Schneier on Security

informative page on a tree octopus
http://zapatopi.net/treeoctopus/
(must be true - it's on the internet)

hmm... couldn't that string of letters mean _anything_ without further notes about positions etc? There are so many factors that could be part of the cipher.. the position of the letter in the respective word, the position of the word in the paragraph..
but on the other hand, perhaps I've just read too much about the Kryptos statue and everything is much easier than it seems ;)

I get the same as the Register.

After the last "v", the next non-quoted boldified italic characters are in paragraph 51; the "in" in "...were Kings in France" (though I am not sure if these should also be counted or whether this signifies the end of the code).

'same as the Register' that is except that the "j" should be capitalised.

So is it actually true that Leonardo described anything that could be called "public key encryption"? I'm guessing not, but one never knows.

I haven't read The Da Vinci Code yet, but I did run across you in another work, Cryptonomicon, for which you actually devised (or explained) an encryption algorithm involving playing cards.

/J

...and I improperly omitted a credit: Cryptonomicon is a novel by Neal Stephenson.

I've used the most sophisticated cipher-breaking tools in my arsenal, and determined the encoded message is:

W, n, r, v, r, k, g, b, f, g, c, f, n, p, t, e, r, n, z, d, j, s, x, n, q, c, z, d, m.

Hmm... Well, that's what happens when rot13.com is the most sophisticated cipher-breaking tool in your arsenal.

"hmm... couldn't that string of letters mean _anything_ without further notes about positions etc? There are so many factors that could be part of the cipher.. the position of the letter in the respective word, the position of the word in the paragraph.."

My guess is that it's easier than that. The judge isn't a mathematician, and he wants it to be solved by someone.

Assume he found a classical crypto book and flipped through it, choosing something that looked good. Classical substitution plus transposition is a good place to start.

Looks like a another lawyer got it:

http://books.guardian.co.uk/news/articles/0,,1763533,00.html

This stunt by the judge just confirms that the whole trial was nothing but a publicity outing for the movie of a bad book. The judge certainly should be disbarred. Personally I'd jail him for F***ing off on the job.

Re: public key encryption

The Prehistory of Public Key Cryptography
http://www.cs.columbia.edu/~smb/nsam-160/

You'd think he would have mentioned Leonardo da Vinci if it is known that he contributed.

Re: This stunt by the judge

Quoting the sloution story in the aforementioned "Looks like a another lawyer got it" link:

"...Was this improper? Mr Justice Peter Smith's judgment is authoritative, his findings of fact sensible and his legal reasoning unimpeachable. If he has shown that our high court judges have a sense of humour and intrigue and rehabilitated an old hero, what harm can he be said to have done?..."

What else is a first class mind to do while things in the court ramble on and on?

Re: your new status as a background detail
Those of us with the Anchor Books Mass-Market Edition (the paper-back) will find you on page 217.

I've tried Playfair, Vigenere assuming that the key is "smithycode" but nothing yet. It has been pointed out that in paragraph 52 Smith hints that the solution is to be found in DVC (the Da Vinci Code) and HBHG (Holy Blood, Holy Grail). I tried combinations of those letters as the key, too. It's been too long since I read HBHG to recall what codebreaking techniques were used in the Rene la Chateu code.

Bruce,

It's a good book, but you'd probably like "Digital Fortress" better.

That said, you make a great background detail, but Dan threw a party years ago where I met my wife -- he OWES me :)

To figure out the ciphertext using a script, download the pdf file, call it code.pdf, and paste the following into a linux terminal:

pstopdf code.pdf
sed -ne '
: begin
/^\/F330_0 [0-9]/{
n
s/^(\( *[a-zA-Z] *\)).*$/\1/
t save
b next
: save
H
=
b next
}

: next
${
g
s/\n//g
p
}
n
b begin' code.ps

This will print out the line number (in the postscript file) of each bold and italicized single character, as well as print out all those characters. The result is:

"smithycodeJaeiextostTgpsacgreamqwfkadpmqzv"

Plus an extra "a" that is incorrect if you look at the postscript file (part of the word "architecture".)

So, the Register's version is correct, but missing a capital 'J' and 'T'. No idea what the plaintext is, but at least you can be sure you're working with the right ciphertext.

Whoops, that "T" shouldn't be in there. It's part of "The". So the register's version (with a capital "J") is correct:
"smithycodeJaeiextostgpsacgreamqwfkadpmqzv"

Is it actually legal for a judge to embed an encrypted communication in a ruling?

The communication could modify the meaning of the ruling.

How can a lawyer appeal a ruling that contains encrypted content?

We've had a case here (Australia) where a magistrate is in trouble over plagiarising her judgements. Perhaps embedding codes in the judgements could help prevent this sort of thing.

Just kidding.

I think it's terrific that the judge has a sense of humour. What's more, probably 10 times as many people will read the judgement now.

Here are four sources that claim the code has been cracked:

http://www.thesun.co.uk/article/0,,2-2006190576,00.html
"The words refer to his passion for naval history, especially Admiral John Fisher and the battleship HMS Dreadnought."

http://books.guardian.co.uk/news/articles/0,,1763533,00.html
"the judge let on that the key to the code was based on the Fibonnaci sequence "

""JACKIEFISHERWHOAREYOUDREADNOUGHT", which is presumably to be rendered: "Jackie Fisher, who are you? Dreadnought". "

http://www.nytimes.com/2006/04/28/books/28code.ready.html
"Solving the judge’s code requires repeatedly applying the Fibonacci Sequence, through the number 21, to the apparently random coded letters that appear in boldfaced italics in the text of his ruling: JAEIEXTOSTGPSACGREAMQWFKADPMQZVZ.

For example, the fourth letter of the coded message is I. The fourth number of the Fibonacci Sequence, as used in “The Da Vinci Code,� is 3. Therefore, decoding the I requires an alphabet that starts at the third letter of the regular alphabet, C. I is the ninth letter regularly; the ninth letter of the alphabet starting with C is K; thus, the I in the coded message stands for the letter K.

The judge inserted two twists to confound codebreakers. One is a typographical error: a letter that should have been an H in both the coded message and its translation is instead a T. The other is drawn from "Holy Blood, Holy Grail," the other book in the copy right case. It concerns the number 2 in the Fibonacci series, which becomes a requirement to count two letters back in the regular alphabet rather than a signal to use an alphabet that begins with B. For instance, the first E in the coded message, which corresponds to a 2 in the Fibonacci series, becomes a C in the answer."

http://www.timesonline.co.uk/article/0,,2-2155362,00.html
"He said that it took him “about 40 minutes� to devise."

Israel Torres

Bruce, I am very sorry to inform you that you didn't make it into the german version of the book...

The translators have changed it into "Schnei*d*er", apparently assuming a typo.

Otherwise, congrats, I already imagined that it was a reference to you (is there a cryptographer named Schneider??).

"We've had a case here (Australia) where a magistrate is in trouble over plagiarising her judgements."

Isn't that called "precedent"?

"I am a realistic background detail." Would be a great sig...

"I am not a realistic background detail -- I am a human being!"

(apologies to Joseph Merrick)

"Jackie Fisher, who are you? Dreadnought."

What does THAT mean? Maybe there's more to it?

Jackie Fisher appears to be Admiral Sir John Fisher. More information at http://en.wikipedia.org/wiki/HMS_Dreadnought_(1906). No idea though what the "who are you" bit is though.

I was hoping it would say "Don't forget to drink your ovaltine"... ;)

* Christmas Story movie reference.

@ wiredog

> "I am a realistic background detail." Would be a great sig...

Heh. Bruce, you need to open your own CafePress store with Schneierisms. I bet you make a killing.

> I was hoping it would say "Don't forget to drink your ovaltine"... ;)

That would have been great!

The "plagiarizing magistrate" seems a bit odd. I think it's a good thing when many people choose to interpret law in an identical manner, because it means the law was written in an unambiguous fashion.

Better than lifting the text (copy and paste) would be citation, though.

"I was hoping it would say 'Don't forget to drink your ovaltine'... ;)"

It would have been extra great if it said: "The Magic Words are Squeamish Ossifrage."

well at least there is one realistic background detail ;-)

well at least there is one realistic background detail ;-) you should read Digital Fortress... a masterpiece of criptographic ignorance !

Dan Brown is a great disappointment. Sure, he can rally a large crowd of fans around him, but so can the Sun or any other cheap newspaper with naked skin on the front page.

I read Digital Fortress by Dan Brown and at first I found it amusing. But after continuing through the chapters I became increasingly irritated because Brown manages to present wrong things as scientific facts. He talks about public key cryptography and other stuff, yet I have the impression the only real thing about cryptography he understood and is able to transport to his readers is red13. For Brown, cryptography is some sort of holy magic, a black box, that has to be worshipped - not to be understood.
If this wasn't enough, he also has a rather disturbing view on civil rights, expressed whenever he mentions the EFF which in his book is made to be some sort of a terrorist organisation with the aim to hurt the government and its citizen. The book came across like the exact opposite of Nineteeneightyfour. I am totally convinced that Brown is one of the folks who would vote in favour of the PATRIOT act.

I started reading a second book by Dan Brown but couldn't force myself to finish it since I felt I was becoming more angry after turning another page. So I dropped it. I don't even remember the title of the second one.

I didn't read "The Da Vinci Code" but I suspect it's the same b*llsh*t as the other two books and I really don't want to encourage this by buying a book or go to the movies.

What really interests me: Bruce, what do you think about the "facts", especially about cryptography, Dan Brown presents in his books? Have you read Digital Fortress? What about the other blog readers? Am I the only one with these feelings about Brown?

I read Da Vinci Code early on in its run -- the hardback I have is a fourth printing -- because someone told me: "You're in the book." I thought it was okay. The plot was contrived, and the 24-hour cycle forced everything to fall over itself. I also didn't like the way Brown deliberately obscured parts of scenes in order to ensure that readers didn't know what was going on.

A quick read, but not very satisfying.

I have not read Digital Fortress. I have been told that the crypto is badly done, so I don't see any real reason to subject myself to it.

"I have not read Digital Fortress. I have been told that the crypto is badly done, so I don't see any real reason to subject myself to it."

I can confirm this. But the real threat from this book comes from another angle: the book suggest that state-run surveillance of citizen - seemingly in regard to a post-911 context - is absolutely OK. The book seems to suggest that giving up civil liberties is OK since this leads to more security. The book suggests that it's OK if a government has the technical and legal means to intrude into whatever communication occurs. This did irritate me even more than the badly done crypto in the book.

Aside from the technical aspects this book gets wrong I think the greater evil comes from the popularity of Dan Brown. People read his books, they apparently like them and some certainly believe in the deeper message or simply compare this to real life and think "Hey, he's right. That's why the PATRIOT act works". Bruce, you can preach all the reason you like when it comes to homeland security. How many people read this blog? How many people get corrupted by reading Dan Brown?

To me Brown is some sort of anti-liberal reactionary when it comes to civil liberties.

I've read Digital Fortress, and can confirm that the crypto inaccuracies are scattered throughout the book. Brown confuses bits with characters (one minute he's talking about a 64 bit key, the next paragraph he's calling it a 64 character key). And then he might be describing something that's obviously symmetrical encryption, but keeps referring to it as "public key". Just lots of little fundamental errors which, if you know your stuff, do tend to make you cringe. If you're a crypto purist, you'll probably end up throwing the book across the room in disgust.

Having said that though, I did read the other day that Brown's wife actually does most of the research for his books - he just shapes it all into a story. So maybe it’s a case of "you just can't get the staff…"

I love crypto, therefore I enjoyed Digital Fortress, even with all its flaws. My absolute favourite bit is when the NSA's beautiful, ultra-intelligent senior cryptographer, Susan Fletcher, almost falls out of her chair with surprise. I'm praying they make it into a film. I can't wait to see the fine method acting that will portray Susan Fletcher almost falling out of her chair with surprise.

I've read Digital Fortress too, its pretty good

> I've read Digital Fortress, and can
> confirm that the crypto inaccuracies are
> scattered throughout the book.

Hence the "Fiction" classification... ;) Seriously, Brown writes summer fiction that's simply based on quasi-real information. This is no different than any other political fiction IMO... I think you guys may be reading too much into it (no pun intended).

DF was just a bad, cheesy, hollywood book, regardless of the crypto.

Dieser Film hat die Kirche Saint Sulpice in Paris gefüllt. Eine gute Nachricht für unseren Papst.

"As an aside, I am mentioned in Da Vinci Code."

Now I understand why some churchs are boycotting the movie. Thanks for clearing that up for me.

:)

Not wishing to spoil the plot, even after all the cryptography tosh already highlighted;
Having read through hundreds of pages detailing the super-hyper-security of the 'Digital Fortress', how come the world was saved by someone forcing a sliding door??!

I was just last night reading though the chapter where Zimmerman and Schneier are mentioned in DVC and believe it to be a fantastic coincidence of coming up with your blog.

I have nothing to add technically although Cryptonomicon has been an alltime fav and was a book which had enjoyed printing out (Word equivalent to font:courier 8px; margin:1 1 1 1; double sided draught, super economic print to reduce the cost of printing ;-) was proud enough to compress the thousand or so pages into 200 pages approx. of A4. They are still scattered around my home in a box somewhere.

Mark Lodato's `pstopfd` sed script of April 27th just shot me back in time to the days of reading through Neal Stephenson's Cryptonomicon (the furthest exposure I have had to encryption so far), which was great to say the least.
There was one minor thing which caught my eye on refering back to write this post:

pstopdf code.pdf

Should it not be pdftops in this case?
Please let me know if I am wrong but it sounds logical, no? The error should be left unmentioned since it would point out the nuub status of the person who marks this out, so therefore none other than yours truly will go forth; everyone is probably so busy with huge mega or personal projects that no one has had the time to test the script out.
Will take your word with the following details in regular expression.

There is actually no hard factual point in this comment but to say hi to Schneier and see if it gets through, would be amazed to read a plaintext 'hi' back from you, although in cryptographic form would be astounding.

I have to say something good about the movie, although it was too tedious for my taste (OK, I could get through Lord of the Rings being 2 1/2 hours, but this was HELL!). The shots of the Louvre were nice, McKellen's got an incredible speaking voice (thank God, the hair's in control, too) and the aerial views of the castle were good. Since I was brought up with "if you can't think of anything nice to say, don't say anything at al", I'll end there. 'Cause once you get me started with how boring it was, I won't stop. CHEERS!!! I'm going to see X-Men and MI3 this week just to satisfy my unsatisfying movie experience this weekend. Selfish me.

Say what you like about Dan Brown's style and accuracy (and I have) he does get one thing startlingly and absolutely accurate, displaying a keen eye for detail and for characterisation.

In both the Da Vinci Code and Digital Fortress, the mathematician / cryptographer character is outstandingly good looking. This is of course true of all those in this field.

Webmonster.

This book should have been caled the Da vinco load. There are more copies of scriptures than any works of antiquity. No historian would deny this. And many of these copies have been dug up over the centuries some as late as 1975, anf they exist in many different languages. How could Pope Leo destroy these scrptures if they still exist. There is also reference to Jesus death outside of scripture in the writings of Cornelius Tacitus a Roman historian who was the governor of Asia in 112 A.D. He tells of his death by Pontius Pilate in annals XV 44. There are also a number of other non biblical references by such people as Lucien of Samosata, Josephus, Suetonius,Pliny the younger,Tertullian,Thallus whose works have dissapeared,and others. There have been no shortage of theories attempting to explain away the most contravercial person in history. I realise some of what Jesus said was tough, especially for those of us who like to do our own thing. Clearly enough people preferred to see Jesus die and a murderer set free so we can conclude he had alot of enemies. Whether you choose to believe in him or not is no reason to try and assinate the truth of his life and death. In a short time this book we be forgotten and and new angle will arise, a new contravercy to peddle, but the funny thing about Jesus is you can't seem to keep him dead for long.

Thnks alot 4 this AWESOME stuff.

I Loved the movie and loved the boook