Читаем Cryptonomicon полностью

Solitaire is only as secure as the key. That is, the easiest way to break Solitaire is to figure out what key the communicants are using. If you don't have a good key, none of the rest this matters. Here are some suggestions for exchanging a key.

1. Shuffle the deck. A random key is the best. One of the communicants can shuffle up a random leck and then create another, identical deck. One goes to the sender and the other to the receiver. Most people are not good shufflers, so shuffle the deck at least ten times, and try to use a deck that has been played with instead of a fresh deck out of the box. Remember to keep a spare deck in the keyed order, otherwise if you make a mistake you'll never be able to decrypt the message. Also remember that the key is at risk as long as it exists; the secret police could find the deck and copy down its order.

2. Use a bridge ordering. A description of a set of bridge hands that you might see in a newspaper or a bridge book is about a 95-bit key. If the communicants can agree on a way to convert that to a deck ordering and a way to set the jokers (perhaps after the first two cards that are mentioned in the discussion of the game), this can work. Be warned: the secret police can find your bridge column and copy down the order. You can try setting up some repeatable convention for which bridge column to use; for example, "use the bridge column in your home town newspaper for the day on which you encrypt the message," or something like that. Or use a list of keywords to search the New York Timeswebsite, and use the bridge column for the day of the article that comes up when you search on those words. If the keywords are found or intercepted, they look like a passphrase. And pick your own convention; remember that the secret police read Neal Stephenson's books, too.

3. Use a passphrase to order the deck. This method uses the Solitaire algorithm to create an initial deck ordering. Both the sender and receiver share a passphrase. (For example, "SECRET KEY.") Start with the deck in a fixed order; lowest card to highest card, in bridge suits. Perform the Solitaire operation, but instead of Step 5, do another count cut based on the first character of the passphrase (19, in this example). (Remember to put the top cards just above the bottom card in the deck, as before.) Do this once for each character. Use another two characters to set the positions of the jokers. Remember, though, that there are only about 1.4 bits of randomness per character in standard English. You're going to want at least an 80-character passphrase to make this secure; I recommend at least 120 characters. (Sorry, but you just can't get good security with a shorter key.)

Here's some sample data to practice your Solitaire skills with:

Sample 1: Start with an unkeyed deck: A(clubs) through K(clubs), A(hearts) through K(hearts), A(diamonds) through K(diamonds), A(spades) through K(spades), A joker, B joker (you can think of this as 1--52, A, B). The first ten outputs are:

4 49 10 (53) 24 8 51 44 6 33

The 53 is skipped, of course. I just put it there for demonstration. If the plain text is:

AAAAA AAAAA

then the cipher text is:

EXKYI ZSGEH

Sample 2: Using keying method 3 and the key "FOO," the first fifteen outputs are:

8 19 7 25 20 (53) 9 8 22 32 43 5 26 17 (53) 38 48

If the plain text is all As, the cipher text is:

ITHZU JIWGR FARMW

Sample 3: Using keying method 3 and the key "CRYPTONOMICON," the message "SOLITAIRE" encrypts to:

KIRAK SFJAN

Of course, you should use a longer key. These samples are for test purposes only. There are more samples on the website, and you can use the book's PERL script to create your own.

Solitaire is designed to be secure even if the enemy knows how the algorithm works. I have assumed that Cryptonomiconwill be a best seller, and that copies will be available everywhere. I assume that the NSA and everyone else will study the algorithm and will watch for it. I assume that the only secret is the key.

That's why keeping the key secret is so important. If you have a deck of cards in a safe place, you should assume the enemy will at least entertain the thought that you are using Solitaire. If you have a bridge column in your safe deposit box, you should expect to raise a few eyebrows. If any group is known to be using the algorithm, expect the secret police to maintain a database of bridge columns to use in cracking attempts. Solitaire is strong even if the enemy knows you are using it, and a simple deck of playing cards is still much less incriminating than a software encryption program running on your laptop, but the algorithm is no substitute for street smarts.