Comments

gb January 5, 2009 3:24 PM

(oops, accidentally hit Post)
It’s amazing that they think a simple replacement cipher would be enough to ‘stop’ anybody.. It was a little fun, but.. A few people commented that they thought the FBI accidentally switched the kid and adult test. Perhaps there is a message hidden deeper in the (swf..) file, besides the one that is apparent.

A nonny bunny January 5, 2009 4:00 PM

@ x4
You bet correctly.
And a quick grep of /usr/share/dict/linux.words soon yields the likely missing word.

J.D. Abolins January 5, 2009 4:12 PM

After posting the FBI code breaking challenge to some other forums as a “just for fun” item last week, I was surprised over how many responses were posted about how the puzzle being too simple. I was equally surprise finding a few people who were baffled by the puzzle.

I understood the FBI code breaking challenge to be simple exercise to spur some interest in codes. So I was not expecting a real challenge on the level of an “NSA or GCHQ cryptanalyst entrance exam”. It was fun for a few minutes of diversion and it’s something a schoolteacher could use for a class project.

StickyWidget January 5, 2009 4:54 PM

This was a kids puzzle. Simple substitution cipher with an easy-to-spot crib.

Still fun, but definitely not something to lose sleep over.

~StickyWidget

Not Anonymous January 5, 2009 5:50 PM

20 minutes to write some generic helpers in python. 5 minutes to crack the damn thing. come on! hopefully not too many wannabe-cryptographers who can crack this and little else consider a carreer with the fbi.

Anonymous January 6, 2009 7:40 AM

OK, since you all KNOW what the code is… would you mind enlightening those “few” of us who do not, please? 🙁

Honestly, I don’t even really understand where to begin on cracking this. A little guidance and explanation of your methods would be nice too. 🙂

ArchAngel January 6, 2009 8:17 AM

Anonymous —

Spoilers below, so read no further if you want to try on your own still. A good place to start is the URL, since it’s pretty easy to guess it’s a http://www.fbi.gov/*****.htm site, which gives almost the whole rest of the message away.

(CIPHER)
VFWTDLCSWV. YD NSLMIJFWEJFD GSW SL NIJNQBLM FOBV EJFDVF DLNIGTFBSL.
(PLAIN)
STUPENDOUS. WE CONGRATULATE YOU ON CRACKING THIS LATEST ENCRYPTION.

(CIPHER)
KBVBF YYY.AHB.MSK/NSCDC.OFZ FS EDF WV QLSY SA GSWI VWNNDVV.
(PLAIN)
VISIT http://WWW.FBI.GOV/CODED.HTM TO LET US KNOW OF YOUR SUCCESS.

(CYPHER => PLAIN)
J == A
H == B
N == C
C == D
D == E
A == F
M == G
O == H
B == I
Q == K
E == L
Z == M
L == N
S == O
T == P
I == R
V == S
F == T
W == U
K == V
Y == W
G == Y
(Leaving X,P, and U to equal J,Q, or Z)

Nick Lancaster January 6, 2009 8:19 AM

@anon:

Your first hint is what looks suspiciously like a URL: YYY.AHB.MSK/NSCDC.OFZ

From there, you can make an educated guess that Y=W. So MSK must be .COM, .GOV, .NET, or something similar. And the ciphertext following the slash would likely be *****.htm

So you’ve got 4 letters as a crib, and a solid guess at three more. Copy the cipher into WordPad and start working things out on the line below.

TK-855 January 6, 2009 8:55 AM

@Princess Leia:

“It’s an older code, but it checks out. I was about to clear them. Should I hold them?”

“No. I will deal with them myself.”

Jo January 6, 2009 9:09 AM

If you list the alphabets cipher –> plain, with the cipher alphabet in order, it is a substitution cipher using the keyword:

Fidelity, Bravery, Integrity

which is the FBI motto:

cipher –> plain
a — f
b — i
c — d
d — e
e — l
f — t
g — y
h — b
i — r
j — a
k — v
l — n
m — g
n — c
o — h
p — j (assumed from pattern)
q — k
r — m (assumed from pattern)
s — o
t — p
u — q (assumed from pattern)
v — s
w — u
x — v (assumed from pattern)
y — w
z — z (assumed from pattern)

‘assumed from pattern’ because those letters do not show up in the encrypted text, so we cannot verify what they actually are.

cheers-

chabuhi January 6, 2009 10:16 AM

I bet a lot more people would have struggled with this if not for the stupendously obvious crib.

Paul January 6, 2009 10:51 AM

Anonymous-

The general way to approach a possible single substitution cipher is to perform a frequency analysis of the characters. This works better as the encrypted sample is larger, obviously, but works decently enough for a small sample too. This helps to get a general idea of which characters appear most, which can be used to map the characters to our alphabet based on the language used. For example, e is the most common letter in the English language.

In a sample this short, especially with spaces not coded to a ciphertext character, it’s quickest to just do ad hoc substitutions and see what results. There are not too many 2 letter words, so they are easy to attack. There is an easy to recognize URL giving several possible letters. etc

Nick Lancaster January 6, 2009 11:21 AM

And if you really want to O.D. on letter frequency, chase down a copy of “Cryptanalysis” by Helen Gaines Foucher, which includes letter-frequency tables in great quantity.

Kondr January 6, 2009 11:39 AM

The key was generated by passphrase (in which repeated letters are omitted). Does anyone of you know it? I gues “fidelity, bravery, …” but can’t guess the rest.

Dave Andersen January 6, 2009 1:44 PM

Jo – close, but your “assumed from pattern”s have some errors. e.g., ‘z’ -> ‘m’ (from the ciphertext, “coded.htm”‘s last character is ‘z’).

Alan Porter January 6, 2009 1:45 PM

I would also recommend “The Code Book”, by Simon Singh. This is a very readable account of early codes, starting with substitution ciphers and going up from there. There are plenty of examples in the book, and at the end there is a contest consisting of a ten-part cipher (which was solved a few years ago, earning $10,000 for the winners).

Alan

Nick Lancaster January 6, 2009 2:15 PM

@Alan:

Yes, Singh’s book is a good overview. If you’re really ambitious, tackle David Kahn’s ‘The Codebreakers’ (I knew I’d found the right woman when it turned out we each had a copy …)

John Scholes January 10, 2009 11:27 AM

@R

Collide SHA-512. Where has that got to? I seem to remember the first round of the NIST competition for a new hash algorithm closed last October with a conference at Leuven in late February to look at the best entries. But I thought this was precautionary. Has anyone published any weaknesses in SHA-512 yet?

Anonymous Brit January 15, 2009 7:24 AM

The coded message has been changed, it is now:

PIKODENHFENJIKM! YIH QELB GDISBK NQB PICB. OI NI AGJ.OIL/PICB.QNT MI WB SKIW, EKC UFBEMB PIKMJCBD E PEDBBD WJNQ NQB AGJ.

The passphrase is also different. It’s still a substitution cipher, there a pretty obvious crib, and the passphrase is still very easy to guess.

ME January 16, 2009 9:19 PM

Everyone complained how easy the FBI’s substitution cipher was but noone has listed the complete key.

Anonymous January 17, 2009 10:50 PM

why was the substitution cipher and the substitution with variants cipher that I placed on this website on January 16, 2008 removed?

try this one January 17, 2009 10:57 PM

.dgxxddnls8z7h;dl;.d4z7xl5dzxj6xgkgjgkl7skgn5zfkz74d4k;ndf
049gqgo6h95jqh6q5qoonlsxzc3f3469h3ndfdkxxlajkdiglmjcbdqhegndhe9h53f3h7he34w5qhenls4k;ndfx294i

Alex Ponebshek January 21, 2009 9:13 PM

I’m assuming somebody at the NSA pissed off somebody at the FBI. The natural response, of course, is to play a prank on the NSA by telling America that cryptanalysts do the same thing as eight year old children.

Anybody got a better theory?

Anonymous January 22, 2009 7:15 PM

I have a Better Theory. The cryptanalyst who created the cipher for the FBI’s website would not want certain individuals in the world to learn about more difficult cipher systems, so he or she created a simple substitution that almost everyone already knows how to solve. However, on January 6, 2009, only one person on this forum illustrated a complete key that was created to solve the cipher. Good job “Jo”. As for NSA, are they solving ciphers on a daily basis or are they more involved in signal analysis? There’s a big difference between signal analysis and manual cipher systems. I believe the FBI had no intentions of comparing children to NSA. But hey, there are alot of people that like to believe in government conspiracy theories. Maybe those individuals should be compared to children.

oss14079 January 27, 2009 10:56 AM

Jo was close to find the complete code.
To avoid the “assumed from pattern” from Jo:
the one who knows that it is a substitution cipher using the secret keyword “Fidelity, Bravery, Integrity” (the FBI motto), knows too the four missing letters of the alphabets cipher (in this case “PRUX”) is linked to “JQXZ” (the four poorest relative frequencies of letters in the english language: easy to remember!).

So, to find the complete code, just apply the following steps:

cipher –> plain
a — f
b — i
c — d
d — e
e — l
f — t
g — y
h — b
i — r
j — a
k — v
l — n
m — g
n — c
o — h
p — j
q — k
r — m
s — o
t — p
u — q
v — s
w — u
x — x
y — w
z — z

prux — jqxz

a — f
b — i
c — d
d — e
e — l
f — t
g — y
h — b
i — r
j — a
k — v
l — n
m — g
n — c
o — h
/ — /
q — k
/ — m
s — o
t — p
/ — /
v — s
w — u
/ — /
y — w
z — /

a — f
b — i
c — d
d — e
e — l
f — t
g — y
h — b
i — r
j — a
k — v
l — n
m — g
n — c
o — h
q — k
/ — m
s — o
t — p
v — s
w — u
y — w
z — /

a — f
b — i
c — d
d — e
e — l
f — t
g — y
h — b
i — r
j — a
k — v
l — n
m — g
n — c
o — h
q — k
s — o
t — p
v — s
w — u
y — w
z — m

That’s all

Anonymous January 27, 2009 2:25 PM

Actually, you are almost correct about the key “oss14709”, but you are making the key more complicated than it has to be. Try this, fill the key in with the keyword (the complete FBI motto) while doing so, do not repeat any characters. Afterwards, fill in the rest of the alphabet without repeating any characters again and do it alphabetically. You should get:

fideltybravngchjkmopqsuwxz

So I agree when someone said that there was more to the cipher than it looked like.

Clive Robinson January 27, 2009 4:37 PM

As a general point,

In realworld analysis of crypto finding the “key schedual” is usually of more importance than breaking individual messages.

(As is analysis of probable text/form in many messages).

For instance in breaking the FBI ciphertext keeping an eye on the developing key would probably have led to a faster break than just pluging in letters.

The secret is knowing which link in the chain is weakest at any one time.

Anonymous January 27, 2009 6:16 PM

That was probably the most intelligent aspect of cryptanalysis that I have probably read on this website Clive. Most hobyists try to break the message, but for those who are serious with cryptanalysis, for those who work in this field, deciphering the message is only one step in the procedure. The key is the actual backbone of the message. The key is where the true security of the message lies. Once the key is known to others, then the cryptographer must create a new key in order to continue creating messages that rely on secrecy and security.

Clive Robinson March 13, 2010 7:39 AM

@ me,

“Anyone can create a one time pad.”

Yes all you need is one or two dice a shaker a 6×6 grid and a sheet of grid paper and either a sheet of carbon paper and plain sheer of paper or a photocopier.

If you only have one dice you will have to throw it twice each time. If you have two dice mark one of them so you know which is the 1st die and which is the 2nd die (colour in the pits with a different coloured ink or paint is one way).

First make the grid depending on if you are using,

1, Number OTP
2, Charecter OTP
3, Alpha Neumeric OTP.

For the simplest,

161616 ABCDE- ABCDEF
272727 FGHIJ- GHIJKL
383838 KLMNO- MNOPQR
494949 PQRST- STUVWX
505050 UVWXY- YZ0123
—— —–Z 456789

Obviously you would be better to fill the grid randomly. That is throw a pair and write down A in that square they point to. Throw another pair and write B. If you get a square that’s filed in throw another pair untill you get a square that’s not occupied.

When you have filled in between half and two thirds of the grid just fill in the remaining squares in whatever way makes you happy (as long as you have the right number of numbers and dashes ‘-‘ 😉

Now to start the OTP

Throw a pair, look it up on the grid, if it’s not a dash write it in the first square on the grid paper. Repeat untill you have five random chars then miss a square and repeate to do the next five.

When you have finished a line, leave three blank lines and fill in the next line with sets of five random chars.

It is IMPORTANT that you always use pairs of throws, and throw a new pair if you get a dash. DO NOT be tempted to just throw one die again, OR WORSE swap the 1st die with the 2nd die.

You can improve things by say using 4 dice and add the throw values and drop the multiples.

I use this system with a random HEX (times 2 for 32 values) map to generate random keys when I need them.

I must admit it gets quite boring generating two 512bit start points for a search for a pair of primes (PQ) but you only need to do it the once to set up a BBS generator, to do it from then onwards.

ME March 24, 2010 4:14 PM

I know how one works, otherwise I would have never used the words “one time pad.”. You obviously have a lot of time on your hands Clive. I actually got bored quarter of the way through and had to stop reading.

Clive Robinson March 25, 2010 1:16 AM

@ ME,

As you said,

“Anyone can create a one time pad.”

But actually very very few know how to do so.

Even less know how to do it efficiently with their chosen random source.

As for,

“You obviously have a lot of time on your hands Clive.”

If you where a regular reader of this blog you’ld know the answer to why that might be.

As for,

“I actually got bored quarter of the way through and had to stop reading.”

Says a lot more about you than anything else you have posted under your nom de plume.

Which brings me back to your comment,

‘I know how one works, otherwise I would have never used the words “one time pad.”‘

As has been remarked before,

‘Any fool can drive a car, but how many have made one that’s street legal?’

Key generation is one of the major weak spots in all cryptography and more so with the OTP than others.

This particular thread has a marginaly higher probability of being read by those that might benift from the knowledge.

Hence I would have thought you would have realised it was not posted just for your education.

Moderator March 25, 2010 3:26 PM

.ME, don’t comment on this blog again unless you have something substantive to say. Right now you are just wasting everyone’s time.

Dave March 26, 2010 7:18 AM

As they say, arrogance and ignorance go in hand. Or was it arrogance and illiteracy? Either way.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.