Absolute Computer Security

The World's Simplest Algorithm for Unbreakable Encryption

Messages encoded with this technique are absolutely and permanently unbreakable.

1. Create a very long random key. For example, fill an entire CD with a series of random numbers generated from radio static. Make sure they are truely random with no pattern at all. Don't use a pseudo-random number generator - that is actually a pattern.
   
   
2. Create a copy of the CD. Give the copy to the person who will be decoding your messages.
   
   
3. Perform an XOR function on every byte of the message with the corresponding bytes from the CD.
   
   
4. With each new message do the same thing as above but start with the next unused position on the CD. You cannot reuse any of the random key.
   

The resulting codes are totally unbreakable. They can be safely sent to your recipient.

~To decode the messages follow steps two through four using each coded message in place of each original message.

The only drawback to this method is that you need a CD with a truly random pattern and the person you send codes to needs a copy. This is the reason why so much effort goes into other methods, particularly methods involving private key/public key encryption (also called asymetric key encryption). At best, those methods have resulted in "strong encryption" which means it's tough enough that nobody can break it at this time. None of them compare with the absoluteness of the method above.


[edit on 22-2-2005 by Emmett_Dabru]

[edit on 22-2-2005 by Emmett_Dabru]

[edit on 23-2-2005 by Emmett_Dabru]

[edit on 23-2-2005 by Emmett_Dabru]

There are loopholes in all operating system security systems for the simple fact that operating system, application and driver upgrades are downloaded over the Internet.

Since Trojan Horse spy programs are engineered as part of the upgrade program they cannot be detected by anti-virus software. A spy program then performs any task the remote operator desires without the user's knowledge. Hard drive reads and modem access is piggybacked with your own so you can't tell.

The spy program receives instructions from a queue while you are on-line. It can pass information back to its master in the same way. This includes your encryption keys, passwords, program files, data files, pictures, identification information, etc. - anything the master wants is silently transmitted while you are on-line.

Spy programs can also be used to modify information on your computer without you knowing it. These modifications will not necessarily change the date and time stamp on your files, the master of the spy program has control over that too.

I'll post the Two-Computer Security Method for use by ATS readers...

Good stuff!

The only problem with your encryption method is that you have to arrange a physical transfer of the CD key, that means you are passing along a message so you can pass along a message, pretty inefficient. It would be better to hand them the original message in the first place, no encryption necessary. Of course if the client for the information is in Honk Kong, you have to get on a jet, fly across the world, and eat a good dinner, but hey, small price to pay for 'total data security' as you say.

If your message is so super secret that you need truly unbreakable encryption, what are you going to do, send the key through the mail? That doesn't make sense. You might hire a courier, but that's another link in the chain. You could disguise the CD as music or movie, but who's to say that won't fail? If your data is really that important, the solution is not to encrypt it, the solution is to free it.

A DVD can have 18 gigs of data storage, a hard drive can have much more. Let's say you used a 400 gig IDE drive to store your random keys. A 2 gig key would allow for 200 messages before necessitating a key exchange.

The secure computer uses only secure straightforward systems software, such as DOS or Windows 95 without any added drivers. These are loaded from untampered originals only. Do not incorporate drivers that were downloaded on the Internet. You may have to use an older computer for this to work. I suggest using a 486. Then do not purchase an "encryption package" that is supposed to make your system secure. In fact, do not enable any of the usual security features. Instead, obtain a simple straightforward encryption program that let's you create your own encryption keys. Its only function is to encode/decode files. The other computer is setup as a normal system with modern systems software and Internet connection, using your choice of software. On this computer you should use the normal security features available from the operating system and the Internet browser. This security system will sufficiently disguise the fact that you are using a totally secure system underneath.

Your Internet traffic will look just like anyone else's who has normal security enabled. Chances are they won't use the back door in your system to discover the other security unless you do something to become suspect. If they do use the "government backdoor" into your standard encryption they will then see a code underneath which cannot be broken, by anyone, without the key that you created. They will be able to track the source and destination of your messages but they will not be able to read them.

If your needs require that the source and destination of your messages be disguised as well, use a remailer. Since some remailers are "plants" to spy on you, one must use a series of at least 5 to be safe. Use different remailers from all over the world, in serial, to minimize the chance that the same entity owns all of them. A remailer utilizes an encryption "shell" around your message to disguise its next destination. You can create shell over shell over shell, etc. to disguise many intermediate destinations as well as the final one. Your message can be traced for only one of these jumps, plus each one that the person doing the trace has a backdoor to. As long as at least one of the remailers in series has no back door available to the person doing the trace then your message cannot be traced from you to the final destination. You have to setup a keycode with each of these remailers - these must be different from each other. You must never give out your private codes, only your public codes. You also must create these encryption "shells" on the secure computer, not on the Internet computer. Most likely you will be using PGP for this purpose.

From that point forward follow these rules:

• Keep all your sensitive data on the secure computer. Use the other computer for data that is not sensitive and to access the Internet.
  
  
• When you need to send a sensitive file over the Internet, first create that file on the secure computer. Then encrypt it on the same computer. Then transfer it by floppy to the Internet computer. Then attach it to an e-mail and send it wherever you want. Use the reverse process to receive encrypted messages. They can be transferred to your secure computer by floppy (or zip) and decrypted there. The floppy (or zip) you use for transferring data can never contain program code, unless that program code was first encrypted by the secure computer and stored as an encrypted data file.
  
  
• The encryption program resides on the secure computer. No part of this program or any of its files should ever reside on the Internet computer. This encryption program must be stand-alone, not part of the operating system. Generate your own private key - nobody can have a copy of it. Privately deliver your public key (do not send it over the Internet even though everyone says this is safe, the "Man-In-The-Middle" scenario removes this benefit to public-key private-key encryption: digital signatures can be fooled at the http request level and by spy programs residing on the Internet computer). The factorial based encryption algorithms (such as PGP) work well with 50 bit keys or more but will not last forever. Quantum computers and raw chips will soon break these codes, regardless of the number of bits. So you may want to research other encryption algorithms if your data should not be read in a few years.
  
  
• Make sure you know exactly what's going onto the headers of your encrypted files. If your headers are too revealing for your security needs then configure your encryption software accordingly.
  
  
• To further disguise the purpose of your messages you should send out random dummy messages as well. These should be of random length and random destination. They can terminate automatically with a bogus remailer address.
  
  
• You can also pad your messages with random information at the end in order to disguise the true length of your messages - sometimes little clues like that can add up.
  
  
• Guard the secure computer. If anyone gains access to the secure computer your security may be compromised from that point forward by a spy program that hand-shakes between your two systems using fake bad spots on your floppy (or other methods for storing invisible files). If this possibility arises then start over with a new format on your secure computer and use the same original diskettes (assuming those diskettes were not in the hands of someone you don't trust) to load the operating system, encryption program and other systems software. Be sure to remove the partition and reboot before reformatting. After the reformat you can reload data from backups made before the security breach - you must lose everything else. Make sure the security on those backups was never compromised, or else destroy the backups.
  
  
• Be careful how you use the transfer floppy. Delete anything you didn't expect to see on that floppy. Never boot with it. Never copy a program to it - and definitely never execute a program on it. If you are at all suspicious, just throw it away and get another one from the store.
  
  
• Backup the secure computer as encrypted total backups only. Store these in another physical location. Also store copies of the original systems software install diskettes in that same location. Store a copy of your keycodes in yet a third location - make sure this location is completely secure - think of all possibilities, regardless of how remote. Definitely do not store the keycodes with the data or install diskettes.
  

The main advantage to using this Two-Computer Security Strategy is that it eliminates all probable Trojan Horse spy programs - the only threat left is a custom spy program designed specifically for this Two-Computer Security Strategy - one that hides it's secret communications within invisible files on the transfer floppy. There is a way to circumvent this final threat....

Following these additional precautions can stop this very remote final threat:

1. The firmware in the secure computer may have memory scanning, keystroke recording or some other spy program capability. In most cases, such firmware will not cause a problem since it has to handshake with your transfer floppy (or zip) to another spy program on the Internet machine - both have to be engineered specifically for this Two-Computer Security Method before you have a potential problem. However remote this hole may be, if you want to avoid all possible security breaches then you must research/investigate every board and chip in that machine to be sure no such firmware exists. This may involve disassembling the firmware code and having it analyzed
   
   
2. To be 100% safe you must also disassemble the code for your operating system and all other systems and application software on the secure computer. Be sure that no spy program is there that can handshake with a floppy to the Internet computer. At this point no spy programming is known for versions of Windows prior to 98. However, even an original write protected diskette may have been tampered with so a Windows 95 original diskette may contain an "invisible" new spy program. Anti-virus software will not find a spy program and file dates may not have changed. If you can settle for a simple operating system, such as MS-DOS, then do it. Such an operating system is so much easier to check for spy programs.
   
   
3. A government program called "Tempest" may be capable of remotely viewing your computer screen. In movies they show a van with a satellite dish outside your house with special equipment to do this. It reads radiation emitted from your monitor right through the walls of your house. Since this is a very secretive project it is hard to get verifiable information on it. However, if your computer room is underground, such as in a bomb shelter, you should be completely safe. Another approach is to place it where there is at least 2 feet of concrete or 3 feet of dirt in any direction between your computer and anyplace where such Tempest equipment may be operating. I do not know the range. So I cannot say with certainty that keeping good surveillance for a couple hundred yards around your property makes any difference. It might.
   
   
4. Your computer, and any other device with semiconductors, is vulnerable to EMP waves. These waves may be transmitted by a police device close by or by a nuclear explosion up to 1000 miles away. The same precaution above (two feet of concrete or three feet of dirt in all directions) can help to prevent EMP waves from melting the chips inside your computer. However, a sealed belowground bomb shelter is a sure deal.
   

That should cover it...unless Remote Viewers can read hard drive content.....

Why would you want to bother with the cd, if 128-bit encyrption has roughly 340,282,367,000,000,000,000,000,000,000,000,000,000 possible different keys i'd say that's secure enough for most things, if not 256-bit.

And i've said it before on ATS, "If the 260 million PCs in the world today were put to work on a 128-bit encrypted message, it would take them roughly 12 million times the age of the universe to break the code."

I'd say the main problem is not the the actual transfer of data but what happens at either end. If there's a key logger recording the message before its encrypted then it defeats the whole point of encrypting it.

Just wait untill we're all using 1024-bit encryption, there will be:
one hundred and seventy-nine septendecillion seven hundred and sixty-nine sexdecillion three hundred and thirteen quindecillion four hundred and eighty-six quattuordecillion two hundred and thirty-one tredecillion five hundred and ninety duodecillion seven hundred and seventy-two undecillion nine hundred and thirty decillion five hundred and nineteen nonillion and seventy-eight octillion nine hundred and two septillion four hundred and seventy-three sextillion three hundred and sixty-one quintillion seven hundred and ninety-seven quadrillion six hundred and ninety-seven trillion eight hundred and ninety-four billion two hundred and thirty million six hundred and fifty-seven thousand two hundred and seventy-three vigintillion four hundred and thirty novemdecillion and eighty-one octodecillion one hundred and fifty-seven septendecillion seven hundred and thirty-two sexdecillion six hundred and seventy-five quindecillion eight hundred and five quattuordecillion five hundred tre
decillion nine hundred and sixty-three duodecillion one hundred and thirty-two undecillion seven hundred and eight decillion four hundred and seventy-seven nonillion three hundred and twenty-two octillion four hundred and seven septillion five hundred and thirty-six sextillion and twenty-one quintillion one hundred and twenty quadrillion one hundred and thirteen trillion eight hundred and seventy-nine billion eight hundred and seventy-one million three hundred and ninety-three thousand three hundred and fifty-seven vigintillion six hundred and fifty-eight novemdecillion seven hundred and eighty-nine octodecillion seven hundred and sixty-eight septendecillion eight hundred and fourteen sexdecillion four hundred and sixteen quindecillion six hundred and twenty-two quattuordecillion four hundred and ninety-two tredecillion eight hundred and fourty-seven duodecillion four hundred and thirty undecillion six hundred and thirty-nine decillion four hundred and seventy-four nonillion one hundred and twenty-four octillion three hundred and seventy-seven septillion seven hundred and sixty-seven sextillion eight hundred and ninety-three quintillion four hundred and twenty-four quadrillion eight hundred and sixty-five trillion four hundred and eighty-five billion two hundred and seventy-six million three hundred and two thousand two hundred and nineteen vigintillion six hundred and one novemdecillion two hundred and fourty-six octodecillion and ninety-four septendecillion one hundred and nineteen sexdecillion four hundred and fifty-three quindecillion and eighty-two quattuordecillion nine hundred and fifty-two tredecillion and eighty-five duodecillion and five undecillion seven hundred and sixty-eight decillion eight hundred and thirty-eight nonillion one hundred and fifty octillion six hundred and eighty-two septillion three hundred and fourty-two sextillion four hundred and sixty-two quintillion eight hundred and eighty-one quadrillion four hundred and seve
nty-three trillion nine hundred and thirteen billion one hundred and ten million five hundred and fourty thousand eight hundred and twenty-seven vigintillion two hundred and thirty-seven novemdecillion one hundred and sixty-three octodecillion three hundred and fifty septendecillion five hundred and ten sexdecillion six hundred and eighty-four quindecillion five hundred and eighty-six quattuordecillion two hundred and ninety-eight tredecillion two hundred and thirty-nine duodecillion nine hundred and fourty-seven undecillion two hundred and fourty-five decillion nine hundred and thirty-eight nonillion four hundred and seventy-nine octillion seven hundred and sixteen septillion three hundred and four sextillion eight hundred and thirty-five quintillion three hundred and fifty-six quadrillion three hundred and twenty-nine trillion six hundred and twenty-four billion two hundred and twenty-four million one hundred and thirty-seven thousand two hundred and sixteen different combinations!

That's:
179,769,313,486,231,590,772,930,519,078,902,473,361,797,697,894,230,657,273,430,081,157,732,675,805,500,963,132,708,477,322,407,536,021,120,113,879,87 1,393,357,658,789,768,814,416,622,492,847,430,639,474,124,377,767,893,424,865,485,276,302,219,601,246,094,119,453,082,952,085,005,768,838,150,682,342, 462,881,473,913,110,540,827,237,163,350,510,684,586,298,239,947,245,938,479,716,304,835,356,329,624,224,137,216


[edit on 23-2-2005 by nibiru]

You want absolute computer security its easy, wont cost you a dime, and may actually save you money. Just unplug the phone, fiberoptic, or cable line, and remove your modem. Now you have absolute security.

No you don't, because when you are out, shopping, and you have such super secert info, special Branch break in, and steal your pc. They then trash the house to make it look like a burglary.

Far fetched? take a peek into the Policing history of Northern Ireland.

I don't quite understand your post here Emmett. In cryptography, it is generally accepted that all algorithms can be broken. The purpose is to make it more difficult to crack. As long as you've provided a means of decryption (which you have), then it is already breakable.

Generally accepted? Is that sufficient evidence, in your opinion? JFK's magic bullet theory is generally accepted, and US polls reveal the general acceptance of Sadaam's role in the WTC event... Generally accepted, you say?

Providing a means of decryption does not render an algorithm breakable, merely decryptable. To be breakable, is must be deciphered without the benefit of a key.

For something to be "encrypted" there must exist a process of encryption. By your definition of "breakable", the very existence of an encryption process effectuates breakability.

"The wide availability of powerful encryption software has made evidence gathering a significant challenge for investigators. Criminals can use the software to scramble evidence of their activities so thoroughly that even the most powerful supercomputers in the world would never be able to break into their codes." Ref.

Absolute Computer Security....is a dream and nothing else, even without the endless holes and flaws in the most popular M$ os (hey they plan to make you more "secure" by supervising you...greetings from tcpa, or how they call it now...the "secure" future is coming ). although your idea, even if quite unpractical, will be a hard nut.
digital encryption is pure math, anyone with enough time (this can be a lot of time.. ) or processing power can crack it.
the only question, for anyone (especially govs, secret services etc. ) who is interested in your "secure" data, is whether the supposed "value" of your data justifies a attempt of decryption.

no-one will ever have complete security. Not next year not in a hundred years. Like people have said encryptions are a mathmatical process, and basically if you get enough computing power and long number theory mathmaticians in the same room it will eventually be decrypted or cracked.

And anyway do you think our governments would allow an encryption program without them being able to crack it? Most of the popular ones probably have hidden back doors.

[edit on 5-4-2005 by danboy785]