Padder can encrypt and decrypt small messages using one-time pads. It can also generate fake pads so that one encrypted message can be decrypted to multiple, different plaintexts.
Padder should not be used in real-world situations that require encryption. It’s only intended for demonstration and experimentation. If you need strong message encryption, do not use padder. Use a well-regarded, open-source OpenPGP implementation such as GnuPG.
The padder character set
Encrypt a message
$ padder -e -m black -p e7vwd
Decrypt a message
$ padder -d -m fhvyn -p e7vwd
Fake message and pad generation
$ padder -f -m white -c fhvyn
The padder character set was selected specifically for message transmission over radio (HF, VHF, UHF). However, messages can be transmitted in other ways. Twitter, text messages, phone calls and website forums could all be used to send and receive messages. Encrypted messages could also be embedded in image tags, HTML, or some other inconspicuous place.
Decrypt the same ciphertext to multiple plaintexts
The same one-time pad ciphertext can be decrypted to different plaintext messages by using different pads. This feature is useful for creating diversions. It may also provide for plausible deniability. This requires two (or more) sets of pads.
$ padder -d -m c2wrbumxvj8gob34mxn46pxg29a6kxnwfhcaam3en-hr-2v -p ryxrvqnlhz04icqq6eg56cuhg10vlx5dff3ba44wg6ic-kd
$ padder -d -m c2wrbumxvj8gob34mxn46pxg29a6kxnwfhcaam3en-hr-2v -p zifs6d9dgk36k94m9d5x77jhj277ip59gw9btmv4j7in-kc
Security considerations and precautions
Pads must be random, kept secret, only used once and destroyed immediately after use. Should the same pad be used to encrypt more than one message, those messages will be cracked. Should the pads become lost or stolen, then all the messages should be suspect.
You must assume that your opponent intercepts and stores all of your ciphertext messages indefinitely. They hope to somehow obtain the pads and decrypt the messages someday.
When used with appropriate procedures and precautions, one-time pad encrypted messages cannot be cracked. However, how the ciphertext message is sent and received may identify the communicating parties. This may or may not be an acceptable risk in your environment. For example, if a person posted a padder encrypted message to a Twitter account, the IP address, user name and date/time would be logged and stored. And, any IP address that read the message would be logged and stored too. Basically, any transmission method that uses a network (cellular, IP, etc.) may quickly reveal the location of the communicating parties.
Radio signals are directional and can be tracked. However, radio signals don’t rely on network infrastructure and require more expensive equipment and greater technical knowledge to track. With radio you only know the general time and direction from which the signal emanated. Also, it’s relatively easy to hide the source of radio signals when the transmitter is moving around in densely populated areas. The reception of radio signals cannot be tracked. Stations in range of the signal may relay the messages to stations out of range.
Plaintext messages, pads and ciphertext messages must only contain characters from the Padder Character Set. Capitalization, punctuation and spaces are not allowed. When creating plaintext messages, use the dash symbol ‘-’ rather than spaces to separate words. this-is-an-example-plaintext-message
The pad must be as long or longer than the message. The sender and receiver should have the same numbered list of pads and know in which order to use them. There could be 31 pads for the month of January. The January 1st message would use pad number 1 for that day’s message.
One-time pad encrypted messages are not authenticated.
Padder is only intended for educational purposes and experimentation.