Q:Is OTG as secure as the AES/Rijndael symmetric encryption system?
A:The two systems cannot be readily compared because they are very different. However, that's really not the right question to ask. (See the next Q&A question if you insist, but read this answer first.)
It was never the goal of our “Off The Grid” project to duplicate the security of a state-of-the-art symmetric cipher like AES/Rijndael. Rather, the OTG system was carefully and deliberately designed to provide far more security than any of the solutions it replaces, while being easy enough to use that it would actually be used. We believe the system succeeds at achieving those goals.
It is important to consider that modern computer-based cryptography is so strong that it is never the weakest link in the chain. It is never broken. Yet Internet user's passwords are still being lost or stolen, and their accounts are being compromised every day. The problem is not that computer-based encryption is not strong enough — it's effectively unbreakable. The problem is pretty much with everything else. Users choose and use insecure and easily guessed passwords, and they often use the same password on every, or across many, sites. Malware and keystroke loggers of many types can infect users' systems, and popular password management systems have been the target of malicious manipulation in the past. But users who adopt the “Off The Grid” system have a paper-based solution that does not run in their computers, so it cannot be compromised by malware. And since all OTG passwords are long, extremely random and unique per site, OTG provides the best security we know how to create. OTG is far more secure than the other “ad hoc” methods that most users adopt. So switching to OTG almost certainly increases any user's security.
Q:But I want you to compare the security of OTG to AES/Rijndael . . .
A:Okay.
First: Algorithmic Security — Modern cryptographic algorithms utilize a high number of complex computational and combinatorial steps to obscure the relationship between the input “plaintext” and the output “ciphertext”. And even with a modern processor's incredible speeds, pushing data through these algorithms takes some time. There does not appear to be a feasible way to adapt those “number crunching” approaches to a simple-to-use paper-based cipher. So we needed to take a different approach
. . .
Second: The “Off The Grid” system replaces symmetric cryptography's computational complexity with extremely high levels of entropy (unknowable and unpredictable randomness). The AES/Rijndael cipher is most commonly used with a 128-bit key. This key length provides 2
128 possible keys which is:
340 282 366 920 938 463 463 374 607 431 768 211 456. The extreme algorithmic strength of the AES/Rijndael cipher prevents it from “leaking” any useful information about its key when both its input and output are known, and, as you can see, there are too many possible keys for it to be practical to try them all.
Since a manual system like OTG cannot have such computational complexity, we compensate for that by incorporating a truly incredible amount of entropy (randomness). The entropy of Latin Squares is so large that no one even knows how large it is! Mathematicians have established a “lower bound” for it. This means that while they don't know the exact amount, they know that it has at least a certain amount. How much? The OTG
Security & Attack Analysis page carefully explains where the following number comes from, but there are known to be at least
9 336 974 347 720 076 203 095 381 302 683 075 484 706 012 030 875 383 265 106 777 232 515 384 291 786 329 470 875 840 456 766 821 029 030 235 438 914 174 291 844 167 774 650 650 291 329 460 401 751 489 013 555 810 781 700 163 431 985 765 122 298 613 958 200 230 192 236 631 943 316 085 768 502 914 719 815 963 609 471 283 139 690 899 669 496 766 419 404 467 151 772 248 428 431 825 394 305 641 480 706 711 487 437 686 906 450 684 680 968 293 622 304 401 609 062 321 217 193 606 241 756 724 745 170 796 786 016 394 203 303 300 168 583 550 145 590 123 023 289 449 057 087 possible 26x26 Latin Squares of the size used by, and randomly chosen by, our Off The Grid system. Expressed in scientific notation, this number is: 9.337 x 10
426. The log(2) (logarithm base 2) is approximately 1418. So it is the equivalent of a 1418-bit key. And the number is even higher because the random alphabetic case of those 676 characters further increases the grid's total entropy.
Unlike a state-of-the-art symmetric cipher, which does not “leak” any useful information about its key when it is used,
every use of the OTG grid does leak a little bit of information about its key. This occurs because the OTG's key
is the specific structure of its grid, and we output selected pieces of the grid as the OTG passwords. This means that individual websites each obtain tiny chunks of the OTG grid structure selected by their domain name. But look again at the phenomenal number of possible OTG grids, any one of which any single user might be using. Our careful analysis demonstrates that so little useful information can be obtained from each OTG domain name and password pair that even if an attacker were to somehow collect a large number, there are so many possible OTG grids that nothing useful could be done with that information.
So, as you can see, modern symmetric ciphers, with their emphasis on computational complexity, employ sufficient entropy (typically 128 bits) to thwart attackers by not leaking anything about their key. By contrast, because computational complexity is not feasible in a simple manual system, OTG takes advantage of its incredible amount of entropy (a user has
one of more than 9.337 x 10
426 possible Latin Squares) to mitigate the consequences of a bit of its “key” leaking to anyone who obtains an OTG password.
Q:Why are there different ways to use the system?
A:Unlike many of the “black boxes” in cryptography, where something is put into one end and something different mysteriously emerges from the other end, the OTG system is, in every way, open and transparent. It should be easy for anyone to understand and use. These pages carefully present the motivation, goals, and design of the system. And like any open system, users are free to use it for any purpose and in any way they choose. Once the OTG Latin Square with its special border characters and capitalization rules is understood, its special properties can be applied in many ways. Users should be, and are, free to experiment, explore and find the approach that suits them best. It was never our intention to impose any strict usage upon anyone.
Q:Why do you have one domain name character expand into two password characters?
A:This appears to be the best tradeoff. You could change it to one in and one out, or one in and three out, or ven alternate . . . or anything else you want. But we know that good security requires in the neighborhood of twelve variable-case alphabetic characters. Since the standard OTG system encrypts six characters into twelve, even the shortest domain names, such as ab.com or abc.tv, provide sufficient raw material for OTG's encryption.
Q:Could I use this system for other things too?
A:Absolutely! For example, if two people each shared a common OTG grid for the purpose of exchanging encrypted files, a file sender could choose a simple word, and use the OTG system to encrypt that word into twice as many password characters. Then that password could be used to encrypt a file to be sent through eMail. The eMail message could contain the pre-encrypted short word that was used, along with the encrypted file. In fact, the key word and the file could even be posted publicly.
The recipient would receive the eMail, run the short word through their identical copy of the OTG grid to obtain the same encryption password that was used to encrypt the file, and decrypt the file. And, of course, many other uses are possible.
Q:I don't think my mother-in-law could understand or use this.
A:We certainly understand that this system is not for everyone. It will appeal to people who like the idea of generating secure passwords with a system that cannot possibly be compromised by malware or other technologies . . . because it doesn't rely upon computers for its operation. But in working without computers the OTG system inherently and necessarily places responsibility for its operation on the user. There's no way around that. The system was designed to be as simple to use as possible while still offering an extremely high level of security. It achieved its goals, even though those goals don't and won't make sense for everyone.