

Seven Codes You'll Never Ever Break - cyphersanctus
http://www.wired.com/dangerroom/2012/12/codes/

======
ColinWright
Unpaginated:
[http://www.wired.com/dangerroom/2012/12/codes/?pid=1708&...](http://www.wired.com/dangerroom/2012/12/codes/?pid=1708&viewall=true)

 _Added in edit: Interesting that someone downvoted this comment. Did someone
fat-finger it, or do some people really think it's wrong to give a link to the
unpaginated version? I'd like to know. If you feel unable to reply here, then
feel free to email - address is in my profile. Thanks._

~~~
Surio
I, for one, appreciate unpaginated links, so thank you.

------
jgrahamc
Stupid title.

Just because Kryptos Part IV hasn't been broken so far doesn't mean that it
won't be. It was designed to be broken.

Oh, wait, the actual title is "7 Codes You’ll Never Ever Break" instead of
"Codes Hackers Will Never Ever Break". The actual title is more likely to be
true, especially given the complete crackpots that appear in groups like
Kryptos with outlandish 'breaks' to the codes that are complete crap.

Breaking codes is hard, takes a long time and requires method. Most people
won't break these codes.

~~~
stephengillie
At some point, someone will just brute-force these.

~~~
podperson
One of the codes may be a one-time-pad reference to a book which may no longer
exist OR the ciphertext may simply be a meaningless fraud.

Another is probably written in an invented, private language.

Two others are short enough that brute force approaches will almost certainly
create false positives.

In general, brute force can only work if you have some idea of what to expect
the clear text to look like.

~~~
stephengillie
So 2 of these probably aren't even codes, just gibberish.

So what if false positives are created? We can just brute-force the analysis
of those to find the right one. Are you forgetting the sheer magnitude of
quantum, digital, & human-analog computing power we have available today?

~~~
podperson
I think you're forgetting to check your hubris at the door.

Given the folks who've attacked these problems, the ones that have yielded to
brute force thus far: 0.

------
piqufoh
Bruce Schneier broke these codes before breakfast, and now he's gonna break
you! <http://www.schneierfacts.com/>

~~~
Zenst
Thats brillianty funny, now us geeks have our own chuck norris.

~~~
greiskul
There is also Jeff Dean: [http://www.quora.com/Jeff-Dean/What-are-all-the-
Jeff-Dean-fa...](http://www.quora.com/Jeff-Dean/What-are-all-the-Jeff-Dean-
facts)

------
Tichy
Grr, of course the link to "drawings of naked women" is broken. Anybody has
the correct URL?

~~~
ColinWright
For your delight and delectation, here's a link:

<http://brbl-zoom.library.yale.edu/viewer/1006200>

For reference, a simple Google search found it in about 30 seconds.

~~~
Tichy
Delightful, thanks!

------
dutchbrit
On decoding the Voynich manuscript,
<http://www.edithsherwood.com/voynich_decoded/>

------
nnq
semi-offtopic: how could one crack a cyphered text if it was written in a 100%
invented/artificial language, with no relation to any natural language, not
even good word-to-word mapping (imagine a pictografic language like the assian
ones, but unrelated)? where would one start without word-frequency analysis or
something similar to begin with?

Maybe the Voynich manuscript has such a completely imagined language, and
that's why nothing worked (if it's not a "hoax:, of course).

~~~
MichaelGG
A 100% artificial language can be equivalent to a one-time pad, so there's no
guarantee it could be cracked.

~~~
stephengillie
Why can't we brute-force one-time pads? Did someone figure out how to create
infinite combinations of 26 letters? As far as I understand, this space is
finite, and thus can be brute-forced.

~~~
mtinkerhess
The thing about a one-time pad is that the size in bits of the pad is the same
as the size in bits of the message (before and after encryption). So given an
encrypted message, the number of possible one-time pads is equal to the number
of possible corresponding cleartext messages. There's no way to brute force
that -- if you tried every single possible one-time pad to decrypt the
ciphertext, you'd end up with every single possible cleartext message, with no
way to distinguish which was the original cleartext.

~~~
stephengillie
So for every iteration, we get a cleartext message?

So every cleartext message is 100% dictionary words and absolutely no
gibberish?

So every cleartext message has complete, logical sentences?

So the complete, logical sentences in each message make sense in the context
of the message?

I do not believe this to be the case. Only one cleartext message would
actually make sense.

~~~
marshray
> So every cleartext message is 100% dictionary words and absolutely no
> gibberish?

No, but for every sensible message there is a way to guess a key that decrypts
the given ciphertext to it.

~~~
stephengillie
Right, so we just throw out the ones with gibberish and brute-force the
remainder.

~~~
marshray
But 'the reamainder' amounts to 'every non-gibberish sentence of the
appropriate length in the target language' with _no_ way to distinguish
between them. So

    
    
        "Attack at dawn."
    

and

    
    
        "Attack at dusk."
    

are equally valid and equally probable decodings of the ciphertext:

    
    
        739B912B0B067A9B803C46FBDB1E03
    

Brute force amounts to making a large number of guesses. But you can't brute-
force something if you have no information about whether not a specific guess
was correct.

~~~
stephengillie
This means you have to extend your concepts of brute-force and guessing to
include determining which cleartext message is the correct one. If the message
is that short, then indeed there is no way to determine from the message
alone. Yet even this example gives us tons of info -- we know the attack won't
come near midday or midnight, so we only have 2 times to prepare for an
attack. This isn't as good as knowing exactly when, but it's better than
having no idea of when.

This feels like a skill used by those who guess on tests.

~~~
marshray
It's not just two messages. The key (sometimes called a keystream) is as long
as the message itself, so one can construct _any_ message just by selecting
the appropriate key and no information is revealed about whether or not this
plaintext is correct.

An attacker may as well just try to guess the message directly and thus
dispensing with the pointless process of guessing a keystream and XORing it
with the ciphertext.

This is the feature of One Time Pads that gives them a kind of provable
security that is not possible to prove for any system in which the key shorter
than the message.

~~~
stephengillie
There _has_ to be a way. This is just a signal with an approximately equal
amount of noise intentionally applied to it.

~~~
Dylan16807
You're making a fool of yourself. Try again to look at the basic concept. For
EVERY POSSIBLE cleartext of the correct length, there is a key that decodes
your ciphertext to it. Every. Possible. Cleartext.

Pick whatever method you use to decide if a cleartext 'makes sense'. EVERY
POSSIBLE message that fits your criteria will be output during the brute
forcing process.

You don't seem to realize just how nigh-infinite the number of different keys
there are. If I give you a kilobyte blob of one-time-pad data, it could be any
[sub-minute-long] sentence that has ever been spoken or ever will be spoken in
the history of the human race, in any language.

.

I can explain it a different way, that will explain how you can kill the
signal. Okay so the original message has 0s and 1s.

1\. What happens if we take a 1 and have a 50% chance of flipping it: we get a
0 50% of the time and a 1 50% of the time.

2\. What happens if we take a 0 and have a 50% chance of flipping it: we get a
0 50% of the time and a 1 50% of the time.

3\. What happens if we know someone had a 0 or 1 and had a 50% chance of
flipping it: we get a 0 50% of the time and a 1 50% of the time.

4\. What happens when we try to figure out the original bit: Well both 0 and 1
have _the same output_ , so it is fundamentally impossible to figure it out
without knowing if they flipped it.

5\. Repeat for every bit. Store which ones you flipped. Congratulations, you
have a one-time-pad utilizing the XOR method of application.

.

Also you're right that adding noise as in addition won't mask a signal, but
we're not 'adding'. We're looking at the signal, and the completely random
noise, and marking down whether they match or not. If I tell you that bits 1,
2, 3, 5, and 8 matched my coin flips that doesn't tell you a single thing
about what my data was.

------
jzig
The Dorabella cipher has been solved: <http://unsolvedproblems.org/S12x.pdf>

~~~
jgrahamc
No, it hasn't.

Did you read his 'explanation'?

First the decrypted code is close to gibberish and second he starts by
creating the key by removing duplicated letters and yet the key has two Ns,
three Is, two Ys, two Ws, etc.

