You do raise a good point about "boomer ready." None of these technological solutions qualify, because they're often highly technophobic. Some are willing to learn enough to use a smartphone, but that's not true for the plurality of people. This is a problem.

The unfortunate reality is that "conversational encryption" is highly ineffective against cryptanalysis as there's an insufficient amount of entropy to mask the meaning of each statement as it is conveyed over the radio. It also works at a high enough level that as soon as certain meanings can be deduced, related context can be further elucidated by listening to conversations sampled over time. As an example, the only reason Navajo code talkers were successful was due to their comparative obscurity and rarity; that they were using a layered code (code words embedded in a language the Japanese had no idea how to translate) provided additional protection, but the fundamental security was embedded in the fact the cryptosystem--if you will--exploited a means unavailable to the Japanese.

Given enough time, money, and interest, they might've been able to decipher it, but access to anyone who could speak Navajo was almost certainly limited to the continental US. It's not something that should be counted on though. Leastwise, not over a longer term whereby potential adversaries may eventually break otherwise simple codes.

It's also why simple Caesar ciphers (also known as simple replacement ciphers) have never been considered secure. One such example is ROT13 which shifts the alphabet by 13 places. You can see why this would be ineffective.

The other problem with conversational encryption is that it fails the forward secrecy test. Forward secrecy defines whether or not a message that has been captured can be decoded at a future point by deducing the methods or the keys used to encrypt the ciphertext. In the case of conversational encryption, once the "code" is deduced, all prior messages can be deciphered ad infinitum.

Electronic systems that implement perfect forward secrecy are more resistant to this form of attack because keys are renegotiated periodically during the connection. This is the case with more recent versions of TLS (that you use on HTTPS sites); even if the server's private keys are leaked, new keys are derived between the client and server such that any captured communications between the two cannot be deduced unless the ephemeral keys are extracted. It's not impossible, of course, but it would require a weakness either in terms of the key exchange protocol or a weakness in the key derivation. That's why quantum crypto is vaguely concerning since it would allow most key exchange protocols to be broken since they rely on prime factoring. Fortunately, we're almost certainly decades away from this point.

I apologize for the essay, however. Cryptography is a point of interest for me, and as a systems implementer, I use a variety of cryptographic libraries on a regular basis. So some knowledge of how they work is required in order to implement them securely.

But yes, all of this is moot if the people who would be required to use such systems are technophobic or averse to its use because they might not understand it. This is incredibly unfortunate, because strong cryptography absolutely will confound potential adversaries.

There's a ton more I could write on the subject, but I don't want to bore you anymore than I no doubt already have.

You do raise a good point about "boomer ready." None of these technological solutions qualify, because they're often highly technophobic. Some are willing to learn enough to use a smartphone, but that's not true for the plurality of people. This is a problem.

The unfortunate reality is that "conversational encryption" is highly ineffective against cryptanalysis since there's not a sufficient amount of entropy to mask the meaning. It also works at a high enough level that as soon as certain meanings can be deduced, related context can be further elucidated with listening over time. As an example, the only reason Navajo code talkers were successful was in part due to their obscurity and rarity; that they were using a layered code (code words embedded in a language the Japanese had no idea how to translate) provided additional protection, but the fundamental security was in the fact the cryptosystem--if you will--used a means unavailable to the Japanese.

Given enough time, money, and interest, they might've been able to decipher it, but access to anyone who could speak Navajo was almost certainly limited to the continental US. It's not something that should be counted on though. Leastwise, not over a short term.

The other problem with conversational encryption is that it fails the forward secrecy test. Forward secrecy defines whether or not a message that has been captured can be decoded at a future point by deducing the methods or the keys used to encrypt the ciphertext. In the case of conversational encryption, once the "code" is deduced, all prior messages can be deciphered ad infinitum.

Electronic systems that implement perfect forward secrecy are more resistant to this form of attack because keys are renegotiated periodically during the connection. This is the case with more recent versions of TLS (that you use on HTTPS sites); even if the server's private keys are leaked, new keys are derived between the client and server such that any captured communications between the two cannot be deduced unless the ephemeral keys are extracted. It's not impossible, of course, but it would require a weakness either in terms of the key exchange protocol or a weakness in the key derivation. That's why quantum crypto is vaguely concerning since it would allow most key exchange protocols to be broken since they rely on prime factoring. Fortunately, we're almost certainly decades away from this point.

I apologize for the essay, however. Cryptography is a point of interest for me, and as a systems implementer, I use a variety of cryptographic libraries on a regular basis. So some knowledge of how they work is required in order to implement them securely.

But yes, all of this is moot if the people who would be required to use such systems are technophobic or averse to its use because they might not understand it. This is incredibly unfortunate, because strong cryptography absolutely will confound potential adversaries.

There's a ton more I could write on the subject, but I don't want to bore you anymore than I no doubt already have.