Bahggy December 30, 2010 7:21 AM

It would be good to see a higher resolution scan of the message or at least a transcript of the cipher text.
If it is a simple vigenere, I am suprised it took the codebreakers so long to decipher it.

doink December 30, 2010 8:01 AM

seems like an alphabet substitution cypher would be crackable by a computer program in something under a second, you could just look at twenty six variations to see which one looked like a message and all the others should look like jibberish.

or maybe its actually 26 to the 26th power,

Henning Makholm December 30, 2010 8:15 AM

@Bahggy: All the article says is something like we gave them the ciphertext and two weeks later they came back with a decryption. There’s no indication that they dropped everything and worked full time for two weeks to do it. The one of them who’s quoted in the article clearly did it in spare time during a deployment and deliberately eschewed computer assistance in order to make the challenge interesting.

Clive Robinson December 30, 2010 8:25 AM

I’m glad Cmdr John Hunter had fun,

“To me, it was not that difficult,” he said. “I had fun with this and it took me longer than I should have.”

I suspect from his last sentance it was one of those “carry in your pocket” problems a kind of upmarket book of crossword puzzelz for the travler with a little time on their hands.

As it happens there are a very very large number of “undecoded” messages languishing in various government and historical archives, I just wish they would make them available so that both amature cryptographers could test their skills and historians get further insite.

Unfortunatly it is the latter aspect that appears to frighten governments they realy don’t want other people looking at the canvas of history in anything other than the brush strokes they paint.

Sparky December 30, 2010 9:43 AM

A Vigenere cipher is (according to Wikipedia) a variation of the Caesar cipher, where the shift count of the letters is not constant, but depends on the letters of a (presumably repeating) keyword. This means that trivially simple frequency counting will not give you the key. Also, the message is very short, which makes statistical analysis more difficult.

Given a sufficiently long ciphertext and a relatively short keyword, it becomes possible to do frequency analysis for each possible keyword size, to break the message into N (where N = size of keyword) parts, where all characters of each part are encrypted with the same shift count. Finding the size of the keyword and the key character for each part of the message is fairly simple using general purpose software or a simple script.

(reading the rest of the wikipedia article, I realize this is fairly close to the Friedman test)

Does anybody know if there is a stash of similar, undecrypted messages available online? I find such puzzles much more challenging and entertaining than sudoku puzzles.

Of course, it seems fairly easy once we know what type of cipher was used, which has to be determined first. If the message was encrypted using 2 (preferably prime-sized) keywords, the keyword length would effectively be the equal to the smallest common multiple of the keyword lengths (in terms of repetition of the key, the entropy is, of course, much smaller), making analysis more difficult. Other little tricks, like shifting the letters of the keyword after each iteration or something similar, could also make decryption a fair challenge without special purpose software.

Grant December 30, 2010 10:05 AM

@Makholm, @doink

The Vigenere Cipher is a variation of the Caesarian Cipher. In fact, you could say the Caesarian Cipher is a Subset of the Vigenere Cipher; a Vigenere with a key length of one letter.

The Vigenere uses a keyword, say SOUTH (since we are talking about the confederacy here). To get each encrypted letter, you simply remove all spaces from the messages, align your Original Message with the Keyword, check your Vigenere Square, and cross reference the Original Letter with its corresponding Keyword letter.

To break a Caesarian Cipher you simply check the occurrences of each letter and then shift based back to what should be the expected outcome; ‘e’ should be the highest, ‘x’,’y’,’z’ should have very few. With the Vigenere, you have to break up the message into 1,2,3,4,5,6,7,8,…,n alphabets looking for Caesarian shifts, but most keywords are between 4 and 7 letters long. Of course there are algorithms developed to predict the length of the keyword. Also, the length of the encrypted text affects how easy it is to decipher; longer messages are easier.

Reading @mvario link, it looks like deciphering the handwriting must have been the hardest part of breaking this code. (/sarcasm)

David Thornley December 30, 2010 1:04 PM

@Sparky: The variations of the Vigenere you’re describing would be more work, and the original cipher was actually quite secure in Civil War times. It wasn’t until 1863 (halfway through the war) that the first good attack was published, and methods didn’t disseminate very fast back then.

Nowadays, any amateur can break a Vigenere easily, but none of the old pencil-and-paper ciphers are of practical use anymore.

Jeff December 30, 2010 1:54 PM

“The last line seems to suggest a separate delivery to Pemberton would be the code to break the message.”

Eh? What’s the point of saying, in cyphertext in message 1, that another message is coming if the second message was required in order to read message 1?.

HAARP the one you love December 30, 2010 3:25 PM

.– — ..- .-.. -.. / -.– — ..- / .-.. .. -.- . / – — / .–. .-.. .- -.– / .- / –. .- — . ..–..

Gen Johnston December 30, 2010 3:57 PM


Dirk Praet December 30, 2010 6:08 PM

@ Clive

As it happens there are a very very large number of “undecoded” messages languishing in various government and historical archives, I just wish they would make them available so that both amature cryptographers could test their skills and historians get further insite.


Sang @ AlertBoot December 30, 2010 6:55 PM


Criticism duly noted re: transcribing the handwriting in the message. But, your sarcastic comment is not too far off the mark, I think.

I’ve just gone over my transcription again, and without the benefit of hindsight on what the message ought to be in its encrypted state, I’d say my transcription is pretty spot-on, esp. when you consider the general’s writing style.

How was I supposed to know all his w’s were actually u’s; or that he uses the “small t” as a “capital e” when he also has a “capital E” that looks like a “capital F”; or that his “O” is interchangeable with his “D”?

I know. This comment makes me sound petty and whiny. I guess I now have a new resolution for the upcoming year. Cheers!

Robert in San Diego January 2, 2011 8:58 PM

If I remember my David Kahn correctly, the longest and last Confederate States of America Vigeniere key was “Come Retribution.” The standard Union cipher was a wacky one — a route based word transposition (words, not letters, were transposed) with code replacements for high-value words like “Lincoln,” major commander’s names, cities. Routes grew more extensive in time, and the resulting ciphertext was something filled with pertinent, understandable words in a mixed up order that would drive anyone NUTS.

I would say “Pencil and paper” ciphers and codes still have a use, in a restricted sense. Even one time pads can be “done” without computers. However, most communications today is vastly computer moderated. But then, I’m a “retrogrouch,” and have managed to find ROT13 can baffle.

Roger January 12, 2011 4:45 PM

At least some governments do allow access to old enciphered documents in archives. The Simancas Archives in Spain, mainly covering Spanish history up to the 16th century, include many ciphered documents and access to researchers is “easily obtained.”


If I remember my David Kahn correctly, the longest and last Confederate States of America Vigeniere key was “Come Retribution.”

According to F. W. Chesson (a student of US Civil War cryptography) for some unknown reason, all of the South’s “standard” keys were the same length — 15 letters — which of course is a really bad idea in a Vigenère cipher. At least one slightly longer key (“My old Kentucky Home”) was used, solely for correspondence between two generals, but he doesn’t say which two.

Over the centuries there have been many suggestions for strengthening the Vigenère. Most are either of negligible value, or else make the cipher far too complex to operate. One very simple suggestion is to use a secret, mixed alphabet instead of a straight one in the tableau. For example, it could be a simple piece of card attached to the lower wheel. Periodically (say, weekly) the card could be replaced by another from a secure supply, and the old one burned.

If operating the cipher through a “code wheel” (which was the usual procedure for field ciphers), this makes no difference at all to the ease of enciphering and deciphering. Yet if the mixed alphabet is changed often enough it does significantly improve the strength. More importantly, it prevents the General from using exactly the same keys for years on end, which seems to have been the main source of the South’s poor cryptology.

(As an aside: use of frequently changed, secret mixed alphabets also greatly increases the security of the various autokey variants of the Vigenère. For example, the main weakness of plaintext autokey is “crib dragging.” This is considerably complicated by a secret alphabet, and probably beyond 19th century abilities; indeed with sufficiently short messages it becomes impossible. Yet, once again, PTAK is scarcely more difficult to use than straight Vigenère. However I’m not sure that Confederate generals could have been persuaded to use a PTAK when they couldn’t be persuaded to change their keys more often than annually.)

Clive Robinson January 13, 2011 6:34 AM

@ Roger,

It was “Robert in San Diego” that made the David Kahn comment you quoted not me (credit where credit due I doubt I could remember David Kahn’s books that well these days 😉

I did however make comments about access to archives by Governments (or lack thereof), which is what the para preceding my name in your comment was about.

In general the problem with most activly in use systems is not the strength of the cipher in use but the KeyMat issues, which is by the way a mainly unsolved problem (PKI is not even close).

One major issue is destruction of KeyMat prior to it being captured by the oposition. One way to do this is to not write it down but memorise it (think modern day passphrase on a password safe etc).

Another major issue is KeyMat distrubution which needs reliable communications systems and very reliable KeyMat handeling procedures. And is very difficult in times of fluid movment of forces over unknown terrain. [one solution that has been used in the past and is still current is Key Distribution by One Time Pad. Each outpost etc with crypto gear has an old fashioned paper OTP, with a serial number on it, keys for the crypto gear are sent under the OTP as and when required by the master station which has the matching OTP, it’s messy but it works, the main weak points being OTP capture and a central master station].

So given the two problems above don’t be to hard on the generals, like the Germans and Enigma many years later it is to easy to put to much faith in a system, and down grade how you think of your openents abilities.

Linda Boyer March 24, 2011 9:58 AM

I am posting this comment here in hopes that someone see’s it and has information on how I can get help with this. I have what I believe to be a civil war coded message sent to or by Col. John B Yates who was a Col. in the Union Army. I would like to authenticate this and decode the message but have no idea how to go about doing either. I am convinced of what I have but without knowing what it says have no way to authenticate it. So HELP to anyone interested

Linda Boyer March 24, 2011 10:00 AM

I just realized you would have no way to reach me so regarding the message about the civil war coded message to Col. John B Yates…if interested my email address is

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.