Clandestine Communications: One Time Pads

Clandestine Communications: One Time Pads

Originally appears on American Partisan and in The Guerrilla Dispatch, Volume 1. One Time Pad is the most robust form of encryption used for clandestine purposes as described in The Guerrilla's Guide to the Baofeng Radio for sending instructions to groups over a region. The best tool on the market for OTP key generation is our OTP Generator available here. -NCS

Given the current climate and direction of the United States, I believe all American Partisan readers would agree that knowing clandestine communication methods is a useful arrow to have in our quiver.

One such method for encrypting clandestine communications is the One Time Pad, or OTP. An OTP is a method of encryption that uses basic addition and subtraction to create a coded message, and is simply a table of numbers grouped into five digits (seen in Figure 1). Both the person sending the message and receiving the message have the pad, but no one else does. This means that the method is particularly strong against “Man in the Middle” attacks because even if the message is intercepted by enemy SIGINT operations, it is nearly impossible to decode unless you have the pad. It is called “one time pad” because once that pad is used once, it is never used again. Thus, even if a single pad is captured, it does not compromise the entire communication chain. NOTE: DO NOT USE THIS SPECIFIC TRAINING PAD FOR ACTUAL SECURE MESSAGES.

Figure 1: A sample One Time Pad (OTP) we will use for this article.

Pad Creation

Figure 2: A letter/symbol-to-numeric conversion table.

There are several different methods you can use to generate a pad. One method, which is “old school”, involves a typewriter or notebook and five (or more) 10-sided game dice. You would roll the dice, get your numbers, and record the numbers. We DO NOT recommend that you type the pad on a computer if it can be helped because the computer may store some or all of the file on it, thereby introducing risk and potential compromise into your pad. If you absolutely cannot avoid using a computer, the computer should be either air-gapped (which only lessens your avenues of compromise, not eliminates them entirely) or you should use a temporary operation system like TAILs and run it off a flash drive (previous AP articles on the TAILs OS can be found here and here).

The second method is to use an OTP generator such as the AmRROM[1] Dark Labs ADL-1 OTP Generator. My colleague NC Scout did a review of the system here, and I also own a system and can personally vouch that the generator makes pad creation infinitely faster and easier. The ADL-1 creates everything you need for a One Time Pad – the pad itself, a letter/symbol-to-numeric conversion table (Figure 2 shows an example of this), and even instructions on how to encode and decode messages.  Once the pad is created, generating a new pad will destroy the old pad forever. Even if you do nothing, the pad automatically deletes itself after five minutes of inactivity, ensure the pad is secure.

The important thing is that the person(s) who will be decoding the One Time Pad should have the pad and the letter/symbol-to-numeric conversion table in their possession at the time the message needs to be sent. You don’t want to be in a position where you need to transmit a secure message and have to find a way to somehow get the receiving person or station a pad AND a message at the same time (because the message is then not secure since the key to decode it is with it). This is why it is important to set up these systems and processes in place before you need them.

Message Encoding

Assume that you and your counterpart in a different county are planning to meet up to discuss some current events in your AO. You have already exchanged the necessary materials to use a One Time Pad, and you now want to utilize that pad to inform him of the location and time of the meeting. Your message reads:

Meet at the old church at five pm Tues

The first step is to convert those letters to numbers using the conversion table in Figure 2. So “m” = 79, “e” = 2, “t” = 6, “space” = 0, etc.

M e e t   _   a t    _    t h e     _     o l d     _          c h u r c h        _   a t  _     f i v e     _    p m   _    t u e s    _

79 2 2 6  0  1 6   0    6 75 2  0   5 78 72  0  71 75 85 82 71 75  0  1 6  0  73 3 85 2  0  80 79  0  6 84 2 83 0

We then group those numbers into five digit groupings and line them up under our pad (in Figure 1) starting with the second grouping in the pad. The first five digit group stays the same as that is denoting which pad should be used for decoding the message.

32244 52687 97412 86319 11011 59341 73741 29248 65123 56878 19652 15821

– – – – –  79226 01606 75205 78720 71758 58271 75016 07338 52080 79068 42830

Notice how we didn’t use the entire pad? It doesn’t matter. The rest of the pad needs to be trashed even though we used only a fraction of it for this message. The pad “32244” will never again be used to send a message. Does this mean you need have a lot of pads created? Absolutely, which is why the ADL-1 is so awesome. You can spend an hour and generate hundreds of pads for use. But, I digress.

Below, Line 1 is the message to be encoded, Line 2 is the pad, and Line 3 is the encoded message that you would transmit to your receiver. To encode the message, subtract the number on the bottom (the pad) from the number on top (the plaintext message). This makes sense when subtracting a 5 from a 7. “But how do I subtract 6 from 2?” you ask? In this case, add a “1” in front of the 2 to make it a 12 and now subtract 6 from 12. So, the math looks like this:

Line 1: – – – – – 79226 01606 75205 78720 71758 58271 75016 07338 52080 79068 42830

Line 2: 32244 52687 97412 86319 11011 59341 73741 29248 65123 56878 19652 15821

Line 3: 32244 27649 14294 99996 67719 22417 85530 56878 42215 06212 60416 37019

Verify the message was encoded correct by decoding the message yourself (which we will walk through in the next section). If it is, then send the encoded message to whoever the recipient is.

REMEMBER: Line 1 is the message to be encrypted, Line 2 is the OTP Pad, and Line 3 is what is ACTUALLY TRANSMITTED.

Message Decoding

You have just received the message from your counterpart dictating where the next meeting will be. Time to decode the message! We start by looking at the first five digit grouping because that tells us which pad to use. Then, just as in encoding, we line the pad underneath the message. Since we subtracted to encode, we now must add to decode. If two numbers add up to a two digit number (6 + 6 = 12), just drop the leading “1” and keep the 6 – just as we added the “1” in order to perform subtraction when we encoded the message. Below, Line 1 is the encoded message you received, Line 2 is the pad, and Line 3 is the decoded message.

Line 1: 32244 27649 14294 99996 67719 22417 85530 56878 42215 06212 60416 37019

Line 2: 32244 52687 97412 86319 11011 59341 73741 29248 65123 56878 19652 15821

Line 3: – – – – – 79226 01606 75205 78720 71758 58271 75016 07338 52080 79068 42830

We can now reference those numbers to our conversion table and get out message.

79 2 2 6  0  1 6   0    6 75 2  0   5 78 72  0  71 75 85 82 71 75  0  1 6  0  73 3 85 2  0  80 79  0  6 84 2 83 0

M e e t   _   a t    _    t h e     _     o l d     _          c h u r c h        _   a t  _     f i v e     _    p m   _    t u e s    _

Final Thoughts and Conclusions

 There are ways to even strengthen your One Time Pad encryptions, such as utilizing Brevity Matrices. Again, my colleague NC Scout has you covered on his blog here on what a Brevity Matrix is and how to use one. Better yet, take his Advanced RTO course and get hands on “meatspace training” on the topic as well as other methods of clandestine communications (training calendar here). Here is a great After Action Report from my friend JohnyMac on the class (we took the class together, and I highly recommend it). You can also utilize encrypted flash drives to pass the encoded messages from person to person. Using a free program such as VeraCrypt can be a powerful tool for securing messages and files. Chad “Chainsaw” Sawyer did a fantastic article for AP on VeraCrypt that can be found here and walks you through how to use it. Finally, you can use steganography to encode the message in plain sight! What is steganography? Stay tuned for my next article, because I will lay out what it is and how to use it.

You have all of the tools you need to produce clandestine communications at your fingertips, and it all can be had for free! You just need to practice with it and set it up BEOFRE YOU NEED IT. You absolutely will make mistakes, and that is okay – I still make mistakes on OTPs due to lapses in concentrations or simply adding/subtracting wrong. This is why we practice!

Just imagine if someone was able to intercept that encrypted flash drive. They would first have to break the encryption on the flash drive. If they somehow did that, they would need the One Time Pad to even get the decoded message. Then, on top of that, they would need the Brevity Matrix to decode the code words and phrases used. That is a triple layer of protection (quadruple if using steganography) that, depending on the sensitivity of your message, may well be worth its’ weight in gold.

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.