OTP Scrambler is distributed as shareware. The unregistered version is limited to 1Mb key files, but is otherwise fully functional.

The One Time Pad Method:

To use the method in its simplest form, the sender and receiver must each have identical paper pads printed with a large set of truly random, nonrepeating, key letters. The sender encodes each letter of her message using one letter from her pad. She then destroys the used part of the pad. The receiver decodes each letter of the encoded message using one letter from his identical pad. He then destroys the used letters on his pad.

If the keys are truly random, the pads are kept secret, no copies are made, and the keys are used only one time each, this is the most secure encryption method known. The hotline between the United States and the Soviet Union was rumoured to be a one-time pad.

If the keys are not truly random, or are used more than once, the method is not secure: Pseudo random numbers can be predicted, and statistical cryptanalysis methods can decode even this method if keys are reused.

How OTP Scrambler works:

OTP Scrambler generates pairs of identical "pad" files of truly random numbers using analog noise captured from your sound card. You keep one for yourself, and give the copy to your friend. One is used for encryption the other for decryption. For two way communications you need two sets of pads.

The pad files must be exchanged securely. Preferably physical media is exchanged privately and in person. Floppy disks, ZIP or Jazz disks, or any erasable removable media could be used. OTP Scrambler permanently erases used portions of its encryption and decryption "pad" files as messages are sent and received.

How to use OTP Scrambler:

Let's assume that you wish to communicate privately with someone named "James" who travels widely but returns to the office every few months.

The main OTP Scrambler dialog looks like this:

Your first step is to create a pair of random key pads. To do this you use the button in the "Current Encryption Pad" section. You will be prompted for the size and name of the pad file you wish to create. Say you decide to create a 1000000 byte encryption file on your hard drive with the name "james01". A dialog like the one below will appear:

The numbers will change for a few seconds, then the dialog will display something like:

If the "Audio Standard Deviation" is less than 50 or so, you may need to adjust your sound card settings, or use an external white noise generator plugged into the aux port.

When you click the button, OTP Scrambler will write a file called "james01.1pe" to your hard drive and then you will be prompted to pick a place to write the matching decryption pad file, "james01.1pd". You should use removable media for this. A floppy will do fine in this case, but Iomega ZIP or Jazz disks would do well for larger pads. It's a good idea to put a copy of OTP Scrambler on the disc as well.

Later you will give this disk to James. With it he will be able decrypt up to 1 megabyte of messages that you send him. After that he will have to return to the office for another disk.

If you want to receive secure messages from James when he is traveling, then you will have to make another pair of random key pads. This time use the button in the "Current Decryption Pad" section. You will keep a ".1pd" file and give James a ".1pe" file.

When you wish to send a file to James, Select an encryption "pad" file (.1pe extension) using the select button in the "Current Encryption Pad" section.

Next, click the button next to the "File" field. Choose the file you wish to send to James. The file may be of any type, as long as it is no bigger than the "Bytes Left" displayed for your selected pad. Click the "Encrypt" button. When prompted, save the encrypted file somewhere on your hard drive. Use you E-Mail program to attach the encrypted file and send it to James. Only James, with his matching ".1pd" file can decrypt it. Even you cannot, as the portion of your pad used to encrypt the file, has been wiped.

It is vital not to make extra copies of "pad" files. Even files you delete can be recovered. If you must destroy a copy of a ".1pe" or ".1pd" file use the Destroy buttons in OTP Scrambler. OTP Scrambler first writes zeros into a file, flushes its buffers, and only then asks the operating system to unlink it. This process leaves no recoverable traces.

Most PC sound cards have analog circuits in them. The thermal motion of the atoms of resistors and transistors in these circuits produce random changes, or noise, in the current flowing through them. This noise is picked up as a background hissing sound when you record a .WAV file with your sound card software.

The best sound cards have lower noise because they do all mixing and tone control functions by processing signals digitally rather than using cheaper (and noisier) analog circuits. For best results you should use the cheapest possible sound card with OTP Scrambler, as these tend to be noisier. Good results can be had with cheap Creative Labs Vibra-16 SoundBlaster cards or, even better, cheap clones of these.

You can adjust your sound card for maximum noise: You need to enable all recording inputs, as each contributes some noise, and crank all the mix levels to the top. Enabling the automatic gain control on the microphone input is also very effective.

Here's an example of how you would adjust your sound card for OTP Scrambler on a typical Win95 system:

2)Double click on "Properties" and select "Recording" in the "Properties" window.

If you create a large pad file and watch the "Audio Noise Standard Deviation" while changing the sliders, you will be able to see which have the most effect. Usually the microphone slider has the most effect because microphone inputs have higher gain and generate more noise than the others.

If your sound card does not produce enough noise, you can plug a white noise generator into "line in", or just connect a microphone and boil a steam kettle nearby.

If you do purchase a white noise generator though, make sure that it is entirely analog: Some modern audio test gear may generate white noise digitally. This noise will have all the statistical properties of white noise, but will actually be pseudo-random and therefore predictable.

OTP Scrambler generates random number key pad files with extension ".1pe" for encryption and ".1pd" for decryption. The file formats are identical. The extensions are different just to remind you which files are used for encryption and which for decryption. You should not use the same pad for both encryption and decryption: If you decide to encode a message at the same time as James you will each use the same numbers to encode different messages. Since the used keys are destroyed, both messages would be lost. Worse, both messages might be at least partially recoverable by a third party using statistical cryptanalysis methods.

How secure is OTP Scrambler?

1. You reuse the same portion of a pad file for more than one message. OTP Scrambler normally prevents this by erasing the used portion of the encryption and decryption pads after use. You can defeat this however, if you make a copy of a pad file before using it. The copy still contains the key values used to encrypt your message, and could be used to encrypt another one. DON'T DO THIS! If a cryptanalyst has multiple keys that overlap, she can reconstruct the plaintext.
2. The keys are not random. With even a moderate audio noise level, I believe the resulting keys will be truly random. There are some awfully smart cryptanalysts in the world though, so maybe one of them will find a flaw in OTP Scrambler's generator that they can exploit. If they do, hopefully they will tell me, so I can fix it. Just email me at gpark@ibm.net.

Why you should use removable media

Floppy disks are smaller than computers and can perhaps be more easily locked up until needed. Furthermore, files on a computer hard drive may be moved around, backed up to tape, or even sent over a network during the normal use of a typical office computer. Unless you know where your key files are and who has access to them, you cannot be sure your messages are secure.

The best procedure is to allow OTP Scrambler to create the pad files directly onto removable media, and make no other copies. If you are on a network make sure that your removable media is not shared. If you are really paranoid, disconnect the network cable until your file is encrypted or decrypted and the media is removed, and any clear text erased.

Registering OTP Scrambler

It's easy to register OTP Scrambler:

1. Download the unregistered version. Read the manual online, and try the program. Make sure that it's what you want.
2. Write out a check for $60 payable to Geoffrey Park.
3. Write"OTP Scrambler Registration" and your email address, on the check.
4. Mail the check to:

   Geoff Park,
   183 Chisholm Ave.
   Toronto, ON, Canada
   M4C 4V9

When I get the check, I will email you an unlimited version of OTP Scrambler with full source code. If you are not a programmer you may not care about the source code, but I know I wouldn't trust an encryption program if I couldn't read the source. If you do care about such things, you can read the source to make sure that I haven't put any "backdoors" into OTP Scrambler that would allow me to decrypt your messages. ( I didn't, but it would have been easy.) If you have MS Visual C++, you can even re-compile the code, to make sure that the .exe you have is derived from the source you read. The source code is still copyrighted and you are not permitted to redistribute it. You get the source only for verification purposes. If you wish to incorporate any portion of the OTP Scrambler source into another product, you must get permission from me.

Bibliography:

1. Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schnier, Copyright 1995 John Wiley and Sons. Inc.
2. Cryptography and Data Security by Dorothy Denning, Copyright 1982. Addison Wesley Publishing Company.