Over the holidays my uncle talked about the existence of numbers stations, which, naturally, most of us had never heard of, so I’ve been deep-diving into the whole shebang, and it led me here!
@@theGaryRuddell and yeah I have a quick question, when using like CT-46 graph to encrypt, I have a problem with the decryption cuz how u identify one-digit letters like A = 1 right,, so like that how we gonna identify one-digit letters! (um sorry about my bad English)
@@ktmusicstudio All the one digit letters are 1-5 none of the two digit letters start with 1-5 so if a letter starts with 1-5 you know it's a single sigit. This is assuming I understood it correctly.
I really like this video because it brings attention to a topic that is very niche but valuable in my opinion: Handling data in a transparent way. Anyone can understand why the one time pad is secure - not the same as for automated encryption using ordinary computers. I get that they are useful for everyday tasks like banking, but for messages that are personal, OTP has often overlooked potential even today. By the way, I am working on this subject (transparent data processing) in general but so far, have not published that much. There are many ways in which both old techniques (such as chemical photography if a photo is confidential - only if you develop it yourself, of course) or new ones (performing research without disclosing which questions you are asking, PIR) can be used for a degree of secrecy ordinary computers simply cannot achieve verifiably.
Thanks Darius. You’re absolutely right about you can understand how it works and where it becomes exploitable. Unlike the high tech stuff on our phones!
As someone studying cyber security this is a really cool video, this a simple yet effective video on simply explaining OTP. This deserves more subs and views. I kind of forgot how OTP worked but now I remember.
I remember learning this in school but forgot how to do it, thank you for such a quick and easy explanation! Those creepy numbers stations you hear on shortwave likely use this exact same method.
Gary, you are an amazing teacher by nature, thanks for all your work. I came back to your video for a NL (natural language) source in order to benchmark the latest AI foundation models that code Python routines nicely, merely by using proper grammar.
it doesnt tho, public keys are like sending perfect irreversible locks out into the wild and when you get a message u you use ur single private key to unlock, pads you need to have meet up and agree on a large set of pads (difficult and operational security is highly important when using) Naval ships had massive amount of pads all in water soluble ink so messages couldn't be reversed later after being sunk/defeated
You forgot to warn the kids that it ain't easy generating truly random numbers, and one has to be quite careful where you generate them and how you store your pads. I've heard Lava Lamps are good sources of randomness. ;)
@@New2chem Alas, any physical object, has micro-imperfections, even the best made dice will have invisible imperfections that will show up in a very large list of outcomes. Good for teaching your 9 year old daughter however the basics! The Pelayo brothers were banned in Casinos around the world for their knowledge that all 'fair' roulette wheels have small imperfections. en.wikipedia.org/wiki/Winning_Streak_(film)
at 10:15 surely you have made a mistake ? you are ADDING THE plain text to the Key, insted of subtracting the key from the Plain text as you did in the first example ?
If the key was shorter than the message itself, would instances of "the" "no" "yes" ... become obvious again? It seems like they would have to be. So one drawback of this method is that the size of your message is restricted by the size of your key.
Good question. This is one of the flaws in the process. I used Excel’s RANDOM function but that’s not truly random so you have to be careful with it. You can sample white noise to use as a seed to truly randomise the data creation 👍🏼
In WW2 they recorded the sounds outside of the office window in Oxford Street (I think) to derive the random key data sets. The realised that the sounds of car horns/buses pulling away/kids shouting etc. was not predictable in any way.
Hi Gary, My question is, if the person should send both Encrypted msg and Key numbers to the recipient? Because, without the key it's not possible to decrypt. If key is not sent then how the recipient could possible know what the key is, even though the recipient have this cheatsheet. The recipient must know the where to look at in his cheatsheet. on the flip side, if the sender is sending key too, then it's out already. I am kind of confused. Appreciate your advise.
Yeah the key needs to be sent for sure! As I mentioned in the video, this is one of the hardest parts of the operation. A whole book of keys will be printed and given to the recipient. This little book needs to be kept secret…obviously. I recommend you read the PDF linked in the description. The more you read about this, the less confused you’ll be.
@@theGaryRuddell You don't even need pads. Have you and your recipient subscribe to the same daily newspaper, or daily blog, or whatever you pick. Make the first article be your key for that day. Agree on some method to convert the letters to numbers and change it up every week. That way when the NSA break down your door they will never find the key.
I looked up the paper by DIRK RIJMENANTS, however, it did not have the small one-time pad key sheets you used in the video. do you have a link to a pdf. that has those?
They have a copy of the pad that the sender is using. When the sender encrypts, they destroy their pad. And when the receiver decrypts, they destroy their copy. One time use only. It’s a challenge making and distributing these keys. Unlike Signal/Telegram/iMessage which are lightning fast.
@@theGaryRuddell I get that on 2:27. What's the sheet starting with 655 (not a time stamp). Yeah why not just one set of numbers on the pad? Then there's all this math?
@@brizzell2101 the 655 sheet is an encryption and decryption sheet - a one time pad. So you would have it and so would I. And yeah the math just depends on what side of the conversation you’re on. Send VS receive. Hope that helps? The best thing I’ve found to do is to have a go at doing it yourself!
How do you do numbers though ? as in entering co-ordinates ? This is the first ive seen without numbers, or am i missing something. Cheers for the vid mate
Agree to some secret method with your recipient. Maybe if I send you an "D" then the next sequence will be numbers until I send "L". Have another pad that has the codes for numbers or reuse the first 10 letters. Your choice, have fun with it!
@@theGaryRuddell Oh, I wouldn't try on a PC. I was just wondering if you have a preferred method of creating random numbers by non-electronic means. Great video, BTW.
How about this? 1. Create a 10 MB file of random pads (that's 50k pads with 9 random numbers per cell, so it can encrypt up to 441 words / characters per 5x10 pad). 2. Store this file on Alice and Bob's devices. 3. Create an app that reads the file and uses random pads from it to encrypt / decrypt messages. Wouldn't this make an uncrackable instant messenger? That would take up 1 GB for 100 friends, and when people meet in person, they can refresh the pads.
Yeah that sounds interesting. I guess it would be, the issue would be the device it’s running on wouldn’t be uncrackable so a threat actor could read the characters as they’re typed in using a keylogger etc
@@theGaryRuddell True, when the device is compromised, there's nothing you can do about it. But I'm thinking that past messages would still be uncrackable, because the old pads would be erased.
I'm a number station enthusiast. Where can I get my hands on a cryptographically secure random number generator, I want to be able to have some fun with this method of message encryption :)
Hello, feel free to use my digital version of the one-time pad cipher: github.com/SubXi/otpy-framework2 It has a CSRNG that is non-deterministic, which is the closest you'll get to truly random numbers (i.e. perfectly secure for real use). The other alternative is using the random.org website which generates numbers from atmospheric noise, but I cannot vouch for it.
Instead of doing the addition and subtraction one number at a time, why not make them double digits and do the addition and subtraction like that. You would still use the same rules as you would for the single digit, just with two digits.
having punctuation and spaces in your encoded message is a bad idea, it gives a regularity and you can use zipf and that to basically know exactly what length of words spaced by spaces or comma/period+space and bruteforce sentences out of it much easier.
I think you’ve missed something. It doesn’t matter what’s in the message. It is TRULY unbreakable without the cipher key. The message could read: FFFFFFFFFFFFFFFFFFFFFFF. And with the right key, the real message will be revealed.
@@theGaryRuddell oh yeah you are right! I had a momentary brain fart there, you are right. Thank you so much, I can definitely see why intelligence agencies have used this for so long, and why numbers stations are still live and transmitting to this day. I have immediate (legal, non-hostile, defensive) real life usage for this already. It seems sufficiently secure especially if additional levels of encryption are applied, one smart instance I learned of through Manchester Ring was the message decrypting into something legible, but the actual message required the decrypted message to be XOR'd with the cipher key.
Seems like you could improve on this by using hexadecimal, or some other machine code. Obviously at that point it wouldn't be very easily manually decoded and you'd want some machine to do it for you.
Removing machines is a big part of the goal of the OTP. Machines are used to create the codes, but after that, it's all done manually as a matter of priority.
You can ONLY break the encryption if you manage to get a hold of the key. That is the ONLY way. No computer and brute force it or analyse it. It’s mathematically impossible.
Your description "Digital is fast and weak; analogue is slow and strong" is wrong. What you are doing on paper is literally a digital process. "Digital" means having to do with digits, which is what you are doing. The word has nothing whatsoever to do with electronics or computers. That's just a common association due to the fact that most digital machines are electronic computers. An analog encryption process would be something else entirely.
Over the holidays my uncle talked about the existence of numbers stations, which, naturally, most of us had never heard of, so I’ve been deep-diving into the whole shebang, and it led me here!
Hey! Your Uncle sounds like a cool dude!
Still useful for countries like Cuba or smaller.
i didn't expect this level of production quality!
good job mate keep it up!
Thank you KT!
New video dropping today. Hands on to tutorial on the command line for beginners! Less prod and more info!
@@theGaryRuddell and yeah I have a quick question, when using like CT-46 graph to encrypt, I have a problem with the decryption cuz how u identify one-digit letters like A = 1 right,,
so like that how we gonna identify one-digit letters! (um sorry about my bad English)
Hey! I’d need to see you doing it in action but maybe just go over the instructions with a friend in slow time to see what you’re doing wrong?
@@ktmusicstudio All the one digit letters are 1-5 none of the two digit letters start with 1-5 so if a letter starts with 1-5 you know it's a single sigit. This is assuming I understood it correctly.
@@alfredpetersson 😇 thank u
I really like this video because it brings attention to a topic that is very niche but valuable in my opinion: Handling data in a transparent way. Anyone can understand why the one time pad is secure - not the same as for automated encryption using ordinary computers. I get that they are useful for everyday tasks like banking, but for messages that are personal, OTP has often overlooked potential even today. By the way, I am working on this subject (transparent data processing) in general but so far, have not published that much. There are many ways in which both old techniques (such as chemical photography if a photo is confidential - only if you develop it yourself, of course) or new ones (performing research without disclosing which questions you are asking, PIR) can be used for a degree of secrecy ordinary computers simply cannot achieve verifiably.
Thanks Darius. You’re absolutely right about you can understand how it works and where it becomes exploitable. Unlike the high tech stuff on our phones!
As someone studying cyber security this is a really cool video, this a simple yet effective video on simply explaining OTP. This deserves more subs and views. I kind of forgot how OTP worked but now I remember.
BEST video, I have seen on the one time pad! Well done!
That means a lot! Thank you for watching and I’m glad you enjoyed it 💜
I remember learning this in school but forgot how to do it, thank you for such a quick and easy explanation! Those creepy numbers stations you hear on shortwave likely use this exact same method.
Glad it brought back some memories. Yeah the numbers stations are cool!
Gary, you are an amazing teacher by nature, thanks for all your work. I came back to your video for a NL (natural language) source in order to benchmark the latest AI foundation models that code Python routines nicely, merely by using proper grammar.
And that explains private keys, excellent content and quality, profoundly informative
Thanks Orca! Glad you enjoyed it :)
it doesnt tho, public keys are like sending perfect irreversible locks out into the wild and when you get a message u you use ur single private key to unlock, pads you need to have meet up and agree on a large set of pads (difficult and operational security is highly important when using) Naval ships had massive amount of pads all in water soluble ink so messages couldn't be reversed later after being sunk/defeated
I used those keys on naval ships myself 😉
You forgot to warn the kids that it ain't easy generating truly random numbers, and one has to be quite careful where you generate them and how you store your pads. I've heard Lava Lamps are good sources of randomness. ;)
I think I mentioned that in here! And yeah, CloudFlare nailed that!
10 sided dice
@@New2chem Alas, any physical object, has micro-imperfections, even the best made dice will have invisible imperfections that will show up in a very large list of outcomes. Good for teaching your 9 year old daughter however the basics! The Pelayo brothers were banned in Casinos around the world for their knowledge that all 'fair' roulette wheels have small imperfections. en.wikipedia.org/wiki/Winning_Streak_(film)
I learned One time pad as well but the one from 0-25 (A-Z), but I wanna thank you for sharing to us something meaningful.
Thanks so much for your kind comment!
at 10:15 surely you have made a mistake ? you are ADDING THE plain text to the Key, insted of subtracting the key from the Plain text as you did in the first example ?
Hey! It doesn’t respect the 10 when you do the math. Check out Dirk’s PDF in the description for a full on break down of why it works 😊
Explained very well, huge respect!
Thanks so much 😊
Mate, years after upload and this demonstration was invaluable! Subscribed and then unsubscribed just so I could subscribe again
Hahah thanks mate!
Thank you again, just inspired first project for my Python practice!
Send me a link when it’s done please?
Excellent job of explaining the process!
Cheers Gary!
Awesome work! This video is really well done.
Thanks Music Nerd! I really appreciate that feedback 😊
Wow very easy to understand and informative thank you and keep it going!
Thanks 🙏🏼 xSelehOliviax!
Thank you so much for sharing this video .I wish they would teach this to the public more
It’s good fun to practice as well. Kids would love it!
If the key was shorter than the message itself, would instances of "the" "no" "yes" ... become obvious again? It seems like they would have to be. So one drawback of this method is that the size of your message is restricted by the size of your key.
Correct! That’s why you have the crib sheets and code sheets
Well explained, thanks. Now just need to figure out how to make a code book and one of those letter pads.
Check out the PDF in the description 👍🏼
What an absolutely fantastic video.... Huzzah!!
Thank you! Cheers!
How is the initial key created? 😊
Good question. This is one of the flaws in the process. I used Excel’s RANDOM function but that’s not truly random so you have to be careful with it. You can sample white noise to use as a seed to truly randomise the data creation 👍🏼
In WW2 they recorded the sounds outside of the office window in Oxford Street (I think) to derive the random key data sets. The realised that the sounds of car horns/buses pulling away/kids shouting etc. was not predictable in any way.
thanks! i now run a nubmbers station! (CPNS-52)
That’s cool!!
Wouldnt random numbers had repatsions in them aswell?
Generating truly random numbers is hard. Some would say it’s almost impossible.
FYI, your newsletter link, below, is broken.
Thanks for flagging!
Hi Gary,
My question is, if the person should send both Encrypted msg and Key numbers to the recipient? Because, without the key it's not possible to decrypt. If key is not sent then how the recipient could possible know what the key is, even though the recipient have this cheatsheet. The recipient must know the where to look at in his cheatsheet.
on the flip side, if the sender is sending key too, then it's out already. I am kind of confused.
Appreciate your advise.
Yeah the key needs to be sent for sure!
As I mentioned in the video, this is one of the hardest parts of the operation. A whole book of keys will be printed and given to the recipient. This little book needs to be kept secret…obviously.
I recommend you read the PDF linked in the description. The more you read about this, the less confused you’ll be.
@@theGaryRuddell Thanks a lot Gary. Really appreciate it.
@@theGaryRuddell You don't even need pads. Have you and your recipient subscribe to the same daily newspaper, or daily blog, or whatever you pick. Make the first article be your key for that day. Agree on some method to convert the letters to numbers and change it up every week. That way when the NSA break down your door they will never find the key.
Video is very good THANK YOU
Thank you!
I looked up the paper by DIRK RIJMENANTS, however, it did not have the small one-time pad key sheets you used in the video. do you have a link to a pdf. that has those?
Hey! Oh I made that in Excel using the random function!
How does the receiver know what numbers to use
They have a copy of the pad that the sender is using. When the sender encrypts, they destroy their pad. And when the receiver decrypts, they destroy their copy. One time use only. It’s a challenge making and distributing these keys. Unlike Signal/Telegram/iMessage which are lightning fast.
@@theGaryRuddell I get that on 2:27. What's the sheet starting with 655 (not a time stamp). Yeah why not just one set of numbers on the pad? Then there's all this math?
@@brizzell2101 the 655 sheet is an encryption and decryption sheet - a one time pad. So you would have it and so would I. And yeah the math just depends on what side of the conversation you’re on. Send VS receive. Hope that helps? The best thing I’ve found to do is to have a go at doing it yourself!
How do you do numbers though ? as in entering co-ordinates ? This is the first ive seen without numbers, or am i missing something. Cheers for the vid mate
Hey, got to 7:32 and pay attention to F-L at number 98. That’s how to switch between figures and letters. Make sense?
Agree to some secret method with your recipient. Maybe if I send you an "D" then the next sequence will be numbers until I send "L". Have another pad that has the codes for numbers or reuse the first 10 letters. Your choice, have fun with it!
Do you have a suggestion on how to generate truly random numbers for the OTPs?
Hey! It’s hard. You can use static, lava lamps, radioactivity and all sorts. But it’s just hard to do on a personal computer etc
@@theGaryRuddell Oh, I wouldn't try on a PC. I was just wondering if you have a preferred method of creating random numbers by non-electronic means. Great video, BTW.
@AViewThroughLensLens that’s HARD!!!!! Use dice! But it’s INCREDIBLY manual.
I wouldn’t send it via Morse code over the air as it is illegal per the license conditions!
If you have the need AND capability to make use of these facilities, you likely:
A) already have the authority.
B) don’t care about the authority.
How about this? 1. Create a 10 MB file of random pads (that's 50k pads with 9 random numbers per cell, so it can encrypt up to 441 words / characters per 5x10 pad). 2. Store this file on Alice and Bob's devices. 3. Create an app that reads the file and uses random pads from it to encrypt / decrypt messages.
Wouldn't this make an uncrackable instant messenger?
That would take up 1 GB for 100 friends, and when people meet in person, they can refresh the pads.
Yeah that sounds interesting. I guess it would be, the issue would be the device it’s running on wouldn’t be uncrackable so a threat actor could read the characters as they’re typed in using a keylogger etc
@@theGaryRuddell True, when the device is compromised, there's nothing you can do about it. But I'm thinking that past messages would still be uncrackable, because the old pads would be erased.
Yeah sounds similar to the paper method! Should work - worth trying. That’s the best way to figure it out. Have a go!
I'm a number station enthusiast. Where can I get my hands on a cryptographically secure random number generator, I want to be able to have some fun with this method of message encryption :)
Hey! If you’re just having fun with it, I’d use a spreadsheet!
@@theGaryRuddell I'd still like to know where to get a truly random number generator
Hello, feel free to use my digital version of the one-time pad cipher: github.com/SubXi/otpy-framework2
It has a CSRNG that is non-deterministic, which is the closest you'll get to truly random numbers (i.e. perfectly secure for real use). The other alternative is using the random.org website which generates numbers from atmospheric noise, but I cannot vouch for it.
@@subxi5744 that’s awesome!
Instead of doing the addition and subtraction one number at a time, why not make them double digits and do the addition and subtraction like that. You would still use the same rules as you would for the single digit, just with two digits.
I think using single digits results in a shorter transmission. Think about doing morse code etc. if I’m reading your message right!
@@theGaryRuddell I am referring to the math you were doing to get the Encrypted text.
Ohhhh. I’ll have a look at that! Thanks 😊
having punctuation and spaces in your encoded message is a bad idea, it gives a regularity and you can use zipf and that to basically know exactly what length of words spaced by spaces or comma/period+space and bruteforce sentences out of it much easier.
I think you’ve missed something. It doesn’t matter what’s in the message. It is TRULY unbreakable without the cipher key.
The message could read: FFFFFFFFFFFFFFFFFFFFFFF.
And with the right key, the real message will be revealed.
@@theGaryRuddell oh yeah you are right! I had a momentary brain fart there, you are right. Thank you so much, I can definitely see why intelligence agencies have used this for so long, and why numbers stations are still live and transmitting to this day. I have immediate (legal, non-hostile, defensive) real life usage for this already.
It seems sufficiently secure especially if additional levels of encryption are applied, one smart instance I learned of through Manchester Ring was the message decrypting into something legible, but the actual message required the decrypted message to be XOR'd with the cipher key.
Can even store it in a QR code.
Store what? The message you’re sending?
Seems like you could improve on this by using hexadecimal, or some other machine code. Obviously at that point it wouldn't be very easily manually decoded and you'd want some machine to do it for you.
Removing machines is a big part of the goal of the OTP. Machines are used to create the codes, but after that, it's all done manually as a matter of priority.
I still dont get it. Left me in the dust
You can ONLY break the encryption if you manage to get a hold of the key. That is the ONLY way.
No computer and brute force it or analyse it. It’s mathematically impossible.
@ i understand what its used. Its how you do it i dont understand
@tomspettel3646 ah ok. Maybe print off the PDF and try it! Follow along
Bro if this is what k4 is encrypted with then Jim's a massive ....
Ha. Jim Sanborn. What a legend.
Your description "Digital is fast and weak; analogue is slow and strong" is wrong. What you are doing on paper is literally a digital process. "Digital" means having to do with digits, which is what you are doing. The word has nothing whatsoever to do with electronics or computers. That's just a common association due to the fact that most digital machines are electronic computers. An analog encryption process would be something else entirely.
I guess the spirit of what’s being demonstrated is modern computer encryption vs old school methods!
Cheers Benjamin 😊