<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/platform.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d12988030\x26blogName\x3dDon\x27t+Trust+Snakes\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://donttrustsnakes.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://donttrustsnakes.blogspot.com/\x26vt\x3d-4673447362931781663', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe", messageHandlersFilter: gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER, messageHandlers: { 'blogger-ping': function() {} } }); } }); </script>


DON’T

TRUST

SNAKES


“I know where I'm headed.”
ROGER THORNHILL



Thursday, May 11, 2006

How to use your digital photos to send unbreakable coded messages by email

From the fertile mind at Don't Trust Snakes Labs, here is an idea for sending probably undetectable and likely unbreakable secret messages using your own digital photos. The fertile mind had this idea while listening to NPR talking about the latest revelation about what the NSA is planning to do (which, frankly, doesn't concern me very much). [Hi, NSA!]

It's basically a freshened-up version of the old book or dictionary code. The idea there is that you and your correspondent each have copies of the book that will be used to encode your messages, and no one else knows what it is Then your message can be encoded as pairs of numbers, the first representing the page of the book, the second the position of the word on the page. With a dictionary, 123-5 would mean page 123, entry 5. Assuming there are fewer than 100 entries on any page, the convention could to write this as 12305. With a book other than a dictionary, it might make sense to use three numbers, page, line and word position in that line. Anyway, you get the point. Each party needs to know the book, and the convention and then it's off to the races.

Now here's the somewhat clever part. It's also the only really time-consuming part. You take a number of your digital photos, the more the better, really, and resize each of them slightly, maybe changing the height and width by a few pixels here and there. This step could be omitted, but it makes the method more secure. If you had several hundred photos, you could resize them in batches.

Next, take all the slightly resized photos and copy them onto a CD or DVD. Give this to your correspondent. Alternatively, you could upload all of the photos to a hosting site somewhere, but that would be less secure.

So, now you and your friend are the only ones who know the sizes of the different photos. And you each have a copy of the same dictionary. To send a secret message, determine the various page and entry numbers for the words you need. Then, encode each of these in a photo by adding or subtracting that number of pixels from the length or width and resizing. If you wanted to maintain the original proportions, you could only encode one number per photo, but if you were willing to crop a little you could use the width to encode page numbers and the length to encode entry numbers. To send the message, simply attach the "vacation photos" or whatever you want to call them to an email message, in the proper order, and send it to your friend.

You wouldn't even need to have agreed on a book in advance if you prearranged that, say, the first five photos will encode the 10-digit ISBN number of the book you are using.

So, to sum up, you have a message that:
  1. appears to be an innocent collection of photos;

  2. cannot be given meaning without knowing both (a) the original dimensions of the photos on the CD or DVD and (b) the identity of the dictionary or other book being used for encoding and decoding.
You can imagine ways to use this with photos that exist on the web, with a few simple conventions. For example, if you sent photos of a college, the originals would be those posted on the college's website, or on Wikipedia or whatever. It might look suspicious, of course, to be sending around a bunch of photos you obviously didn't take, but it would save the trouble of preparing a CD or DVD and exchanging it.

So now all you need to know is that if I send you photos from a college, the reference photos are those on the college's website, I will adjust widths only, the first five photos will encode an ISBN and the remaining pairs of photos will correspond to individual words. Good thing I'm not verbose or anything.

6 Comments:

Blogger tp_gal said...

MWR: You've created your own encryption key - welcome to Nerdlandia!
Some advice: If you really want your code to be secure don't publish your idea on the web. Also, industry standards show that a simple replacement cipher like the one you describe would be broken in minutes once the whole "it's the size of the picture that equals the letter" was figured out. To really be secure you'll probably want to layer another scramble mechanism on top that maybe says that the number of photo's before the pix of MWR in a cowboy hat is the number of rotations to get the letter. I.E. three pictures, three rotations -- thus the 3x5 pix of a boat equals B + three letters so in actuality in 'this' message it's an E. (I'm the mayor of Nerdlandia.)
I agree that it would work well for the evil-doer with a lot of CPU memory.
The other thing you could do is send a letter via the postal service in a tamper evident envelope. You should make a unique mark on or write on the inside of the envelope so the Vice President doesn't simply replace it with a new one once they've copied your recipe for Oatmeal Cookies.
Either way, I think we need to kiss the concept of privacy good-bye.

May 11, 2006 4:18 PM  
Blogger MWR said...

It's not a cipher, it's a code. And it's not the size of the picture that equals the letter, it's the difference in size from an unknowable original size that equals the word.

May 11, 2006 4:25 PM  
Blogger syp said...

I think I'm going to leave you two alone so you can discuss the finer points of the cipher, er, code, er encription key.

May 11, 2006 4:28 PM  
Blogger tp_gal said...

I stand by my terminology - codes and ciphers are all part of the Encrpytion or Cryptology Sciences. The code (aka key) is your methodology and your picture sizing schema - the cipher is the "photo album". The "shared secret" is the original Cd of photos.

For exciting and yet not too technical reading visit the www.NSA.gov/kids/ciphers web page. Waringing - by clicking on the site you are agreeing to let them monitor your every move, phone call, Internet activity and blind date.

May 12, 2006 11:01 AM  
Blogger MWR said...

"Book cipher
From Wikipedia, the free encyclopedia

A book cipher is a cipher in which the key is the identity of a book or other piece of text. It is generally essential that both correspondents not only have the same book, but the same edition.

Traditionally book ciphers work by replacing words in the plaintext of a message with the location of words from a book. In this mode, book ciphers are more properly called codes.

This can have problems as if a word appears in the plaintext that doesn't appear in the book then it can't be encoded. An alternative approach which gets around this problem is to replace individual letters rather than words, in which case the book cipher is properly a cipher — specifically, a homophonic substitution cipher. However, if needed often, this has the side effect of creating a larger ciphertext (typically 4 to 6 digits being required to encipher each letter or syllable)."

As a kid, I think I went directly from dinosaurs to cryptography without passing Go.

Here's a link that works, by the way: http://www.nsa.gov/kids/home.cfm

Fantastic, it's like "Ranger Rick" for spooks!

May 12, 2006 11:29 AM  
Blogger MWR said...

I guess the key to the book code is being encyphered in my scheme. So we are both right.

May 12, 2006 11:33 AM  

Post a Comment

<< Home