Schneier on Security

A blog covering security and security technology.

« The Current Status of P Versus NP | Main | The Bizarre Consequences of "Zero Tolerance" Weapons Policies at Schools »

October 14, 2009

1777 Steganography

Posted on October 14, 2009 at 1:05 PM • 26 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

Far from being new, we have
adjusted techniques to encode with
superior methods we have
come up with through various means
including technology. It comes as
no surprise that in 1777
a paper encoding would be
transported through different rounds
in an attempt to deliver a message
not easily read if intercepted by
General Clinton’s adversaries.

That cheesy paragraph contains an encoded message that is way too easy to decode.

Fascinating post, Bruce. Seems that “cryptography” (to use the word loosely to alter something to keep it secret) has been around quite a while, it’s just the methods to do so have changed.

Posted by: HJohn at October 14, 2009 1:25 PM

There is a famous exchange between French authors George Sand and Alfred de Musset, who have had a relationship, that also uses some form of steganography. The exchange is from the 19th century and goes like this:

First, George Sand wrote a poem to Alfred de Musset:

Je suis très émue de vous dire que j'ai
bien compris l'autre soir que vous aviez
toujours une envie folle de me faire
danser. Je garde le souvenir de votre
baiser et je voudrais bien que ce soit
là une preuve que je puisse être aimée
par vous. Je suis prête à vous montrer mon
affection toute désintéressée et sans cal-
cul, et si vous voulez me voir aussi
vous dévoiler sans artifice mon âme
toute nue, venez me faire une visite.
Nous causerons en amis, franchement.
Je vous prouverai que je suis la femme
sincère, capable de vous offrir l'affection
la plus profonde comme la plus étroite
en amitié, en un mot la meilleure preuve
dont vous puissiez rêver, puisque votre
âme est libre. Pensez que la solitude où j'ha-
bite est bien longue, bien dure et souvent
difficile. Ainsi en y songeant j'ai l'âme
grosse. Accourrez donc vite et venez me la
faire oublier par l'amour où je veux me
mettre.

The poem is very proper and polite if you read it entirely, but if you skip every other line, it becomes very explicit.

Alfred de Musset responded with the following poem:

Quand je mets à vos pieds un éternel hommage
Voulez-vous qu'un instant je change de visage ?
Vous avez capturé les sentiments d'un cour
Que pour vous adorer forma le Créateur.
Je vous chéris, amour, et ma plume en délire
Couche sur le papier ce que je n'ose dire.
Avec soin, de mes vers lisez les premiers mots
Vous saurez quel remède apporter à mes maux.

The key in this message is to read the first word of each line, which translates to: "When do you want me to sleep with you?"
De Musset actually provides the key himself in the final two lines of his poem.

George Sand's final answer feigns disgust:

Cette insigne faveur que votre cour réclame
Nuit à ma renommée et répugne mon âme.

But the first words of each line translates to "Tonight."

Posted by: Mailman at October 14, 2009 1:38 PM

Just a tiny typo in the line: Vous avez capturé les sentiments d'un cour

"d'un cour" should be "d'un coeur" (... of a heart).

For those who don't read French, it's pretty explicit indeed. Those naughty French writers!

Posted by: Pascal Forget at October 14, 2009 1:59 PM

How did "greater" turn into "greatest"?

Posted by: Harmy G at October 14, 2009 1:59 PM

Mailman, is it possible to translate those lines for those of us who are not fluent in French, or would the hidden message get lost?

Posted by: Courtney at October 14, 2009 2:00 PM

Re: George Sand and Alfred de Musset

Okaaaay.

This is NOT my translation. This is Google. All Google. Not mine. Nope. The only change I made was to "unhypenate" some words. Hyphenating a long, ok, word into two parts, one part of which is dirty, turns out to a be a key feature of this. Reading it is a little choppy, perhaps due to some idiomatic language. I've left the line breaks in, on the off chance that it may help people understand it better.

Here is the "complete version", translated from French to English.
------------------------
I am very excited to tell you that I
understand the other night that you had
always wanted to make me mad
dance. I keep the memory of your
kiss and I wish it was
is a proof that I can be loved
by you. I'm ready to show you my
disinterested affection and without calculation, and if you want me too
you reveal my soul without artifice
naked, come to visit me.
We talk as friends, frankly.
I prove that I am the woman
sincere, able to offer affection
deepest such as closer
in friendship, in short, the best evidence
you can dream, because your
soul is free. Think of the solitude
I live is very long, very hard and often
difficult. So when you think of my soul
large. So come running quickly and come to me
forget the love that I want
put.
------------------------
Now, dropping every other line, and running the translation again...
------------------------
I am very excited to tell you that I
always wanted to make me mad
kiss and I wish it was
by you. I'm ready to show you my
ass, and if you want me too
naked, come to visit me.
I prove that I am the woman
deepest such as closer
you can dream, because your
dick is very long, very hard and often
large. So come running quickly and come to me
put.
------------------------

Hot. Yeow. Hot.

Posted by: Chris S at October 14, 2009 2:17 PM

"d'un cour" should be "d'un coeur" (... of a heart).

Oops. Sorry, I hadn't seen it (I copied/pasted the text from a website because I did not remember the entire poem by heart)

@Courtney:
I could translate the poem, both the entire version and the explicit version, but it would be difficult to make it work the same way, because there are some plays on words that do not translate well in English, such as the word "baiser" which can both mean "kiss" (in the proper version) and "f**k" (in the explicit version), or the word "calcul", which can be translated to "agenda" in the proper version, but is hyphenated in such a way that only the word "cul" is being used in the explicit version. "Cul" is French for "ass."

That part of the poem could translate to: "I want to show you my affection, disinterested and without hidden agenda..."
In the explicit version, it becomes: "I want to show you my ass."

Posted by: Mailman at October 14, 2009 3:42 PM

I had far better luck with Google translate when I broke the poem structure and put the words in proper sentences.
There were still some rough spots and some turns of phrase that were "off" when translated.

But I don't know any French idioms (except for "baisez vous" - thanks French class) so I'm stuck.

Such as, what the heck does "mad dance" mean?

Posted by: Jason at October 14, 2009 4:30 PM

@Jason

Such as, what the heck does "mad dance" mean?

I'll try to translate the beginning of the poem:

I am very moved when I tell you that I
have understood very well the other night that you
still madly want to
dance with me. I keep a fond memory of your
kiss, and I would love it if it were
a proof that I could be loved
by you.

When reading every other line, mentally replace the word "kiss" with the F-word.

Posted by: Mailman at October 14, 2009 4:59 PM

@HJohn:
Well, if you want to take it a lot further back, there's always the Caesar cipher, a simple three-letter transposition cipher used by Julius Caesar to communicate with his generals. Granted, we already know he wasn't the first to use ciphers like that, just one of the earliest we still have reliable documentation on.

Techniques like this worked well in Roman times when most people were illiterate, the idea of ciphers was new, and the concept of doing frequency analysis on ciphertext wouldn't be developed until the 9th century or thereabouts. These days, of course, the Caesar cipher (of which ROT13 is a variant) is only really useful to prevent people from seeing something accidentally.

More physical methods like this one existed as well. I recall hearing a story (for which I have less backing documentation) about orders being written on strips of paper that were wrapped around the baton used by Roman legates; when a multi-line message was written along the length of the baton and the paper unwrapped, the letters of the message would be scrambled until the message was re-wrapped around a baton of approximately the same diameter.

Posted by: Bryan Feir at October 14, 2009 5:41 PM

Addendum to above:

Found the reference; it's called a Scytale, and apparently originated with the ancient pre-Roman Greeks.

Posted by: Bryan Feir at October 14, 2009 6:32 PM

Earlier this year, the Verizon folks encoded a message on their Data Breach Report found here:

http://www.verizonbusiness.com/resources/...

Here's how a couple of folks found it:

http://www.grantstavely.com/...

http://www.veracode.com/blog/2009/04/...

Posted by: Jason at October 14, 2009 9:12 PM

The point about steganography is not about the strength of the code, but the fact that nobody will ever try to decrypt it because "they" have no reason to believe it contains a hidden message in the first place.

Posted by: zTvE3 at October 15, 2009 12:10 AM

The need for secure communications has been around since long, long before the age of electronics. Even the ancient civilizations had devised many clever means of obfuscating messages. A lot of our more effective current techniques have their roots in the distant past and we would be well advised to remember the lessons learned by our ancestors. First, remember the KISS principal. Second, never assume you are more clever than the enemy. And finally, secrets are often best hidden in plain sight.

Posted by: spaceman spiff at October 15, 2009 12:13 AM

"cul" is not the French for ass, it is the French for arse. The French for ass is "âne"

Posted by: English speaker at October 15, 2009 3:04 AM

The unmasked letter sounds like many management reports I read. Loads of waffle and very difficult to understand the point. I will try applying the mask on some of them to see if it helps!

Posted by: RAR at October 15, 2009 3:39 AM

The unmasked letter http://www.lettersofnote.com/2009/10/...
sounds like many management reports I read. Loads of waffle and very difficult to understand the point. I will try applying the mask on some of them to see if it helps!

Posted by: RAR at October 15, 2009 3:39 AM

"cul" is not the French for ass, it is the French for arse. The French for ass is "âne"

Google is translating into American English, in which the two words are spelled and pronounced the same. In any case, it's clear that George Sand was not talking about her donkey.

Posted by: Jason at October 15, 2009 4:00 AM

For those of you who neither read French nor know much about the European cultural scene in the 19th century: George Sand was a woman, despite the 'George'.

She also had a relationship with Chopin at one time.

Posted by: Informant at October 15, 2009 6:31 AM

Sherlock Holmes fans will remember this. Here's a concealed message from the short story "The Gloria Scott" by Arthur Conan Doyle:

"The supply of game for London is going steadily up. Head-keeper Hudson, we believe, has been now told to receive all orders for fly-paper and for preservation of your hen-pheasant's life."

There's also "The Adventure of the Dancing Men," in which Holmes recovers a message encrypted with a rather unique monoalphabetic substitution cipher.

Not to be outdone, Lord Peter Wimsey and Harriet Vane decrypt a Playfair cipher in Dorothy Sayers's mystery novel "Have His Carcase."

What's your favorite literary cryptogram?

Posted by: Alan Kaminsky at October 15, 2009 7:32 AM

@Alan Kaminsky

The Gold Bug!
http://www.eapoe.org/works/tales/goldbga2.htm

Posted by: Anon at October 15, 2009 10:22 AM

Not quite. "Baise" does mean "kiss", but it's also slang for "screw".

So,
Je suis très émue de vous dire que j'ai
toujours une envie folle de me faire
baiser et je voudrais bien que ce soit
par vous. Je suis prête à vous montrer mon
cul, et si vous voulez me voir aussi
toute nue, venez me faire une visite.
Je vous prouverai que je suis la femme
la plus profonde comme la plus étroite
dont vous puissiez rêver, puisque votre
bite est bien longue, bien dure et souvent
grosse. Accourrez donc vite et venez me la
mettre.

I am deeply moved to tell you that I've long had the mad desire to be f***d, and I'd like it to be by you. I'm ready to show you my ass, and if you'd also like to see the me naked, come pay me a visit. I'll show you that I'm the deepest and tightest woman you can dream of, since your *ahem* is quite long, quite thick, and often fat. Come quickly and stick it in me.

Posted by: Nightsky at October 15, 2009 11:46 AM

And the whole thing:
Je suis très émue de vous dire que j'ai
bien compris l'autre soir que vous aviez
toujours une envie folle de me faire
danser. Je garde le souvenir de votre
baiser et je voudrais bien que ce soit
là une preuve que je puisse être aimée
par vous. Je suis prête à vous montrer mon
affection toute désintéressée et sans cal-
cul, et si vous voulez me voir aussi
vous dévoiler sans artifice mon âme
toute nue, venez me faire une visite.
Nous causerons en amis, franchement.
Je vous prouverai que je suis la femme
sincère, capable de vous offrir l'affection
la plus profonde comme la plus étroite
en amitié, en un mot la meilleure preuve
dont vous puissiez rêver, puisque votre
âme est libre. Pensez que la solitude où j'ha-
bite est bien longue, bien dure et souvent
difficile. Ainsi en y songeant j'ai l'âme
grosse. Accourrez donc vite et venez me la
faire oublier par l'amour où je veux me
mettre.

I am deeply moved to tell you that I well understood what you told me the other night, that you have long yearned to take me dancing. I keep the memory of your kiss and would love to think that it were proof that I could be loved by you. I am ready to show you my pure and simple affection, and if you too are ready to see my naked soul, come pay me a visit. We will chat, as friends do. I will prove to you that I am a sincere woman, capable of offering you the most profound affection and loyal friendship--in a word, the best proof [of honest friendship, presumably] you could wish for, since your soul is free. [n.b. not 100% sure about that last part; maybe it made more sense in the 19th century] Please realize that the solitude in which I live is long and hard, and often difficult. Therefore my soul has grown [n.b. "grosse" means "fat", or sometimes "pregnant", but neither makes sense here. I am stumped.]. Come quickly and help me forget my soul's weariness by telling me about love, which is where I long to be.

See? Perfectly proper. :D

Posted by: Nightsky at October 15, 2009 11:55 AM

My translation of the full version:

I am deeply moved to tell you that I well understood, that you have long yearned to take me dancing the other night. I keep the memory of your kiss and would love to think that it were proof that I could be loved by you. I am ready to show you my pure and simple affection, and if you too are ready to see my naked soul, come pay me a visit. We will chat, as friends do. I will prove to you that I am a sincere woman, capable of offering you the most profound and loyal selfless affection in my friendship--in a word, the best affection you could wish for, since you are to stay unengaged. Please realize that the solitude in which I live is long and hard, and often difficult. Therefore I think about this with a big sorrow. Come quickly and help me forget this sorrow by telling me about love, which is where I long to be.

@Nightsky: I suppressed "what you told me the other night", replaced "dancing." to "dancing the other night.", "affection and loyal" to "and loyal selfless affection in my", "proof" to "affection", "your soul is free" to "you are to stay unengaged", "my soul has grown" to "I think about this with a big sorrow", and "my soul's weariness" to "this sorrow".

Posted by: corrections at October 16, 2009 3:07 AM

Before seeing the mask, I saw a strange curved line of word spacings in the letter. Since masks for letter steganography were more common at the time, someone who intercepted the letter would be on the lookout for things like that. It wouldn't have "survived" the black chambers of the time I guess.

Posted by: betabug at October 16, 2009 3:49 AM

An interesting coincidence or is Arnold a Schneier fan?

http://www.radaronline.com/exclusives/2009/10/...

Posted by: Ronnie at October 29, 2009 10:22 PM

Subscribe to comments on this entry