This whole thread seems to be unaware about Debian.... so I'll give an actual answer.
Debian only actually updates their software packages every 2 years, this is for stability purposes. However you still need to fix some severe bugs so about every 2-3 months Debian does point releases that are only updating for security fixes. This is one of them.
When Debian 14 actually releases it will upgrade nearly all of the packages that are in your base system.
Again you have no idea what I'm talking about. I'm not a cryptographer, but I've done a bit of computational number theory (a strongly related field), I speak from that field.
I'm describing how you make rigorous provable claims, rather than "it's an ancient technique supercharged by a computer"- which quite frankly makes you sound like a child.
"It's just a database file"- You realize the contents of the database don't matter? The security comes from the mapping. The database contents could be pure nonsense symbols (in fact it should be, one of the criteria of modern cryptosystems is indistinguishability from random data, because it defeats pattern-based attacks.) I was simply pointing out that your approach was very amateurish since those databases have already existed for 30+ years.
"Not selling anything"
"Selling" is a common synonym for "convincing" or "advertising". Saying "I sold him on that"- means you convinced someone.
I'm going to let this discourse die because it seems like you don't understand what I'm saying.
My point is that your approach is awful. It's like you completely fumbled into your idea, and you're trying to sell it as superior to rigorously constructed cryptosystems ( nearly all exploits are due to developer incompetence not cryptographers).
"They are all grammatically valid"- yeah you have no idea what I just said. I was talking about constructing a probability matrix from a language, if you restrict the entries to grammatically valid pairs/tuples it reduces the size and is therefore easier to compute. Whether or not your ciphertext is grammatically valid English has zero effect on its strength.
The reason why you might want to take the approach I described is that you can make precise claims about the dataset and final result. Rather than saying "umm ... Chatgpt said so..".
Regardless, this has nothing to do with cryptographic security. It's just an immediate red flag when developers miss obvious solutions.
"but common phrases". These also exist, they are used in grammar checkers. They also exist in texts for English learners.
Datasets like these are very easy to come by. In fact you could actually write a program that set up a Markov matrix of pairs of words for any input text, and use it to determine common phrases. This is the standard sloppy approach, a more clever one would restrict the pairing to grammatically valid ones.
Why did you use an LLM for the frequency tables? The "most common words used" is very useful data and as such there are many already existing compilations, used by things like spell checkers. The Linux system dictionaries are one example.
The fact that you completely ignore that simply using a larger RSA key would both be faster and more secure than your approach, doesn't inspire confidence either.
(It's also in python which is basically unusable. )
What motivated you to write this program?
Your choice of "codebook", is an immediate red flag and reeks of pop-crypto. There is a reason why this approach was abandoned some 100+ years ago, even properly implemented they have severe shortcomings.
Chatgpt just cribs from stack overflow, which in turn just cribs their answers from documentation. Once you figure that out, they both become surprisingly useless.
I just want tropical/desert textures. I know penguins like the cold, but people like variety.
"Making frequency analysis ineffective"
Oh boy, let's hope nobody uses it for large plain texts. If x maps to k1,K2,... then one simply needs enough instances of x to reconstruct the key. It must at the very minimum need multiple symbols to map to the same strings to achieve ambiguity.
The cryptographic claims seem laughable.
Maybe to match against the passport photos. Some people travel with other similar-looking people's IDs, and it can be missed by inspectors. So having an current photo of the traveler can be used in post-hoc investigations to determine if they did so.
It's also pretty poor quality data. Open-source journalists use it alot and make erroneous claims.
Ryan MacBeth tried to do this to show a person hadn't left the US, when a third-party had actually recorded them in Palestine.