A lot of things just happened when you clicked on this article. Your computer connected to my computer, and each of these words I wrote zipped across the internet to their destination. Since this article contains words like encryption, NSA, and secret codes, it probably flagged something for the NSA along the way — you for reading about it, and me for writing about it. In some giant, government data warehouse, there’s now a record that you were here. We’re probably both on a watch list now. Welcome to the machine, and all that.
About five years ago I wrote a silly little program called eCoder Ring. eCoder Ring is a small program that allows you to encrypt and decrypt secret codes. It does this by using any text file, web page, or graphic file as a key for a one-time pad encryption. Here’s what Wikipedia has to say about one-time pad encryption:
In cryptography, the one-time pad (OTP) is a type of encryption which is impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key (or pad) of the same length as the plaintext, resulting in a ciphertext. If the key is truly random, as large as or greater than the plaintext, never reused in whole or part, and kept secret, the ciphertext will be impossible to decrypt or break without knowing the key. It has also been proven that any cipher with the perfect secrecy property must use keys with effectively the same requirements as OTP keys. However, practical problems have prevented one-time pads from being widely used.
The key to breaking most codes lies in discovering patterns, and in a properly implemented one-time pad there are none. Not to delve too far into details, but the point of eCoder Ring is that it plucks letters out of a keyfile and uses the numerical position of those letters to represent the letters of your message. eCoder Ring lets you use things like digital pictures (which it converts to ASCII numbers and characters) as keyfiles. It also allows you to skew the code by adding variables to start your code further down in the keyfile, or skip numbers, and do all other sorts of random files. Even if you had eCoder Ring and the keyfile used to generate a message, it would be practically impossible to crack a code generated by it without the proper variables inserted into the program.
It is my belief now as it was when I wrote it that the codes generated with eCoder Ring are impervious to brute force attacks. To prove my point, when I released eCoder Ring I included a code and offered a reward for cracking it. At first I was offering a hundred bucks; later I upped it to two hundred, and I think I may have raised it to five hundred at one point. The reward for cracking the code is moot because without the keyfile or the skew variables, the code is unbreakable. In theory I feel confident about offering a million dollars, but I wouldn’t do that for two reasons, the second of which exposes the weakness of eCoder Ring. The first reason is quite simply that I don’t have a million dollars. The second reason, the scarier reason, and the weakness that plagues all implementations of one-time pads is that both the sender and the receiver have to know what the keyfile is. I know what the keyfile is for the message I encoded. For a hundred dollars I am hoping someone does not kick in my front door, hold a gun to my head and demand access to the keyfile. For a million dollars, someone might. When I wrote that original readme file five years ago that contained the code, I specifically made it clear that the keyfile does not exist on any computer I have control over (not my laptop or my desktop and not my server) and no one else knows what the keyfile is, so bribing my kid with candy or PlayStation games won’t work.
But yes, as I joked in the program’s readme file, any codes generated with eCoder Ring will stand thousands of years of brute force attacks, but will fail in seconds when someone shows up to your house and begins to peel your children’s fingernails off as you watch. As a human being who knows the keyfile, you are eCoder Ring’s weakest link. If the keyfile is stored improperly or transferred improperly, the code can be compromised. When some mug shows up and decides to squeeze the cider out of your Adam’s apple for the keyfile, look out.
So why am I writing about eCoder Ring again after all these years?
From 2007 (when I released it) to 2012, eCoder Ring was downloaded approximately 2,000 times.
In the past two months, eCoder Ring has been downloaded an additional 3,000 times.
In the last two months we have learned that the NSA either gathers or simply pilfers through pretty much everything we do on the Internet. They store records of what websites you visit. They keep track of who you e-mail, and how many times you do so. Most signs point to the fact that the NSA has direct connections to some of the largest content providers in the world and pull data pre-encryption, making the phrases “HTTPS” and “SSL” mean almost nothing. The latest NSA-related leak tells us the NSA pays 35,000 people to break codes and crypto. I hope one of those 35,000 guys runs across a code generated with eCoder Ring someday. That would make me chuckle. There are also rumors that the NSA can effectively either crack or circumvent some/most/all encryption methods being employed today.
Based on the increase in downloads, do I think eCoder Ring is the answer?
No, obviously. It’s too cumbersome to be used on any mass scale and too difficult to properly implement. (What I had always imagined implementing (but is beyond my skills) is an API or something that could be used in chat programs, so instead of sending clear text back and forth across the internet, people could send random-looking encoded text.) What these recent downloads tell me based on current events is that normal people are interested in security. Normal people are interested in learning about codes, and keeping their messages away from prying eyes. Normal people are hitting search engines and looking for ways to regain their privacy. eCoder Ring probably isn’t the answer, but maybe it’ll inspire someone else to create the answer.
Link: eCoder Ring