HFQ Official Snippet #6 (oopsie!)

lyonheart wrote:Hi Jgnfld,

I'm surprised, didn't RFC have a post that mentioned one time pads being quite commonly used on the semaphore?

I believe he also stated the church transmitters could hack messages and provide them to their competition for a small fee...

L

...

I remember Charis using a one time pad to send a secure msg to Green Valley (?). But that is precisely where you WOULD use a OTP. No one would question the need for a brigade-level commander to carry around a lot of random numbers. No one is going to question him sending/recieving OTP traffic over the net. And there aren't all that many brigade level commanders.

The generation and logistics of that much OTP use is possible. The logistics of key generation and distribution and the realities of channel use make general use of one time pads over the semaphore nets by spies who must remain utterly hidden fairly useless (could work to some degree with wyvern channels). For example, how do nonOWL groups even generate that many random numbers? How do they print them up securely? How do they distribute the keys out into the field securely? At each stage how do they assure no copy of the pad is made and delivered to the enemy? If that distribution channel is so secure that it never fails, why not use it directly? How do they send OTP messages such that the authorities controlling semaphores remain unaware that a msg has even been sent (critical to spycraft if you want to remain alive)? The steganographic methods proposed are all well known to have failed in the paper and pencil past centuries on Earth on many occasions. The SSK cannot afford such failures as to fail is to be uncovered as existing in the first place.

How DO they communicate, and how have they done so in the past? The only methods we have seen the SSK to use to date for significant bodies of material is personal couriers over channels they control utterly. Over those channels they have not even bothered with simple encryption let alone OTPs. That is how the various extraction teams operated. That is how Adorai brought the huge amount of material--and herself--to Charis.

Joat42 wrote:But this isn't Earth, the Church has had no reason for institutionalized codebreaking and therefore has no mindset for it and what to look for. Remember, before Charis the Church had no need for this since if they suspected some nation where up to something they just sent in the inquisition to deal with any problems.

I remember a reference by the author that the church is quite efficient at codebreaking. I cannot put my hands on it.

Joat42 wrote:Actually, it's quite easy to use "pre-arranged combinations of names, words and places" without anyone having a clue and the messages will not look stilted. For example:
"The buyer will arrive at noon"
"The buyer will meet you at noon"
The first one means everything is ok, the second means "get the heck out!". You use that phrase once, then it's discarded. Tell me how ANYONE would understand that without having knowledge about the pre-arranged code-phrases? You are still confused by the simple fact that we don't need to send complex or huge volumes of messages and the church isn't actively looking for coded messages (yet). And we can also infer by Nynians use of codephrases to pass along simple instructions that SSK have a far better understanding of security than the church has.

Great for sending a secure 1 bit msg. But a successful operation DOES need to send more complex msgs. Encipher all the information you have on Church misdeeds and try to send it over that channel. Try to send a 3 paragraph msg of details of a Church operation that is going to affect your own operations. Hell...try even to send out the names of 2 inquisitors in particular the receiver should watch out for. No bandwidth.

Joat42 wrote:The whole history of Safehold after the WatF hasn't had the need to break codes, since the whole of Safehold was united with the Church.

What you are ignoring is that the fact that the Church doesn't have dedicated code-breakers, they don't have an organization that sifts through every message passing through the semaphore system looking for coded messages, which there are plenty of anyway since businesses on Safehold have regularly used the semaphore system to send coded messages using one-time pads. It's a quite common practice.

I read the textev on codebreaking differently as there have been to my memory specific countering references. As for the lack of control over the net, you are presupposing an exceptionally incompetent counterintelligence capability on the part of the Church when they know Charis is getting significant msgs out. I have seen no such textev that they are that incompetent.

I remember no ref to general use of one time pads by parties not specifically granted that privilege. It would be utterly incompetent to allow it when they know they are riddled with competent spies.

In fact, I have seen no ref to the Church using OTPs at all as they actively now use semaphore msgs to spread disinformation to Charis (e.g., fleet movement orders sent by semaphore which are then countermanded by sealed written orders delivered by courier). You cannot spread disinformation by OTPs on the semaphore net, really. This is why they have taken the route they have. Of course if they capture a Charisan high level army commander they will discover the principle if they do not already know it.

***VERY MILD LAMA SPOILER HERE***

jgnfld wrote:...
I remember no ref to general use of one time pads by parties not specifically granted that privilege. It would be utterly incompetent to allow it when they know they are riddled with competent spies.

In fact, I have seen no ref to the Church using OTPs at all as they actively now use semaphore msgs to spread disinformation to Charis (e.g., fleet movement orders sent by semaphore which are then countermanded by sealed written orders delivered by courier). You cannot spread disinformation by OTPs, really. This is why they have taken the route they have. Of course if they capture a Charisan high level army commander they will discover the principle if they do not already know it.

Ah, here it is...see LAMA beginning of Ch 5. It is equivocal as to whether the Church knows about OTPs and we know they at least did not encipher fleet orders in OTPs. It is not equivocal at all re. cryptanalysis in that it states that the Church and indeed all sorts of other agencies on Safehold are "quite adept" at codebreaking and even that the Church might have access to "mystic devices" able to crack any code. Humint is also mentioned in that code clerks on the take can be found. An OTP, of course, is not proof against a dishonest clerk if the clerk is allowed access to the msg stream and key.

This last brings up another point about OTPs: They are very time inefficient yet really most useful to very time starved persons. How much of the day can a Green Valley or SSK Mother Superior spend in decoding msgs one letter at a time? Yet to allow another access to the key is to open routes for compromise of the msg. GV you'll note, does not do this. Historically, the number of minimum wage code clerks who have compromised traffic is fairly significant.

Just following this thread for a while, it would seem to me that unless you actually have control of the semaphore system, you probably won't use it for sensitive messages. The church is still using it on its own side of the lines even as the RSA/EOC uses it on theirs with both sides using coding such as the one shot methods not likely to risk decoding simply because the territory through which it passes is friendly. I doubt that sensitive messages passing through enemy territory are using the semaphore system due to risk of decoding. The church is well aware of the possibility of coding since it was done for commercial purposes before the war as has been noted upthread. Also, due to the war, it is doubtful that a semaphore route between, say, Siddar and Zion still exists. The conflict has been destructive of semaphore stations with both sides destroying them to deny use to the enemy in combat zones.

So what is left? Wyverns, although you would face the problem of supplying "properly homed in" wyverns for the sending party on both ends which could be difficult to do if not impossible in the current situation.

Couriers... not fool proof, but over all, the most reliable, using trusted individuals with skill at evading detection and avoiding drawing attention to themselves. It would be slow and not good when there is a need to react quickly to info being sent.

With what we know about Safehold, I don't see other possibilities...unless you happen to have a handy seijin with a skimmer.

Don

Upon further checking in AMF I see I am partially wrong. David appears unaware of the forced single codebook technique European powers used during wartime to limit secret nongovt traffic or is not implementing it fully. He thinks coded commercial traffic might be used by Charis and the only alternative would be to shut down the system entirely. See page 620 (hardcover) and surrounding.

And the countermanding orders given to the fleets in AMF were by semaphore at the last minute, not sealed orders opened at sea as I thought I remembered (which would actually have been more sensible, IMO anyway, and might have worked had they done so given the additional delay it would have caused Merlin).

n7axw wrote:Just following this thread for a while, it would seem to me that unless you actually have control of the semaphore system, you probably won't use it for sensitive messages. The church is still using it on its own side of the lines even as the RSA/EOC uses it on theirs with both sides using coding such as the one shot methods not likely to risk decoding simply because the territory through which it passes is friendly. I doubt that sensitive messages passing through enemy territory are using the semaphore system due to risk of decoding. The church is well aware of the possibility of coding since it was done for commercial purposes before the war as has been noted upthread. Also, due to the war, it is doubtful that a semaphore route between, say, Siddar and Zion still exists. The conflict has been destructive of semaphore stations with both sides destroying them to deny use to the enemy in combat zones.

So what is left? Wyverns, although you would face the problem of supplying "properly homed in" wyverns for the sending party on both ends which could be difficult to do if not impossible in the current situation.

Couriers... not fool proof, but over all, the most reliable, using trusted individuals with skill at evading detection and avoiding drawing attention to themselves. It would be slow and not good when there is a need to react quickly to info being sent.

With what we know about Safehold, I don't see other possibilities...unless you happen to have a handy seijin with a skimmer.

Don

jgnfld wrote:
Forgive me, but you suspect wrong. For example transAtlantic mail during WW2 was (1) subject to very strict limitations and (2) dropped off in Bermuda and perused on a piece-by-piece basis. Most pieces of course received very cursory examination. But records were kept that could be linked as necessary over time. And for a channel to be useful it must carry a goodly amount of traffic.

The manpower to do this over commercial semaphore chains would be trivial in comparison. Remember it's not that any one msg can get through unnoticed. Yes that's reasonably possible. But establishing and using a channel to control a large organization without attracting any notice whatever over time? A MUCH harder problem. Basically impossible even with the technology of that time and place.

Even traffic analysis begins to show suspicious patterns over time. Why does company A reliably take 25% more bandwidth than company B to conduct its business? Once noticed, investigators will go deeper and deeper.

You don't think that having one analyis centre all mail had to go through simplified things just a tad in your example? since one can use different routes to send messages through the Semaphore, volume and pattern analysis gets much harder unless you pass all messages, or statistics on them at least, to a central point, which there is no textev whatever for. RFC's post on the semaphore makes it clear that the Church weren't collecting detailed usage stats for individuals before the war so they have no historical baseline. some of the things that seem obvious and logical to you just may not seem that way to the Church given Safehold's peculiar cultural situation. (Nobody thought of pre-bagging powder charges for cannon, for goodness sake!)

Some companies just send more or more prolix reports than others, as long as a company's volume doesn't vary in interesting ways it is very difficult to get anything from volume alone. (cf also the comments on distributed routes and lack of base stats.)

You assume that the SSK is a large organisation and that its structure requires Nynian to send lots of data regularly, both of which have yet to be demonstrated.

What we do know is that this organisation has been in operation for 6, 7 maybe 800 years and hasn't been outed yet, so it seems like they have some communication system that works, whatever it might be.

Hi Randomiser,

Kudos for the excellent points.

Given how long the temple didn't know it had enemies or watchers like the SSK, it's quite possible even likely that the SSK has its own agents distributed at such semaphore nexus points, where they can watch for the occasional signals as well as pass along warnings or alerts from the authorities before they become common, buried in part of the gossip and perks of bureaucracy etc.

RFC warned us long ago that Charis had inserted agents into the semaphore system long before anyone ever heard of Merlin, so they too could have deep agents watching and passing along information, who have yet to be discovered because we still have no textev they've been spotted.

These are just two groups that are apparently still below the inquisition's radar despite the AMF attempt to fool them that was almost successful.

While I doubt there are more 'good guy type groups', one can't be sure with RFC ; though there are probably Harchong 'watchers' as well as spies from every major mainland nation also among the semaphore operators, which may or may not be known to the inquisition, though pointing out suspicious activity might be the best way to divert attention from oneself.

Quis qustodiet ipsos custodes?
"Who will watch the watchers"

L

Randomiser wrote:

jgnfld wrote:
Forgive me, but you suspect wrong. For example transAtlantic mail during WW2 was (1) subject to very strict limitations and (2) dropped off in Bermuda and perused on a piece-by-piece basis. Most pieces of course received very cursory examination. But records were kept that could be linked as necessary over time. And for a channel to be useful it must carry a goodly amount of traffic.

The manpower to do this over commercial semaphore chains would be trivial in comparison. Remember it's not that any one msg can get through unnoticed. Yes that's reasonably possible. But establishing and using a channel to control a large organization without attracting any notice whatever over time? A MUCH harder problem. Basically impossible even with the technology of that time and place.

Even traffic analysis begins to show suspicious patterns over time. Why does company A reliably take 25% more bandwidth than company B to conduct its business? Once noticed, investigators will go deeper and deeper.

You don't think that having one analyis centre all mail had to go through simplified things just a tad in your example? since one can use different routes to send messages through the Semaphore, volume and pattern analysis gets much harder unless you pass all messages, or statistics on them at least, to a central point, which there is no textev whatever for. RFC's post on the semaphore makes it clear that the Church weren't collecting detailed usage stats for individuals before the war so they have no historical baseline. some of the things that seem obvious and logical to you just may not seem that way to the Church given Safehold's peculiar cultural situation. (Nobody thought of pre-bagging powder charges for cannon, for goodness sake!)

Some companies just send more or more prolix reports than others, as long as a company's volume doesn't vary in interesting ways it is very difficult to get anything from volume alone. (cf also the comments on distributed routes and lack of base stats.)

You assume that the SSK is a large organisation and that its structure requires Nynian to send lots of data regularly, both of which have yet to be demonstrated.

What we do know is that this organisation has been in operation for 6, 7 maybe 800 years and hasn't been outed yet, so it seems like they have some communication system that works, whatever it might be.

One of the inherent drawbacks about sending confidential information is that the semaphore can be seen by the public. In a society locked into near-stasis, job mobility is very low, so there will be a fair number of people around who have spent their lives working on the semaphores, and many of them will be able to read messages sent en clair as easily as you or I could read a book. Therefore, confidential messages need protection.

In a pre-industrial society, nearly all businesses are small and serve only the immediate area, and so there is little commercial need for long-distance communication, confidential or otherwise. This will change as commercial empires grow, and the industrial barons in Siddarmark will probably need to send confidential data over some distance, although this need will probably be of comparatively recent origin. However, the Church will have needed to do it for a long time, and so will the temporal powers, such as the kings and their diplomatic services. It’s too easy to waylay messengers and couriers, so it’s odds-on that secret data will be coded, whether it is sent via the semaphore or any other way. And if people other than the intended recipients are interested in the information, they will need code-breakers. I think it is logical to assume that codes and code-breakers will have been around almost since the day Safehold was colonised.

Randomiser wrote: ...
You assume that the SSK is a large organisation and that its structure requires Nynian to send lots of data regularly, both of which have yet to be demonstrated.

What we do know is that this organisation has been in operation for 6, 7 maybe 800 years and hasn't been outed yet, so it seems like they have some communication system that works, whatever it might be.

Other points already discussed. But (1)it is important to reiterate your proposed scheme is unlikely to handle even "Here are 2 new guys to watch out for" let alone 3 or 4 paragraphs, (2) secure distribution of OTP keys out into the field is every bit as hard as secure distribution of msgs back to HQ and actually doubles the field problem, not simplifies it, as it doubles the necessary traffic and more than doubles the possibility of penetration (this is not a small consideration in the field), and (3) since they have not gotten caught, they are most likely not using channels that receive even a modicum of oversight as 800 years is a long time to be 100% lucky.

Note the Brothers of Z adhered to this last principle.

Peter2 wrote:... I think it is logical to assume that codes and code-breakers will have been around almost since the day Safehold was colonised.

The author quote is they are "quite adept".