A little everyday cryptography

Some everyday tricks for secure communication that I've used. This is educational entertainment to try out, but also pragmatically useful.

Only primary school math is required.

Securely transfer a PIN number with a one-time pad

A one-time pad is a provably secure cryptographic scheme, but depends on both communicating parties meeting physically. It is simple enough though that almost everyone can do the math on paper.

Scenario: Alice and Bob know each other in person. At some point in the future, Alice wants to send a small four-digit number (e.g. a PIN code) to Bob, over an insecure channel (e.g. e-mail).

Steps to do while Alice and Bob meet in person:

Steps to do for Alice to transfer the PIN code P:

Steps to do for Bob to decrypt the received number:

Computer science note: On computers, one time pads would usually be implemented as bitwise exclusive-or, instead of using substraction.

Security note: Reusing one-time pads is a classic mistake that makes things tremendously easier for an attacker. The wikipedia article on one-time pads has some great stories about it.

Give out your new phone number

Scenario: Alice has a new phone number and wants to announce it on her homepage, so that her friends can call her. However, she does not want to put her phone number for everyone to see.

Solution:

Note: With high likelihood, at least one your friends will synchronize his electronic address book unencrypted over the internet. A secret service monitoring the internet will consequently probably still keep a copy of your full contact details, but that's unfortunately only avoidable by not giving away your contact details at all.

Example: I do this on my contact page.

Use an HTTPS server for secure transmission

Scenario: Alice's parents don't use PGP or other cryptographic solutions, but Alice needs to send a private document.

Solution:

Note:

Generating random numbers by hand

When generating random numbers, we need to know in what range they should be. For example, in the example above, we need a random number between 0 and 9999, which is chosen with even probability from all possible numbers in that range.

The most ubiquitous random number generator is a dice. You can find them in every household, but unfortunately, it only provides evenly distributed numbers between 1 and 6.

There are a few tricks to get to other number ranges using a 6-sided dice, though:

Generating random numbers in 0, 1, ..., 4

  1. Roll the Dice.
  2. If you rolled a 6, discard it and retry from step 1. This can in theory go on very long, but it's very unlikely.
  3. If you rolled a 1, 2, 3, 4 or 5, substract 1 to get the result from 0 to 4.

The trick here is to discard the result when it's to high, and map the result back to the space that we prefer.

Generating one of 0, 1

To generate a random number between 0 and 1, roll the dice. If the rolled number is even, the result is 0, otherwise 1.

Generating one of 0, 1, ..., 9

Here's the trick to put together decimal numbers of any length:

Generating a number with N digits

Repeat generating a digit from 0 to 9 as above N times. This generates a number with N digits, but potentially with leading zeroes (which is correct).

Footnotes

1. If Alice's parents use Mac OS <= 10.6 or a pre-2014 version of GNUTLS, they will probably use an unpatched SSL implementation that can be trivially attacked by someone in the network, It requires an active "Man in the Middle" attack though, so secret services are probably not running this on the complete internet traffic, but only against specific targets. If the web server runs an outdated version of OpenSSL (before April 7th 2014) or used to and hasn't renewed its keys since then, then you're also vulnerable to a passive attack.