3.144.17.45]
Feedback	You are visitor number