ANNOUNCEMENT: Please forgive the clutter as we try out some new advertisers.
THOUGHT FOR THE DAY!
YOUR RANDOM DHS MONITORED PHRASE OF THE DAY
Rivero challenges the NSA
ATTENTION AUSTRALIAN READERS!
As of the first of 2016, the teaching of encryption will be illegal under Australia's Defence Trade Controls Act. So grab these code snippets while you still can. I have put them all into a single archive located HERE!
MICHAEL RIVERO'S SIXTH NSA CHALLENGE SOLUTION
Here is the clear message.
Nobody got this. The coffee mug is still in the box. I am batting 1000 against the NSA's cryptographers! My first NSA challenge came out over a year ago. Had I been a real terrorist, I would have had ample time to carry out my nefarious plans.
This proves that the NSA cannot and does not track real criminals and terrorists, but exists to spy on law-abiding Americans citizens on behalf of a government grown paranoid over public awareness of their crimes and corruption.
MICHAEL RIVERO'S SIXTH NSA CHALLENGE
The time has come (the Walrus said) to poke the NSA again. Central to the NSA's justification of the continued violation of the Constitutionally protected privacy rights of Americans is the claim that the NSA is keeping watch on criminals and terrorists.
This is, of course, yet another in a long series of US Government lies. As we have proven with our previous NSA challenges, anyone with a tiny bit of programming knowledge can create new methods of encryption which the NSA will not be able to break.
Here is the latest encrypted message in a RAR file.
And to make this interesting, I am providing the source code for the encryption and decryption code up front.
These programs compile under the free standalone C compiler, the Digital Mars C/C++ Compiler that runs under windows. The ZIP file for the compiler is located at http://www.digitalmars.com/
This is an improvement on the "10,000 Monkey's Code" from NSA challenge 4. The code is commented. What has been added is bit rotating the array containing the encrypted data as well as individual bit rotates of the bytes based on the keyfile. This system is set up so that the correct length of the key must be known in advance before any decryption is possible. The bit rotates are very compute intensive (and in this learning example there is a hard coded limit to keep the compute times reasonable) specifically to make the costs of brute force trial and error tests impractical.
Solution will be published July 4th. The first person who breaks the code and sends me the clear message gets a free WRH coffee mug and bragging rights that they are smarter than the highly-paid experts at the NSA.
Additional code for this challenge provided by Randy Solo over at wartoys.it
MICHAEL RIVERO'S FIFTH NSA CHALLENGE SOLUTION
UPDATE: As it turns out, quantum computing, like the transputer, may not live up to its promise. As quantum computers make their way into the commercial marketplace, tests on them are showing that their claimed speed advantage is marginal at best and often worse, than conventional computing systems.
In light of the revelation of the reality of quantum computing it almost seems redundant to provide the solution to the 5th NSA Challange given that the 5th challange was intentionally designed to overcome speed advantages of quantum computing which in hindsight, were exaggerated to begin with. So, I shall be brief.
The 5th NSA challenge was simply a compendium of steps from the first four challenges intending to produce an encrypted document of such size as to preclude easy analysis and key testing within the quantum computational space.
Here is the batch file.
erase test.lzw stage1.dat stage2.dat challenge.dat out.lzw output.jpg
encode5a test.lzw qkey1.jpg stage1.dat
encode5b stage1.dat qkey2.jpg challenge.dat
decode5b challenge.dat qkey2.jpg stage2.dat
decode5a stage2.dat qkey1.jpg out.lzw
rename test2.out output.jpg
The original clear image is
Encryption and decryption were double-layered, and instead of images as keys, the keys are just random numbers inside jpg wrappers.
It is not a very good code. It is intentionally inefficient. It intentionally produces an overly large encrypted result. The sole point was to once again demonstrate that the NSA's much-vaunted code-breaking skills are in fact a monumental and costly bluff. Nobody broke this challenge. Far fewer even tried compared to the earlier ones. Source materials are inside This RAR file
THE FIFTH NSA CHALLENGE
So far, we have issued four challenges to the cryptographers at the National Security Agency. None were broken. A lot of people around the globe downloaded those challenges and tried to break them, and I received a lot of emails claiming to have decoded the messages, most of which were just wild-assed guesses. I presume the NSA did look at them as well.
Certainly the NSA would have a powerful motive to succeed in breaking any of the challenges in order to discourage people from learning to create their own codes. The last thing the NSA needs is 300 million pissed-off Americans (and everyone else on the globe) brushing up their programming skills and writing their own codes to protect their business secrets, their sexy photos of their lovers, and Aunt Mary's Top Secret Chocolate Chip Cookie recipe. It is a safe assumption that had they broken any of the four challenges, it would have been made public. That they didn't means they couldn't, so they have been ignoring me with as much dignity as they can muster.
Until this last week.
Back in 2012 the NSA announced a grand plan to build a quantum computer that could break any encryption. Very impressive science-fiction sounding stuff. Quantum computing does exist but few people really understand it. Rather than have a single memory bit that holds either a 0 or a 1, the "qubit" uses the quantum states of single atoms to hold values that are "entangled", creating a powerful massively parallel processing structure. If you have 1000 qubits, the amount of information that can be processed is 2^1000. However, the data size going in and out is still limited to 1000 bits of information.
Now I have worked with massively parallel systems in the past, specifically a Connection Machine, which had 8000 processors. But, the system could not efficiently handle data sets larger than could be contained inside a single processor. As the data being worked on grew in size, the Connection Machine quickly bogged down, spending most of its time moving data in and out of the processors. It made for a fantastic Mandelbrot generator or finite-element analysis tool, but a lousy ray-tracer.
This last week, coincident with the expiration of the fourth NSA challenge, the NSA dusted off the 2012 story about a quantum code breaking machine and ran it again as new news with banner headlines like NSA looking to crack all encryption with quantum computer
"Crack all encryption" is a sweeping statement. What makes quantum computing able to crack all encryption? The answer is, not much. Yes it is fantastically powerful in terms of speed, but cracking encrypted messages is, as I state below, a two-step process. First the method of the encryption has to be determined, and only then can the keys be searched for. During WW2 the allies were unable to crack the German ENIGMA code until they actually captured a physical machine. Only then was Alan Turing able to build a key-cracking calculator at Bletchley Park to read the messages.
The NSA's quantum machine is the great grandchild of Turing's machine; able to execute a brute-force search for keys at blinding speed. But again, this only works if the method of the encryption is known. If the method is not known, no amount of computing power will be able to guess it.
Which brings me to challenge number 5.
You get no clues about this one. You don't know if the original clear message is a text, an image, or a sound file. The one thing you will notice is that the encrypted message is very large. In the days of radios hidden in mattresses and tiny dead drops this would be a problem. In the age of high speed internet and thumb drives, large files are not a tactical problem. This method is intentionally designed to force the quantum computer (if it actually does exist) to traverse a data set larger than can be held inside the quantum computer, in order to bog it down with moving data in and out of the qubits.
The gauntlet is thrown. NSA says they can "Crack all encryption" with their new quantum computer. I am calling their bluff.
Of course, the NSA and US Government can "succeed" in using their quantum computer to "crack all encryption", by simply making it illegal to use any codes and encryption other than those approved of by the government. But again, since real criminals and terrorists would not obey such laws, such a law only underscores that the NSA is not able to find real criminals and terrorists, but is simply spying on law-abiding Americans, to scare them into silence, to steal their business secrets, and drool over the naked photos.
This challenge expires on Valentine's Day. And obviously, if someone breaks into my home and steals the laptop I write these things on, then the challenge is invalidated.
MICHAEL RIVERO'S FOURTH NSA CHALLENGE SOLUTION
It is now January 1, 2014, and the fourth NSA challenge, aka the "10,000 monkeys code" has expired. Here is the solution.
Here is the original clear message.
The key file is a painting by Vincent van Gogh.
Obviously, to be used as a key it must be a specific bitmap of the painting, not just any copy. But the idea of using image bitmaps as keys is that an operative using these code systems does not have to memorize a key, only a URL where the key can be found online. As a side note, an image at a website, for example the title bars at whatreallyhappened.com, could be changed from time to time to keep the keys changing. Casual viewing would not reveal that the key had changed, only a bit for bit constant computer scanning would reveal that something was going on.
The batch file to encode and decode the image is...
encode4 clear.jpg key2.jpg encrypted.dat decode4 encrypted.dat key2.jpg clearOUT.jpg
The RAR file has been updated with the source and key, and still contains the original source code for the "10,000 monkeys code", encode4.c and decode4.c,
As a bonus, I made a change to the encryption system that uses the tail end of the key file for the scrambling instead of re-using the bits from the start. This increases the cost of a brute force search by a power of two raised to however many bits are required for the subdivision. I have included the modified versions as encode4a.c and decode4a.c along with compiled executables in the updated RAR file.
The point of these exercises is to prove that the NSA is not really all that great at cryptography in the era of cheap computing equipment. Their "success" at spying rests on the people of the world using standard off-the-shelf encryption systems for which the NSA has the method and can brute force the keys, or as has proven to be the case, simply has bribed the creators of these commercial products to build in back doors. As we demonstrate here, real criminals and real terrorists can, with little effort, create encryption systems the NSA cannot break. Certainly in these times the NSA would welcome the positive publicity resulting from their finding the computer criminals who broke into Target, or are behind the Cryptolocket extortion racket. The NSA has a powerful motive to find and have arrested these high-profile computer criminals. That they have not, means they cannot. Likewise, the NSA has a powerful motive to break my NSA challenges to prove they can do it and thereby discourage others from creating their own encryption systems. Again, that they have not, means they cannot!
The NSA spy system is therefore solely about keeping watch on ordinary law-abiding citizens, much like the STASI did in East Germany. Their purpose is to make sure the American people remain obedient slaves to the private central bank, work hard, and breed plenty of new soldiers for more wars of conquest. And along the way, the NSA steals your business secrets and drools over the private photos of your significant other in states of undress.
This source code is hereby placed in the public domain for the non-commercial use of the people against all tyranny.
MICHAEL RIVERO'S FOURTH NSA CHALLENGE
I am going to hurl the defy once more at the NSA cryptographers. My goal here is to demonstrate that real criminals and real terrorists can evade the NSA's cryptographers and that the whole point of their system of back-doors and mandated weak encryption is to keep an eye on you, the law-abiding citizen (and occasionally profit from the business secrets they purloin from your electronic devices).
This time I am going to do things a bit different. As I stated below, decoding a message is a two-step process of first finding the method, then brute-forcing the key for a particular message. My Third NSA Challenge actually provided the key but not the method, and nobody succeeded in breaking the message. This time, I have come up with a method that is intended to make a brute-force key attack very compute intensive. In addition to the exclusive-or operation, the key is also used to scramble the message itself, and one must have a significant portion of the key before one can find anything of the clear message at all. So in THIS challenge, I am handing out the source code for both the encryption and decryption methods, along with the encrypted message. One need only find the key.
Now, because I am handing out the method at the start of the challenge, it may be that someone will break the key and decode the message (and the first to do so will win a WRH coffee mug). It will be interesting to see. The code may be breakable, but will cost far more time and resources than can be justified on someone who is not actually suspected of any real crime.
I call this the 10,000 Monkeys Code, because obviously the only way to brute force the key is to fire random strings into the system and hope something pops out. However, should some message appear, one cannot be certain that it is in fact the actual original message, or something arrived at totally by chance by the ten thousand monkeys pounding away on encryption keys.
This source code is hereby placed in the public domain for non-commercial use.
MICHAEL RIVERO'S THIRD NSA CHALLENGE I am "hurling the defy" once more at the National Security Agency (and the Black Hats at their convention in Las Vegas).
The point of this third exercise is to demonstrate that it is determining the method which is the difficult part of decoding an encrypted message. Once the method is known, finding the key is trivial. The NSA mandates "standard" encryption in order to guarantee the American people are using encryption systems where the NSA already knows the method, making finding the keys trivial if one has enough computer power.
But, for real criminals and terrorists, who know the NSA monitors everything, creating a non-standard encryption system will protect their communications from the NSA. And that means this mammoth spy system the NSA has is not really intended for finding terrorists and criminals but to keep watch on law-abiding Americans.
Here is my latest encrypted message, saved in a ZIP file. The encrypted message is a binary file.
Now, in order to demonstrate that it is finding the method which is the hard part, Here is the image file I used as the encryption/decryption key! That's the point of this exercise. You, the NSA (or Black Hat hackers) now have the encryption key used to encrypt the message.
A free WRH coffee mug to the first crypto expert that succeeds in determining the original message.
If nobody breaks this message, then on my Birthday, August 29th, I will release the encryption code and original clear message.
UPDATE: Today is my birthday. I am [CLASSIFIED] years old today.
Nobody succeeded in breaking the third NSA challenge, even with the key!
The encrypted message was just a text file.
"And how we burned in the camps later, thinking: What would things have been like if every Security operative, when he went out at night to make an arrest, had been uncertain whether he would return alive and had to say good-bye to his family? Or if, during periods of mass arrests, as for example in Leningrad, when they arrested a quarter of the entire city, people had not simply sat there in their lairs, paling with terror at every bang of the downstairs door and at every step on the staircase, but had understood they had nothing left to lose and had boldly set up in the downstairs hall an ambush of half a dozen people with axes, hammers, pokers, or whatever else was at hand?... The Organs would very quickly have suffered a shortage of officers and transport and, notwithstanding all of Stalin's thirst, the cursed machine would have ground to a halt! If...if...We didn't love freedom enough. And even more - we had no awareness of the real situation... We purely and simply deserved everything that happened afterward." -- Aleksandr I. Solzhenitsyn, The Gulag Archipelago
The first step towards doing something is knowing that it can be done, and if I can defeat the NSA's cryptographers with my limited skills and knowledge, then it means other Americans needing to prevent the pilfering of their business secrets now know they will be able to do exactly the same. The NSA, contrary to its image of top cryptographers and massive computers acting like the cyber version of James Bond catching the bad guys, are really just street cops writing out tickets to idiots who run a red light in front of them, while failing to catch 95% of the real criminals (and 100% of the Wall Street crooks).
SECOND NSA CHALLANGE: HOW I DID IT!
Not too long ago, I issued a second challenge to the NSA, to decode a message left on my website identifying a target for marshmallows of mass destruction with the attack scheduled for July 20th. I even offered a free WRH coffee mug to the first cryptographer able to identify the target, and while my server logs show quite a few downloads of the message, including some foreign government websites and the US Navy, the mug remains an unclaimed prize.
So here, step by step, is how this last challenge worked. I make no claims that this is efficient code. It is actually a hack, and I leave it to others to play around with this and make something useful out of it. This is a learning exercise and I tried to keep things simple.
First off, the message with the intended target.
In order to defeat automated text scanners, I created the message as a JPG bitmap, with the text multiplied onto a crenellated background to further obfuscate things in the event the JPG image itself was decoded. The message letters are scrunched together and overlapped to further inhibit machine reading. The message, "The Moose is in the bathtub" is a reference to American Bandstand host Dick Clark.
Yes, I know he has passed on and is safe from my marshmallows of mass destruction, but this is an entirely theoretical exercise, and when I worked for him back in the 1980s, he did have a full stuffed moose standing in a bathtub in his office on Sunset. Anyone in our circle would know the person being referenced by the message, demonstrating how metaphor can obfuscate and protect messages which are successfully decrypted.
Now then, on to the method.
The message was encrypted in two stages. Stage one is to compress the original message using LZW compression. The source code I used is HERE
This actually produced a larger LZW file than the original message, but the object here is to have an intermediate form of the message which will not be recognizable as clear text or image data during a brute force search.
The LZW compressed intermediate file is then encrypted using This program and all it does is perform a logical "exclusive or" on every bit of the source LZW compressed intermediate file using bits from the key file.
The key file in this case is an image file. This is a photo I took from near our home looking out over Pearl Harbor. As a key, it is gigantic; in this test it is larger than the original clear message. This means that the key never repeats, and the length of the key cannot be determined by statistical means like the Kasiski method. All modern encryption standards enforced by the NSA hold the key length to minimums, in order to make it easier for brute force attempts at finding decryption keys. In the days of coding machines like ENIGMA, short keys that were easy to pass along and memorize were the norm. In the days of computers and SD cards one can hide inside a coin, keys can be of any length, and each increase in key length by a bit doubles the amount of time required for a brute force search for that key.
The batch file used for this test is..
encode2 test.lzw key2.jpg secretmessage.cry
decode2 secretmessage.cry key2.jpg output.lzw
rename test2.out output.jpg
The final output is
These programs compile under the free standalone C compiler, the Digital Mars C/C++ Compiler that runs under windows. The ZIP file for the compiler is located at http://www.digitalmars.com/
The complete package including executables are in this Zip file and run under Windows XP
The point of these challenges is to underscore that real criminals and real terrorists are in fact able to evade the NSA's spying. Simple text messages encrypted with long-key XOR can easily be hidden in image files on a popular website using steganography, which means the NSA will not even be aware that encrypted traffic is occurring at all.
And that means that the NSA's multi-billion dollar spy system is not aimed at real criminals and terrorists. but at you, the ordinary law-abiding American citizen.
SECOND NSA CHALLENGE!
Once again I and my fellow "irritists" plan an attack with marshmallows of mass destruction, this time against a famous person.
The identity of the target is contained in this SECRET MESSAGE. It's a zip file because this message is in a binary file.
Now, I don't have a surplus of cash to offer rewards, but I will send a free WRH coffee mug to the first person who succeeds in breaking this message before the day of the pelting, which is July 20th, the 20th Anniversary of the murder of White House Deputy Council Vincent Foster, the case that inadvertently launched my "career" as an activist.
This one is a bit tougher than the first effort.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. -- The Fourth Amendment to the Constitution of the United States
FIRST NSA CHALLANGE:
The NSA justifies its surveillance of all our computer and phone data with the claim they need it to detect and track terrorists. Obviously the Boston Bombing proves this is an epic fail, even given the admission by the FBI that they did in fact have recorded phone calls for the Tsarnaev brothers to listen to.
I maintain that the NSA spying is wholly about controlling the American people, looting their business secrets for cronies, and has no impact on real terrorists (as opposed to fake acting a theater role to sell us a war) because real terrorists and drug criminals have known all along that public communications are open to monitoring.
This brings us to the issue of encryption to protect our privacy.
The NSA loves to be able to read your encrypted traffic, and they are able to do so because Americans are tricked into using code systems where the NSA knows the method (or has a back door).
To decode a message is a two step process. First, the method of the encryption must be determined. Then the specific key for the message must be found. Of the two, the first step is by far the hardest.
The German ENIGMA machine
For example, the allies did not break the German Enigma code until they succeeded in capturing an actual machine from the German submarine U-559 (Polish cryptographers had acquired an earlier version of the machine in 1939, but the Germans foiled their decryption approach by adding complexity). After the method was known, the British cryptographers at Bletchley Park were able to "brute force" the keys to various German messages using an early mechanical computer nicknamed the "bombe" for its constant ticking sound while working.
Use of this machine, based in part on theoretical work by Alan Turing, allowed the Enigma messages to be read. And here is where the story gets interesting! Following the end of the war, the United States and Britain made presents of captured German Enigma machines to friendly governments ... but never mentioned that the messages encoded on those machines were readable by the US and Britain!
In the 1990s, a scandal erupted with a company in Europe called Crypto AG. Numerous information breaches had raised the suspicion that the machines were compromised by intelligence agencies, including the NSA. Although Crypto AG's management strongly denied the allegations, James Bamford in his book "The Puzzle Palace" confirmed the story that the NSA had paid the head of Crypto AG a sizable sum of money to add a back door to their systems.
So the NSA/CIA/FBI faced a problem. Strong encryption was proving difficult to get around at the level of the law abiding citizens. Because finding the keys to messages was comparatively easy once the method was known, the NSA pressured the US Government to mandate that all citizens use a standard encryption system, one where the method was already known to the NSA, to make it easier to read messages from private US citizens. The first such effort was the DES, the Data Encryption Standard, mandated into use as a standard in 1976. Critics pointed out several aspects of the standard that seemed intended to weaken the code to make it easier for the NSA to read, in particular the manner in which the NSA pressured IBM, the developer of DES, into limiting the maximum size of encryption keys. Suspicions of a "back door" were heightened with the discovery of a block of code in the header labeled the "work reduction packet" which contained the encryption key, re-encrypted using a key presumably only the NSA had. As personal computers gained in computation power, DES was eventually seen as insecure due to the limited key length and those users not mandated by the government to use it, started to search for other means of securing their messages from prying eyes.
So, in 1993, the NSA announced a new encryption system for the masses, the Clipper Chip. The intention was for all US citizens to be forced to use this form of encryption, which allowed the government to have the encryption keys in an "escrow" system. The public were told that the keys would be split into two halves, and two different agencies would hold the halves, requiring a long process to retrieve the key halves in the event of a legitimate investigation. What the public was not told was that the NSA only needed one half of the key, and could derive the other half using their already vast array of computers. Then, in 1994, Matt Blaze published a paper exposing the fact that the clipper chip included in all messages a packet identified as LEAF, which stood for "Law Enforcement Access Field." Like the DES "work reduction packet", LEAF contained the encryption key used to encode the message, to make the message readable by the government. As a result of these exposures, the public rejected Clipper, and by 1996 the government stopped trying to force it on the public.
Then in 1999, Microsoft issued Service Pack 5 for Windows NT 4.0, which had a standard encryption system built in, but neglected to strip out the symbol table information for their standard cryptographic module, ADVAPI.DLL. When software experts examined the symbol table, they discovered than in addition to the Microsoft encryption key, a second key existed that was labeled _NSAKEY. This second key would allow anyone using it full access to the Microsoft encryption system, able to read messages encrypted with the Microsoft encryption system at will, and worse, bypass Windows security to access the machine remotely. Dr. Nicko van Someren later found a similar extra key in Windows 2000. Microsoft denies these keys are for the use of the NSA, but given the NSA/CIA's long history of solving cryptographic challenges by compromising the encryption itself, there is room to doubt Microsoft.
None of these government systems to read your private messages have anything to do with crime. Real criminals, whether drug lords or spies, know better than to use any encryption system where the method is known to the enemy, even if there are no back doors, "work reduction packets", or LEAF. The goal of DES, Clipper, NSAKEY is to reserve to the government the ability to read the messages of ordinary Americans any time they wish to.
However, the NSA is able to read your messages only if they have that method. If you come up with your own method, even if it is not particularly strong, you can keep your messages safe from the NSA, at least for the duration of time your terror or drug operation will last, and here is where my challenge comes in.
Over the weekend I dusted off my C programming skills (rather embarrassing how much I have forgotten) and wrote an encryption system of my own design. I encoded a secret message to my evil co-conspirators using this system. HERE IS THE ENCRYPTED MESSAGE. It took me about 4 hours to come up with this (including time going back and re-reading old C manuals).
On July 4th (the day my evil plan unfolds) I will publish the entire system, code and all, with the original cleartext, and the keyfile. Obviously at that point the code system will be useless, since the NSA will then have the method. But the whole point of this exercise is to prove that those real criminals and real terrorists wishing to evade the NSA will be able to do so, and rather easily.
If between now and July 4th the NSA does not publish the cleartext for this message, than this will prove my theory that real criminals and terrorists are able to evade the NSA and the NSA spy program is actually intended to keep watch on law-abiding citizens.
Unlike the Shakespeare quote I hid in an image at my website, you get no clues about this message. There is no "work reduction packet" or LEAF to help them along! I created this on an old obsolete computer with no net connection which is now back in the closet gathering dust.
Let's see if the NSA is really as good as they want you to think they are.
UPDATE: HERE IS HOW I DEFEATED THE NSA CODE-BREAKERS.
As I mentioned above, this is a silly little bit of code writing, and now that I am publishing the method, it is useless, since now the NSA knows the method. But judging by the server logs, quite a few people did download the encrypted text to play with.
The code is written using a free standalone C compiler, the Digital Mars C/C++ Compiler that runs under windows. The ZIP file for the compiler is located at http://www.digitalmars.com/ I used an old XP laptop without any net connection to do the development and moved code to my main desktop using a flash drive. If it ain't plugged in, the NSA can't see it!
The basic premise of the encryption is a 256 by 256 array of clear text values located by a paired set of indices. This makes the final encrypted text twice the size of the clear text, but means there are 256 possible pairs of indices for any one character of clear text, making decryption by frequency analysis difficult, especially for short messages. In this test code, I added a purely random third number to each pair just to piss off the decoders. Originally I was going to normalize the random number to the range of 0-255 because leaving it large would give away the length of the clear text message, but then I figured it was probably better to trick them into thinking they were dealing with a three dimensional lookup array just to waste their time.
The key for the code is any binary file, of any size, the larger the better, and I chose for my test key an image from the White House website. Using an image posted to the Internet means not having to transport keys around where one might be caught with them. One need only know which website and which image is used as the key. One could use large online image files as a key for DES (without the built in NSA "work reduction packet"), and with a multi-megabyte key instead of the mandated 64 bit key, brute force decryption becomes impractical.
But I digress.
The key file is used to start swapping around the clear text values in the lookup table. Then random searches into the lookup table find the desired clear text value, the two indices are then generated and saved to the encrypted text (along with the bogus third value) .
The decryptor is pretty self-explanitory. It reads in three values, tosses the last one as junk, and uses a lookup table recreated using the key file from the White House website to decode the message.
The decoded message is itself a code phrase, which means even with the code broken, the NSA has no idea what signal is being sent.
Now I will be the first to admit this is not robust code. While I wrote it to encrypt binary files I did not test that function, nor can I guarantee portability. I only spent about 4 hours writing this as a demonstration that real criminals and terrorists can, with little effort, secure their communications from the NSA's code breakers for enough time to complete their plans simply by using unknown methods.
As a final confirmation I would refer the reader to the famous "Kryptos" sculpture at CIA headquarters in Langley. Created in 1990, one of its encrypted messages remains unsolved to this very day. The three that were solved used standard, known, encryption systems such as Vigenere .
This proves that the NSA spying is not aimed at terrorists or criminals, but at law-abiding citizens!