The primary draw here is the X.html page, A free, minimal, open-source, highly effective Vigenere encryption/decryption, javascript-run program that could be very useful to anyone desiring confidentiality in their communications, print or email.
IT'S A TEXT FILE ! Look at it! STEAL THE SOURCE CODE! and run that off-line! It runs independently, without any internet connections, under any and all java-script enabled browsers. (including TOR)
x.html |
This is the supporting instruction, & B.S. page for that dinky, dangerous, pocket-encrypter.
Before you geeks start to criticize it's simplistic and crude interface bear in mind the limiting criteria I chose:
|
The above limitations don't apply to this Home page however. (bypass this page simply by: xcryption.com/x.html). But here, below, I can blog, give detailed instructions, discuss spy-craft & fun-stuff, offer sympathetic links, communicate with you, and even possibly advertisements at the bottom. This is a big, bloated, web site, to support a very small, tight, powerful, "dangerous" encryption tool.
Under no circumstances should you think THIS page -OR ANY OTHER LIVE PAGE- on the Internet is secure.
The system is a simple
Vigenere encryption that rather than using only the 26, all-capitalized, no-space, no-punctuation characters like
this, Xcryption uses all the ascii characters on the keyboard from #32 (space) to #126 (tilde). At each "pass" you have the choice of adding UP or subtracting DOWN each character of your PLAIN TEXT (secret message) with each character of your PASS-PHRASE (passwords).
Open
X.html in a neighboring window or tab and get used to switching back & forth.
Each time you want to make a fresh pass or iteration, hit the Refresh/Reload button on your browser. This clears everything for a new entry.
Starting out you have two choices: CODING UP [Cancel] or CODING DOWN [OK]. It makes little difference which one you choose except that you will have to choose the opposite when you want to decrypt the message.
"Message Here". Here goes your PLAIN TEXT, the secret message. Example: This is a secret message.
Hit OK. You may see the text show up in background.
"code phrase". Enter the password(s). Example: purity
The inputs clear away and at the bottom you'll see four pieces of information:
Coding UP
this is a secret message.
purity
e^\]tcduTih_ThX^tgVifK\_
I don't know about you, but I'm a
...but for now -after you've snagged a copy- let's hit the REFRESH/RELOAD button and decrypt the cipher-text:
e^\]tcduTih_ThX^tgVifK\_
Choose UP or DOWN - as long as it's NOT the one you chose before
In the "put 'er here", Paste the secret message: e^\]tcduTih_ThX^tgVifK\_
Pass Phrase: purity
Now you'll see a reverse result:
That's all there is to the basic, fun version. Enjoy it. Play with it. Practice encrypting & decrypting. Experiment with all the variations.
Lite: 95 % of the time I expect Xcryption to sit in a neighboring tab or window while the user is composing his/her email while on-line.
Xcryption's little input windows don't make the best text editors. You will find the copy/paste functions from other sources works great for stuffing in large messages. I copy & pasted this page's entire contents in the plain-text "put 'er here" box, and in the "code phrase" box, and decrypted the results. I actually don't know what FireFox's INPUT limitations are. I haven't found them yet.
Compose your plain text message in whatever editor you enjoy. Copy & Paste it into the "put 'er here" input box in Xcryption running in another window. Enter in a pass-phrase to generate your encrypted message (shows up on one long line at the bottom). Highlight & Copy the encrypted message and Paste it where your email message would go.
SEND. Presumably the email receiver has the password/phrase (exchanged previously), knows whether to code:UP or DOWN (both if he forgets!), and reverses the procedure.
-this gives you some idea of where I'm coming from.
It is especially easy for them when your message and the pass-phrase are both in plain english.
Embedded in: H\_ RbSKe^_USX UKWNrhbLga aRDZrb[U[\nQiDXXtgVbX QSVVbh_Kogol`.....
is both: "all experience hath shewn that mankind are more disposed ....."
and worse: "for libertyfor libertyfor libertyfor libertyfor libertyfo ...."
"Well, I'll just run my code 'through the blender' two or more times with different passwords ..."
Yes, that would be a little better. And your recipient would only have to remember two (or more) phrases: "and justice" would work; but here's the catch: When you combine the two (or more) passwords you'll still get one (though nonsensical) pass-phrase: I_X X`W[]Y`
and while your operatives may remember "for liberty / and justice", the hackers don't care and will find the repetitive pattern: I_X X`W[]Y`I_X X`W[]Y`I_X X`W[]Y`... quite usable.
Thus the Rules of the One-Time-Pad:
NOTE: DO NOT USE YOUR MESSAGE AS A PASS-PHRASE FOR ITSELF - for a million reasons we'll get into later. Don't be lazy here, Find an obscure text.
TIP:With all this copy & pasting going on, you'll find a simple side-editor (Notepad, Pluma, etc..) indispensable as a temporary "depository" for all your clipboard dumps.
Abiding by these simple rules (and a few additional precautions mentioned below in the Tin-Foil Hat section) you should be able generate encrypted messages even the NSA cannot crack.
My "for liberty" example above included the instructions: Code: DOWN pass phrase: for liberty but that is the very information you want hidden from interceptors. You have to work out the details ahead of time. You do not want your agents calling on unsecured, wireless phones asking: What was that password again?,,,"
Below are examples of how you might do it.
Create a pile of "Garbage" pass-phrases and copy them to flash drives, -an electronic version of the classic flash-paper one-time-pads. Of course, like the old paper codes, if your flash drive is found, you're compromised. You should have an file-alteration scheme that each agent carries around in his head.
But then, how good is that? Extortion, warped consciences, Honey-pots, money and torture work! (contrary to what John McCain may say). Then your whole network is rolled up, along with all previous cipher-texts.
It might be better to create a unique pass-phrases with each message, with a unique system for each agent.
WHOA!
I thought I had a system to do that and published the steps here. BOY WAS I WRONG! The idea was
All hunky-dory UNLESS SOMEONE HAS ACCESS (assume they do) to all three of the transmissions.
They'll take transmission #2 (B to A), and combine transmission #1 (first A to B) and extract B's passphrase,
which they'll use to decode transmission #3 (A's finale to B) before B does.
I hope I didn't screw anyone over with that suggestion. It's not like any of you are TALKING to me!
Sending the pass-phrase embedded in the cipher-text is not as secure as the PDF trick, Not by a long shot, but it is handy.
Press
You'll find one right in the middle of the encryption below:
Y n },dyrdz!ie#)vz)wys#lc_*vQ`ll*Srb!qf+/Zg[*Uwf:fcmof$(&Zin }otNxii)d.)=&tZc w"tu)#^}pcw.;b]`f$xgSv}W$C+kf4#U^,%p_ctw]n \+Y gegu|Y`Wcq}W//tPV"(|nd%XYV$#Ru!s#q,n.aeknnQZ)l}$e#2%Xwg]+fY4/TY$qZnu&mj)cmYsR'Lukt^c|j$bW!yma?%Suqpx|v+wTe"dojWtA 7a[ .vquluqppmFd/i|XzV& r\dqwt%XplH&!p*r{*mxzMWica%_Ql%eu$sY |
All the text behind "kikKi" is pass-phrase, all the text in front of it is message. Code: DOWN
You will of course, have your own variations. A good idea would be to shift "kikKi" a few pre-designated places to the right or left (to be corrected by an informed receiver), because, in case you haven't noticed, if your message doesn't line up perfectly with it's pass-phrase, it's all garbage.
The "kikKi" trick has the advantage that your agents only have to remember one nonsensical, non-English word. BTW: don't use " kikKi ". Get your own word! Actually, get a list of words and use each ONLY ONCE.
Another variation on the "kikKi" trick: Look at the last characters of the encryption. Nine characters from the end you'll see: " _Ql% ". Reverse the case of the letters and you'll get " _qL% " that happens to be the vital first four letters of the pass/phrase. Scan for " _qL% " and you'll find it. We disguised the cases because REPETITION is what the breakers are looking for. All your agents would need to know is where to look: 9-In, 4-back, change case. Your variations of coarse, will be different.
Best Yet Another variation: Basically this is a "folded" encryption scheme. Smarter breakers will check for that. Here's a brain-flipper for you: Let the "included" pass-phrase be only a preliminary phrase, that needs an additional pass-word run-through Xcryption, before it is the genuine pass-phrase.
There. Now you've sent the pass-phrase with the message, the re-run pass-phrase will be the right length, and random enough to qualify as a one-time-pad. -Maybe.
The problem with the " kikKi " trick is you're still sending the "keys" along with the "lock". Code Breakers have strange brains. They will work 1000 times harder to crack your scheme, than you did to implement it. As clever as we code-makers may think we are, the code-breakers are the real geniuses, and will enjoy prying their way through the smallest cracks we never thought were there.
Even if you enhance the encryption scheme with the Transposition Tools offered below, a Tin-Foil Hat paranoid should feel uneasy. The PDF trick requires a lot more training, and more mistakes could stifle communication, but I believe it is 100 % NSA proof.
Suppose I sent you the following encryption along with this single instruction: J85
I promise you it is unbreakable unless you were given this pre-arranged information to work with J85:
Additional precautions:
Like all good tools, Xcryption comes with it's basic instructions glued to itself in plain sight. Everything about it, it's directions, inputs, operations, and output, all fit on one page, one screen. I expect it will be distributed and used in the PUBLIC DOMAIN by itself, and not everybody will have the pleasure of finding their way to this, it's home page. I am hoping they will eventually, but realistically, like everything on the internet, in the free-world, it's out of my control.
Many people are scared off by the:
That may not be too bad an idea, even if you're getting it from this website. It is possible this whole website may have been hijacked. If "Xcryption.com" has not become a household name by the time you're reading this, the brand could have been replaced by anything. The only safeguard you've got for any on-line application is
Fortunately, it's very short. Basically, you are doing a manual, visual scan checking for viruses and trojans.
"What am I looking for if I'm not a JavaScript programmer?"
Even this web site's address: www.xcryption.com, Xcryption's home base, should not be there!
Nothing should look more mysterious than this:
P$=(String.fromCharCode(K$[i]) + " --- "+String.fromCharCode(L$[i]) + " --- "+String.fromCharCode(M$[i]) + " --- " ) document.write(P$+" "+i+" "+K$[i]+" "+L$[i]+" "+M$[i]+"<br>"); P$=""; }Get a trusted nerd to look it over. Then save a copy to a local drive to run when you're off-line.
When I wrote Xcryption (within my fore-mentioned limitations) I went a-googling in search of similar encryption services, asking primarily: "Can they work OFF-Line?" The answer was an alarming, overwhelming, "NO". How are they going to make any money that way?
------------------------------------------
------------------------------------------
This one seemed to have a built-in, on-the-spot encryption program. To test it further I downloaded the whole HTML page, though it was full of mysterious references, sub-routines, and functions. I went off-line to test-run it, expecting it to crash with a "Page Not Found Error" (the tell-tale of a tracker on your trail). I was surprised it didn't crash. No, it
Folks; When I say "disconnect" or "Off-Line" I mean: "pull that sucker out of the wall!". Only when I pulled my modem out of the machine, and wiped out all my cookies, did that encryption program fail to run.
|
As adamant as these services are about the strength of their encryptions they still require you to send them your messages on-line before they work their "magic" on them and sent them back to you encrypted. Many have you install a local application in which you plug in your "personal" pass-word so that "...even we can't decrypt your message.." -yeah, sure! Anyone who understands the weakness of the Vigenere, knows that's a crock-of-* After they've encrypted your message with their special algorithm, so that: "...even YOU can't decrypt your message...". -No thanks.
These services won't tell you they have Masterkeys
What makes Xcription unique is it is designed to work off-line, preferably miles away from any internet connection. And after you've examined it's innards for external links, you'll know it is not sending your messages straight to The Dalles , Quincy, Clarksburg or Bluffdale.
Nor are your messages being stored in some "secure" depository, promising "never to cave in" to any governmental subpoenas. 1. and 2.
Now that we have eliminated the possibility that the encryption program or service itself is not a direct info-hemorrhage, we need to concern ourselves whether our communications lines are being tapped:
------------------------------------------
http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data
In other words, THEY'RE WATCHING YOU. The Tin-Foil Hat mentality is not all that far fetched.
When did they start parking that van over there? I suspect my own, personal, G-Man moved in next door: The Hunter Thompson sunglasses, military-styled field-cap and cargo-pants, 24/7 at-home schedule, and the strange, extra domes on top of his trailer, are dead-give-aways. His cover-story as an anarchist, health-nut & musician, is a good one, but blown. Hello B.R. 'see ya around!
|
I would recommend RANDOMLY selected McDonald's. The decor is so sparse that they can't bug every table, the background noise cloaks conversation, their WiFi has to be logged onto (turn your's OFF anyway, and if you need it, get your power from extension cords far from their power outlets.), and you should be safe.
Take your laptops and thumb-drives there to do your Ultra-secret conversations, compositions & encryptions (-Once encrypted, delete the original plain-text and pass-phrases from Notepad-depository), and come in from the cold with nothing but encrypted material.
I would recommend emailing the cipher-text from a different location than where you composed & encrypted it, -but that's just me.
$1000.00 REWARDI am offering a One-Thousand Dollar Cash Prize to the first person who cracks the message below. (I would feel confident offering a Million$, but I don't have a million$, so what incentive would that be?). Perhaps some mid-level analyst in the CIA, FBI, or IBM employee, will take up the challenge and plug the code into the company machine to see what it can do. Good Luck!
I will tell you only this about the cipher: it was created using only the tools available on this web site. |
$C@dXW?]!z&t%bRrloSZ_5IaQHumLAdDcLI7_Q^K3rTKTQSVETCTPMOlB=}WTMYgUEERYKBePZHS !Vh^8[Y\_TPPNR/LH^:eb?Y_AETL2F^}EUI?6aPIcNu}.GS`RDDdKRRGFRQSeEZ^Xue}PRUKiLmXDbLZbXG,8T]M]G1gYLbYG<WI@erI;YoZl$mX.&(p_QC[Gk^\nbOYjL]$f8TUkES_DO?&mW@we]YZFMDZRDae+>JVLb>]\APtZBN[<Kd!QVsop+$3![bzlm,{@Q<YbEMBJ"h<iJ=e]H.\R6KR@^X@IUeRQlM.DP0!u)RN&dSKWio,eHIEXDiGQ\80_SRMHU?RADbiN9=PgpqnN:SB\q]]PAAHjTCP)bbe<BV[XEJLYJKX]Dpg5OSmY@KHfguuw\$tpv\WU]bTHVWM=P[Dk_EJ/tD@IESdFWth5Ygh8\Xp'xum>Fuj_YAOcEV_Lh/ 8F`h?cg\cLJKWhJcOaGM4]H)hH?>g<_kMCI^BhINH%BT^vb[" |
Now that that's out of the way, we can have fun with "breakable", pencil & paper ciphers. Bring your kids on board for family challenges .
Note: Most secret-code/encryption schemes demonstrated stem from the good-old days when the work was done by candle light with quill & parchment, and what you wrote could cost you your head. Thus: ALLCAPSANDNOSPACESORFORMATTING is what your messages will look like for all the FUN demonstrations. You'll be able to import & export examples from/to other cryptology websites, and of course, slip back into pencil&paper mode, which is always fun. And everybody can scribble on their own papers without having to crowd over the computer.
Also, full Tin-Foil Hat Paranoid, One-Time-Pad, unbreakable-even-with-a-supercomputer encryption may be way more than you need.
Often, a simple password cipher will do the trick. If, as in a time sensitive situation (a raging battle for example), you don't need an indefinitely, forever-unbreakable code, -Just one that will remain unbreakable long enough for the out-dated message to be irrelevant.
Cracking my cipher may net you a $1000.00, but it won't get you the glory or notoriety of cracking the fourth part of
Kryptos
The claims of earliest solving of the first 3 sections, (dubiously claimed by the NSA) took
A good example of how to run the program will be to plug in Kryptos's own solutions to it's first encryption:
For "Vigenare?" enter: Palimpsest
For "Alpha-Embed?" enter: Kryptos
you can ignore the first "Secret Message?" But for "Secret Message to decrypt?:" enter:
I'll write a super-Kryptos, full-keyboard version, if there comes a demand for it.
The output will look like this:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 A B C D E F G H I J K L M N O P Q R S T U V W X Y ZWhich translates, table-wise, to: For every letter on line "1" replace it with the letter at the top (or vice-versa) "There is no change", yes. You could call this "ROT-0" or "rotation zero" or "rotation A". -a start to the classic Caesar Cypher , the first one we learned in Cub Scouts, Example: GH LNL XNT BZMS QDZC SGHR , a mere shift of one (ROT-1), that you should be able to break in your head. Julius Caesar was known to go 3 places over (Rot-C), which may have been adequate in his time, when very few of his enemies were literate. ROT-N / ROT-13 is a popular cypher on the internet and has the advantage that all the letters line up in both directions A=N and N=A
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 N O P Q R S T U V W X Y Z A B C D E F G H I J K L MThe simple Caesar shift is limited to only 25 permutations (excluding the non-shifting, "zero" or "A"). Though the code-maker has 25 choices, all the code-breaker has to know is 1 letter to crack the whole code. (BTW:The entire, handy, 26 X 26 table shows up if you enter all blanks in Kryptos-Maker)
Fun with your kids: have them write you a secret message using pencil&paper, a Kryptos-Maker single-letter table, WITH SPACES, and bet them you can crack it. Look for an isolated letter and you'll know it has to be the only single-letter word in English, "a", and there is your rotation key. If there is not a isolated letter, you'll have to go for the two & three letter words and actually do a little code breaking to find the ubiquitous English, but you'll look like a genius until you show them how you figured it out.
Another simple enciphering system that Kryptos-Maker can help with is
Alphabet-Altered ciphers.
Re-run the program again. Enter blanks for everything except for "Alpha-Embed?":
type in any words or phrases of your choice.
EXAMPLES: The quick brown fox jumps over the lazy dog , or even the word "KRYPTOS".
The program (top line result) strips the spaces, punctuation, duplicate letters (each used once), converts to all-caps, and leaves you with a re-arranged alphabet. Put the regular alphabet under the new alphabet and you have simple alpha-shifted coding tables:
T H E Q U I C K B R O W N F X J M P S V L A Z Y D G A B C D E F G H I J K L M N O P Q R S T U V W X Y Zor
K R Y P T O S A B C D E F G H I J L M N Q U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y ZSubstitute any bottom letter with the letter above it for a quick & dirty, little cipher-text. Breaking your children's coding with this system will be tougher than the the Caesar Cypher was. If you should find an isolated "a", all you'll know is where the "a's" are. You can then move on to the "the" 's and hope for more. You might get lucky with "W, X, Y, & Z", being the last letters, if not used in the Alpha-Embed word, will not change.
What makes these two (Caesar & Alpha) substitution cyphers weak, is that once you know what a letter is substituted with, it never changes. All "A's" = "T's", "B's" will always be "H's", etc... Vigenere (and a few others) changed all that.
A simple Vigenere de-coder like below can be hand written or typed out (use courier font for block line up):
An easier option might be to go to the Kryptos Maker and print out micro copies of your own custom table. But, that is plain, all-caps, no puncuation. I could write a super-Kryptos, full-keyboard version, if there comes a demand for it.
Now for the full-blown Xcryption paper-version, using the whole keyboard character set.
V
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Print out the image below. Cut out each line and tape sets I & II overlapping the pink "space". Do not neglect the space character between the "!" & "~". The third set is the slider. To use, Align the individual pass-phrase letters (slider) with the central (pink) SPACE character above. Test your results against Xcryption.
further discussion to follow...
.
.
The first transposition tool merely reverses the order of characters in units of a given length.
example: 123456789012345678901234567890
transposed in groups of 5
becomes: 543210987654321098765432109876
example: this is a long message
transposed as a group of 22 ( it's length )
becomes: egassem gnol a si siht not very cryptic!
As you will see, shorter groups of 3 to 5 may be the optimal "confuser" for hiding "English". You want to break up the vowel groups.
Restoration? Re-run the encrypted code with the same number. It'll come back in original order.
.
.
.
.
.
In my own country, the United States there is ample evidence of the government surveiling ordinary citizens. While this is understandable in this age of terrorism, when the Obama administration was asked who they considered the greatest threat, they answered "Conservative, Right-Wing hate groups"! When pressed, they admitted they considered the TEA PARTY to be a "right-wing hate group" and it's members needed watching. The scandal of the IRS targeting Tea Party organizations exclusively demonstrated who they think the real enemy is. US!
Someday we patriots may need again "Committees of Correspondence", and Xcryption may prove useful to the people's free communication. The Obama/Clinton regime has expressed a will to deprive us of our Second Ammendment Rights. I have no doubt the First Ammendment is not far behind. Xcryption may become a tool as necessary to secure our freedoms as our firearms.
"But what about ISIS?", I wondered, would I be helping them? The problem with monitoring ISIS activity goes far beyond encryption. Upon studying their methods their first defence is ARABIC, and our intelligence services have far too few Arabic speakers to do the job. For the most part the terrorists don't need encryption because they use a simple CODING system; word substitution, little different than our Navajo Talkers. The shear volume is overwhelming, and importing even more Arabic-speaking immigrants is going to make monitoring international communications even more of a nightmare -THANK YOU HILLARY!
Bearing all that in mind I chose not to produce an Arabic (or even a universal) version of Xcryption, at least until foreign threats to my country subside. I don't want to help the bad guys.
Also, I'm holding off instructions of simple Steganography until the time comes when even I may have to start using it (If Hillary gets elected).
Noticing however, that most of my traffic is in Russia & Ukraine, I decided to produce a cyrilic version for them, as any government that is trying to supress it's citizen's communication is a government that Xcryption was written to oppose. The super-simple, open-source, stand-alone nature of Xcryption protects it from the most adept hackers, Government sponsored or not. IT'S A TEXT FILE ! Look at it! Nothing can hide in it's code. It runs independently, without any internet connections, under any and all java-script enabled browsers.
.
.
.
.
.
... Uh, no.. I lost BREAKER. But try this:
Plug in a paragraph into my simple vingenere.htm and a 4 or 5 character password.
Then take the result to THIS GUY'S WEBSITE and plug it in. He broke mine on the first try! (but only when I gave him the key-size and CODED UP. Coding DOWN stumps him.) A long message, with a short, English, password, is peanuts to these guys, -and that is just a dude's website! Imagine what the serious guys can do. to be continued...
.
.
.
.
.
.