1

Encrypting text with a computer has problems: we need to worry about hardware backdoors in processors, motherboards, and extension cards, software backdoors in OS, vulnerabilities in software, and viruses.

Computers are so complex that no single person knows every detail of how they work. It makes it impossible to examine every single part of hardware and software, so we can only hope that the computer isn't maliciously modified.

Encryption machines like Enigma don't have all these weaknesses. I know that Enigma is broken. Are there other ways to encrypt text with a password without a computer, but still secure by modern standards?

(I know that one-time pads are secure, but they require a random key to be stored somewhere, so it doesn't count as protection by password only).

Rohit Gupta
  • 239
  • 1
  • 2
  • 9
Arqwer
  • 171
  • 4
  • 1
    See [this question about cryptosystems one can do with a pen & paper](https://crypto.stackexchange.com/questions/1653/what-is-the-most-secure-hand-cipher), and [this question about related terminology to help your search](https://crypto.stackexchange.com/questions/81871/is-there-a-name-for-strong-human-computable-encryption-schemes-are-there-defini) – Morrolan Feb 09 '23 at 12:06
  • As an aside, I'd be hesitant to claim that 'encryption machines' are less likely to contain backdoors, given some [recent happenings](https://en.wikipedia.org/wiki/Crypto_AG). – Morrolan Feb 09 '23 at 12:07
  • This is a comment as it only relates to a question paragraph (2nd) and not the nub of the question. Virtually all computers’ functions can be externally validated through testing. Even stuff like encryption can be tested against test vectors and against other computers, perhaps of different architectures. You can even write your own tests. There is also a plethora of μcontrollers that can be used, including those manufactured in non allied regimes. See [What's the reason for Monte Carlo tests for block ciphers?](https://crypto.stackexchange.com/q/68680/23115) . – Paul Uszak Feb 09 '23 at 13:16
  • Modern processors have closed source blobs in microcode, which can't be validated. Also, backdoors might be included at microscopic level inside processor cristals - to detect those it is necessary to scalp the processor, scan it with electric microscope and reverse-engeneer it, which is not only laborious and expensive, but will also destroy the processor. Plus, Intel ME has encrypted microcode with unrestricted access to memory and network, making it a perfect place for a backdoor - which can't be validated either. – Arqwer Feb 12 '23 at 09:06

1 Answers1

1

Try Solitaire cipher https://en.m.wikipedia.org/wiki/Solitaire_(cipher) As of today it has some known weaknesses but still can't be practically broken. It requires a deck of cards in a certain order bot just a password as a key.

Meir Maor
  • 11,497
  • 1
  • 22
  • 52