Card-decking versus forensic investigation

Discussions on everything related to the software, electronic, and mechanical components of information systems and instruments.

Card-decking versus forensic investigation

Postby hyksos on April 12th, 2016, 5:19 am 

A well-shuffled deck of playing cards easily contains 225 bits of secure entropy. To convert your physical deck to a form suitable for cryptography, you can use a graphical utility that contains 52 buttons to be click-activated. The utility creates a text string the likes of

Code: Select all
9HQCAH4C8D8HTC2S4DJHJC8CKD2D5S6D6S2HQD2C8S
ADKH3SJD5CQSAC9DTH9SQH5HJSKS3HAS5D7H7C4S9C


The string is used as a message for WHIRLPOOL or SHA512 to produce a digest. The digest is the key material for your cipher of choice. The physical deck must be stored safely in its shuffled state.

It may happen that the hardware containing the encrypted data is compromised by confiscation. Whether it be hard drives, laptop, mobile device, or other storage. At that moment, the physical deck should be dumped into a river, consigned to flames, or for that matter, re-shuffled. After the deck's ordering is lost by some method or another, the encrypted data stored upon the compromised device is forever lost.

  • You don't have the key. No one has the key.
  • Threats or extortion by attorneys and law enforcement agents cannot retrieve the data.
  • Orders of magistrates and judges cannot retrieve the data. These are sometimes called "writs"
  • Rubberhose decryption cannot retrieve the data.

Here is a photo of a cryptographer destroying her key file.

Image
Last edited by hyksos on April 12th, 2016, 5:21 am, edited 2 times in total.
User avatar
hyksos
Active Member
 
Posts: 1480
Joined: 28 Nov 2014
Natural ChemE liked this post


Re: Card-decking versus forensic investigation

Postby hyksos on April 12th, 2016, 5:20 am 

For added security margin, the text string above should be salted. That is, it should be appended with random nonsense that is significantly long. This stops any attacker from producing a known rainbow table of card permutations.

Anyone who is going to try this in real life, a few more caveats. You may want to shuffle two decks together, one red, another blue. (this produces over 500 bits of entropy). The storage device should be air-gapped. This means the production and implementation of the key should never be on a device connected to a network.
User avatar
hyksos
Active Member
 
Posts: 1480
Joined: 28 Nov 2014
Faradave liked this post


Re: Card-decking versus forensic investigation

Postby Natural ChemE on April 13th, 2016, 7:46 am 

hyksos,

Just because I really love Information Theory, I wanted to share the calculations demonstrating the numbers you gave.
hyksos » April 12th, 2016, 4:19 am wrote:A well-shuffled deck of playing cards easily contains 225 bits of secure entropy.

bits of entropyFor folks seeing this for the first time:
  1. A standard deck has 52 cards.
  2. If you were to deal them, each card would have a 1-in-52 chance on the first go.
  3. The remaining cards would have a 1-in-51 chance on the second deal.
  4. [...]
  5. The last card would have a 1-in-1 chance on the final deal.
  6. This series is a factorial, written as .
  7. Each bit of entropy presents an additional true-or-false (or -or-) piece of information.
  8. combinations have an entropy of bits.
  9. So a deck of cards has an entropy of bits.
hyksos » April 12th, 2016, 4:20 am wrote:You may want to shuffle two decks together, one red, another blue. (this produces over 500 bits of entropy).

bits of entropy
Or, if you use two identical decks (instead of one red deck and one blue deck), then there are two copies of each of the 52 cards, rather than unique cards. In Information Theory, Quantum Mechanics, etc., this is called degeneracy.

Each of the combinations in the colored-deck case would be in a set of degenerate instances, such that the number of unique combinations would be , leading to an entropy ofSo:
  • bits from one deck;
  • bits from two identical decks;
  • bits from two different decks.
Natural ChemE
Forum Moderator
 
Posts: 2754
Joined: 28 Dec 2009
hyksos liked this post


Re: Card-decking versus forensic investigation

Postby Natural ChemE on April 24th, 2016, 4:38 pm 

Reference -

I ran into a neat YouTube series on information and entropy. It's part of MIT's OpenCourseWare program, where we can watch real classes from MIT. In this case, the course is MIT 6.050J: Information and Entropy.

Play list with all of the lessons:First lesson:

This course is for MIT Freshmen - so no technical background needed, but the speaker's going to assume that you're a top-tier smartie.

PS - This particular subject is central to modern Philosophy. It's deeper and more insightful than the ancients like Plato could've ever dreamed of. If anyone wants to see what's truly beautiful, this is it!
Natural ChemE
Forum Moderator
 
Posts: 2754
Joined: 28 Dec 2009



Return to Computers

Who is online

Users browsing this forum: No registered users and 9 guests