Schneier on Security

Was way too easy (was on /. a while back) :[

If you visit the site using Firefox, the Flash animated video with the ciphertext might not appear. If that happens, try this direct URL for the Flash video:
http://www.fbi.gov/headlines/code.swf

By the way, the FBI code breaking page has a link to a nice intro to simple ciphers, "Analysis of Criminal Codes and Ciphers".

(oops, accidentally hit Post)
It's amazing that they think a simple replacement cipher would be enough to 'stop' anybody.. It was a little fun, but.. A few people commented that they thought the FBI accidentally switched the kid and adult test. Perhaps there is a message hidden deeper in the (swf..) file, besides the one that is apparent.

You can nearly read it by just looking at the word lengths and special characters. I bet the third sentence is
Visit www.fbi.gov/*****.htm to ...

@ x4
You bet correctly.
And a quick grep of /usr/share/dict/linux.words soon yields the likely missing word.

After posting the FBI code breaking challenge to some other forums as a "just for fun" item last week, I was surprised over how many responses were posted about how the puzzle being too simple. I was equally surprise finding a few people who were baffled by the puzzle.

I understood the FBI code breaking challenge to be simple exercise to spur some interest in codes. So I was not expecting a real challenge on the level of an "NSA or GCHQ cryptanalyst entrance exam". It was fun for a few minutes of diversion and it's something a schoolteacher could use for a class project.

This was a kids puzzle. Simple substitution cipher with an easy-to-spot crib.

Still fun, but definitely not something to lose sleep over.

~StickyWidget

;)

20 minutes to write some generic helpers in python. 5 minutes to crack the damn thing. come on! hopefully not too many wannabe-cryptographers who can crack this and little else consider a carreer with the fbi.

Be sure to drink your Ovaltine.

Luke! It's a trap!

OK, since you all KNOW what the code is... would you mind enlightening those "few" of us who do not, please? :(

Honestly, I don't even really understand where to begin on cracking this. A little guidance and explanation of your methods would be nice too. :)

Anon,

It's a very straight forward substitution cipher. Take a look through the handy guide that was posted on the introductory page on the website.

http://www.fbi.gov/hq/lab/fsc/backissu/jan2000/...

Anonymous --

Spoilers below, so read no further if you want to try on your own still. A good place to start is the URL, since it's pretty easy to guess it's a www.fbi.gov/*****.htm site, which gives almost the whole rest of the message away.

(CIPHER)
VFWTDLCSWV. YD NSLMIJFWEJFD GSW SL NIJNQBLM FOBV EJFDVF DLNIGTFBSL.
(PLAIN)
STUPENDOUS. WE CONGRATULATE YOU ON CRACKING THIS LATEST ENCRYPTION.

(CIPHER)
KBVBF YYY.AHB.MSK/NSCDC.OFZ FS EDF WV QLSY SA GSWI VWNNDVV.
(PLAIN)
VISIT WWW.FBI.GOV/CODED.HTM TO LET US KNOW OF YOUR SUCCESS.

(CYPHER => PLAIN)
J == A
H == B
N == C
C == D
D == E
A == F
M == G
O == H
B == I
Q == K
E == L
Z == M
L == N
S == O
T == P
I == R
V == S
F == T
W == U
K == V
Y == W
G == Y
(Leaving X,P, and U to equal J,Q, or Z)

@anon:

Your first hint is what looks suspiciously like a URL: YYY.AHB.MSK/NSCDC.OFZ

From there, you can make an educated guess that Y=W. So MSK must be .COM, .GOV, .NET, or something similar. And the ciphertext following the slash would likely be *****.htm

So you've got 4 letters as a crib, and a solid guess at three more. Copy the cipher into WordPad and start working things out on the line below.

Why give away the answer? He only asked for some guidance. The fun of these things is sorting them out for yourself.

@Princess Leia:

"It's an older code, but it checks out. I was about to clear them. Should I hold them?"

"No. I will deal with them myself."

If you list the alphabets cipher --> plain, with the cipher alphabet in order, it is a substitution cipher using the keyword:

Fidelity, Bravery, Integrity

which is the FBI motto:

cipher --> plain
a -- f
b -- i
c -- d
d -- e
e -- l
f -- t
g -- y
h -- b
i -- r
j -- a
k -- v
l -- n
m -- g
n -- c
o -- h
p -- j (assumed from pattern)
q -- k
r -- m (assumed from pattern)
s -- o
t -- p
u -- q (assumed from pattern)
v -- s
w -- u
x -- v (assumed from pattern)
y -- w
z -- z (assumed from pattern)

'assumed from pattern' because those letters do not show up in the encrypted text, so we cannot verify what they actually are.

cheers-

I bet a lot more people would have struggled with this if not for the stupendously obvious crib.

Anonymous-

The general way to approach a possible single substitution cipher is to perform a frequency analysis of the characters. This works better as the encrypted sample is larger, obviously, but works decently enough for a small sample too. This helps to get a general idea of which characters appear most, which can be used to map the characters to our alphabet based on the language used. For example, e is the most common letter in the English language.

In a sample this short, especially with spaces not coded to a ciphertext character, it's quickest to just do ad hoc substitutions and see what results. There are not too many 2 letter words, so they are easy to attack. There is an easy to recognize URL giving several possible letters. etc

And if you really want to O.D. on letter frequency, chase down a copy of "Cryptanalysis" by Helen Gaines Foucher, which includes letter-frequency tables in great quantity.

The key was generated by passphrase (in which repeated letters are omitted). Does anyone of you know it? I gues "fidelity, bravery, ..." but can't guess the rest.

Sorry, now I see that Jo has already answered it.

Jo - close, but your "assumed from pattern"s have some errors. e.g., 'z' -> 'm' (from the ciphertext, "coded.htm"'s last character is 'z').

I would also recommend "The Code Book", by Simon Singh. This is a very *readable* account of early codes, starting with substitution ciphers and going up from there. There are plenty of examples in the book, and at the end there is a contest consisting of a ten-part cipher (which was solved a few years ago, earning $10,000 for the winners).

Alan

@Alan:

Yes, Singh's book is a good overview. If you're really ambitious, tackle David Kahn's 'The Codebreakers' (I knew I'd found the right woman when it turned out we each had a copy ...)

NSA's cryptanalysis contest: collide SHA-512. Winner gets a job, I'm pretty sure.

@R

Collide SHA-512. Where has that got to? I seem to remember the first round of the NIST competition for a new hash algorithm closed last October with a conference at Leuven in late February to look at the best entries. But I thought this was precautionary. Has anyone published any weaknesses in SHA-512 yet?

The coded message has been changed, it is now:

PIKODENHFENJIKM! YIH QELB GDISBK NQB PICB. OI NI AGJ.OIL/PICB.QNT MI WB SKIW, EKC UFBEMB PIKMJCBD E PEDBBD WJNQ NQB AGJ.

The passphrase is also different. It's still a substitution cipher, there a pretty obvious crib, and the passphrase is still very easy to guess.

I love such things, because you can learn a lot about cryptography this way. The weaknesses of substitution cyphers, for example.

I've written a little fun utility that helps in breaking this cypher and similar ones... you can get it (free, of course) from

http://www.fbmdh.com/?page=subcypher

Everyone complained how easy the FBI's substitution cipher was but noone has listed the complete key.

why was the substitution cipher and the substitution with variants cipher that I placed on this website on January 16, 2008 removed?

I'm assuming somebody at the NSA pissed off somebody at the FBI. The natural response, of course, is to play a prank on the NSA by telling America that cryptanalysts do the same thing as eight year old children.

Anybody got a better theory?

I have a Better Theory. The cryptanalyst who created the cipher for the FBI's website would not want certain individuals in the world to learn about more difficult cipher systems, so he or she created a simple substitution that almost everyone already knows how to solve. However, on January 6, 2009, only one person on this forum illustrated a complete key that was created to solve the cipher. Good job "Jo". As for NSA, are they solving ciphers on a daily basis or are they more involved in signal analysis? There's a big difference between signal analysis and manual cipher systems. I believe the FBI had no intentions of comparing children to NSA. But hey, there are alot of people that like to believe in government conspiracy theories. Maybe those individuals should be compared to children.

Jo was close to find the complete code.
To avoid the "assumed from pattern" from Jo:
the one who knows that it is a substitution cipher using the secret keyword "Fidelity, Bravery, Integrity" (the FBI motto), knows too the four missing letters of the alphabets cipher (in this case "PRUX") is linked to "JQXZ" (the four poorest relative frequencies of letters in the english language: easy to remember!).

So, to find the complete code, just apply the following steps:

cipher --> plain
a -- f
b -- i
c -- d
d -- e
e -- l
f -- t
g -- y
h -- b
i -- r
j -- a
k -- v
l -- n
m -- g
n -- c
o -- h
p -- j
q -- k
r -- m
s -- o
t -- p
u -- q
v -- s
w -- u
x -- x
y -- w
z -- z

----------
prux -- jqxz

a -- f
b -- i
c -- d
d -- e
e -- l
f -- t
g -- y
h -- b
i -- r
j -- a
k -- v
l -- n
m -- g
n -- c
o -- h
/ -- /
q -- k
/ -- m
s -- o
t -- p
/ -- /
v -- s
w -- u
/ -- /
y -- w
z -- /

----------

a -- f
b -- i
c -- d
d -- e
e -- l
f -- t
g -- y
h -- b
i -- r
j -- a
k -- v
l -- n
m -- g
n -- c
o -- h
q -- k
/ -- m
s -- o
t -- p
v -- s
w -- u
y -- w
z -- /

----------

a -- f
b -- i
c -- d
d -- e
e -- l
f -- t
g -- y
h -- b
i -- r
j -- a
k -- v
l -- n
m -- g
n -- c
o -- h
q -- k
s -- o
t -- p
v -- s
w -- u
y -- w
z -- m

That's all

Actually, you are almost correct about the key "oss14709", but you are making the key more complicated than it has to be. Try this, fill the key in with the keyword (the complete FBI motto) while doing so, do not repeat any characters. Afterwards, fill in the rest of the alphabet without repeating any characters again and do it alphabetically. You should get:

fideltybravngchjkmopqsuwxz

So I agree when someone said that there was more to the cipher than it looked like.

As a general point,

In realworld analysis of crypto finding the "key schedual" is usually of more importance than breaking individual messages.

(As is analysis of probable text/form in many messages).

For instance in breaking the FBI ciphertext keeping an eye on the developing key would probably have led to a faster break than just pluging in letters.

The secret is knowing which link in the chain is weakest at any one time.

That was probably the most intelligent aspect of cryptanalysis that I have probably read on this website Clive. Most hobyists try to break the message, but for those who are serious with cryptanalysis, for those who work in this field, deciphering the message is only one step in the procedure. The key is the actual backbone of the message. The key is where the true security of the message lies. Once the key is known to others, then the cryptographer must create a new key in order to continue creating messages that rely on secrecy and security.

I'm willing to bet I could develop a code the FBI, NSA, CIA could not break!