

Weird World War II Security Puzzle - jgrahamc
http://blog.jgc.org/2011/08/security-conundrum-in-between-silk-and.html

======
pingswept
Perhaps it relies on using obscure information that the messenger already
knows, but not telling the messenger which random fact will be the significant
one.

For example, you could authenticate my brother by asking him to complete this
song title: "Fleshy _______". Yet without knowing what question he was to
answer, he could never retrieve the password.

I suppose it's not exactly true that he couldn't remember it-- it's in his
memory, but he doesn't know where to look. Actually, the idea is basically
asking someone to dereference a pointer to their childhood. Most people will
segfault.

~~~
dcosson
So essentially we're relying on a one-way hash function, which is what I am
thinking too. (In Quantum Information Theory, the question whether or not
there exists true one-way hash functions is still unanswered, but for the time
being, current cryptographic functions are obviously working well enough).

I feel like this wouldn't work with humans though. For instance, if I was
torturing you and knew that your brother was the other agent, I might think to
ask you for any inside jokes between you and your brother. There's a chance
you wouldn't think of the right one (i.e. segfault analogy), but also a chance
that you might, so you haven't really "forgotten" the answer.

On top of that, I feel like something straight out of Harry Potter probably
isn't the answer :)

I like the idea (in the comments on OP's blog) of using a very unique smell.
You can explain what's happening in a picture or hum a melody, but maybe a
smell is more difficult to describe.

------
rottendoubt
Someone posted on the original article that "You cannot recall smells..." That
is one possibility. Pandarus could give Manelaus a bottle of a very specific
perfume that Pandarus was familiar with. If Pandarus smelled the perfume in
the future, he would know it was Manelaus. But if captured, he would not be
able to remember the perfume's smell -- at least not in a specific enough way
to reproduce it.

~~~
raphman
I agree. Actually, the secret needs to be something that can be _remembered_
well but not _described_ well. Smell and maybe taste are very well suited for
this. Anecdotal evidence: I recently learned how a dead mouse smells but
cannot think of any way to describe this smell. However, I could definitely
identify this smell again.

~~~
CapitalistCartr
I recently learned how a weeks-dead human smells. I doubt I'll ever forget it.
But I don't know how to describe to someone else ANY smell, other than
comparing one odor to another. About as effective as the old joke about an
unfamiliar meat, "It tastes like chicken."

~~~
rottendoubt
I hope I never have to smell either (dead mouse or dead human). =/

------
demallien
I have a question - what does 'give an identity check' actually mean? Does it
mean that Pandarus has to give Menaleus a means of verifying that Pandarus
really is Pandarus in the future, or does it mean that Pandarus has to verify
Menaleus' identity?

~~~
rottendoubt
Ya, I'm wondering that myself. Or it could mean that Pandarus gave Menaleus a
way for Menaleus to identify himself (Menaleus) to others. If so, then it
could be something unique to Menaleus such as his finger print. Menaleus could
use his finger print as an identity check and Pandarus would have no way to
remember Menaleus' finger print.

~~~
dbaron
Having read the book in the past (though I don't have it in front of me right
now), I think what it means is that he has to give Menaleus a way to identify
himself in encrypted radio communications, such that if Menaleus is captured
by the Germans and ordered to send certain messages (to misinform the
British), he can omit his identity check without detection by the Germans so
the British will know that he's transmitting under coercion. Doing this in a
way that works if the Germans have decrypted his back traffic is hard -- I
think the assumption was that they hadn't done so due to lack of resources;
they'd instead torture the agent to get him/her to reveal the identity check.

~~~
dbaron
Now that I'm home: the scan is from page 508; the relevant bits are from the
end of page 504 through page 508, or perhaps all of Chapter 67 (502-509).

Personally, I'm stumped by the "without anything passing in writing" part,
which seems to me to make the problem unnecessarily harder, since Pandarus was
carrying codes for them printed on silk (to be sewn into the lining of
clothing).

And... since I haven't mentioned it already: this is a great book. It's
gripping, and reads a little bit like a movie for a good reason -- its author
(who is telling the story of his experiences working on cryptography during
the war in his early 20s) went on to become a screenwriter.

~~~
rottendoubt
Thanks for the clarification. So it has to be some sort of verbally
transmitted code (ie. a phrase) since it's used over the radio? That pretty
much takes out almost all the guesses posted here so far.

------
amalcon
The picture thing got me thinking. Perhaps PANDARUS had an eidetic memory. He
had studied a picture that MANELAUS had access to. MANELAUS could simply ask a
question about some minor detail in the picture. The picture would be selected
such that there are too many such details to communicate a substantial
fraction of them.

------
chris_dcosta
If asked the question "what is your identity" and you were told to reply "I am
unable to remember it" under all circumstances, or a variation on that - would
that work?

~~~
esrauch
Not really, because while you are being tortured you would explain in detail
"I am supposed to repeat the exact following phrase 'I am unable to remember
it'". It's not like torture just makes you answer only technically correct but
able to withhold actually giving them what they want.

What you are describing would probably work in a sitcom, but it makes no sense
in real life.

~~~
chris_dcosta
I suppose you're right. I have sitcom thoughts. That would explain a lot.

------
highjeep
"Jesus, it was an impossibly long string, I can't remember. Please don't kill
me, Jesus!!!"

(...Pandarus who'd blasphemed so frequently...)

Clever but weak, there is plenty of blasphemers in the world.

------
epo
I think the photograph idea gives a hint (though is unlikely to be unique),
say there was a picture of the Queen/President in some recognisable location
in their office. They could be asked, "where is the xxx standing in the
portrait in your office". This may be what the linked article says, don't
know, haven't read that (yet).

EDIT on thinking about it, a password is an answer to a question (what is the
shared secret?), it's not the password they don't know, it's the question.

------
wccrawford
It seems to me that if I were doing something like this, I'd have some way of
indoctrinating people without them knowing it. Some information or phrases
that seem very commonplace and non-important, but will trigger certain
responses when they're seen or heard again.

We've already got quite a few that are easily spotted by an enemy. When the
national anthem plays, what do you do? It's pretty easy to spot people who
don't know.

In fact, we already use this to spot enemy agents. They will react in odd ways
to things that we think of as commonplace... Words and phrases that mean
something in the culture, but on their own are meaningless... Or just have
changed usage.

The only thing that makes me think the above is NOT what they used is that
they said they would have to find a way to vary it. It takes time to make the
above happen, but varying it isn't a problem other than that.

~~~
hasslblad
This has happened to British Agents before in WWII. I remember seeing a
documentary about training British agents to infiltrate France. While in
France one agent got caught out by asking for a black coffee. This was the
default coffee at the time in France, people would just ask for a coffee and
expect a black coffee. This made him stand out.

There are similar stories like this in movies, such as the Great Escape, when
one of the escaping prisoners is dressed as a civilian and is boarding a bus
in town. A German Officer says in English "Good luck", the prisoner replies in
English "thank you" and is caught.

~~~
arethuza
<http://www.youtube.com/watch?v=o0wNl66tT3Q>

[Edit: As with all British males born in the 60s or 70s I have seen the Great
Escape roughly 73,000 times].

------
pepsi
What if the messenger was Anosmic, and the person verifying his identity had a
very strong odor. He would never be able to identify the other person by that
trait.

Basically, the second person had to have some sort of trait that was easy for
other people to see, but not for the messenger. Perhaps colorblindness could
have been a factor.

------
keenerd
I really hope this puzzle is solved by a mom.

------
InclinedPlane
Interesting. I've read a few stories about spies being discovered due to their
habits, so this is somewhat related. For example, table manners are different
in Europe and the US (the way you hold and use a knife and fork especially).
Also, since people in the uk drive on the left the way they look for cars
before crossing a road is opposite the norm in countries where they drive on
the right. Apparently Americans will rotate a piece of pie or cake so the
point faces them before eating it.

It should be possible to specifically train some habit or combination of
habits that is within the norm but notable enough to use as an identifier if
known (much like baseball signals).

In short: behavioral steganography.

~~~
mhb
There's a cultural difference in the orientation of eating pie/cake? Is it the
same for pizza?

~~~
PidGin128
Have you ever folded it?

~~~
mhb
Pizza - yes, once. Cake/pie - never. But this is orthogonal to the eating
vector.

~~~
pbhjpbhj
Make a sandwich with it as the bread.

------
shin_lao
Could be anything.

Maybe he has a scar on his face and the password is "how did you get that
scar?". Has the text says, the scheme cannot be used with other people so it's
probably something specific with the agent.

~~~
eridius
The text says unless they can think of a way to vary the scheme, it can't be
re-used, presumably because it's not useful as an identity check if it cannot
uniquely identify a single person.

------
palish
Off topic: please un-break the ability to zoom in on an iPhone.

------
gcb
Just remove context.

Make a clown delivers the mission, and not mention any identity check
procedure.

If caught, he will not even know about id check to give out.

If reach destination, he may be asked something about the clown costume. Which
he would never forget because of the out of placeness of the thing.

