The Cipher solution for iPhone, Android and BlackBerry.

Never send out any plain text with sensitive information.

Selection passphrase and synchronization

Posted by

Posted in General security

For a very long time, Military personal and agent from Intelligence agency use a book code to synchronize two parties for ciphering messages. The book code change from time to time, so even if the one code book fell in wrong hand, it will become useless right away. A popular method was the famous one time pad still one of the most robust method even today.

In our computerized world, popular encryption are bounded to a key pair, public for ciphering and private to decipher. The only weakness well known is the possibility that the key pair are silently compromised. Computer keep pair key on hard drive, just like any other file in a computer system. Backdoor software can easily download those file silently.

Usage pair of key it can become reel issue and changing them a regular based it’s just impossible. Communication is not always one to one communication, imagine generating new pair key and send public key to all people that need to send a secure message to you will have to remove the old key on their key ring, and import the new one to their software.

Their always a trade off for safety, and one trade off that I can suggest is to break the problem in two. Ciphering or deciphering method need to be done on the sending device, like a smartphone, but the passphrase strategy need to involve a more robust method where all parties will know in advance, and one important think it need to be very easy and one 100% stable and safe.

To be 100% reliable, the method should not depend on any hardware system, a failure on this is just unacceptable.

So, what system deserve that role? A book! A book with reel pages.

Now every one involve in your secure communication program has the same book, it’s up to you to acknowledge on page and phrase algorithm. But a good suggestion it to change on every message and a passphrase should never be use more than once.

The planning can be fit with the frequency of the secure message that need to be send. So if it’s only few messages by day, a book with oat least 365 pages can supply enough passphrase to change pages every day, chapter can also be use to be select with the hour system, phrase can be selected differently by the days of the week, etc… Using imagination they’re is a lot to do with a book.

Let’s start with Bob and Alice that need to communication together with their smartphone. To select their passphrase, they will use a date and time system to match their passphrase. The book they had agreed contain over 12 chapter, each month will be bound to a chapter, for simplicity January will be chapter one, February to chapter two and so on. Each day will be match to a paragraph in the chapter, word in the selected chapter will be bound to day of the week. If the date is the 18th of April 2013, the passphrase selected will be at the 4th Chapter, 18th line and Thursday is the 4th day of the week so the selected words will start at the fourth word of that chapter. The word amount can be choose by pattern if the first letter of the first word is vowel 4 word will be used otherwise 5 words.

The book use as your passphrase source need to be kept secret and more important the way you used that book!

Using that kind of method you offering to yourself a really stable, reliable and safe way to synchronize your passphrase with no need to communicate them over your parties.