Is there any actual secure method of communication?

Because of FTR I read alot about encryption. There are quite a few reasonably same encryption algorithms (that take quite some time to break): TripleDES, Blowfish, RSA, etc. You can increase security by using multiple encryption methods at the same time. The best security is a one-time pad encryption, which uses a key of the same length of the message and this key is used only once. It's unbreakable if they don't find the key.

Maybe in the future we'll see quantum encryption which is almost perfectly secure.

I'd just like to point out..
Quantum cryptography is commerically available

And here's the proof
Here

My point with the password protected online game is security via stealth. If nobody knows that my intent is to exchange information then it looks for all the world like I am playing a game. By swapping encrypted email or attached files you are virtually shouting "I am sending sensitive information!" from the rooftops. Also, I am talking about hosting the game myself rather than using a commercial server. The password is to keep the casual troll-gamer from hooking up to my server that he/she has detected using a port scan.

RSA 512 bit encryption was once thought to be unbreakable. Now harware and software advances have caused RSA to reccomend nothing less than 768 bit encryption for safe messaging. A company named nCipher has determined a way to crack RSA 512 in 6 weeks. They use a strategy of word guessing, and brute force, on a network of hundeds of computers to accomplish this. This was back in 2002.

A newer method of encryption is Advanced Encryption Standard (AES)..

MSDN - ENCRYPT IT
AES is a new cryptographic algorithm that can be used to protect electronic data. Specifically, AES is an iterative, symmetric-key block cipher that can use keys of 128, 192, and 256 bits, and encrypts and decrypts data in blocks of 128 bits (16 bytes). Unlike public-key ciphers, which use a pair of keys, symmetric-key ciphers use the same key to encrypt and decrypt data. Encrypted data returned by block ciphers have the same number of bits that the input data had. Iterative ciphers use a loop structure that repeatedly performs permutations and substitutions of the input data.

AES is likely to become an industry standard. It is very secure. There are theories on how it can be broken, but for the moment they are just theories. There are no proven methods of cracking it. AES is also very quick. If you are into programming, you can visit the link in the quote above and read the entire article on AES. You can also download source code (C#) for implementing AES encryption into your programs.

Originally posted by cccchunt
Just curious but don't you think blowfish 256 bit encryption would work for security?? I don't know of too many people who have programs to break this code if you put your encryption alogrithm at - say 20 characters. It would take probably years to break your email.
I might be way off base on this but seems to me it would work very well. The Govt or whoever probably does not have time to be trying to break code of people emailing each other. Let me know what you think.

They may not have time, but they have enourmous amounts of supercomputing power, which can break encryption... eh--quickly, just like dbates sayith.

Smoke signals, We've killed off most of the people who know how to read them so this is underated in matters of national security, just a thought.

Originally posted by double down
Smoke signals, We've killed off most of the people who know how to read them so this is underated in matters of national security, just a thought.

That is a good idea. How could they be used to communicate over long distances? Creation of large clouds perhaps? Oh, for even longer distances radar could be used to to look at those clouds. I could watch the weather channel, interpreting the clouds you made. That is cool.

REALLY electronicly there isnt a secure communications connection.

Entangled photon pairs would in theory give secure, instant communication over any distance.

Originally posted by AD5673
REALLY electronicly there isnt a secure communications connection.

Yes, I agree with you. All of my internet communications go through my ISP's computers, which can do whateverthehell they want with the data.

Originally posted by zzub
Entangled photon pairs would in theory give secure, instant communication over any distance.

Is that easily implementable? Google returns some juicy .edu sites for that subject--I will be sure to read those.

...speaking of Google--look at some of those 'relevant text ads' at the right in this thread.

Originally posted by Jake_Yes, I agree with you. All of my internet communications go through my ISP's computers, which can do whateverthehell they want with the data.

If you use a one-time pad and they don't find the key, they can't break the cipher. Even if you use an ancient cipher like the Vigenere cipher. Because a one-time pad is of the same length as your message and is used only once, it is almost impossible to break, because the key never repeats. Maybe with ancient ciphers they can find out what language the encoded text is by using statistic analysis.

If you use a one-time pad with more advanced symmetric key ciphers like TripleDES or AES, they can never break the code. You do have to go through all the trouble of getting the one-time pad to the person you're communicating.

if you used encrypted ptp file sharing id think you are pretty safe. the story behind waste is pretty interesting, and you can still download it.


news.com.com...
www.nik.com.au...

Originally posted by amantine
If you use a one-time pad and they don't find the key, they can't break the cipher. Even if you use an ancient cipher like the Vigenere cipher. Because a one-time pad is of the same length as your message and is used only once, it is almost impossible to break, because the key never repeats. Maybe with ancient ciphers they can find out what language the encoded text is by using statistic analysis.

If you use a one-time pad with more advanced symmetric key ciphers like TripleDES or AES, they can never break the code.

Can one-time pad encrypted text be broken with brute force (id est, trying every possible combination of keys)? I know very little about encryption. Are 'TripleDES' and 'AES' just methods of generating a key?
Here is more information about one-time pad encryption.

Originally posted by amantine
You do have to go through all the trouble of getting the one-time pad to the person you're communicating.

Right, that would be tough. One could provide a list of keys to be used in the future to the second party. Or better yet, one could add the next transmission's encryption key along with the previous message. For instance, my encrypted message to you is "attack at 0500. next key is 2weE9)�;#1".

Originally posted by cccchunt
Just curious but don't you think blowfish 256 bit encryption would work for security?? I don't know of too many people who have programs to break this code if you put your encryption alogrithm at - say 20 characters. It would take probably years to break your email.
I might be way off base on this but seems to me it would work very well. The Govt or whoever probably does not have time to be trying to break code of people emailing each other. Let me know what you think.

Chris

This can be cracked quickly on a supercomputer.

My point with the password protected online game is security via stealth. If nobody knows that my intent is to exchange information then it looks for all the world like I am playing a game. By swapping encrypted email or attached files you are virtually shouting "I am sending sensitive information!" from the rooftops. Also, I am talking about hosting the game myself rather than using a commercial server. The password is to keep the casual troll-gamer from hooking up to my server that he/she has detected using a port scan.

Doubt it. Assume that all data sent/received is logged and intercepted by the government. Ever read up on the new search features coming out of MS, Apple, Google, etc.? I've seen a video from Apple where OS 10.4 can scour your hard drive while you're searching...in real-time. The results are displayed immediately. Realize that this is gigabytes of information they are searching! With similar technology applied to several terrabytes plus supercomputing power, the government shouldn't take too long to find your messages.

There are quite a few reasonably same encryption algorithms (that take quite some time to break): TripleDES, Blowfish, RSA, etc.

Don't trust 3DES. 3DES has its roots from DES, a very unreliable encryption. With even a "lower-end" supercomputer, this can be cracked quickly. Blowfish was a candidate for government encryption so I'm not too sure if you would want to trust that if you're trying to avoid the government lol. Don't trust RSA. Period. The famed MD5 hashing algorithm from RSA has already been discovered to have a collision. Therefore, although the MD5 algorithm may seem secure, I highly recommend you don't take your chances with MD5 especially with personal information.

Can one-time pad encrypted text be broken with brute force (id est, trying every possible combination of keys)?

Yup.

Are 'TripleDES' and 'AES' just methods of generating a key?

No, they're encryption algorithms. Commonly, you don't generate your own key as many key-based encryption algorithms ask for a key inputted by the user. However, unless you are referring to one-time encryption algorithms then yes having the computer generate its own key would be the case.

Above all, I'd recommend that nobody trust encryption involving the shifting of ASCII characters ("Byte Shift" encryption being the most insecure and earliest form of encryption). A more practical method would be to create your own character ID based on the available characters similar to what ASCII did. For instance, re-route "a" to "1" and so on. However, this will be eventually cracked given time so I'd suggest re-routing "a" to something like "%&#!."

Just remember, any encryption CAN be cracked with supercomputers (whether it be key-based or not). They can be cracked with home PC's as a matter of fact, however they do take that much longer!

[edit on 11-7-2004 by Blackout]

Originally posted by Blackout
Don't trust 3DES. 3DES has its roots from DES, a very unreliable encryption. With even a "lower-end" supercomputer, this can be cracked quickly. Blowfish was a candidate for government encryption so I'm not too sure if you would want to trust that if you're trying to avoid the government lol. Don't trust RSA. Period. The famed MD5 hashing algorithm from RSA has already been discovered to have a collision. Therefore, although the MD5 algorithm may seem secure, I highly recommend you don't take your chances with MD5 especially with personal information.

Soo... what should we use? Carrier pidgeons?