One Time Pad (again).

I did a video 7 years ago: Uncrackable Pen & Paper Cryptography

It had several comments, many of which seemed to think there were ways of "cracking" it. There are not. Having got a comment recently, I did another video, OTP.

Wikipedia explains its quite well. It explains your cannot crack it if :-

• The key must be at least as long as the plaintext.
• The key must be truly random.
• The key must never be reused in whole or in part.
• The key must be kept completely secret by the communicating parties.

Even so, people still comment, and a friend of mine just posted...

"Rev, set a challenge on your blog first to decode message without a key wins a firebrick dragon?"

"I would have thought brittle[sic] force decode first 4 chars and wait till it looks like a word."

I really thought I had explained it, but clearly not.

The short version is YOU CANNOT CRACK IT!

In my second video I tried to explain this by dumbing down the message to just 0 or 1, with two possible keys, 0 or 1, giving a possible encrypted message 0 or 1.

Now, imagine you intercept my message and it is a 1

You can BRUTE FORCE try every possible key:

• Key 0 means message was 1
• Key 1 means message was 0

So what was the message? You don't know. You have no way to tell.

You don't know because every possible message, no matter how meaningful or meaningless is possible with a key, with equal probability of being the actual message.

The "I would have thought brute force decode first 4 chars" misses the point - you can brute force to make every possible first 4 letters, with no clue which of those is correct or even more likely.

And just to be clear, even if you know the first 3 letters are ANX (Ref Enigma) that does not help you because the key for those letters has no impact on the next letters (unlike Enigma).

So let me try and say it again, YOU CANNOT CRACK IT! I suggest reading the Wikipedia article.

Back to LCD

My graphics library has undergone plenty of improvements for the e-paper work, but now I am back on LCDs. These have extra challenges, because they have colours and shades.

The main reason is new environmental sensor boards with LCD.

This means I need to anti-alias text, digits, lines, circles, etc. Previously I had pre-rendered 16 level fonts and icons. But I have moved away from pre-rendered bit map fonts in my latest e-paper code already.

I have gone through several approaches to this. The fact my fonts are vector based previously allowed me to just draw lines and circles on the e-paper. That is fine when over plotting is no problem, i.e. white on white is white.

But if you want to anti-alias you have to over sample, e.g. a 4x4 matrix to then know how many pixels are set (0-16) and use that to control alpha blending of existing pixel and new pixel (or background pixel and foreground pixel).

My first approach for fonts was to make code to allow me to tell if a point x,y is plotted or not - so instead of actively plotting dots (circles) and multiple lines that over lap other lines and dots, I have to do the maths to work out "is this point within a dot" and "is this point on a line". The dot is easy - simple Pythagoras. But the lines was more work - I can work out distance to a point is within stroke width using squares. Working out end of line is harder, so ended up working out the point of perpendicular intersection so I could range check end points and then check distance using squares.

It worked, and allowed me to over sample 4x4 and work out grey levels.

A better way

The problem with the above is the 16 times processing of points. So I came up with a new plan - scan lines and run lengths.

The new logic scans the character top to bottom to determine the left/right for each line or dot that is in the character at that scan line. This is actually quite easy for a dot as I can use a look up to get the left/right for any point on a circle and scale. The line is a rectangle, and the fact it is only ever horizontal, vertical, or a 45 degree line means I don't even need square roots to work out the points, and simply work out the left/right for the specified Y scan. It is simple to merge overlapping runs on a scan line and the max runs is low as we know how the font works (up to 6 ranges).

This means only 4 times the processing of non anti-aliasing, as opposed to 16 times. The runs can then be worked out 4 scan lines at a time and plotting a sequence of the same grey level. The same logic works for anti-aliased or not, just not 4 times over sampling on the Y axis when not anti-aliasing.

7 segment digits

The 7 segment digits are not simple lines and dots, they are a complex path (original in SVG), but it is easy to render and run length encode the scan lines for a single large 7 segment digit (well, 9 segments with colon and dot). I can then scale which lines I extract from this large image to make the same run length logic as I do for the vector fonts and use the same run length plotting code.

Lines and circles

Another primitive is lines and circles, and whilst arbitrary angle lines do need one fast integer square root to get the corners, converting to run length on scan lines is, again, simple, and can use the same run length plotting code.

The same is true for a circle, using the same circle lookup table (with interpolation for a larger circle than the table).

Even faster

All of the above still comes down to pixels, but there is a simple important step I have now added to that. I made the pixel plot primitive have a horizontal run length parameter. This allows a number of checks and memory access and so on to be worked out once, and then a simple loop to apply a run length of pixels plotted the same. When plotting 100% alpha it is extra quick as no checking of existing pixel and alpha blending. It can be a simple loop incrementing memory address. Having all of the primitives for fonts, 7 seg, lines, circles, and so on actually convert to run length makes it easy to use such a primitive.

QR!

P.S. Yes, everyone knows I am a stickler for accurate valid QR codes, but I have in fact gone as bit mad with an option here - the targets are 100% correct but the pixels are circles. This is because of the way QR codes are decoded hitting the pixel centres (having found the targets to get accurate alignment), so this should always work whilst having a subtly different aesthetic. I think it is better than some of the other QR code abuse, but it is an option on my EPD code.

More on e-paper

I have learned some lessons, so sharing with you.

The 7.5" e-paper are fun, I have loads of them with the nice laminated glass and black border to sell, plug, plug!

But the story of making e-paper work is not simple.

Software

This I am good at, and the latest code allow a range of widgets and extracted values to be displayed in various ways on the display.

Hardware

This is where I am also always learning. To explain, even in software, where I have being doing this for what 50 year, and have a degree, even now I learn lessons.

But hardware is more challenging for me - my formal training is less, but not nonexistent.

But the real challenge is the turn around time - software I can recompile and try in minutes - hardware is days or weeks to try out as a proper PCB, days if I solder and don't have the components yet. I have done milled PCBs which make that easier in a way, well, quicker, at least.

Symptoms

So..., what happened? The issue was with the larger 7.5" e-paper displays which I have used for years - I have on my doorbell display and my fridge. There is one at the Indian restaurant and two at the pub. They work flawlessly.

What happened is trying one for some other people, and they wanted a displayed image, and that created "smearing" over the display. It looked shit.

It seems some graphics, and I have concluded it is those with a lot of black/white transitions across the display line, break down in an odd way.

The fix?

I assumed it was me, and did loads and loads of tinkering with different LUT settings, and temperature compensation settings and VCOM calibration settings and all sorts.

I got it working OK, but it created a new problem!

Fading and burn in!

It is not actual "burn" in as such but it has the same effect - a lingering image. What is worse was random fading - even 1 minute updates would fade away showing burned in images within seconds. But only some times.

Two factors - one was not doing a POF command, and that creates massive burn in within hours. Even now, at the right angle, on some of my test panels, I see that I tried this on "MONDAY". Do not do that ever!

The other is the LUT was working to push the KK and WW frames a lot, and that left the panel in some state with a charge that meant any change could leave this fading effect.

The effect would eventually dissipate if the display was constant but it could take hours.

This was clearly not the fix I had hoped for.

Henry

So what was the answer? Well, if resistance is futile, inductance is king!

The boost circuit I was using was based on a known working design and used a 10uH inductor. But that was for a watch, a small e-paper display.

The reference circuit Waveshare do has a 68uH inductor. I tried that, it helped massively.

But testing showed that bigger is better! So now it is a 470uH inductor. And that is amazing.

I can do normal changes and updates with no smearing effects in any way. My fudged LUTs still break, and make a fading effect but they are not needed - I can do simpler LUTs and not have issues.

The results are amazing - I can do a non flashy update which is not causing burn in and full updates that work. I have applied the Waveshare v2 panel LUT for full (fast, flashy) update as well. It does full "flashy" updates a lot over night to try and clear any unwanted charge, just in case.

So finally I have cracked my months long e-paper headache.

If you got one of my older controllers you may not even see a problem - it only happens with some graphics, but if you have an issue the fix is a simple component change - ask me if you need a new 470uH indicator sending.

Do I have to pay council tax?

Apparently I have to pay my council tax by CASH monthly...

This is a shock, honestly! I would normally pay by bank transfer for whole year up front.

But OK... Except.

Err, OK, so do I have to turn up each month with cash which they cannot accept?

To be fair, if that saved me over £3k a year in council tax, I'd do it. I'd video record each attempt to pay, obviously, for a judge if they tried to take me to court.

Apparently "Cash is the default payment method that the council tax system uses for payments other than direct debit. This does not mean that the payment has to be made in cash."

As they seem confused, I have asked...

We'll see.

Hamsters

You may or may not know, there is a porn site called xhamster - I have literally no idea why it is called that. 

I'll save you visiting the site to check: Even though it has a cookie banner, it has no attempt whatsoever to operate the age verification required by the Online Safety Act. Not even a simple "I am over 18" button (which would not comply).

Yet, it is reported a forum for people with pet hamsters has shut down, along with hundreds of other sites and forums run by volunteers and individuals, because of the risk of fines and cost of compliance with this crazy new law.

OFCOM reportedly consider the costs of compliance for small sites “are likely to be negligible or in the small thousands at most”. Even without the risk of a fine of up to £18,000,000.00, the costs of "small thousands" of pounds, which OFCOM considers negligible, is more than a small volunteer site can bear, understandably. We are not talking businesses with income and a budget for legal fees here!

What is especially frustrating is the unknown - I don't know if this blog is in scope, and if so whether google or I personally am at risk of a fine. Worse - actual lawyers don't know either. I don't know if my GitHub repositories are in scope, and if so whether GitHub or I am liable. I don't know if my single user mastodon instance is in scope, etc... OFCOM have even admitted that they have no definition of "email" (one of the exceptions - yes you, or kids, can be on a porn email mailing list with no restrictions under this law). I have, again, written to my MP asking these questions.

A fun one, I do not know: If my blog is in scope as it has user generated content (comments), if I stop publishing comments (i.e. they get emailed to me, which is out of scope, and maybe I paraphrase and reply by an edit on the blog post) does that make it out of scope, or do I have to delete the user comments from before the new law came in to force as well?

Think of the Children, indeed, but making millions of individuals with small sites comply, at a cost of thousands of pounds each, is just crazy, especially when the law is not even doing what it aimed to in the first place.

By the way, my personal view on porn is that we need better education for children on the nature of porn as entertainment, and how actual relationships are not the same - after all we allow crazy violence in TV films and shows as entertainment, which people know is not "real" (even for <18 rated films where someone blows ups the planet, etc), but have a hang up over porn for some reason. At the end of the day nothing will stop a teenager with hormones from seeing porn, so let's accept that and educate to make that safer for society. But that is just my view. You may disagree, which is fine.

“There is a simple solution – the Secretary of State can exempt small, safe websites from onerous Online Safety duties, and protect plurality online.”. In practice this could be suitably worded so that small sites (by some measurable metric), and non business sites, etc, only need to comply if explicitly notified by OFCOM. This would mean no loophole for small sites that are actually porn sites, but provide the reassurance for those with pet hamsters to be able to continue their forum.

Stroke

The NHS have been very thorough investigating the stroke I had.

Thankfully the ongoing effects are slight - my typing is still more iffy than it was before, but good news.

They even did an ultrasound on my heart to try and find the underlying cause.

The good news is they found nothing. Well, I'll take it as good news. It also means they could not explain it, which is not so good. But given I had a stroke immediately after COVID, that seems a likely cause.

However, the one thing I find odd is the NHS efficiency here. The letter arrived this week (13th March 2025).

So what happened. I don't think even Royal Mail have a 17th class post that takes 6 months to deliver a letter. So that is rather weird.

Right to private communications

The European Convention on Human Rights protects the right to respect for private life, the home and correspondence. This includes protecting the privacy of messages, phone calls, and emails.

But UK and EU governments are trying to break that right in various ways.

So some thoughts.

1. Encrypted communication is a thing, it exists, it cannot be banned, it is just maths. I have done a nice video on how to make an uncrackable entirely manual encryption (one time pad) here.
2. Criminals can use encryption. My video is an extreme example, but in practice the tools to do this electronically in many effective ways exist and can be used by criminals, and MPs.
3. There are even ways to use encryption in a way that is mathematically impossible to prove you are doing - steganography - where there is no way to tell your encrypted messages apart from random noise in say an image or video.

What this means is that even slightly savvy criminals are safe. The tools all exist and are easy to use. The only issue is if non criminals like you and me can expect that right to privacy.

The Investigatory Powers Act (on which I commented, and was a witness at parliament) did, and does, try to crack encryption as a legal process, maybe, the wording is not ideal. Apple's news on this is one of the key examples. Not the first and not the last, and not something that actually tackles criminals using encryption, it will just make normal people way less safe. Remember criminals can use encryption!

One of the challenges for most normal people is how to use encryption. Most people do not care, or know, why they should even. But there are many ways. The old school ways are using PGP email, which is complex but that is no longer the case. There are many apps and ways to communicate securely, and the obvious ones are things like iMessage (for now). Apple designed it to be secure. But also WhatsApp and Signal.

The problem is that any organisation operating any messaging system that is secure is subject to secret orders from governments to impose back doors.

There are even calls for scanning content for illegal material, which only works if a service has access to the content. This has so many problems, apart from breaking basic human rights. And, I remind you that the "bad people" with "illegal content" can always encrypt what they do anyway, and even secretly if they want to. They actually have an incentive to take the extra steps that normal innocent people do not. The only problem is removing privacy for normal people.

So now to come to the main point of this blog...

Delta Chat

This is an app that works with email, it connects to your provider's email server (not all providers work, but many do, using IMAP and SMTP), and allows a more traditional style messaging app that makes encrypted communications simple.

It is clever, well done.

What is extra clever is this is just an email client. It is not a service that is subject to either Investigatory Power Act or Online Safety Act. Indeed, the latter explicitly excludes email, a term OFCOM consider everyone understands (really!).

But it makes secure encrypted chat a thing anyone can do, easily, in a way that legally there is very little that can get in the way.

So worth considering.

Muddled?

I have been advised this is all a little muddled, and I agree.

• IPA issues with Apple in the middle of OSA coming in to force
• OSA not applying to email, but OSA is not directly an encryption thing, probably.
• EU trying to do content scanning which means service providers having access to content.

I agree, it is muddled, and I bet that is intentional for some, but this is to try and say there is a way to chat, encrypted, with no scanning content, and no age checks, all in one, and easy to use.