The Doghouse: Sniper Flash Cards

They have a cryptanalysis contest with a $5,000 prize, but a $100 entry fee.

Sounds like a scam to me.

(My comments on cracking contests can be seen here.)

Posted on July 19, 2006 at 1:46 PM • 24 Comments

Comments

derfJuly 19, 2006 2:28 PM

Winner gets to assist a wealthy Nigerian transfer several million Niger bucks to the USA via their personal bank account.

radiantmatrixJuly 19, 2006 3:26 PM

Hm, I tend to agree that cryptography contests are bad ideas. This particular one seems to address most of your concerns, though, bruce:

Once you pay your fee, they give you the algorithm and the tools (they call it a "code wheel") to generate keys. They also provide the plaintext and ciphertext for one message. The winner should discover the secret key -- and this is authenticated by providing the plaintext for the second ciphertext (which is encrypted with the same key).

This is likely a scam, but it's not the usual scam. The organizers just need more than 50 people to participate (or for some people to spend more on additional services like extra ciphertexts), and they will make a tidy profit.

BLPJuly 19, 2006 3:27 PM

From the page:

But why is trying to break this cipher really important? Because everybody knows that the machines will soon be taking over the world. HAL, Skynet, the Matrix, Viki - they are harbingers of what is to come. Do you think you can defy Skynet while relying on your home computer to encrypt your messages? Your computer is Skynet. It knows every keystroke you type. The hope of mankind rests on having a strong pencil-and-paper cipher that can withstand a computerized attack.


Really.

TomJuly 19, 2006 3:29 PM

"I like the claim that if distributed as a software implementation, the cryptosystem under discussion would be illegal."

Well, fraud *is* illegal.

ZwackJuly 19, 2006 4:43 PM

Hey, the guy is also selling a system for winning at blackjack. If it's that good why is he selling it rather than just winning lots of money at blackjack?

Z.

Andrew2July 19, 2006 6:04 PM

Heh. I like how the entry fee is $100 at the middle of the page, but $250 at the bottom.

AlanJuly 19, 2006 6:39 PM

@Andrew2

Heh. I like how the entry fee is $100 at the middle of the page, but $250 at the bottom.

Inflation on internet-time.

Oops, it's now $325.

anonAgainJuly 19, 2006 6:44 PM

Also, the author appears to have never heard that the ITAR restrictions on cryptosystems were rescinded nearly a decade ago.

Jim A.July 19, 2006 6:44 PM

It gets even better! If you actually register for the contest, you have to fill out a survey about your rifle usage. Options are:

*I do not wish to respond
*Deer or Elk hunting
*Varmint shooting
*Civilian competitions
*Active duty military

No, I am not making this up! I chose "varmint shooting".

Then, you get charged another 5 bucks for shipping (to enter the contest).

Hey, at least you enter your credit card over SSL!!!

Carlo GrazianiJuly 19, 2006 7:56 PM

We should hook this guy up with the "Infinity-bit encryption" dude. Though they'd probably wind up regarding each other as cranks.

fudJuly 19, 2006 9:20 PM

I like the "How To Defend A City From Invasion Using Civilian Snipers as an Auxiliary to the Regular Army" section. http://www.sniperflashcards.com/tactics.asp
My favorite is part E. Bait.
2. Crucify prisoners on wooden telephone poles. Set the poles on fire. All of Part G. Escape is really good too.

Stefan WagnerJuly 19, 2006 9:32 PM

@zwack:
Blackjack is vulnerable.
With a simple ruleset you get close to a 50:50 chance.
If you count card-values and remember them, you get better chances than 50:50 (but not much better).

When the bank recognizes, that you're using that strategy, it is free to change the stack of cards more often, which is a disadvantage for you.

Conclusion: To earn money, you need a good memory, some training, and have to change the casino (uhm! Casino!) often.

With this investigations you may earn more money elsewhere (i.e.: selling the receipt).

Matthew SkalaJuly 19, 2006 9:33 PM

Zwack: If you consistently win lots of money at blackjack, you are asked to leave the casino; and if you don't keep your head down, you get shot by the Mafia. If you have a system that works, it's a better idea to sell the system.

Richard BraakmanJuly 20, 2006 3:27 AM

We don't even have to analyze this product to evaluate its security. We now know that its designers rate the chances of a determined person cracking it at about 1 in 50.

FPJuly 20, 2006 9:36 AM

If it were a scam, it's a bad one. It targets a tiny fraction of humanity, which has a significant overlap with the set of internet users that are good at spotting scams. The first rule of scamming is to tempt the other 99% of the population into participating.

I predict that it will be next to impossible to draw in enough participants to make a significant margin. If they were out to scam, they'd be better off selling raffle tickets.

EvJuly 20, 2006 11:22 AM

@FP:

"If it were a scam, it's a bad one. It targets a tiny fraction of humanity, which has a significant overlap with the set of internet users that are good at spotting scams."

Suppose you are right. Then apparently one of that fraction's prominent figures, Bruce S., is NOT good at spotting scams. Contradiction!

Fred PageJuly 20, 2006 1:59 PM

@Stephen Wagner-
"If you count card-values and remember them, you get better chances than 50:50 (but not much better)."

Only with a stupid house. Any house smart enough to reshuffle the deck frequently enough (ex: every hand) can kill this, as well as any house willing to change the rules enough that card counting won't get you enough of an edge.

Back when I was in the gambling industry, I was surprised how many houses were stupid.

Chris EvansJuly 21, 2006 1:12 PM

Did anyone else notice that the "two cipher wheels" happen to be on the shield of that roman guy?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..