Encryption - Do you Need it

[JohnyMac]

I have been getting more and more involved in encryption; Specifically, encryption via email, text, ham radio* et cetera. I would like to get an updated discussion on encryption started again since the earlier day at UnchainedPreppers when APX saw the future and started this Board.

First lets chat about texting using your standard cell phone through your provider. Obviously it isn't the most secure way of communicating. There are other forms out there you can use such as ZELLO and SIGNAL but how secure are they? I think ZELLO is owned by Google - Need I say more. What experiences do you have? What system outside of just texting do you use?

Next is emailing via a encrypted site. APX leaned heavily towards Thunderbird which is complicated. I recently switched to Tutanota.com for my encrypted emails. Probably not as secure as Thunderbird but a hell of a lot easier to use. A word of caution for folks who use Tutanota, the folks you send to or receive from need to be setup with Tutanota or there is a lot more involved communicating.

Last is using a more modernized Shifted Alphabet Code. Do you remember when you were in middle school and sent notes between friends using a shifted Alphabet code?

Then there is a BREVITY CODE which our military uses. If you would like to learn more about that please go here to an article NC Scout wrote about on his site, Brushbeater.

In closing lets start a discussion on the subject of encryption.

* You can not use amateur ham radio frequency's to send coded messages by phone, CW, or digital. Well at least legally. 

[grizz]

Im interested but dont know anything about it

[Nemo]

Just Like Me.

Nemo

[bennington.camper]

You had an asterisk next to Ham Radio, but no elaboration?
I must say that with a ham radio, you must communicate in plain language, as far as I remember the law. So I went to part 97 and found the following in 97.113 a 4;
no ...messages encoded for the purpose of obscuring their meaning...
So I would refrain from using that for a means of encrypted comms.

I started using PGP many years ago, and lately I looked back and see that it has gone commercial...

[pkveazey]

Hmmmmm...... In today's world(non collapse), codes, ciphers, and encryption is pretty much not needed. With that said, I still don't see a need for special codes on Ham Radio since there are at least a dozen digital modes available being used on HF radio and could just as easily be used on VHF and UHF. CW, PSK, Hellscriber, and a many more are already in place. If someone wanted to decipher your messages, they would have to know what frequency you were going to be on, when you were going to transmit, and be set up to copy the digital mode you were going to use. Even in PSK31, it just sounds like a whistle and you can send a paragraph in about 5 seconds. In a total collapse situation, rules aren't going to mean squat. I'm taking a wait and see position. When the SHTF I'm going to see what other people are using and that's what I'm going to use unless my message is very private and something very special, in which case, I'll pick the least used digital mode and use that. 

[Jackalope]

     Well, to start with, I avoid the need for encryption by using meet space, as much as possible.  I assume ALL internet and cell phone traffic is intercepted and analyzed.  My gut feeling is that encryption will draw unwanted attention from the NSA and other alphabet agencies.  Once that happens, then you will always be watched.  One time pads would probably be a good way to get a message out(https://amrron.com/2018/03/18/amrron-dark-labs-otp/ ).  If using a radio, a short one time burst using a digital mode on a pre-coordinated frequency with the frequency chosen in relation to expected propagation and distances involved.  An armed courier is another alternative, but a courier can be intercepted as well.  As I stated previously, the only sure method of communication is meet space, and then you have to be concerned about eavesdropping with sophisticated monitoring equipment.  I'm also a firm believer in KISS, keeping everything as simple as possible leaves less room for errors.

     In another life, I was a contractor, with the highest security clearance for some government agencies working primarily with data encryption.  Even at the highest, most secure levels of encryption there were holes in the system.  You need to have a plan in the event that your encryption is broken, be prepared.  As an old school type of guy, I've always preferred a book cipher for encryption, as it is simple.

[JohnyMac]

There is encryption that is 100% none breakable. I will give two examples.

Example 1
Using a Brevity matrix that changes by mission, month, or quarter is unbreakable for a period of time. Before a military team leaves the wire, part of the SOI (Standing Operation Instructions) would be a new Brevity Matrix for communicating from the field to the TOC (Tactical Operations Center). Now of course the TX (Transmitting) and RX (Receiving) teams have to have the same matrix.

Example II
Now take your Brevity Matrix and then transfer the verbiage to numbers like you might have done using the aforementioned shifted alphabet code. This use to be done by throwing 10 sided dice. You can only imagine how long that would take BUT this is strategy that can not be broken without the key.

If you do not want to roll 10-sided dice you can use what Jackalope suggested, a OTP (One Time Pad). I own one from Dark Labs and it is slick!

http://youtu.be/A26KeZ7nJZw

Thank you bennington.camper for pointing out my omission for the asterisk. I fixed it; However, you are 100% correct sending a coded message on a amateur radio frequency is a violation of 97.113 a 4 FCC Amateur Radio rules and regulations. I am not advocating breaking these rules BUT the FCC does a very poor job of monitoring the air waves. Case in point - Nellie Ohr (Fusion GPS), Bruce Ohr (#4 at the DOJ) wife was communicating with British spy Christopher Steele via ham radio and a Brevity Matrix. To learn more go here.

So a quick SALUTE (Size, Activity, Location, Unit, Time And Equipment) report on a previously agreed upon frequency at a agreed upon time, not using a station call sign or a fake one, would not be detected by anyone and could not be RDF'd. I confirmation could be given on a completely different band/frequency.

For you digital ladies and gentlemen, you could use digital encrypted with your Brevity Matrix and OTP key sent at the end of a BCC, RFA (Radio Free America), RFE (Radio Free Europe), et cetera and nobody would be the wiser.

By the way, this discussion would get you shot or at the minimum locked up, in many countries. Just think about it.

Now their was a comment from one of the folks about the need for encryption. I think it is imperative especially when "a" or "the" reset happens. We need folks around the country that can safely send accurate updates on what is happening in their AO (Area Of Operations) rather then only relying on the main stream media. A great example would be what is happening at the border with the caravan right now.

If you think my comments have merit, now is the time to practice not when the SHTF.

With that diatribe in the hopper, Jackalope  what is "meet space"?       

[Double D]

I would say encryption is useful in pre and post SHTF periods. I have procured an ADL-1 and I am very impressed with its simplicity and function. I am producing OTP for practice use on alternative modes such as text and chat. It takes some practice to become proficient. The idea is to get like minded folks who you associate with up to speed. Meat-space is a great place to share those pieces of paper that need to be shared for this to work well. A code book would also be useful as JohnyMac describes.

From AMRRON, a good primer:
https://www.amrron.com/wp-content/uploads/2015/05/one_time_pad.pdf

A very useful link. I advise printing out in full:
http://citizenmilitem.com/wp-content/uploads/2015/05/SignalsVOL_1.pdf

Authenticating in a SHTF environment is vital. I discussed this with friends the other day. In certain situations, we would depart from amateur rules. We would need to clean up our digi modes by using tactical call signs, turning off PSKReporter and disconnecting from the internet entirely to maintain security.

It is not enough to assume others will not record a transmission. Although the mode we are using may not be identifiable immediately, once recorded it is available to be analyzed. It is possible to DF HF. Mobility would be necessary in certain circumstances.

Using encryption in email and for internet is almost always a good idea as long as we can legally do so. It is not at all certain this will remain the case.

For tactical radios, commercial options exist with some levels of encryption. Frequency hopping radios such as the Motorola DTR 550 provide excellent security against almost any listener without expensive .gov equipment. I use digital radios in my home set-up that few are going to be listening to and it is possible to select encryption modes on those as well.

On the other hand, encryption designates you as a target of interest. This is true on email and internet transmission. The use of TOR is one that gets noticed by ISPs. Anonymity is hard to come by. If you are trying to stay anonymous it is difficult but not impossible. Using chat apps like Signal is good trade craft but might indicate suspicious behavior to an adversary.

I use VPN for internet. My employer seems to have blocked this option recently.

Back to radio, encryption and comsec are good things. I need to practice more.

[JohnyMac]

Holy Crap D2 great stuff!

Thanks for sharing 

[zeerf]

  Great info and links D2, thank you!

[Morgan_Sobriquet]

Good day... I was an operations specialist (OS) in the Navy and we used encryption a lot; whether it be over the "red phone" or over the air with voice comms; and also using specific code words (bead-window 06), and we also had book filled w/ words that had letters and numbers next to it to send to the other ships - example: (DOG) KN2... and then we also had an authentication table to authentic other ships "OS" who were on the air (24/7).  The CIC (combat information center) was always manned by the OS group, tracking both ships and aircraft - the TAO (Tactical Actions Officer was always on duty - he had the red phone)... I've created a similar code book filled with words and codes that can be randomized by a click of a button.  Not the fastest way to send info - but it is pretty secure - and if you really wanna get "secret squirrel" take the codes from the book and use a one-time pad to "KAK" it up (KAK = encrypt).  Then send to your receipient the CODE book with the one-time pad and decrypt it.  It's slow going to decrypt, but it would be VERY difficult to break the msg.

[JohnyMac]

Amen Morgan.

I have a OTP setup with many folks for multiple RX/TXing. Once used they are discarded and we move on to the next OTP. 

[Obh]

First lets chat about texting using your standard cell phone through your provider. Obviously it isn't the most secure way of communicating. There are other forms out there you can use such as ZELLO and SIGNAL but how secure are they? I think ZELLO is owned by Google - Need I say more. What experiences do you have? What system outside of just texting do you use?

Texting is not encrypted. While the new RCS chat feature for Android phones says it is, I don't believe it so I use signal. Facebook messenger, whatsapp - no thanks.

Signal is by far, the best End-to-end-encrypted (E2EE) platform out there right now. Open source - so check the code yourself. The only downside is having to sign up with your phone number, which can no longer be used to find you anyway if you have your settings right. Signal had multiple alphabet agency requests for chats during J6, but they can't turn over anything except date of signup because they don't have anything. Everything is actually E2EE.

Zello - hard pass for "sensitive chats". Willingly turned over J6 related inquiries. Groups are not E2EE, only individual chats.

Telegram - only 1 on 1 chats are E2EE, the rest are encrypted going to and from the cloud. Another hard pass for sensitive things.

There are a few others, like session, but its a bit cumbersome to use and isn't as reliable as signal.

Next is emailing via a encrypted site. APX leaned heavily towards Thunderbird which is complicated. I recently switched to Tutanota.com for my encrypted emails. Probably not as secure as Thunderbird but a hell of a lot easier to use. A word of caution for folks who use Tutanota, the folks you send to or receive from need to be setup with Tutanota or there is a lot more involved communicating.

I highly encourage protonmail. Open source. Makes encrypting email to other proton users simple, which is a huge advantage. Its also free. Its not difficult to encrypt to non-proton emails as well (you aren't using gmail right?  ) as long as you share your OpenPGP key. I am a paid proton service user (VPN, email, drive, pass) and to me its worth the cost, but the free versions are good as well. OpenPGP keys also allow you to encrypt and sign messages. I use Kleopatra for that.

The Thunderbird client definitely has a learning curve. Agree Tuta is complicated for non Tuta users. And its not open source.

Last is using a more modernized Shifted Alphabet Code. Do you remember when you were in middle school and sent notes between friends using a shifted Alphabet code?

Then there is a BREVITY CODE which our military uses. If you would like to learn more about that please go here to an article NC Scout wrote about on his site, Brushbeater.

The downside of OTP and brevity codes is how cumbersome they are to actually use.

One program I like is Paranoia File & Text Encryption (https://paranoiaworks.mobi/). It's available for PC, iOS, and Android. If passwords are exchanged ahead of time, you have a good way to encrypt/decrypt messages.

Hmmmmm...... In today's world(non collapse), codes, ciphers, and encryption is pretty much not needed. With that said, I still don't see a need for special codes on Ham Radio since there are at least a dozen digital modes available being used on HF radio and could just as easily be used on VHF and UHF. CW, PSK, Hellscriber, and a many more are already in place. If someone wanted to decipher your messages, they would have to know what frequency you were going to be on, when you were going to transmit, and be set up to copy the digital mode you were going to use. Even in PSK31, it just sounds like a whistle and you can send a paragraph in about 5 seconds. In a total collapse situation, rules aren't going to mean squat. I'm taking a wait and see position. When the SHTF I'm going to see what other people are using and that's what I'm going to use unless my message is very private and something very special, in which case, I'll pick the least used digital mode and use that. 

Big brother already monitors and records every HF radio transmission in the US. With AI making progress, they can likely figure out what's going on in near real time.

There's a lot more than a dozen digital modes. If I hear a digital signal, provided its one I've used, I can tell you the mode by listening. There's also guides out there that will assist in figuring it out by looking at the signal on the FLdigi waterfall, so I wouldn't rely on "just digital" being enough to obfuscate a message, especially if it was sensitive info being sent.

Some programs commonly used in ham radio already support encryption, such as VARA. The option is hidden and you have to know how to enable it, but its there. Note though, it only encrypts the message in transit (so anyone monitoring through VARA won't be able to figure it out). If used in conjunction with winlink for example, its plain text once it hits its destination.