The Encryption That Can't Be Cracked: OTP

Tell a friend, gosh-gee-darnit!
This week, we're giving away a powerhouse deck of cards. It's beveled, it's one-way, AND it's marked--of course I'm talking about the APEX Deck. Whether you're a beginner or an old-hand, this three-in-one deck will open up a new world of possibilities.
Enter our free weekly giveaway and you could be one of six winners of the APEX Deck. Just sign up at gimme.scamstuff.com and you could win! (No purchase necessary, giveaway ends 8/15/2019)

How to do a modern rogue intro:
Person 1: have you ever done a weirdly specific random thing?
Person 2: reluctantly answers 'yes'
Person 1: *laughs*
Person 2: explains what they specifically did

I once took a cryptological mathematics class, and after talking about how to crack the Vigenere cipher, the teacher told us about this perfect cipher called the “One Time Pad,” that’s so strong that it’s even been mathematically proven to be impossible to crack. And even RSA, which is what banks and militaries use is still theoretically crackable, even if near impossible to. Of course, we then asked how that’s possible, and that it obviously had to have a downside. She then said, “It’s called the one time pad because you can only use it once per key, or else it’s just like any other Vigenere cipher.” It was really funny to see Brian’s reactions to a lot of the stuff here.

A surprisingly effective way to generate randomness for a OTP is in fact dice.
Some versions on one-time-pads use numbers purely instead of letters to generate the OTP... so rolling something like a ten-sided dice over and over can generate random enough numbers to generate a pad.

That's not a bad patreon bonus. Patrons get the OTP. Videos on CZcams deliver a coded message

Surprised they didn't talk about Cloudflare using Lava Lamps to get truly random numbers

Haha! I watch too much Modern Rogue. I knew it was Grilled cheese since the "G"

Your "made up" sign for day, is actually really close to American Sign language sign for day!!

When I was little, I would use a keypad as the key. Somethinf like "hello" would be 42 32 53 53 63. I still use this to store passwords in notebooks since most people wouldn't think about that

codded message from end:
hidden in plain sight code remains unsolved. clues come in pairs six in all. 1 code and one place tell you the goal. freshen up on base 2 and much will be told.

What you were saying about the lottery actually reminded me of an experience the other day that I had.
I had my phone out, and I started playing music from one of my playlists, and after I hit play, I noticed that it wasn't set to Random, so I turned that on. Six songs later, and I'd noticed that it'd played all 8 Siousxie and the Banshees songs in the playlist in a row. Obviously, I assumed that it'd justed played down the list in order, until I looked, and saw that it *was* playing randomly. It just happened to randomly choose to play those 8 songs first out of the 200 in the list.

Without going into detail. This is basically how Cryptology works in the military. Its usually kept in a safe, that can only be accessed with people that have the appropriate clearance. and each day they input these alpha numeric codes into the system to ensure proper communications.

Me: *Looks at title* "Hmm, it would be a good opportunity for a Nord VPN spons-
Brian: "This episode is sponsored by Nord VPN"

The US Navy used to use a literal pad of flash paper to do OTP communications. Pretty cool stuff

Great video! You guys always brighten my day when I watch a video of yours. They've been great since the start of this channel and I can't wait to see more!

A quick clarification:
What make pseudo-randomness different from true randomness is not its origin (like the human who built the algorithm), but the fact the such algorithms run on deterministic computers, and a deterministic machine can't create true randomness.
The bugs or errors in the algorithm would be sources of weakness in the pseudo-random data.

As a linguist and a Deaf Culture/ASL geek: pidgin sign like that can be a good stepping stone to a desire to learn a real sign language, you guys should do a series on learning ASL and local deaf culture interpretation from interpreters/deaf folk!
Like to signal boost!!!

Literally what I wanted right now thanks lads

My personal favorite pen-and-paper encryption is a late WW2 German system called Rasterschlüssel 44. From what I've been able to find on it, it was significantly harder to crack than Enigma. Since it was used primarily for tactical communications, it simply wasn't useful to take a large percentage of the hardware that was being used to attack Enigma traffic offline and allocate it to breaking individual RS44 messages, since the content would have had little operational value by the time it was read. And the machines would *not* have been available to break Enigma messages in that time. Until quite recently the majority of RS44 messages intercepted were unbroken. It was simply too much trouble to attack the system.

hidden in plain sight... so far so good. *thinking intensifies*

A lot of respect to you Brian, for respecting who and what Grant Thompson did not only as a youtuber but also as a friend
Thank you
May he Rest In Peace
(A part of the journey is the end) RDJ

The concept of passing messages that only a selected group/individual can understand is so fascinating to me. I've used a book cipher, a transposition cipher, and hiding-information-in-plain-sight-behind-what-appears-to-be-nonsense codes; but I'd never heard of One-Time pads. I'll definitely have to dig deeper into that, it seems amazing.

Candidate Jeep Jop was the first member of TMZ Cobra to be converted into a changeling hybrid creature

Sweet!! I love how you guys are delving back into all of the cold war tech you explored earlier in the show's history

Candidate Jeep Jop?! You're dating your content! He's The Right Honourable Jeep Jop now!

Yet another brilliant episode. With privacy being harder and harder to secure, something like this is always a interesting subject. Thank you! Oh and no injuries...other than Brian's pride. ^.^

"1 1 1 1 1 1" Well, d&d players knows that it happens

These episodes are so fun to watch. Thanks again guys :)

You should do more of this ciphers are so cool!

yes, One True Pairing(s) are very convoluted

Notification popped up and I immediately hit the video. Love the vids, keep going lads!

Ya' killing me! I've spent WAAAAAAAY too long trying to figure this code out. The first layer is simple enough if not a little time-consuming (regretting not writing some code to figure it out for me rather than doing it manually...). Finding those extra clues is not going well though. I feel like you guys did an episode that touched on binary at some stage, but I can't for the life of me figure out which one?!?! Hmmmm, good play boys, good play!

Reminds me of the infinite improbability drive from The Hitchhiker's Guide to the Galaxy. When Brian said the lottery numbers being all ones, it reminded me how the IID would take you exactly where you wanted to go because it's so improbable to randomly blink to the location you suggest that it works. Lol. Silly but fun to think about.

Teacher sees 8:27
**Wikipedia isn’t a real reference REEEEEEEEEEEEEEEEE**

I like more educational episodes like this please do more of these.

I was waiting for this for years

I remember statistics class in the 90's. Because the internet wasn't really a thing, and computers are as bad as people at generating true randomness - we had to buy a book (same sort of size as an exercise book) filled with just random numbers. The fact they could be used as a One Time Pad did come up in class.

I would like to say thank you for some really personal stuff that I don't really want to say on this public site I just want you to know that you helped me recently

we all have been trained to know it ws grilled cheese

So really really similar to the diana cipher. I have the cipher wheel for that one and it also uses the one time pad.

I'd always kind of wondered how One-Time Pads work. This basically explains everything and now I want to write a program to use it.
So the OTP can't be cracked because there's *nothing to crack.* As Jason explains in the episode, each individual letter uses a different encryption key, which is only ever used once and then thrown away.
Normally, you use an encryption key for an entire message or to identify a person (see PGP signatures... actually that could be a fun episode), but if the key gets compromised somehow, then that entire channel is compromised.

Whoa. I kid you not, just today at work I was working on implementing OTP. Although, in this case, OTP stood for "One Time Password" (essentially the same concept, though). But it was interesting to get home after working on "OTP" all day only to see "OTP" in my subscription box.

This could be improved by pairing it up with a fountain pen filled with Noodler's Blue Ghost ink. Why that ink? It's waterproof, write the message on the envelope instead of the letter. They won't see that coming LOL
EDIT: if you want to make a random OTP by hand, use a bag of scrabble pieces. Dip your hand in and record the letters.

The dank meme material able to be extracted from this one episode is threw the roof son

when I was in 7th or 8th grade, the science textbook showed how certain groups of three nucleotides corresponded to specific amino acids. so I started making a similar code that used a pool of five letters instead of DNA's four. this yielded 125 possible results where as if I had gone with four, I would have had only 64

As someone who knows American Sign Language, Brain actually signed "today" correctly. One hand rising on the other can be day, Sunrise, or sunset (depending on how you're sign) though sunset is normally going down.

Always interesting and funny! Thank you!

Don’t say first I have a blue shell
Edit: sorry for doing this but thanks for the likes! It really makes my day!😀

The cool kids use the dovah language from skyrim

The sign used by Brian for "today" is actually very similar with the sign used in brazilian sign language for "morning", because it represents the sunrise, only diference is the hand configuration: in bsl it is with the thumb touching the index finger, like an ok sign

Damn, I love this channel so much.

If I recall correctly, some number stations had some of their messages decoded because they supposedly got lazy and were re-using OTP keys. Of course it could have just as well been intentional.

This is a great video. Thanks!

It's interesting to note the reason that you cannot reuse the one time pad to encrypt a second message. If someone gets a hold of two messages encrypted with the same key, the security is completely compromised. An attacker would only need to guess at a small portion of the plaintext in either message (a probable word, for example) and test the hypothesized key on the other message to see if it produces additional plaintext. The attack jumps back and forth between the two messages until it totally unravels. It might be a little tedious to do by hand but a computer would crack it nearly instantly.

There is also a (MM) in the encoded message that corresponds to two different letters in the decoded message, D and C.

Actually, your sign for day was pretty close to ASL. Essentially what you did, but backwards.

Amazing timing for this one guys 😂

how do they not have more subs i mean there so good they deserve so much better than this i guess the youtube algorithm doesnt put them on peoples recomended hey keep goin though i think anyone would love these guys if they were more represented

Love it guys!

You can encrypt a message, and encrypt the encryption, making it even more secure (but probably you don't need that kind of security...)

As mentioned in other comments below, the table used in the video is basically the Vigenere table. There are a few variations on this, including Beaufort, Variant and Gronsfeld. OTP by itself is nothing really special. If you use a short keyword or phrase, you just keep repeating it to make the full key for the message you're sending. Doing this, though, makes the key periodic, and once someone else figures out what the period is, it's easy to crack the cipher. OTP is just the use of a key that's the same length as the message, so it's not periodic. Reusing an OTP key doesn't automatically compromise the system, because there's no guarantee that your two different messages will contain the same important words. That is, one message could be a weather report, and the other could be "escape now, your cover is blown". What's important, though, is to keep the messages short.
What makes OTP so secure is that, with the Vigenere table, any message can be created just by changing the key. If the ciphertext is "ccccc", one OTP key could give you "CHESS" and another one could give you "MARTY", yet both keys could be wrong and you'd never know. The real weakness in using pseudo-random number generators is not so much in the predictability of digit strings in a particular OTP key, but that there's going to be repeated strings of digits from one OTP key to the next. If you've captured enough enemy traffic, no matter how many OTP keys have been used, that non-random part in making up ALL the keys on your one-time pad is going to mean that you're going to be able to read parts of different messages.
As for how to get the OTP to the guy you want to communicate with, how about putting the keys on an SD card and using dead drops?

Knew about the Vigenere cipher and one time pad.But not about adding numbers to the grid.

I knew it was gonna be grilled cheese as soon as I saw the G. I've been watching too much of these two.

If you have a Vigenère cipher where the key is longer or just as long as the input text, then it is essentially unbreakable, unless you want to do brute forcing and figuring out what outputs might be the right answer, manually or through algorithms or ai.

radioactive decay is seen as random because we haven't found any pattern in it and we don't know all variables that may come in in to it. it is possible that some variables haven't been discovered yet

I’m surprised you guys didn’t talk about how the only way to get truly random results is with quantum states. The easiest way to do this is with radioactive decay, because the exact intervals and strengths at a given time are truly random. You also can use a quantum computer to generate true random numbers.

Assuming that this method does not code word breaks, some information can be inferred by the length of words. It also does not change the overall length of the message.

A desktop computer can generate random numbers from human input. The exact timing between keystrokes, for example, is unpredictable. I believe they also incorporate numbers from hardware events (e.g. exactly how long a disk read takes, for example). This works because if you add two random numbers together modulo some maximum value (such as the maximum value that the computer holds in one integer) then you get a number that is more random than either number.

Me and a friend came up with the Hopilop language as kids. Stupidly easy to break but it counts. Clue is in the name and its soooo inefficient. But also have a kind of understood hand/body language thing going with a mate i've played airsoft for years with. Its gotten to a point where we can convey quite complex details across without a word though misinterpretations have happened a plenty

Jason reminds me of Daniel Stern... but funnier. Love the video!

3:52 - I always remember the number stations vid as it started with 'Man, I miss the Cold War!' and my eyes went like plates and I burst out laughing.
It was also one the first MR vids I watched and thought 'Where has this true gangstah sh*t been? I shall binge it at once!'

Loved this video

I remember watching something about a science experiment that used two telescopes which observed separate stars in the night sky and used their twinkling to generate randomness can't remember the specifics or why it was needed but still cool :)

Brian's made up name in the Nord commercial is "Jeep Jop".
Brian drives a Jeep.
Brian's brain is not random.

YEAAH NEW UPLOAD

You guys should do the Diffie-Hellman key exchange by hand. This way you can generate a secret between two people without letting anyone listening know the secret.

One time pad encrypted messages are like library of babel: the message can be every combination of words within the number of letters it contains. So, you can try to brute force it and find a message that makes sense, but it's not necessarily the real message.

YES! The Rogues need to have a secret communication network!

From what I remember from a book on ciphers and codes I had in middle school, the Vigenere Cipher (the one used in this episode), actually isn't all that secure. Don't get me wrong, It's very secure to the average person, like myself, but to someone with enough experience there is a method of approximation that can get decently close to deciphering a message. I can't remember what it was though.
Obviously it's a lot easier to crack if you encrypt the message poorly, though. To encrypt the message well use a random key, make the key as long if not longer than the message itself, block your enciphered message so the word lengths don't remain the same as before, keep the message short, etc. All of which are done in this video. It's also possible to make the cipher more secure by rearranging the reference alphabets. So instead of making the top alphabet "abcdefg...", make it "dfgcbae...". Same for the side alphabet. Taking these steps makes the Vigenere cipher more secure, and now that I think about it, it seems like it _should_ be impossible to decode as is, but I seem to recall that there are ways to decode it. And not even with a computer. I could be wrong on that part though.
Also, coincidentally enough, just this week I finished making a spreadsheet that could encipher and decipher a vigenere encrypted message with given alphabets, input message, and key. Unfortunately, I made it so that it uses just letters and no numbers, so it's annoyingly useless in deciphering that last message in the video.
Edit: Hmm, Hidden in plain sight, much will be told.

Nice haircut Brian 👍

You can get "random entropy generators" for computers that look like a USB flash drive to get truly random numbers from quantum processes like the breakdown of a diode junction.

if im correct that is either the actual sign for day or really close

Honestly was good to hear you say Scotland.

"First letter is going to be G" immediately knew the phrase would be grilled cheese.

Nowadays truly random number generators use atmospheric noise to create numbers. Since electrons are truly moving in a random orientation we can discern a number value to certain orientations of an election as it's moving in space. this is how we create random numbers for since related matters like determining where to study a population in a micro population study. Now it's possible that electrons are not random however, we don't know enough about quantum physics to understand them in that way.

You could go a step further and start from a predetermined number of characters in, like start decrypting from the second line in the key.

The other quality that a one time pad MUST have is that the pad must be as long or longer than the message that is sent. If not, then it becomes a Vigenere cipher instead, and if the message is longer than the pad and the users cycle through it multiple times, it can be quite easy to determine the key using letter frequency analysis alone (it's not a ONE TIME pad anymore, you know?) This was actually done on some occasions when users weren't given new pads and simply reused old ones. Again, the "one time" part of one time pad is vital.

Never been this early wow. And youtube did not notify me
Also the beginning was gold

How is the number distribution affected when time is used as a factor for generating the random numbers

The cool part is that you can have 2 pseudo random machines that produce the OTP key, which are synchronized........ and it can be something as small as a thumb drive, or can be made to look like a normal app in a cellphone.

Perhaps I missed it, but one critical requirement is that the key is as long, or longer than the message. Otherwise you have to reuse, which removes the unbreakability of the cipher. Technically though, it's not unbreakable, but if you follow the rules (never reuse), every possible translation is equally probable. The moment your opponent has two messages with the same key, there is a pattern, and it is simple to break.

I would totally listen to a Brian Brushwood Hearthstone podcast! How do I make that happen?

CUZ IM A MODERN ROUUUUUGE!!
Boy oh boy, Mason Jurphey and his grilled cheese, well played... Ryan Bushwood, wtf.... "sunrise??" 😂😂😂
Love the spycraft episodes... love it all

In programming random number that special pattern is called a Seed

great video!
any chance of an upcoming mixology video with Trevor?

Did anyone decode the OTP message 10:43? I'[m kinda curious what it says, but not willing to put in the 30 or so minutes it would take to find out.

Hey, you guys have the same computer speakers I have! :D Cyber Acoustice CA-3602 FFP, right?

2:40 - Half the Internet's security runs on lava lamps (yes that's a simplification and generalization): czcams.com/video/1cUUfMeOijg/video.html
5:39 - It's tricky to do key-exchange, but especially so in-band. But out-of-band key-exchange isn't always practical (Internet).
6:12 - What you thought is also valid. It doesn't make a difference in which order you index the array, as long as it's consistent.
Like you said, OTPs aren't practical in some situations like the Internet, so asymmetric/public-key cryptography endures.

When I was a freshman in high school, I used Norse runes to ask a girl out to homecoming instead of actually asking in person. Bad at dating then, bad at dating now.

I just saw the original code pop up on the screen and in my head went “yeah thats enough letters for “grilled cheese”