A google search turned up a higher-resolution photo of the tombstone: http://elonka.com/friedman/Tombstone.JPG
The lines on the flags appear to be ordinary stripes, with nothing encoded in them. So I guess I can thank my own imagination for turning an otherwise fascinating story into a bit of a disappointment.
Thank you for the high res photo, it was cool to actually be able to see the close up lettering.
it's supposed to be very good, but I just started it last night so don't have much of an opinion yet.
According to the author, it's in plans to become a mini-series.
Geocaching tends to use bacon cyphers extensively, as they are very useful for hiding messages in plain sight.
This book predates the age of computers so every chapter introduces the common ciphers, including, military and diplomatic ones, in use at the time (I believe the first edition was written in 1943) along with the methods used to attack them.
Over time I worked my way through the exercises that appear at the end of each chapter. Computers make light work of these challenging puzzles now, but it’s still fun to write programs to break these old cipher systems.
Around 1987, I approached a very prominent professor in my CS program about being my Ph.D. dissertation advisor for a research project on Cryptography. He said that I should work in another area because cryptography had all been figured out and it didn’t look like there was anything interesting left in that field!
There is an old Wikipedia grudge behind my nit, unfortunately.
A good cipher has to be readable by the intended recipient, and not by eavesdroppers, whereas a good puzzle cannot be impossible to crack.
In that sense, DRM is a sort of anti-puzzle, as the intended recipients are treated as the eavesdroppers, instead of the other way around.
This is a very important distinction. It would be no fun if the cipher on a given cryptographer's tombstone were created with a one-time pad.
This is one reason (among many) why it's impractical for most crypto purposes.
It's fine to use low-grade sources of entropy like timestamps as long as we have enough of it. I might only generate a few bits of actual entropy per second when I move my mouse in somewhat predictable arcs, but if I keep at it for a while, I'll generate 256 bits of entropy eventually.
OTPs are silly.
I would expect that the message was sent by Willaim after he died to people who knew him. A sort of inside joke, that people like me, seeing his tombstone would completely miss.
That said, I could see one making the case that it is steganography.
I don't think 'good' and 'bad' really come into play, a caesar cipher is still a caesar cipher even if it is pretty easy to crack. But when you see it, it doesn't look like something else.
I realize that when I talk about ciphers I don't distinguish between those which are easily reversed and those which are difficult to reverse. Kerckhoff was really concerned with cryptographic systems as a whole but his first principle that "The system must be practically, if not mathematically, indecipherable." would seem to be a function of the environment and the adversary.
To illustrate my thinking, I consider the mechanism on a Hallmark Diary cover that prevents you from opening it without the 'key' just as much a "lock" as the mechanism on the file cabinet that keeps secret material secret.
Given that, would my understanding be correct that any information obscuring or access preventing device which is susceptible to a 'lay person' inverting it, is, in your definition of things, a puzzle?
If that is correct, is the caesar cipher also a puzzle?
I think the point downthread, about cryptograms being designed deliberately so that unrelated readers might eventually have some hope of figuring them out, adds nicely to the definition.
> It is unknown how effective the Caesar cipher was at the time, but it is likely to have been reasonably secure, not least because most of Caesar's enemies would have been illiterate and others would have assumed that the messages were written in an unknown foreign language.
So perhaps it’s best to think of it as a real cipher that was obsoleted by technological advances... much as modern ciphers can be obsoleted by advances in cryptanalytic techniques or computer hardware.
For a more modern example you could consider Navajo code talkers in WWII. As I just learned (you might know way more about this than me :), the code talkers weren’t just translating their messages into the Navajo language; rather, they typically spelled out English text using one code word per letter. Thus, what they did can definitely be seen as a cipher, in more than just the vague sense of a way to keep a message secret. And the list of code words could be seen as a key... but only to some extent. If they had just invented a word-per-letter code in English, the enemy would have been able to write down the words, and perhaps ultimately decipher the code using frequency analysis, which was a well-known technique at that point. Much of the code’s security rather depended on the use of the Navajo language, which was tonally complex, had few speakers, and had no published dictionaries at the time. These are all factors that don’t follow Kerckhoff’s principle: if the enemy had obtained Navajo speakers and proceeded to decipher the code, rekeying with a new word list wouldn’t have brought back the original level of security.
Of course, the scheme would not stand up well to modern computer-based techniques, and if used today would have to mostly be considered a toy cipher. But in its original historical context it was not a toy.
(And on the flipside, there are other historical ciphers that are just as obsolete thanks to computers, but did follow Kerckhoff’s principle with respect to attacks available at the time - such as the Enigma machine.)
And LOL, not from Sophos. I assumed it was because it had the word "naked" in the URL, but it was odd because I attempted to tweet it many times and it failed UNTIL I used the google amp version of the URL.
Interesting and good read. Thank you.