And I’d be adding Visionnaire and Worm as well. All of these ciphers resist ciphertext-only attacks quite well because the ciphertext they generate looks quite random (increasingly so as the number of letters per operation increases) and trying to decrypt with the wrong key yields a “plaintext” that looks completely random even if the key is off by a single character, but they fall to a known-plaintext attack right away. In this article, I discuss how this would be done, and what can the sender do to counteract the attack. Read More
Of course, substitution ciphers are completely insecure in this day and age, but the general idea of substitution still has a place in modern cryptography. Substitutions are what give the Serpentacci and Worm ciphers their strength. Computer ciphers can be attacked, in no small measure, because the substitutions built into them are fixed. I have looked around for a simple way to make a scrambled alphabet, which is what a substitution essentially consists of, from a password or key phrase, but typically the method you can find is very crude: start writing every new letter found in the password, and then the rest of the alphabet when you run out of password. This will cause most scrambled alphabets, among other defects, to end in XYZ, since those letters are rare.
In this article I discuss better ways to turn a password into a scrambled alphabet, which are not all that complicated. Read More