Hacker News new | past | comments | ask | show | jobs | submit login
Can you crack a code? (fbi.gov)
61 points by dutchbrit on May 3, 2013 | hide | past | favorite | 58 comments

"To learn more about the types of ciphers and codes that terrorists, spies, and criminals use to conceal their communications, see ..." made me laugh. Remember kids, only bad guys use encryption.

That's not what they're trying to say; criminals just happen to be the reason the FBI cares about code breaking.

not too long ago, the act of making, using, or distributing encryption software made you a criminal in the eyes of the fbi

In reality, it has never been a crime to use or distribute encryption software.

The FBI is interested in legal peaceful advocates for government change. Why did they leave that part out of their pitch? Propaganda, even if they didn't "mean" it, because they have alert convinced themselves of the lie.

I am not smart enough to understand what this comment means, sorry.

From the javascript:

var bugRiddenCrashPronePieceOfJunk= (navigator.userAgent.indexOf('MSIE 5')!==-1 && navigator.userAgent.indexOf('Mac')!==-1)

I don't necessarily disagree with the sentiment, but I don't think FBI should disparage Microsoft and Apple with their variable names.

They are disparaging MSIE 5 for MacOS X in particular, which is indeed a piece of junk that no one should be using. That's just facts.

Microsoft and Apple both have publicly disparaged the obsolete IE for Mac, so why shouldn't the FBI? It's very, very out of date and highly-vulnerable. It's not like something that would show up on CNN.

Pretty sure this is referring only to IE for Mac, not IE and MacOS separately.

I much prefer what IBM is doing with their Ponder This challenges (http://domino.research.ibm.com/Comm/wwwr_ponder.nsf/pages/in...). Only problem is that I'm not smart enough to answer all of them :-)

"Be...sure...to drink your Ovaltine?"

If you have zero experience in cryptography, how would you go about learning the necessary to crack this?


This looks like straight character substitution, so it's essentially just trial and error, but the best vector for attack is the following:

Look at the shorter words first (2 and 3 character words), guess what one word might be, then match the same characters in the other short words. Once you have a few that seem to pair up, you can start building the longer words from the answers you've got from the shorter ones.

Puzzles like this one isn't far off doing a crossword or sudoku. There isn't really a cypher to it, no maths etc. It's just having the patience to guess at a few placements then seeing if that fits the wider model.

Why am I being marked down for that? It's clearly marked spoiler so anyone who doesn't want tips can avoid it; yet in spite of that, I was very careful not to give any answers away. All I did was suggest techniques to crack the code. And most importantly, my post answers the question raised - which is the whole fucking point of a comments system.

If anyone didn't want to hints then they should have just skipped over the post the moment they read "spoiler alert" rather than knee jerk reacting with a down-vote for a post that others might have found helpful.

I swear to god the use of the peer review system on HN has been in steady decline over the last few years.

I'd guess because you didn't answer his question "where can I go learn about this?". You told him how to do it.

I'm curious, what's the difference between the two: being told how to do it, and being told where to go to be told how to do it?

If you go read a book like the one I recommended you'll be getting an education in the various sorts of ciphers out there and techniques to break them. The specific answer given above is how to break this particular cipher, thus it's not really far off giving the answer. The topic is more broad and interesting than that.

Step off the ledge, man. Downvotes happen.

Still, it's a common courtesy that if you downvote someone, you tell them why. I think most of us are here for hopefully enlightened discussions, driven by a yearning to learn, share, and explore various topics. We want to be taken seriously, for the most part, and take seriously what we say. Yes, at the end of the day it's just "internet points", but that's belittling our experiences and interactions here to be so dismissive to suggest one should just ignore them.

If that was the intended design, then perhaps votes should be hidden from users as well, so that we'd never know if we were voted up or down; but, I think the design is intended to somewhat subtly clue us in about whether our opinions and statements are popular, controversial, or whatever. It's a feedback loop, and most forms of conversation involve such indirect feedback loops in the form of non-verbal communication -- though in real-life, it's heavily augmented by body language, facial expressions, voice tone and inflection, etc. We don't have those luxuries here, and so the only non-verbals we're left with are the up-arrows.

It's one thing to receive a single down-vote, hell you can't please everyone, right? However, when you try in earnest to participate in a conversation, and you receive the equivalent of a "shut up" from the crowd, then you're left wondering: did I miss the entire point? Did I accidentally offend someone? Was I factually incorrect?

For a healthy conversational atmosphere, it helps to resolve these issues, so that we can improve our communication -- and hopefully avoid the need for any downvotes in the future.

I think being off work recovering from a minor op, and thus house-bound, is making me ratty. :(

It's just internet points, no worries. Everyone who matters can see you were trying to help. Hope you recover soon.

True, but on the receiving end a down vote feels like someone saying "No! You are Wrong!" and then offering nothing constructive.

Some days, I wish I could down vote down votes.

Sometimes downvotes are just fat-finger errors.

That is called upvoting.

No worries, best of luck with the convalescence!

I would also add using letter frequency is quite handy also. As knowing which letters are tend to be seen more frequent you can shorten your trip. Also it's nice thing to do instead of crosswords :)

I'd say the long words offer the better opportunities. Look at the puzzle that has the encrypted word, PIKODENHFENJIKM. How many English words, when used to make look up table based on this key, generate the word when encoded with this key? Only one.

        lookup = {c: d for c, d in zip(pattern, word)}
        return "".join(lookup[c] for c in pattern) == word
Now you have a fifteen letter word solved in the puzzle. It's not hard after that.

Another note, this cipher would be harder to crack if the spaces weren't present.

Only barely harder, and only for human scanners. Spaces stick out like a sore thumb in a straightforward substitution, even worse than Es!

This is a very simple code to break. Helen Fouché Gaines' book Cryptanalysis (published in 1939) is a good introduction : http://www.amazon.com/Cryptanalysis-Study-Ciphers-Their-Solu...

Awesome, thank you so much!

A good think about how you would exchange letters can solve this code as they've just given you the most simple example.

You could read through a few ebooks available on cyptography freely on the internet, but you don't even need to do that in this case, I could just tell you.

The most common letter used in the english language is 'e'. Now identify the dot pattern that is the most common. Voila, you can translate a lot of the code. For the other letters, I would investigate some sort of chart that ranks the most common letters in the English alphabet. With a bit of playing you can do this with a pencil and paper.

Obviously computer cryptography is more advanced, but your question related to this code specifically.

> Obviously computer cryptography is more advanced

Wouldn't a single message from an unknown cipher be almost impossible to crack? You'd either need to know the algorithm or have multiple encoded messages along with the keys, right?

Not necessarily, because some ciphers retain statistical information about the plaintext . any prior knowledge about the shape of the plaintext can give you better than flat random chance of recognizing he decrypt.

A one time pad cipher can be considered unbreakable.


Probably a good a place as any to start:


There is the free "Cryptography 1" course on Coursera ( https://www.coursera.org/course/crypto ).

I'm taking it right now. There's a lot of maths and theory, and it's quite a difficult course, but it's been a great way to learn the foundations of cryptography.

http://en.wikipedia.org/wiki/Cryptanalysis, http://www.fbi.gov/about-us/lab/forensic-science-communicati...

I would think anybody even remotely interested in encryption would know about this 'encryption' (I use the term loosely) method.

I also think such persons would have spotted that this might be a form of that method within a minute, but apparently, I am wrong about that.

If you want a basic primer using python: http://inventwithpython.com/hacking/index.html

This is great! Im going to see if they have something similar for Ruby (if not, then Python time it is!). Thanks!

You can also look for characters that are easily identifiable. For example, assuming the text is in english, there aren't many options for a word that uses only a single letter. So the single character in the fifth line is most likely an "I" or an "a". These can also go into your chart.

Simon Singh's "The Code Book" is a good overview and well written.


Thank you, I'm definitely going to check it out!

Is the answer in English? Are there any tips on cracking a code when you don't know the language being used?

Yes the answer is in English. It's pretty easy to crack but may take some time if this is your first time. To do this you need to use Letter Frequency. Since 'e' is the most common letter in the English language you can look for the most common character in the text and assume it is 'e', and if it isn't try another letter. For a list of the most common letters, see here: http://en.wikipedia.org/wiki/Letter_frequency.

Yes, it is an English. It is a very simple code. I would recommend printing it out and using a pencil to break it.

Indeed, it didn't really take that much effort.

I used to play Covert Action when I was a kid and decoding messages was part of the missions: http://images2.wikia.nocookie.net/__cb20110118005142/coverta...

you can use scrabble word pattern searches to determine that there is only one english word that matches the pattern of the largest set of characters in this cypher. the rest falls into place from there.

can you elaborate ? longest word appears to be 9 letters which has a lot of matches.


it's a pattern search, not just a character count search. check the instructions and examples, they're pretty straight-forward.

wow. of course! that worked like a charm. this just made my week :)

It's nine letters, but there are repeats in specific places. Letters 1 and 6 are the same, 3 and 5 are the same, 4 and 9 are the same, limiting your options.

agreed but how can such a pattern be entered into a scrabble word finder?

No idea about that because I've never used one - I just rolled my own from python.

Don't work for the fbi, they're fucking bastards.

was this supposed to be hard? I hope they don't plan their recruiting out of it

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact