Raspberry Pi Forums

How can I use my Raspberry Pi 2 model B to send encrypted messages to another linux computer? I would prefer the strongest level on encryption that is possible on the pi even if this encryption sacrifices convince.

man ssh

The messages will be sent over the internet to another computer. The computers will not be on the same lan.

rpiswag wrote:The messages will be sent over the internet to another computer. The computers will not be on the same lan.

So what? It's exactly the same.

Would like to use a more flexible setup that would let me pick my type of encryption like one time pads.

rpiswag wrote:Would like to use a more flexible setup that would let me pick my type of encryption like one time pads.

Sounds great. Let us know what you come up with.

No problem. Use whatever encryption scheme you have. Then send it over ssh.

At least then you stand some chance of being secure.

What do you mean by

At least then you stand some chance of being secure.

?

rpiswag wrote:Would like to use a more flexible setup that would let me pick my type of encryption like one time pads.

Well, maybe it's just I don't understand how it works, but how could one time pads being flexible?

A properly implemented one time pads require a real randomness generator and a password as long as the message, and a secured method to bring the password to foreign site.

It's just...normally, why not you just bring your message via that secured method instead of passwords? And how could you ensure that password exchange method is as secured as one time pads on Internet?

There are some use cases for one time pads, such as an ambassador carrying a big password book, then go to a foreign country so that he could communicate dirty secrets, or a submarine carrying some nukes who require some authentication before launch. Their password exchange method is "get that big password book on board when in homeland, then go to the foreign world". Are you doing one of these?

rpiswag,

What do you mean by: "At least then you stand some chance of being secure."

Sorry, I was being a bit off hand there.

Thing is, the number one, first, most important piece of advice you will get from anyone with experience in security and crypto systems is "Do not crate your own crypto system".

Basically the idea is that there are so many ways to screw up the design of a crypto or it's implementation that you will end up with something that is not secure whilst all the time being "sure" that it is.

History is full of examples of broken and hacked home made encryption algoithms and secure systems.

Have a google for "don't do your own encryption" to see lots of articles about this. Especially read anything and everything by, Bruce Schneier.

On the other hand...do have a look at different cryto algorithms. Write code to implement them. It's fascinating stuff. For example:
http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm
http://en.wikipedia.org/wiki/XTEA

It's interesting to see how they get broken!

Heater wrote: History is full of examples of broken and hacked home made encryption algoithms and secure systems.

History is full of broken crypto set up by governments...Enigma being a prime example, as is the Zimmerman Telegram. The USSR was quite fond of one time pads. The problem was that they were compiled by hand and the clerks that wrote them weren't really all that random and patterns could be found and used to break them.

One thing to remember is that the object of crypto is to make the time and cost to break a given system not be worth the effort. A message that can be broken in 30 minutes isn't worth it if the action it is concealing will be complete in 15 minutes. That's why military systems get broken down into crypto for tactical use and crypto for strategic use. The Navaho "Code Talkers" are an example of the former...and so far as I know, those communications were never actually broken, though the results of such messages were often apparent is short order. The Germans overused Enigma, giving the Allies a *lot* more material to work on to break the entire system, the best version of that was used by the Kriegsmarine. The capture of the U-505--and its code books--pretty much ended any security there.

That is very true. It's also a very good reason for not devising your own home made crypto. It's unlikely you are going to do better than the experts and we see how badly they have done sometimes.

Now, to answer rpiswag's question: Some time ago I created some demos of secure communication using TLS. They are clients and servers using TLS for a regular secure socket connection, an HTTP connection and MQTT. They are short and sweet and should give you something to get started with. Be sure to follow the instructions on making your own keys and certificates if you are going to use this seriously.