Is it possible to set up a totally secure communications method

that can't be snooped on by anyone? Something like a message board hosted on an OpenBSD machine that's just not hackable and doesn't have back doors that are federally mandated? Is there anything like that?

Some kind of PGP encryption that can't be sniffed out? For some reason, I don't think there is anything like that. Anybody have any ideas?

http://waste.sourceforge.net/

"WASTE is an anonymous, secure, and encryped collaboration tool which allows users to both share ideas through the chat interface and share data through the download system. WASTE is RSA secured, and has been hearalded as the most secure P2P connection protocol currently in development."

WASTE is a software product and protocol that enables secure distributed communication for small (on the order of 10-50 nodes) trusted groups of users.
WASTE is designed to enable small companies and small teams within larger companies to easily communicate and collaborate in a secure and efficient fashion, independent of physical network topology.

Some bits of information about WASTE:

WASTE is currently available for 32-bit Windows operating systems as a client and server, Mac OS X as a limited client and server, and as a limited functionality server for Linux, FreeBSD, Mac OS X, and Windows. Porting to other operating systems should be a breeze, as the source is provided (and the network code itself is pretty portable).

- WASTE is licensed under the GPL.
- WASTE currently provides the following services:
- Instant Messaging (with presence)
- Group Chat
- File browsing/searching
- File transfer (upload and download)

Network architecture: WASTE uses a distributed architecture that allows for nodes to connect in a partial mesh type network. Nodes on the network can broadcast and route traffic. Nodes that are not publicly accessible or on slow links can choose not to route traffic. This network is built such that all services utilize the network, so firewall issues become moot.

Security: WASTE uses link-level encryption to secure links, and public keys for authentication. RSA is used for session key exchange and authentication, and the links are encrypted using Blowfish in PCBC mode. The automatic key distribution security model is very primitive at the moment, and may not lend itself well to some social situations. more information.

Back when, we played the radio really loud in our offices to keep lasers bounced off the windows from picking up conversations. All wiring was exposed so tracers would be hard to install.

Depends on what you mean by secure.

into secret societies, like the Knights Templar who eventually morphed into the Freemasons...the first three degrees had 'colors' which became the basis of our flag. Red, white and blue are the 3rd, 1st, and 2nd degrees colors.

Never a written record, and still much only verbal despite the internet age, Freemasons can communicate some things with a phrase and the general public wouldn't know. Howzabout dis: Right now our country is facing a disaster due to the Bush economic program; "Is there no help for the poor son of the widow of Naphtali ?" would be one way to get a distress call out.

Maybe more people could just say that with me...

The 'Open Secret' is what you're looking for. Take a look at the street layout of Washington DC too. From the Capital steps in a V with the G of the Washington Monument ... and looking from the Lincoln Memorial at the West, with Jefferson Memorial on the south, and White House on the north...Why, you've got yerself the Masonic compass and square with the G in the center now, don't you ?

BTW, stay away from computers and stick to analog. Require compartmentalization and ritual for the degrees of advancement. This makes infiltration more difficult. Spoken or visual codes too. The KT had 'tylers' to be lookouts during early lodge meetings. Freemasons kept this system.

Early CIA tried to mimic this but they were mainly Knights of Malta and Catholics...and didn't do a very good job of it.

for the simple reason that it isn't possible. There's no such thing as 100% secure. The best you can do is define as precisely as possible what it is you want to do, what aspects of it need to be secured and why, and define reasonable security procedures that solve more problems than they create (all security solutions create problems). This is why Phil Zimmerman named his software Pretty Good Privacy (PGP).

See Bruce Schneier's article 'Security in the Real World: How to Evaluate Security' for a start. http://www.schneier.com/essay-031.html

Abstract

I'd also point you to Schneier's Crypto-Gram newsletter. http://www.schneier.com/crypto-gram.html

you could go inside a lead room with another person and communicate in sign language. I'm sure that would be quite secure.

that is perhaps not as convenient as desired, but google up "one time pad". Perhaps a message encoded using a one-time pad, hidden in a video file would be very secure? I suspect that if they are looking at you hard enough, nothing is really secure.

create random transpositions of letters that only you and your communicatee know.

or buy two copies of books (dictionaries are awesome) and communicate by either page number or leading word on each page.

nothing totally secure, but it requires resources to crack.

By George, you've done it! That's the only way! I remember how to break a cipher, it's doable. The book code is the way to go! It's the one that works!

I think all I need is a couple of dictionaries in .pdf format for quick searching, and use that method. It doesn't even have to be a dictionary! Any book, or set of books, is good enough.

There's got to be a thousand books in .pdf that have a rich enough vocabulary to do this with. No need to get all high-tech... this will do fine.

Throw in a math book or chemistry book for numbers and it's all good.

Thanks!

i'm all crafty and gotz cryptoskillz...:D

How about encoding copies of The US Constitution into various photos using steganographic encryption?

Just for fun.

The government has programs that detect and crack steganographic images, to make sure that terrorists aren't encoding secret plans in cute pictures of kittens.

It might eat-up some government resources to randomly encrypt photos with things like The Constitution, Declaration of Independence, The Story of O, Canterbury Tales, etc.

nah, i value my life...if they waste time decrypting photos that turn out to be the Constitution, they'd come after me and just kill me...

and how would you go about doing such stenographic encoding (i think that's what you're trying to say?)

revamp US intelligence. The alcohol fuelled fog and bbq smoke signals, as the VC used morse-coded clotheslines during the war, show that with a little humor, they can infiltrate the CIA even, just as Knights of Malta and Opus Dei have already--Hannsen was/is Opus Dei member remember.

With the teraflops at the hands of the powers that be it's only a matter of femtosecs before them there crypto dood skillz are cracked, hacked and smacked.

hear?

tha MAN not be able to crack my cryptoskillz.

That's Kroc with a K like Crocodile but not spelled that way.

Listen?

i'm so white.

:D

you cannot communicate digitally at all. If you have the dictionary in .pdf format, so does the NSA. If the computer you are using to encode your documents is connected to the internet, AT ANY TIME, you cannot assume your communications are secure. Your best bet, quite frankly, is to simply be boring. Encoding your communications too securly is just going to attract attention to you. (two men meet at a fair to talk, un noticible among the crowd, compared to two men doing semaphore in the middle of a park, which attracts more attention?)

I have a friend who may, or may not, work for a government agency that may, or may not be located at Fort Meade, Maryland (frankly, I have my suspicions, but I really have no idea, honestly) And his advice to me (his hobby is encryption and really fucked up math), which may or may not be useful, is to basically assume that anything you say or write on anything electionic is being listened to. Look, I don't flatter myself that the government gives enough of a shit about me to bother listening to me, but you pretty much have to assume that they are. There is no safe encryption using digital technology. As smart as the encryptors are, the NSA has smarter people. No one has better computers, no one has better mathmeticians and computer scientists. no one has more money or experience. If they want to read your mail, they will. If they want to hack into your desktop and put naked pictures of carmen elctra and a mule on it, they will.

What i do is just speak normally and no one pays attention.

The government regularly uses programs to sweep the internet looking for stego-encrypted pictures.

using hand signals only you and your naked friend know.

If you share any information with anyone other than yourself on the air or wire it can be decoded by NSA. If it can be encoded it will be decoded by those that have the heat. The only secrets are those kept within yourself...for now.

http://www.spynumbers.com/enigmaG15.htm


When in doubt, do as the Mossad.

To superencrypt something, you choose an encryption system and put your traffic through it. You then take the encrypted traffic and put it through another encryption system...and do this at least three total times. At the distant end, the receiver passes the traffic through the decryptors in the order reversed from what you used...if your keys were NIXON, FORD and CARTER, the DE has to use the CARTER, FORD and NIXON keys.

This is good security for a lot of things, but for the really secret stuff you must also use one-time keys.

If you can't set up a non-electronic communication method like talking face-to-face in your car while an Ozzy tape is playing in the stereo, three-pass superencryption will have to do.