The ULTIMATE One Time Pad Tutorial
Вставка
- Опубліковано 1 тра 2022
- The One Time Pad is a truly uncrackable encryption method that has its origins in the 1800s. In this video, I'll teach you how to use it. Digital is fast and weak; analogue is slow and strong. Let's go old school!
📝 MENTIONED IN THE VIDEO:
- Secure communications with the One Time Pad by Dirk Rijmenants: www.ciphermachinesandcryptolo...
- The history One Time Pad from the CryptoMusuem: www.cryptomuseum.com/crypto/o...
📽 GEAR USED TO MAKE THIS VIDEO:
- iPhone 12 Pro
- iOS camera app (4k 24fps)
- Leica Q2 (4k 24fps)
- Lavalier microphone
- Apple Final Cut Pro
- Apple Motion
🎵 Where I get my Music (amazing for UA-camrs) - share.epidemicsound.com/ye2zqm
PS: Some of the links in this description are affiliate links that I get a kickback from 🤝
#encryption #cybersecurity #cryptography
LinkedIn: / thegaryruddell
X: / thegaryruddell
Instagram: / thegaryruddell
Website: www.garyruddell.com - Наука та технологія
You forgot to warn the kids that it ain't easy generating truly random numbers, and one has to be quite careful where you generate them and how you store your pads. I've heard Lava Lamps are good sources of randomness. ;)
I think I mentioned that in here! And yeah, CloudFlare nailed that!
Over the holidays my uncle talked about the existence of numbers stations, which, naturally, most of us had never heard of, so I’ve been deep-diving into the whole shebang, and it led me here!
Hey! Your Uncle sounds like a cool dude!
And that explains private keys, excellent content and quality, profoundly informative
Thanks Orca! Glad you enjoyed it :)
I really like this video because it brings attention to a topic that is very niche but valuable in my opinion: Handling data in a transparent way. Anyone can understand why the one time pad is secure - not the same as for automated encryption using ordinary computers. I get that they are useful for everyday tasks like banking, but for messages that are personal, OTP has often overlooked potential even today. By the way, I am working on this subject (transparent data processing) in general but so far, have not published that much. There are many ways in which both old techniques (such as chemical photography if a photo is confidential - only if you develop it yourself, of course) or new ones (performing research without disclosing which questions you are asking, PIR) can be used for a degree of secrecy ordinary computers simply cannot achieve verifiably.
Thanks Darius. You’re absolutely right about you can understand how it works and where it becomes exploitable. Unlike the high tech stuff on our phones!
BEST video, I have seen on the one time pad! Well done!
That means a lot! Thank you for watching and I’m glad you enjoyed it 💜
i didn't expect this level of production quality!
good job mate keep it up!
Thank you KT!
New video dropping today. Hands on to tutorial on the command line for beginners! Less prod and more info!
@@theGaryRuddell and yeah I have a quick question, when using like CT-46 graph to encrypt, I have a problem with the decryption cuz how u identify one-digit letters like A = 1 right,,
so like that how we gonna identify one-digit letters! (um sorry about my bad English)
Hey! I’d need to see you doing it in action but maybe just go over the instructions with a friend in slow time to see what you’re doing wrong?
@@ktmusicstudio All the one digit letters are 1-5 none of the two digit letters start with 1-5 so if a letter starts with 1-5 you know it's a single sigit. This is assuming I understood it correctly.
@@alfredpetersson 😇 thank u
I learned One time pad as well but the one from 0-25 (A-Z), but I wanna thank you for sharing to us something meaningful.
Thanks so much for your kind comment!
Explained very well, huge respect!
Thanks so much 😊
Thank you so much for sharing this video .I wish they would teach this to the public more
It’s good fun to practice as well. Kids would love it!
Wow very easy to understand and informative thank you and keep it going!
Thanks 🙏🏼 xSelehOliviax!
Awesome work! This video is really well done.
Thanks Music Nerd! I really appreciate that feedback 😊
I remember learning this in school but forgot how to do it, thank you for such a quick and easy explanation! Those creepy numbers stations you hear on shortwave likely use this exact same method.
Glad it brought back some memories. Yeah the numbers stations are cool!
Video is very good THANK YOU
Thank you!
What an absolutely fantastic video.... Huzzah!!
Thank you! Cheers!
Well explained, thanks. Now just need to figure out how to make a code book and one of those letter pads.
Check out the PDF in the description 👍🏼
thanks! i now run a nubmbers station! (CPNS-52)
That’s cool!!
I looked up the paper by DIRK RIJMENANTS, however, it did not have the small one-time pad key sheets you used in the video. do you have a link to a pdf. that has those?
Hey! Oh I made that in Excel using the random function!
How do you do numbers though ? as in entering co-ordinates ? This is the first ive seen without numbers, or am i missing something. Cheers for the vid mate
Hey, got to 7:32 and pay attention to F-L at number 98. That’s how to switch between figures and letters. Make sense?
Agree to some secret method with your recipient. Maybe if I send you an "D" then the next sequence will be numbers until I send "L". Have another pad that has the codes for numbers or reuse the first 10 letters. Your choice, have fun with it!
at 10:15 surely you have made a mistake ? you are ADDING THE plain text to the Key, insted of subtracting the key from the Plain text as you did in the first example ?
Hey! It doesn’t respect the 10 when you do the math. Check out Dirk’s PDF in the description for a full on break down of why it works 😊
Hi Gary,
My question is, if the person should send both Encrypted msg and Key numbers to the recipient? Because, without the key it's not possible to decrypt. If key is not sent then how the recipient could possible know what the key is, even though the recipient have this cheatsheet. The recipient must know the where to look at in his cheatsheet.
on the flip side, if the sender is sending key too, then it's out already. I am kind of confused.
Appreciate your advise.
Yeah the key needs to be sent for sure!
As I mentioned in the video, this is one of the hardest parts of the operation. A whole book of keys will be printed and given to the recipient. This little book needs to be kept secret…obviously.
I recommend you read the PDF linked in the description. The more you read about this, the less confused you’ll be.
@@theGaryRuddell Thanks a lot Gary. Really appreciate it.
@@theGaryRuddell You don't even need pads. Have you and your recipient subscribe to the same daily newspaper, or daily blog, or whatever you pick. Make the first article be your key for that day. Agree on some method to convert the letters to numbers and change it up every week. That way when the NSA break down your door they will never find the key.
How is the initial key created? 😊
Good question. This is one of the flaws in the process. I used Excel’s RANDOM function but that’s not truly random so you have to be careful with it. You can sample white noise to use as a seed to truly randomise the data creation 👍🏼
In WW2 they recorded the sounds outside of the office window in Oxford Street (I think) to derive the random key data sets. The realised that the sounds of car horns/buses pulling away/kids shouting etc. was not predictable in any way.
Wouldnt random numbers had repatsions in them aswell?
Generating truly random numbers is hard. Some would say it’s almost impossible.
Do you have a suggestion on how to generate truly random numbers for the OTPs?
Hey! It’s hard. You can use static, lava lamps, radioactivity and all sorts. But it’s just hard to do on a personal computer etc
@@theGaryRuddell Oh, I wouldn't try on a PC. I was just wondering if you have a preferred method of creating random numbers by non-electronic means. Great video, BTW.
@AViewThroughLensLens that’s HARD!!!!! Use dice! But it’s INCREDIBLY manual.
How does the receiver know what numbers to use
They have a copy of the pad that the sender is using. When the sender encrypts, they destroy their pad. And when the receiver decrypts, they destroy their copy. One time use only. It’s a challenge making and distributing these keys. Unlike Signal/Telegram/iMessage which are lightning fast.
@@theGaryRuddell I get that on 2:27. What's the sheet starting with 655 (not a time stamp). Yeah why not just one set of numbers on the pad? Then there's all this math?
@@brizzell2101 the 655 sheet is an encryption and decryption sheet - a one time pad. So you would have it and so would I. And yeah the math just depends on what side of the conversation you’re on. Send VS receive. Hope that helps? The best thing I’ve found to do is to have a go at doing it yourself!
If the key was shorter than the message itself, would instances of "the" "no" "yes" ... become obvious again? It seems like they would have to be. So one drawback of this method is that the size of your message is restricted by the size of your key.
Correct! That’s why you have the crib sheets and code sheets
FYI, your newsletter link, below, is broken.
Thanks for flagging!
I'm a number station enthusiast. Where can I get my hands on a cryptographically secure random number generator, I want to be able to have some fun with this method of message encryption :)
Hey! If you’re just having fun with it, I’d use a spreadsheet!
@@theGaryRuddell I'd still like to know where to get a truly random number generator
Hello, feel free to use my digital version of the one-time pad cipher: github.com/SubXi/otpy-framework2
It has a CSRNG that is non-deterministic, which is the closest you'll get to truly random numbers (i.e. perfectly secure for real use). The other alternative is using the random.org website which generates numbers from atmospheric noise, but I cannot vouch for it.
@@subxi5744 that’s awesome!
Seems like you could improve on this by using hexadecimal, or some other machine code. Obviously at that point it wouldn't be very easily manually decoded and you'd want some machine to do it for you.
Removing machines is a big part of the goal of the OTP. Machines are used to create the codes, but after that, it's all done manually as a matter of priority.
I wouldn’t send it via Morse code over the air as it is illegal per the license conditions!
If you have the need AND capability to make use of these facilities, you likely:
A) already have the authority.
B) don’t care about the authority.
How about this? 1. Create a 10 MB file of random pads (that's 50k pads with 9 random numbers per cell, so it can encrypt up to 441 words / characters per 5x10 pad). 2. Store this file on Alice and Bob's devices. 3. Create an app that reads the file and uses random pads from it to encrypt / decrypt messages.
Wouldn't this make an uncrackable instant messenger?
That would take up 1 GB for 100 friends, and when people meet in person, they can refresh the pads.
Yeah that sounds interesting. I guess it would be, the issue would be the device it’s running on wouldn’t be uncrackable so a threat actor could read the characters as they’re typed in using a keylogger etc
@@theGaryRuddell True, when the device is compromised, there's nothing you can do about it. But I'm thinking that past messages would still be uncrackable, because the old pads would be erased.
Yeah sounds similar to the paper method! Should work - worth trying. That’s the best way to figure it out. Have a go!
Bro if this is what k4 is encrypted with then Jim's a massive ....
Ha. Jim Sanborn. What a legend.
Instead of doing the addition and subtraction one number at a time, why not make them double digits and do the addition and subtraction like that. You would still use the same rules as you would for the single digit, just with two digits.
I think using single digits results in a shorter transmission. Think about doing morse code etc. if I’m reading your message right!
@@theGaryRuddell I am referring to the math you were doing to get the Encrypted text.
Ohhhh. I’ll have a look at that! Thanks 😊
Your description "Digital is fast and weak; analogue is slow and strong" is wrong. What you are doing on paper is literally a digital process. "Digital" means having to do with digits, which is what you are doing. The word has nothing whatsoever to do with electronics or computers. That's just a common association due to the fact that most digital machines are electronic computers. An analog encryption process would be something else entirely.
I guess the spirit of what’s being demonstrated is modern computer encryption vs old school methods!
Cheers Benjamin 😊