The Scrabble cipher

scrabble-610x445-1Back in 1918, John F. Byrne invented an encryption machine, which he called Chaocipher. He tried unsuccessfully to sell it to the US government until his death in 1960 while keeping it a secret. He published some samples of its output in his memoirs, mystifying a whole generation of cryptanalysts. Then, in 2010 his son’s widow decided to release the secret papers describing the inner workings of the machine. It turned out to consist of two rotors with movable letters, which shifted according to a simple pattern. The key was the initial position of the letters in both rotors. Simple and surprisingly effective, although it is somewhat doubtful that Byrne ever built a working machine (the only working prototype was allegedly destroyed (?), and only a cardboard mockup and a blueprint  of the original have survived). I ran into the concept a couple weeks ago and I haven’t been able to stop thinking on how to improve it, and I believe I’ve found something as powerful and quite a bit simpler to use. I call it the Scrabble cipher because you can run it with the help of letter tiles. Read More

Are today’s communications more secure than ever?

charles-barsotti-enemies-yes-but-doesn-t-your-moat-also-keep-out-love-new-yorker-cartoonI’m going to start this post blowing the punch line, which is an unequivocal: “yes, but…” Yes because today’s communications can use stronger encryption than ever, and it’s getting stronger all the time, historically speaking. Ah, but the but. . . . You’ve got to read the article to see how we’re managing to throw all that security out the window, and what can be done about it. Read More

This could have happened during WWI

painvin-1Back in 1914, the German Army used a cipher that we have later come to know as “übchi”. It was a double columnar transposition that was quickly solved by French cryptanalysts, including Lt. Georges Painvin, in the picture, who later went on to break the more difficult ADFGX and ADFGVX German ciphers. At the time, the US Army was using a very similar method to “übchi”, so it was fortunate that the French shared their discovery, so they could switch to something better (they didn’t). As it turned out, the French were so bad about keeping this secret that the Germans soon got word of it and replaced it with the ABC cipher, which turned out to be weaker. But not necessarily so, and this article is about what might have happened. Read More

The Joy to Be Server-Free

freedomA few months ago, I toyed with the idea of adding a server to my PassLok Privacy app. I reasoned that a server would be able to store users’ Locks so that other users could retrieve them automatically—very much like the General Directory does now, but even more deeply integrated with the program so that users wouldn’t even be aware that a server was being contacted. Everything would be real easy. Seamless. I also reasoned that everyone else was doing it, so why not? Read More

Attacking the Serpentacci ciphers

spy-02 (1)And I’d be adding Visionnaire and Worm as well. All of these ciphers resist ciphertext-only attacks quite well because the ciphertext they generate looks quite random (increasingly so as the number of letters per operation increases) and trying to decrypt with the wrong key yields a “plaintext” that looks completely random even if the key is off by a single character, but they fall to a known-plaintext attack right away. In this article, I discuss how this would be done, and what can the sender do to counteract the attack. Read More

An easy way to make good substitution keys

300px-DES-pp.svg (1)Of course, substitution ciphers are completely insecure in this day and age, but the general idea of substitution still has a place in modern cryptography. Substitutions are what give the Serpentacci and Worm ciphers their strength. Computer ciphers can be attacked, in no small measure, because the substitutions built into them are fixed. I have looked around for a simple way to make a scrambled alphabet, which is what a substitution essentially consists of, from a password or key phrase, but typically the method you can find is very crude: start writing every new letter found in the password, and then the rest of the alphabet when you run out of password. This will cause most scrambled alphabets, among other defects, to end in XYZ, since those letters are rare.

In this article I discuss better ways to turn a password into a scrambled alphabet, which are not all that complicated. Read More

The Serpentacci ciphers

Serpentacci (1)The picture on the left is a snake with the face of Leonardo the Pisa’s (a.k.a. Fibonacci). Have I gone crazy? Perhaps so, but here the image is an attempt to visualize the unholy offspring of a renowned mathematician of the XIII century and a XX century video game. Its name is Serpentacci, and it’s bound to give nightmares to many people in the security industry. Read More

Autokey strikes again!

super_mega_worm_time_limited_free_game_4 (1)Did you know that the actual cipher invented by Blaise de Vigenère, back in the XVI century, is not the one that bears his name? The so-called Vigenère cipher was actually invented a few years earlier by Giovan Battista Bellaso. Vigenère’s own creation is a version of what today we call “autokey” cipher, and it is more secure than Bellaso’s. Of course, today’s computers can break both of them in seconds, but there things we can do to strengthen them to the current standard. Best of all, the resulting ciphers, which I’m calling “Visionnaire” and “Worm” (you will see why), can be done with paper and pencil. Visionnaire has its own article, so I’ll be talking about Worm here. Read More

The Visionnarie cipher

Blaise-Vigenere.0 (1)The autokey cipher was invented nearly five hundred years ago by Blaise the Vigenère, pictured at left, but was almost immediately forgotten in favor of a much weaker repeating-key cipher invented by Bellaso, once upon a time known as “the undecipherable cipher,”  which Vigenère somehow got credit for. Given how many important secrets were revealed when that cipher was broken, the history of the world might have been quite different if Vigenére’s true creation had been the one people actually used. And this is the Visionnaire cipher: a simple combination of Vigenére’s autokey cipher with a substitution, made quite seamless to the user by means of a Tabula Recta. It turns out to be almost as strong as Worm, and much simpler to do. We can only speculate what might have been if this variation had been used back then. Nothing really prevented it. Read More