The Encryption That Can't Be Cracked: OTP

Tell a friend, gosh-gee-darnit!
This week, we're giving away a powerhouse deck of cards. It's beveled, it's one-way, AND it's marked--of course I'm talking about the APEX Deck. Whether you're a beginner or an old-hand, this three-in-one deck will open up a new world of possibilities.
Enter our free weekly giveaway and you could be one of six winners of the APEX Deck. Just sign up at gimme.scamstuff.com and you could win! (No purchase necessary, giveaway ends 8/15/2019)

How to do a modern rogue intro:
Person 1: have you ever done a weirdly specific random thing?
Person 2: reluctantly answers 'yes'
Person 1: *laughs*
Person 2: explains what they specifically did

I once took a cryptological mathematics class, and after talking about how to crack the Vigenere cipher, the teacher told us about this perfect cipher called the “One Time Pad,” that’s so strong that it’s even been mathematically proven to be impossible to crack. And even RSA, which is what banks and militaries use is still theoretically crackable, even if near impossible to. Of course, we then asked how that’s possible, and that it obviously had to have a downside. She then said, “It’s called the one time pad because you can only use it once per key, or else it’s just like any other Vigenere cipher.” It was really funny to see Brian’s reactions to a lot of the stuff here.

A surprisingly effective way to generate randomness for a OTP is in fact dice.
Some versions on one-time-pads use numbers purely instead of letters to generate the OTP... so rolling something like a ten-sided dice over and over can generate random enough numbers to generate a pad.

That's not a bad patreon bonus. Patrons get the OTP. Videos on UA-cam deliver a coded message

Surprised they didn't talk about Cloudflare using Lava Lamps to get truly random numbers

Haha! I watch too much Modern Rogue. I knew it was Grilled cheese since the "G"

Your "made up" sign for day, is actually really close to American Sign language sign for day!!

When I was little, I would use a keypad as the key. Somethinf like "hello" would be 42 32 53 53 63. I still use this to store passwords in notebooks since most people wouldn't think about that

What you were saying about the lottery actually reminded me of an experience the other day that I had.
I had my phone out, and I started playing music from one of my playlists, and after I hit play, I noticed that it wasn't set to Random, so I turned that on. Six songs later, and I'd noticed that it'd played all 8 Siousxie and the Banshees songs in the playlist in a row. Obviously, I assumed that it'd justed played down the list in order, until I looked, and saw that it *was* playing randomly. It just happened to randomly choose to play those 8 songs first out of the 200 in the list.

codded message from end:
hidden in plain sight code remains unsolved. clues come in pairs six in all. 1 code and one place tell you the goal. freshen up on base 2 and much will be told.

The US Navy used to use a literal pad of flash paper to do OTP communications. Pretty cool stuff

Literally what I wanted right now thanks lads

hidden in plain sight... so far so good. *thinking intensifies*

A quick clarification:
What make pseudo-randomness different from true randomness is not its origin (like the human who built the algorithm), but the fact the such algorithms run on deterministic computers, and a deterministic machine can't create true randomness.
The bugs or errors in the algorithm would be sources of weakness in the pseudo-random data.

The concept of passing messages that only a selected group/individual can understand is so fascinating to me. I've used a book cipher, a transposition cipher, and hiding-information-in-plain-sight-behind-what-appears-to-be-nonsense codes; but I'd never heard of One-Time pads. I'll definitely have to dig deeper into that, it seems amazing.

Me: *Looks at title* "Hmm, it would be a good opportunity for a Nord VPN spons-
Brian: "This episode is sponsored by Nord VPN"

A lot of respect to you Brian, for respecting who and what Grant Thompson did not only as a youtuber but also as a friend
Thank you
May he Rest In Peace
(A part of the journey is the end) RDJ

Without going into detail. This is basically how Cryptology works in the military. Its usually kept in a safe, that can only be accessed with people that have the appropriate clearance. and each day they input these alpha numeric codes into the system to ensure proper communications.

My personal favorite pen-and-paper encryption is a late WW2 German system called Rasterschlüssel 44. From what I've been able to find on it, it was significantly harder to crack than Enigma. Since it was used primarily for tactical communications, it simply wasn't useful to take a large percentage of the hardware that was being used to attack Enigma traffic offline and allocate it to breaking individual RS44 messages, since the content would have had little operational value by the time it was read. And the machines would *not* have been available to break Enigma messages in that time. Until quite recently the majority of RS44 messages intercepted were unbroken. It was simply too much trouble to attack the system.

Candidate Jeep Jop was the first member of TMZ Cobra to be converted into a changeling hybrid creature

As a linguist and a Deaf Culture/ASL geek: pidgin sign like that can be a good stepping stone to a desire to learn a real sign language, you guys should do a series on learning ASL and local deaf culture interpretation from interpreters/deaf folk!
Like to signal boost!!!

Great video! You guys always brighten my day when I watch a video of yours. They've been great since the start of this channel and I can't wait to see more!

yes, One True Pairing(s) are very convoluted

Candidate Jeep Jop?! You're dating your content! He's The Right Honourable Jeep Jop now!

"1 1 1 1 1 1" Well, d&d players knows that it happens

Sweet!! I love how you guys are delving back into all of the cold war tech you explored earlier in the show's history

Yet another brilliant episode. With privacy being harder and harder to secure, something like this is always a interesting subject. Thank you! Oh and no injuries...other than Brian's pride. ^.^

You should do more of this ciphers are so cool!

I like more educational episodes like this please do more of these.

These episodes are so fun to watch. Thanks again guys :)

we all have been trained to know it ws grilled cheese

The cool kids use the dovah language from skyrim

I remember statistics class in the 90's. Because the internet wasn't really a thing, and computers are as bad as people at generating true randomness - we had to buy a book (same sort of size as an exercise book) filled with just random numbers. The fact they could be used as a One Time Pad did come up in class.

I was waiting for this for years

Notification popped up and I immediately hit the video. Love the vids, keep going lads!

Don’t say first I have a blue shell
Edit: sorry for doing this but thanks for the likes! It really makes my day!😀

Teacher sees 8:27
**Wikipedia isn’t a real reference REEEEEEEEEEEEEEEEE**

If I recall correctly, some number stations had some of their messages decoded because they supposedly got lazy and were re-using OTP keys. Of course it could have just as well been intentional.

So really really similar to the diana cipher. I have the cipher wheel for that one and it also uses the one time pad.

This is a great video. Thanks!

Reminds me of the infinite improbability drive from The Hitchhiker's Guide to the Galaxy. When Brian said the lottery numbers being all ones, it reminded me how the IID would take you exactly where you wanted to go because it's so improbable to randomly blink to the location you suggest that it works. Lol. Silly but fun to think about.

This could be improved by pairing it up with a fountain pen filled with Noodler's Blue Ghost ink. Why that ink? It's waterproof, write the message on the envelope instead of the letter. They won't see that coming LOL
EDIT: if you want to make a random OTP by hand, use a bag of scrabble pieces. Dip your hand in and record the letters.

As mentioned in other comments below, the table used in the video is basically the Vigenere table. There are a few variations on this, including Beaufort, Variant and Gronsfeld. OTP by itself is nothing really special. If you use a short keyword or phrase, you just keep repeating it to make the full key for the message you're sending. Doing this, though, makes the key periodic, and once someone else figures out what the period is, it's easy to crack the cipher. OTP is just the use of a key that's the same length as the message, so it's not periodic. Reusing an OTP key doesn't automatically compromise the system, because there's no guarantee that your two different messages will contain the same important words. That is, one message could be a weather report, and the other could be "escape now, your cover is blown". What's important, though, is to keep the messages short.
What makes OTP so secure is that, with the Vigenere table, any message can be created just by changing the key. If the ciphertext is "ccccc", one OTP key could give you "CHESS" and another one could give you "MARTY", yet both keys could be wrong and you'd never know. The real weakness in using pseudo-random number generators is not so much in the predictability of digit strings in a particular OTP key, but that there's going to be repeated strings of digits from one OTP key to the next. If you've captured enough enemy traffic, no matter how many OTP keys have been used, that non-random part in making up ALL the keys on your one-time pad is going to mean that you're going to be able to read parts of different messages.
As for how to get the OTP to the guy you want to communicate with, how about putting the keys on an SD card and using dead drops?

Always interesting and funny! Thank you!

when I was in 7th or 8th grade, the science textbook showed how certain groups of three nucleotides corresponded to specific amino acids. so I started making a similar code that used a pool of five letters instead of DNA's four. this yielded 125 possible results where as if I had gone with four, I would have had only 64

Actually, your sign for day was pretty close to ASL. Essentially what you did, but backwards.

Damn, I love this channel so much.

Love it guys!

I'd always kind of wondered how One-Time Pads work. This basically explains everything and now I want to write a program to use it.
So the OTP can't be cracked because there's *nothing to crack.* As Jason explains in the episode, each individual letter uses a different encryption key, which is only ever used once and then thrown away.
Normally, you use an encryption key for an entire message or to identify a person (see PGP signatures... actually that could be a fun episode), but if the key gets compromised somehow, then that entire channel is compromised.

The sign used by Brian for "today" is actually very similar with the sign used in brazilian sign language for "morning", because it represents the sunrise, only diference is the hand configuration: in bsl it is with the thumb touching the index finger, like an ok sign

As someone who knows American Sign Language, Brain actually signed "today" correctly. One hand rising on the other can be day, Sunrise, or sunset (depending on how you're sign) though sunset is normally going down.

Ya' killing me! I've spent WAAAAAAAY too long trying to figure this code out. The first layer is simple enough if not a little time-consuming (regretting not writing some code to figure it out for me rather than doing it manually...). Finding those extra clues is not going well though. I feel like you guys did an episode that touched on binary at some stage, but I can't for the life of me figure out which one?!?! Hmmmm, good play boys, good play!

There is also a (MM) in the encoded message that corresponds to two different letters in the decoded message, D and C.

Assuming that this method does not code word breaks, some information can be inferred by the length of words. It also does not change the overall length of the message.

Loved this video

radioactive decay is seen as random because we haven't found any pattern in it and we don't know all variables that may come in in to it. it is possible that some variables haven't been discovered yet

It's interesting to note the reason that you cannot reuse the one time pad to encrypt a second message. If someone gets a hold of two messages encrypted with the same key, the security is completely compromised. An attacker would only need to guess at a small portion of the plaintext in either message (a probable word, for example) and test the hypothesized key on the other message to see if it produces additional plaintext. The attack jumps back and forth between the two messages until it totally unravels. It might be a little tedious to do by hand but a computer would crack it nearly instantly.

You can encrypt a message, and encrypt the encryption, making it even more secure (but probably you don't need that kind of security...)

Amazing timing for this one guys 😂

YES! The Rogues need to have a secret communication network!

Whoa. I kid you not, just today at work I was working on implementing OTP. Although, in this case, OTP stood for "One Time Password" (essentially the same concept, though). But it was interesting to get home after working on "OTP" all day only to see "OTP" in my subscription box.

The dank meme material able to be extracted from this one episode is threw the roof son

A desktop computer can generate random numbers from human input. The exact timing between keystrokes, for example, is unpredictable. I believe they also incorporate numbers from hardware events (e.g. exactly how long a disk read takes, for example). This works because if you add two random numbers together modulo some maximum value (such as the maximum value that the computer holds in one integer) then you get a number that is more random than either number.

I would like to say thank you for some really personal stuff that I don't really want to say on this public site I just want you to know that you helped me recently

One time pad encrypted messages are like library of babel: the message can be every combination of words within the number of letters it contains. So, you can try to brute force it and find a message that makes sense, but it's not necessarily the real message.

I’m surprised you guys didn’t talk about how the only way to get truly random results is with quantum states. The easiest way to do this is with radioactive decay, because the exact intervals and strengths at a given time are truly random. You also can use a quantum computer to generate true random numbers.

YEAAH NEW UPLOAD

Brian's made up name in the Nord commercial is "Jeep Jop".
Brian drives a Jeep.
Brian's brain is not random.

If you have a Vigenère cipher where the key is longer or just as long as the input text, then it is essentially unbreakable, unless you want to do brute forcing and figuring out what outputs might be the right answer, manually or through algorithms or ai.

I knew it was gonna be grilled cheese as soon as I saw the G. I've been watching too much of these two.

Nowadays truly random number generators use atmospheric noise to create numbers. Since electrons are truly moving in a random orientation we can discern a number value to certain orientations of an election as it's moving in space. this is how we create random numbers for since related matters like determining where to study a population in a micro population study. Now it's possible that electrons are not random however, we don't know enough about quantum physics to understand them in that way.

Jason reminds me of Daniel Stern... but funnier. Love the video!

Knew about the Vigenere cipher and one time pad.But not about adding numbers to the grid.

You guys should do the Diffie-Hellman key exchange by hand. This way you can generate a secret between two people without letting anyone listening know the secret.

Me and a friend came up with the Hopilop language as kids. Stupidly easy to break but it counts. Clue is in the name and its soooo inefficient. But also have a kind of understood hand/body language thing going with a mate i've played airsoft for years with. Its gotten to a point where we can convey quite complex details across without a word though misinterpretations have happened a plenty

2:40 - Half the Internet's security runs on lava lamps (yes that's a simplification and generalization): ua-cam.com/video/1cUUfMeOijg/v-deo.html
5:39 - It's tricky to do key-exchange, but especially so in-band. But out-of-band key-exchange isn't always practical (Internet).
6:12 - What you thought is also valid. It doesn't make a difference in which order you index the array, as long as it's consistent.
Like you said, OTPs aren't practical in some situations like the Internet, so asymmetric/public-key cryptography endures.

I remember watching something about a science experiment that used two telescopes which observed separate stars in the night sky and used their twinkling to generate randomness can't remember the specifics or why it was needed but still cool :)

3:52 - I always remember the number stations vid as it started with 'Man, I miss the Cold War!' and my eyes went like plates and I burst out laughing.
It was also one the first MR vids I watched and thought 'Where has this true gangstah sh*t been? I shall binge it at once!'

From what I remember from a book on ciphers and codes I had in middle school, the Vigenere Cipher (the one used in this episode), actually isn't all that secure. Don't get me wrong, It's very secure to the average person, like myself, but to someone with enough experience there is a method of approximation that can get decently close to deciphering a message. I can't remember what it was though.
Obviously it's a lot easier to crack if you encrypt the message poorly, though. To encrypt the message well use a random key, make the key as long if not longer than the message itself, block your enciphered message so the word lengths don't remain the same as before, keep the message short, etc. All of which are done in this video. It's also possible to make the cipher more secure by rearranging the reference alphabets. So instead of making the top alphabet "abcdefg...", make it "dfgcbae...". Same for the side alphabet. Taking these steps makes the Vigenere cipher more secure, and now that I think about it, it seems like it _should_ be impossible to decode as is, but I seem to recall that there are ways to decode it. And not even with a computer. I could be wrong on that part though.
Also, coincidentally enough, just this week I finished making a spreadsheet that could encipher and decipher a vigenere encrypted message with given alphabets, input message, and key. Unfortunately, I made it so that it uses just letters and no numbers, so it's annoyingly useless in deciphering that last message in the video.
Edit: Hmm, Hidden in plain sight, much will be told.

Nice haircut Brian 👍

how do they not have more subs i mean there so good they deserve so much better than this i guess the youtube algorithm doesnt put them on peoples recomended hey keep goin though i think anyone would love these guys if they were more represented

Guys that’s amazing!

Honestly was good to hear you say Scotland.

You can get "random entropy generators" for computers that look like a USB flash drive to get truly random numbers from quantum processes like the breakdown of a diode junction.

Awesome

Never been this early wow. And youtube did not notify me
Also the beginning was gold

Did you guys know that Grant Thompson died in a paragliding accident in Utah on July 29th?

The cool part is that you can have 2 pseudo random machines that produce the OTP key, which are synchronized........ and it can be something as small as a thumb drive, or can be made to look like a normal app in a cellphone.

The other quality that a one time pad MUST have is that the pad must be as long or longer than the message that is sent. If not, then it becomes a Vigenere cipher instead, and if the message is longer than the pad and the users cycle through it multiple times, it can be quite easy to determine the key using letter frequency analysis alone (it's not a ONE TIME pad anymore, you know?) This was actually done on some occasions when users weren't given new pads and simply reused old ones. Again, the "one time" part of one time pad is vital.

0:50 tha reference alone justifies the like.

In programming random number that special pattern is called a Seed

Perhaps I missed it, but one critical requirement is that the key is as long, or longer than the message. Otherwise you have to reuse, which removes the unbreakability of the cipher. Technically though, it's not unbreakable, but if you follow the rules (never reuse), every possible translation is equally probable. The moment your opponent has two messages with the same key, there is a pattern, and it is simple to break.

There is a video somewhere about lavalamps that are recorded to generate truly random codes.

You could go a step further and start from a predetermined number of characters in, like start decrypting from the second line in the key.

"First letter is going to be G" immediately knew the phrase would be grilled cheese.

Any new viewers, check out the description of this video. It has many additional info and secrets

if im correct that is either the actual sign for day or really close

One time these were in fact cracked was by the US governments operation Vernona which exposed the most prolific soviet agent in history known as agent Homer at the time. It was cracked cause during the winter war the fins captured an NKVD division and all their onetime pads which had been mass produced and weren't unique at all because of the need for a massive amount of covert codes

How is the number distribution affected when time is used as a factor for generating the random numbers