Comments

J.D. AbolinsJanuary 5, 2009 3:22 PM

If you visit the site using Firefox, the Flash animated video with the ciphertext might not appear. If that happens, try this direct URL for the Flash video:
http://www.fbi.gov/headlines/code.swf

By the way, the FBI code breaking page has a link to a nice intro to simple ciphers, "Analysis of Criminal Codes and Ciphers".

gbJanuary 5, 2009 3:24 PM

(oops, accidentally hit Post)
It's amazing that they think a simple replacement cipher would be enough to 'stop' anybody.. It was a little fun, but.. A few people commented that they thought the FBI accidentally switched the kid and adult test. Perhaps there is a message hidden deeper in the (swf..) file, besides the one that is apparent.

x4January 5, 2009 3:44 PM

You can nearly read it by just looking at the word lengths and special characters. I bet the third sentence is
Visit www.fbi.gov/*****.htm to ...

A nonny bunnyJanuary 5, 2009 4:00 PM

@ x4
You bet correctly.
And a quick grep of /usr/share/dict/linux.words soon yields the likely missing word.

J.D. AbolinsJanuary 5, 2009 4:12 PM

After posting the FBI code breaking challenge to some other forums as a "just for fun" item last week, I was surprised over how many responses were posted about how the puzzle being too simple. I was equally surprise finding a few people who were baffled by the puzzle.

I understood the FBI code breaking challenge to be simple exercise to spur some interest in codes. So I was not expecting a real challenge on the level of an "NSA or GCHQ cryptanalyst entrance exam". It was fun for a few minutes of diversion and it's something a schoolteacher could use for a class project.

StickyWidgetJanuary 5, 2009 4:54 PM

This was a kids puzzle. Simple substitution cipher with an easy-to-spot crib.

Still fun, but definitely not something to lose sleep over.

~StickyWidget

Not AnonymousJanuary 5, 2009 5:50 PM

20 minutes to write some generic helpers in python. 5 minutes to crack the damn thing. come on! hopefully not too many wannabe-cryptographers who can crack this and little else consider a carreer with the fbi.

AnonymousJanuary 6, 2009 7:40 AM

OK, since you all KNOW what the code is... would you mind enlightening those "few" of us who do not, please? :(

Honestly, I don't even really understand where to begin on cracking this. A little guidance and explanation of your methods would be nice too. :)

ArchAngelJanuary 6, 2009 8:17 AM

Anonymous --

Spoilers below, so read no further if you want to try on your own still. A good place to start is the URL, since it's pretty easy to guess it's a www.fbi.gov/*****.htm site, which gives almost the whole rest of the message away.

(CIPHER)
VFWTDLCSWV. YD NSLMIJFWEJFD GSW SL NIJNQBLM FOBV EJFDVF DLNIGTFBSL.
(PLAIN)
STUPENDOUS. WE CONGRATULATE YOU ON CRACKING THIS LATEST ENCRYPTION.

(CIPHER)
KBVBF YYY.AHB.MSK/NSCDC.OFZ FS EDF WV QLSY SA GSWI VWNNDVV.
(PLAIN)
VISIT WWW.FBI.GOV/CODED.HTM TO LET US KNOW OF YOUR SUCCESS.

(CYPHER => PLAIN)
J == A
H == B
N == C
C == D
D == E
A == F
M == G
O == H
B == I
Q == K
E == L
Z == M
L == N
S == O
T == P
I == R
V == S
F == T
W == U
K == V
Y == W
G == Y
(Leaving X,P, and U to equal J,Q, or Z)

Nick LancasterJanuary 6, 2009 8:19 AM

@anon:

Your first hint is what looks suspiciously like a URL: YYY.AHB.MSK/NSCDC.OFZ

From there, you can make an educated guess that Y=W. So MSK must be .COM, .GOV, .NET, or something similar. And the ciphertext following the slash would likely be *****.htm

So you've got 4 letters as a crib, and a solid guess at three more. Copy the cipher into WordPad and start working things out on the line below.

TK-855January 6, 2009 8:55 AM

@Princess Leia:

"It's an older code, but it checks out. I was about to clear them. Should I hold them?"

"No. I will deal with them myself."

JoJanuary 6, 2009 9:09 AM

If you list the alphabets cipher --> plain, with the cipher alphabet in order, it is a substitution cipher using the keyword:

Fidelity, Bravery, Integrity

which is the FBI motto:

cipher --> plain
a -- f
b -- i
c -- d
d -- e
e -- l
f -- t
g -- y
h -- b
i -- r
j -- a
k -- v
l -- n
m -- g
n -- c
o -- h
p -- j (assumed from pattern)
q -- k
r -- m (assumed from pattern)
s -- o
t -- p
u -- q (assumed from pattern)
v -- s
w -- u
x -- v (assumed from pattern)
y -- w
z -- z (assumed from pattern)

'assumed from pattern' because those letters do not show up in the encrypted text, so we cannot verify what they actually are.

cheers-

chabuhiJanuary 6, 2009 10:16 AM

I bet a lot more people would have struggled with this if not for the stupendously obvious crib.

PaulJanuary 6, 2009 10:51 AM

Anonymous-

The general way to approach a possible single substitution cipher is to perform a frequency analysis of the characters. This works better as the encrypted sample is larger, obviously, but works decently enough for a small sample too. This helps to get a general idea of which characters appear most, which can be used to map the characters to our alphabet based on the language used. For example, e is the most common letter in the English language.

In a sample this short, especially with spaces not coded to a ciphertext character, it's quickest to just do ad hoc substitutions and see what results. There are not too many 2 letter words, so they are easy to attack. There is an easy to recognize URL giving several possible letters. etc

Nick LancasterJanuary 6, 2009 11:21 AM

And if you really want to O.D. on letter frequency, chase down a copy of "Cryptanalysis" by Helen Gaines Foucher, which includes letter-frequency tables in great quantity.

KondrJanuary 6, 2009 11:39 AM

The key was generated by passphrase (in which repeated letters are omitted). Does anyone of you know it? I gues "fidelity, bravery, ..." but can't guess the rest.

Dave AndersenJanuary 6, 2009 1:44 PM

Jo - close, but your "assumed from pattern"s have some errors. e.g., 'z' -> 'm' (from the ciphertext, "coded.htm"'s last character is 'z').

Alan PorterJanuary 6, 2009 1:45 PM

I would also recommend "The Code Book", by Simon Singh. This is a very *readable* account of early codes, starting with substitution ciphers and going up from there. There are plenty of examples in the book, and at the end there is a contest consisting of a ten-part cipher (which was solved a few years ago, earning $10,000 for the winners).

Alan

Nick LancasterJanuary 6, 2009 2:15 PM

@Alan:

Yes, Singh's book is a good overview. If you're really ambitious, tackle David Kahn's 'The Codebreakers' (I knew I'd found the right woman when it turned out we each had a copy ...)

John ScholesJanuary 10, 2009 11:27 AM

@R

Collide SHA-512. Where has that got to? I seem to remember the first round of the NIST competition for a new hash algorithm closed last October with a conference at Leuven in late February to look at the best entries. But I thought this was precautionary. Has anyone published any weaknesses in SHA-512 yet?

Anonymous BritJanuary 15, 2009 7:24 AM

The coded message has been changed, it is now:

PIKODENHFENJIKM! YIH QELB GDISBK NQB PICB. OI NI AGJ.OIL/PICB.QNT MI WB SKIW, EKC UFBEMB PIKMJCBD E PEDBBD WJNQ NQB AGJ.

The passphrase is also different. It's still a substitution cipher, there a pretty obvious crib, and the passphrase is still very easy to guess.

MEJanuary 16, 2009 9:19 PM

Everyone complained how easy the FBI's substitution cipher was but noone has listed the complete key.

AnonymousJanuary 17, 2009 10:50 PM

why was the substitution cipher and the substitution with variants cipher that I placed on this website on January 16, 2008 removed?

try this oneJanuary 17, 2009 10:57 PM

.dgxxddnls8z7h;dl;.d4z7xl5dzxj6xgkgjgkl7skgn5zfkz74d4k;ndf
049gqgo6h95jqh6q5qoonlsxzc3f3469h3ndfdkxxlajkdiglmjcbdqhegndhe9h53f3h7he34w5qhenls4k;ndfx294i

Alex PonebshekJanuary 21, 2009 9:13 PM

I'm assuming somebody at the NSA pissed off somebody at the FBI. The natural response, of course, is to play a prank on the NSA by telling America that cryptanalysts do the same thing as eight year old children.

Anybody got a better theory?

AnonymousJanuary 22, 2009 7:15 PM

I have a Better Theory. The cryptanalyst who created the cipher for the FBI's website would not want certain individuals in the world to learn about more difficult cipher systems, so he or she created a simple substitution that almost everyone already knows how to solve. However, on January 6, 2009, only one person on this forum illustrated a complete key that was created to solve the cipher. Good job "Jo". As for NSA, are they solving ciphers on a daily basis or are they more involved in signal analysis? There's a big difference between signal analysis and manual cipher systems. I believe the FBI had no intentions of comparing children to NSA. But hey, there are alot of people that like to believe in government conspiracy theories. Maybe those individuals should be compared to children.

oss14079January 27, 2009 10:56 AM

Jo was close to find the complete code.
To avoid the "assumed from pattern" from Jo:
the one who knows that it is a substitution cipher using the secret keyword "Fidelity, Bravery, Integrity" (the FBI motto), knows too the four missing letters of the alphabets cipher (in this case "PRUX") is linked to "JQXZ" (the four poorest relative frequencies of letters in the english language: easy to remember!).

So, to find the complete code, just apply the following steps:

cipher --> plain
a -- f
b -- i
c -- d
d -- e
e -- l
f -- t
g -- y
h -- b
i -- r
j -- a
k -- v
l -- n
m -- g
n -- c
o -- h
p -- j
q -- k
r -- m
s -- o
t -- p
u -- q
v -- s
w -- u
x -- x
y -- w
z -- z

----------
prux -- jqxz

a -- f
b -- i
c -- d
d -- e
e -- l
f -- t
g -- y
h -- b
i -- r
j -- a
k -- v
l -- n
m -- g
n -- c
o -- h
/ -- /
q -- k
/ -- m
s -- o
t -- p
/ -- /
v -- s
w -- u
/ -- /
y -- w
z -- /

----------

a -- f
b -- i
c -- d
d -- e
e -- l
f -- t
g -- y
h -- b
i -- r
j -- a
k -- v
l -- n
m -- g
n -- c
o -- h
q -- k
/ -- m
s -- o
t -- p
v -- s
w -- u
y -- w
z -- /

----------

a -- f
b -- i
c -- d
d -- e
e -- l
f -- t
g -- y
h -- b
i -- r
j -- a
k -- v
l -- n
m -- g
n -- c
o -- h
q -- k
s -- o
t -- p
v -- s
w -- u
y -- w
z -- m

That's all

AnonymousJanuary 27, 2009 2:25 PM

Actually, you are almost correct about the key "oss14709", but you are making the key more complicated than it has to be. Try this, fill the key in with the keyword (the complete FBI motto) while doing so, do not repeat any characters. Afterwards, fill in the rest of the alphabet without repeating any characters again and do it alphabetically. You should get:

fideltybravngchjkmopqsuwxz

So I agree when someone said that there was more to the cipher than it looked like.

Clive RobinsonJanuary 27, 2009 4:37 PM

As a general point,

In realworld analysis of crypto finding the "key schedual" is usually of more importance than breaking individual messages.

(As is analysis of probable text/form in many messages).

For instance in breaking the FBI ciphertext keeping an eye on the developing key would probably have led to a faster break than just pluging in letters.

The secret is knowing which link in the chain is weakest at any one time.

AnonymousJanuary 27, 2009 6:16 PM

That was probably the most intelligent aspect of cryptanalysis that I have probably read on this website Clive. Most hobyists try to break the message, but for those who are serious with cryptanalysis, for those who work in this field, deciphering the message is only one step in the procedure. The key is the actual backbone of the message. The key is where the true security of the message lies. Once the key is known to others, then the cryptographer must create a new key in order to continue creating messages that rely on secrecy and security.

Clive RobinsonMarch 13, 2010 7:39 AM

@ me,

"Anyone can create a one time pad."

Yes all you need is one or two dice a shaker a 6x6 grid and a sheet of grid paper and either a sheet of carbon paper and plain sheer of paper or a photocopier.

If you only have one dice you will have to throw it twice each time. If you have two dice mark one of them so you know which is the 1st die and which is the 2nd die (colour in the pits with a different coloured ink or paint is one way).

First make the grid depending on if you are using,

1, Number OTP
2, Charecter OTP
3, Alpha Neumeric OTP.

For the simplest,

161616 ABCDE- ABCDEF
272727 FGHIJ- GHIJKL
383838 KLMNO- MNOPQR
494949 PQRST- STUVWX
505050 UVWXY- YZ0123
------ -----Z 456789

Obviously you would be better to fill the grid randomly. That is throw a pair and write down A in that square they point to. Throw another pair and write B. If you get a square that's filed in throw another pair untill you get a square that's not occupied.

When you have filled in between half and two thirds of the grid just fill in the remaining squares in whatever way makes you happy (as long as you have the right number of numbers and dashes '-' ;)

Now to start the OTP

Throw a pair, look it up on the grid, if it's not a dash write it in the first square on the grid paper. Repeat untill you have five random chars then miss a square and repeate to do the next five.

When you have finished a line, leave three blank lines and fill in the next line with sets of five random chars.

It is IMPORTANT that you always use pairs of throws, and throw a new pair if you get a dash. DO NOT be tempted to just throw one die again, OR WORSE swap the 1st die with the 2nd die.

You can improve things by say using 4 dice and add the throw values and drop the multiples.

I use this system with a random HEX (times 2 for 32 values) map to generate random keys when I need them.

I must admit it gets quite boring generating two 512bit start points for a search for a pair of primes (PQ) but you only need to do it the once to set up a BBS generator, to do it from then onwards.

MEMarch 24, 2010 4:14 PM

I know how one works, otherwise I would have never used the words "one time pad.". You obviously have a lot of time on your hands Clive. I actually got bored quarter of the way through and had to stop reading.

Clive RobinsonMarch 25, 2010 1:16 AM

@ ME,

As you said,

"Anyone can create a one time pad."

But actually very very few know how to do so.

Even less know how to do it efficiently with their chosen random source.

As for,

"You obviously have a lot of time on your hands Clive."

If you where a regular reader of this blog you'ld know the answer to why that might be.

As for,

"I actually got bored quarter of the way through and had to stop reading."

Says a lot more about you than anything else you have posted under your nom de plume.

Which brings me back to your comment,

'I know how one works, otherwise I would have never used the words "one time pad."'

As has been remarked before,

'Any fool can drive a car, but how many have made one that's street legal?'

Key generation is one of the major weak spots in all cryptography and more so with the OTP than others.

This particular thread has a marginaly higher probability of being read by those that might benift from the knowledge.

Hence I would have thought you would have realised it was not posted just for your education.

ModeratorMarch 25, 2010 3:26 PM

.ME, don't comment on this blog again unless you have something substantive to say. Right now you are just wasting everyone's time.

DaveMarch 26, 2010 7:18 AM

As they say, arrogance and ignorance go in hand. Or was it arrogance and illiteracy? Either way.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..