The only person or persons who have your key can decrypt your message. Once the message has been encrypted by you and decrypted by your recipients, the One Time Pad keys are discarded (shredded, burned, what have you) and never used again. This manual One Time Pad system is useful if you are going to communicate by mail. You meet with your friends periodically for a nice game of Scrabble (or Boggle) and when you are finished, generate enough keys to accommodate the number of messages you think you’ll send until you meet again for the next game of Scrabble. It might be possible that your snail mail correspondence can be steamed open, so you can also use USD Dead Drop File Sharing as an alternative to snail mail. These methods are only useful for messages that are not time sensitive.
For time sensitive communications, of course, you might want to use, for example, Twitter or email. Since the Edward Snowden revelations about the NSA you can assume that any communication over the air, over fiber, or over copper is being monitored by the NSA. If you watched the Frenkel video in my previous article, you know that the NSA has installed backdoors in our public key encryption standards.
More ambitiously, the NSA is hoping to build a quantum computer that “could break nearly every kind of encryption used to protect banking, medical, business, and government records around the world,” according to the Washington Post (NSA source documents stored on Electronic Frontier Foundation server here and here). A quantum computer could conceivably break “all current forms of public key encryption,” the article says, “including those used on many secure Web sites as well as the type used to protect state secrets.”
Using Shor’s Algorithm, a quantum computer should be able to perform prime factorization of huge numbers. Public key encryption, such as RSA, depends on the difficulty for conventional computers of finding the prime factors of the gargantuan numbers used for public keys.
You may be aware that an alleged quantum computer already exists called the D-Wave, but a recent article in Science News claims that it isn't any faster than a conventional computer. Even though currently it is difficult to build an actual quantum computer, it would be prudent to research new methods of encryption that could stand against the attack of a quantum computer.
Saturday, 19 July 2014 at the HOPE (Hackers on Planet Earth) Conference, NSA leaker Edward Snowden challenged attendees to work on easy to use privacy tools. "I think we the people—you the people, you in this room right now,” said Snowden who was able to participate at the conference using Google Hangouts, “have both the means and the capability to help build a better future by encoding our rights into the programs and protocols upon which we rely every day, and that’s what a lot of my future work is going to be involved in, and I hope you'll join me."
Citizen cryptologists might want to consider not only ease of use, but key distribution, and using conventional computers to generate random numbers while developing these privacy tools.
For programmers it’s relatively simple to write a program to generate random numbers. Because conventional computers are deterministic, however, they are “pseudorandom” which is fine for computer games but not for data encryption. There are a number of methods of generating true random numbers such as connecting a USB Geiger counter to the computer and generating a random number seed when the Geiger counter detects a particle. USB Geiger counters can be pricey, but you can build a Geiger counter using a webcam.
Another possibility is to take advantage of atmospheric noise to generate random numbers. You can experiment with generating random numbers from atmospheric noise with this Random Bitmap Generator. It might be possible to connect a TV tuner dongle to your computer, switch to an analog station, grab a GIF of the static, and use it to generate your random numbers. An even simpler and low tech method is to switch your TV to an analog station and take a picture of the static on the screen with your web cam.
Distributing the One Time Pad Keys has been a problem ever since the cipher was invented. In the early days of Zimmerman’s PGP (Pretty Good Privacy) it was suggested that you met with the people with whom you wished to communicate and exchange key disks and sign them using the software provided with PGP. Nowadays there are still some privacy protocols that are apparently still functioning relatively well. Snowden recommended using GNU Privacy Guard (gpg4win) and TOR (The Onion Router) while working with Glenn Greenwald, the reporter who broke the story about NSA surveillance for the Guardian. Snowden even had to make a video for Greenwald explaining how to use gpg4win. Do keep in mind, however, that the NSA has been investigating how to remove the privacy protections that TOR provides. See the NSA primary source documents regarding their analysis of TOR here, here, here, and here.
Why is privacy important? Why should we give up our Fourth Amendment rights when the annual chance of dying in a terrorist attack is only one in 3.5 million? It’s simple. Follow the money. According to “The Terrorism Delusion” by Meuller and Stewart, “Since September 11, expenditures in the United States on domestic homeland security alone—that is, excluding overseas expenditures such as those on the wars in Iraq and Afghanistan—have expanded by more than $1 trillion.” Meuller and Stewart continue, “According to a careful assessment by a committee of the National Academy of Sciences in a 2010 report, these massive funds have been expended without any serious analysis of the sort routinely carried out by DHS for natural hazards such as flood and hurricanes. The committee did not find ‘any DHS risk analysis capabilities and methods’ adequate for the decisions made.” The terrorism boogeyman is the corporate gravy train.
If you get the opportunity, you may wish to read “ No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State” by Glenn Greenwald. According to Greenwald:
“Invoking George Orwell’s 1984 is something of a cliché, but the echoes of the world about which he warned in the NSA’s surveillance state are unmistakable: both rely on the existence of a technological system with the capacity to monitor every citizen’s actions and words. The similarity is denied by the surveillance champions — we’re not always being watched, they say — but that argument misses the point. In 1984, citizens were not necessarily monitored at all times; in fact, they had no idea whether they were ever actually being monitored. But the state had the capability to watch them at any time. It was the uncertainty and possibility of ubiquitous surveillance that served to keep everyone in line.”