Authentication and Message Verification
Confirming who you are talking to, and whether they are under duress
Where this fits: This lesson introduces authentication concepts at the level every operator should know. A full course on formal challenge/reply protocol and duress signaling — COM-06, Authentication and Challenge/Reply — covers this subject in much greater depth.
Lesson Objectives
- Explain what authentication confirms and why voice recognition alone is insufficient
- Distinguish challenge-and-reply authentication from transmission authentication
- Describe isograms, DRYAD sheets, and brevity codes as field-usable authentication and content tools
Two questions authentication answers
Authentication exists to answer two questions: who actually sent this message, and are they transmitting freely or under duress. Voice recognition alone answers neither question reliably — voices can be mimicked or degraded by radio conditions, and duress cannot be detected by tone of voice alone in most cases. A deliberate authentication procedure is what actually answers both.
Challenge/reply versus transmission authentication
Military doctrine on authentication distinguishes two methods, and the distinction is useful for any group building its own procedures.
-
1
Challenge and reply authentication
Requires two-way communication. The called party issues the first challenge — never the caller — which prevents an outside operator from simply listening for a challenge and supplying a rehearsed reply. Only the responding station is actually verified in this method; a challenge itself is never accepted as authentication. The two halves of a challenge and its correct reply should never be transmitted together, since that defeats the entire purpose.
-
2
Transmission authentication
Used when two-way challenge and reply is impossible or impractical — for example, a one-way broadcast to multiple stations. A pre-arranged authentication table lets the sender include a verification code drawn from a shared reference, without requiring a live back-and-forth exchange.
Isograms, DRYAD sheets, and brevity codes
Isograms for rapid authentication
An isogram is a word with no repeating letters. Assign each letter a digit (1 through 0 across a 10-letter isogram), and a pre-briefed pair of stations can use it to authenticate quickly without transmitting the full word. The strength is speed and simplicity; the tradeoff is that isogram sets must be rotated frequently and the full word itself should never be transmitted, only the coded response derived from it.
DRYAD sheets
DRYAD-style sheets are manual authentication and simple numeric-encryption aids designed for speed and field use, typically run on short crypto periods of six hours or less. They are easy to destroy on schedule and resist traffic analysis when rotated properly. Common uses include authentication, numeric encryption of things like frequencies or coordinates, and one-way broadcast authentication that does not require a reply.
DRYAD sheets are procedurally secure, not mathematically strong. Their value depends entirely on operator discipline in rotating and destroying them on schedule.
Code words and brevity codes
Brevity codes replace a long message with a single prearranged word, which shortens transmission time (a TRANSEC benefit) and obscures meaning even if the transmission itself is intercepted in the clear. Best practice: rotate code words frequently, never reuse a word for a different meaning than it was originally assigned, and maintain one controlled master list rather than letting individual operators invent their own on the fly.
A pre-built master list: encrypting letter-by-letter is slow and error-prone — a 10-letter word can take up to 20 encrypted digits, and a full phrase like “emergency shelters established” can run to 50 digits. A brevity code collapses either down to a single 4-digit code (preceded by a zero marking it as a brevity code rather than a letter group), cutting both transmission time and the chance of a transposition error. The Brevity Cards for OTP set is a ready-made controlled master list: 16 double-sided cards with over 450 of the most common words for SITREPs, LP/OP reports, and disaster/emergency traffic, organized both numerically (for decrypting) and alphabetically (for encrypting), plus 60 prebuilt phrases and blank numbered slots for your group’s own entries. The codes are generated with the Verhoeff algorithm, which includes a built-in check digit specifically to catch transposition errors before they corrupt a message.

Related courses: COM-04 EMCON • COM-06 Authentication & Challenge/Reply • COM-07 One-Time Pads • COM-08 Dead Drop & Courier Protocols • COM-09 Cryptographic Security • SEC-02 OPSEC • INT-02 RTSA • INT-03 SALUTE & SPOT Reporting • PLN-04 PREP-CON • PLN-05 COMCON
| ← Lesson 3 |