
Famous cryptographers’ tombstone cryptogram decrypted - wglb
https://nakedsecurity.sophos.com/2018/01/22/famous-cryptographers-tombstone-cryptogram-decrypted/
======
excalibur
At first glance, having no information on this other than a title and an
image, I assumed there was some data encoded in the odd pattern on the flags
at the top of the tombstone. I then read through the article waiting to learn
what was there, and of course it was never mentioned.

A google search turned up a higher-resolution photo of the tombstone:
[http://elonka.com/friedman/Tombstone.JPG](http://elonka.com/friedman/Tombstone.JPG)

The lines on the flags appear to be ordinary stripes, with nothing encoded in
them. So I guess I can thank my own imagination for turning an otherwise
fascinating story into a bit of a disappointment.

~~~
zerocrates
Two flags crossing a torch is the insignia of the U.S. Army Signal Corps. The
stripes here stand in for the areas of the flags that are red in the insignia.

------
durkie
also, a book just came out about Elizebeth Friedman and how a lot of her
contributions to cryptology and the birth of sigint in general have been
erased from histroy: [https://www.amazon.com/Woman-Who-Smashed-Codes-
Outwitted-ebo...](https://www.amazon.com/Woman-Who-Smashed-Codes-Outwitted-
ebook/dp/B01M0EOI6I)

it's supposed to be very good, but I just started it last night so don't have
much of an opinion yet.

~~~
netrc
It is utterly fantastic, a gripping, fascinating, heart-breaking love story.

According to the author, it's in plans to become a mini-series.

------
huhtenberg
Link to the original source is buried within -
[http://elonka.com/friedman/FriedmanTombstone.pdf](http://elonka.com/friedman/FriedmanTombstone.pdf)

------
arbitrage
Awww, that's lovely.

Geocaching tends to use bacon cyphers extensively, as they are very useful for
hiding messages in plain sight.

------
nimbs
Nice little cryptogram, but they didn't secure the side-channel papers.

------
todd8
This discussion of ciphers vs puzzles has reminded me of one of my favorite
books growing up. It was Helen Fouché Gaines _Elementary Cryptanalysis_. I
found it in the library in 1962 and treasured the copy my Aunt purchased for
me.

This book predates the age of computers so every chapter introduces the common
ciphers, including, military and diplomatic ones, in use at the time (I
believe the first edition was written in 1943) along with the methods used to
attack them.

Over time I worked my way through the exercises that appear at the end of each
chapter. Computers make light work of these challenging puzzles now, but it’s
still fun to write programs to break these old cipher systems.

Around 1987, I approached a very prominent professor in my CS program about
being my Ph.D. dissertation advisor for a research project on Cryptography. He
said that I should work in another area because cryptography had all been
figured out and it didn’t look like there was anything interesting left in
that field!

------
tptacek
My nit here would be that these things aren't "ciphers" so much as they are
"puzzles".

~~~
ChuckMcM
How do you get there? You have a message text and you have a cipher text and
you have an algorithm to go from one to the other. Seems like a cipher to me.

~~~
logfromblammo
It's splitting hairs to make a distinction, but a cipher has an intended
recipient and potential eavesdroppers, whereas a puzzle has no known recipient
other than the potential eavesdroppers.

A good cipher has to be readable by the intended recipient, and not by
eavesdroppers, whereas a good puzzle cannot be impossible to crack.

In that sense, DRM is a sort of anti-puzzle, as the intended recipients are
treated as the eavesdroppers, instead of the other way around.

~~~
ythn
> whereas a good puzzle cannot be impossible to crack.

This is a very important distinction. It would be no fun if the cipher on a
given cryptographer's tombstone were created with a one-time pad.

~~~
ChrisSD
Interestingly a one time pad may be crackable. Its theoretical uncrackability
is only true if a truly random number generator is used. Most cryptography is
fine with urandom but a one time pad requires using something like radioactive
decay to generate your pad.

This is one reason (among many) why it's impractical for most crypto purposes.

~~~
dlubarov
Assuming a flawless CSRNG, 128 bits of entropy is more than enough to
withstand current attack power. It's hard to predict the future -- quantum
computers employing Grover's algorithm could conceivably have 2x or more
attack power per unit energy -- but 256 bits should be adequate for a long
time.

It's fine to use low-grade sources of entropy like timestamps as long as we
have enough of it. I might only generate a few bits of actual entropy per
second when I move my mouse in somewhat predictable arcs, but if I keep at it
for a while, I'll generate 256 bits of entropy eventually.

~~~
tptacek
Right, but his point is that you're not really talking about an OTP anymore,
but rather a stream cipher that's as strong as the RNG. It will situationally
be quite secure, but not the theoretical unbreakability of an OTP.

OTPs are silly.

------
pmarreck
Anyone know why Twitter blocks any attempt to tweet this URL?

~~~
genericthrow
Works for me, wait... are you from sophos?

~~~
pmarreck
It worked when I tweeted the google amp URL, oddly.

And LOL, not from Sophos. I assumed it was because it had the word "naked" in
the URL, but it was odd because I attempted to tweet it many times and it
failed UNTIL I used the google amp version of the URL.

------
rudeboot
not loading for me, but interested in reading!

~~~
itsnix
I was able to get to it just now.

Interesting and good read. Thank you.

