Comments
Milan • October 14, 2011 6:58 AM
Less of a password and more of a one-time challenge/response: “Which picture among these have you never seen before?”
Simon • October 14, 2011 7:00 AM
My thoughts are that it’s a selection test of some kind. The controller shows different sets of photos (each set of the same type of subject, and rich in complexity). The agent then selects one photo from each of the sets – something that he/she identifies with or responds to aesthetically, or triggers some sort of internal response. Then the controller notes which photo from each set the agent picks. To identify the agent at some later stage, the agent has to pick the same photos from each of the sets, so it can be thought of as a PIN as some kind.
But it’s a PIN that they would be likely to be unable to reveal under duress (or even if they’re cooperating), since the photos in each sets are rich in detail, and easily distinguishable side-by-side but not so different that the agent could describe the photos accurately, or recall with sufficient detail.
So in an example, you would have a set of 10 similar houses; a set of 10 similar cats; a set of 10 faces of similar men; and a set of 10 similar, single-arch bridges. The key here would be the selection by the agent. They would need to choose something that would internally resonate – that is trigger recognition but not sufficient recall to be able to disambiguate through narrative. Selecting four photos and studying them for 5 min each night for a week would probably do the trick, and even less time might be needed.
Anyhow, my initial thoughts. This could make an interesting study for someone.
Victor Engmark • October 14, 2011 7:06 AM
Sounds like Milan has the right idea. I guess anything which hinges on the gaps in our memory would do the trick: You’d have to recall all data of the same type with near-perfect fidelity to give anybody else a chance to pass the test instead of you.
passingthrough • October 14, 2011 7:10 AM
The one-time (image) selection is appealing, but does it have the variability issue mentioned in the text?
Terence Eden • October 14, 2011 7:11 AM
Post-Hypnotic Suggestion? When he hears the trigger phrase “The black dog lies in Moscow” he involuntarily sings “When I’m cleaning windows” by George Formby.
Paul Friday • October 14, 2011 7:15 AM
Perhaps something that is held by a third party?
So “the password from me to you will be the name of your great aunt’s cousin, when I need to use it I will ask your controller for the name. You do the same for me.”
It would probably have to work like a one-time pad though, with a long list of things available to use and deleted at each use. Any repeated question or password warns of a possible compromise.
Maarten • October 14, 2011 7:21 AM
‘Jesus’ is the answer. The scheme is to pick the common reaction used by the subject if subject fails to remember something.
“Pandarus, who’d blasphemed so frequently” is a hint that people who know Pandarus could know his personal phrase has to be ‘Jesus’.
Craig Trader • October 14, 2011 7:29 AM
I have discovered a truly remarkable proof which this margin is too small to contain…
Jurgen • October 14, 2011 7:41 AM
Hey Bruce, are Pandarus and Menelaus names for characters in the book ..? If they’re only used for this riddle, they may have some bearing on the solution. Both are names of famed ancient Greeks. Have to dig up their storiesto figure it out though — but the author and his contemporaries will probably have known these by the education that was common to their class. [Note: just wiki’d them. Trojan war stuff. a) relevance more probable, b) in canon of pre-mid-20th century British above-middle class education, almost certain.]
Jurgen • October 14, 2011 7:43 AM
… Or Craig Fermat will be proven wrong by Andrew Wiles.
Dave • October 14, 2011 7:45 AM
It doesn’t sound like he thought it was very useful beyond the singular application…
“He was the first agent to use it, but unless I can find a way to vary it, was likely to be the last.”
That is also probably a big clue. It eliminates any guesses we have that could be easily varied.
Mike • October 14, 2011 7:51 AM
Based on the formulation, I don’t think that you can count on each of the zone commanders being familiar enough with P’s mannerisms to use those to identify him. The mention that P might be the only agent that can use the technique makes me wonder if this is some sort of iteration of “His password is that he doesn’t know his password, therefore he can’t tell what he doesn’t know”.
Jack • October 14, 2011 7:56 AM
Don’t make it more complicated than it is. Think of an office commute, the same trip everyday, over and over for months, years. If I ask you what is on a sign at the corner of such and such, you can’t remember, even though you have seen it countless times. Yet, your mind depended on seeing it each morning to build confidence you were going the right way. This is related to the reason images are now used in banking sites, something you may or may not be able to recall, but you know it when you see it. And if it’s different you know it.
Andrew Yeomans • October 14, 2011 7:57 AM
A simple physical token could do this. Tear a piece of paper in half and give each person one half.
This could be done with a stamp – send a letter to one person, the other person has to produce the adjacent stamp (or pane of stamps) that it was torn from. One of the people involved would not even need to know what the check was, but the evidence would be clear when the second piece was produced. And neither could remember the pattern of paper tears to guaranteed the match.
aikimark • October 14, 2011 7:58 AM
I agree that it has to do with the blasphemy clue, but I’m thinking that it is something that can’t be spoken in the agent’s country because of blasphemy laws and the “can’t recall” description. It isn’t that the agent can’t physically recall it, but socially.
For instance, if the agent were in an Islamic theocratic country, the phrase could be “There is no God, and Allah certainly isn’t his name.” That would be forbidden and punishable by death.
Victor • October 14, 2011 8:15 AM
Note that the “checks” referred to in that passage usually concerned the verifications that had to be inserted into coded radio signals sent back to SOE HQ. Any type of biometric challenge-response – such as bum-pinching or the reaction to a series of photos – would be rather hard to include.
The checks were a vital part of the operations in the occupied territories and a substantial part of Marks’ excellent book is taken up with the topic of how he tried to enhance them and how they sometimes failed in the field. In some cases the missing security checks, deliberately omitted by captured agents, may have been ignored by the recipients (see Did British intelligence send its own spies to their deaths? and the the English Game).
Hawke • October 14, 2011 8:15 AM
I don’t think that the photographs solution passes the clues listed later in the text.
“The position now is that MANELAUS is now using the check.”
and
“…but unless I could find a way to vary it, it was likely to be the last.”
What about something like “Without showing me the dial, set this radio to a frequency indicated by (your age + your wife’s age/ the number of kids you have) and press the code key three times.
If you get a reply of two squalks, identity is confirmed.
Reset the dial to its lowest setting.
Pretty sure that this is not the solution, but has possibilities.
Adam • October 14, 2011 8:30 AM
Doesn’t say if it’s over the radio but I assume they could play some a series of original pieces of music and he has to beep when he hears the ones that are “his” tunes.
Steven M. Bellovin • October 14, 2011 8:45 AM
While I don’t know what the solution is, Marks may have been compelled to leave it out. At the Cryptologic History Symposium last week, one of the speakers mentioned that Marks had fought for 15 years to be allowed to publish the book — he couldn’t get it past the censors. Might that have been a deletion to appease them?
vasiliy pupkin • October 14, 2011 8:51 AM
I agree with Terrence Eden on mechanism, but trigger could be not only verbal – anything like particular smell, music/melody, image/picture, sequence of touching, etc. alone or of any particular combo working like one field key for access data or combo key included multiple fields. In that case each part of the key addresses particular sense.
Josh S • October 14, 2011 9:01 AM
A phrase/response system where the answer is “F*** you” or something similar. If, under torture or duress, the man tried to give up the response, he would simply be saying, “F*** you!” to his attackers/torturers.
Bob T • October 14, 2011 9:02 AM
I think people are reading the passage wrong. The agent recruited in the field is Menalaus, not Pandarus. What it says is that Pandarus was briefed to give Menalaus the identity check that he would use. Pandarus doesn’t have to know anything about the identity check itself. “The position now is that Menalaus is using the check.” Pandarus can be told one thing to give to Menalaus while Menalaus is told to use something that Pandarus is unaware of, such as his obvious overuse of the word “Jesus.” Menalaus will use Jesus to identify himself to someone else. Pandarus thinks it was the yellow rose he gave him to put on his lapel.
The check is only an identity check – not the actual code. I think P has been unknowingly infected with a rare, yet not fatal virus or other microbe. If he dies, the infection dies with him. He is likely to be the last because once it spreads, it is no longer unique. Unless it could be tailored – i.e. made unique again – it would be unsuitable for continued use.
eggbert • October 14, 2011 9:12 AM
So did I get this right:
- Pandarus needs to tell/convey to Manelaus the verification code
- without using anything written
- with forgetting the code afterwards
- with the code usable via radio
Johns • October 14, 2011 9:12 AM
My wife’s birthday. I can be told that is the challenge, but would not be able to recall the date later if caught by the enemy.
It does say signals, but I didn’t say where the code was implicitly expected to be usable via radio…but maybe i’m being dense
eggbert • October 14, 2011 9:22 AM
I think the difficulty is on both HQ and Manelaus knowing the code, but Pandarus as their only link not knowing or reliably forgetting it.
Pandarus could instruct Manelaus and HQ to listen to words on the radio on a pre-defined time. Manelaus would only need to NOT listen to it. It would be very difficult to reconstruct what words were said in that second without having listened.
eggbert • October 14, 2011 9:24 AM
Although that would be easy to vary, so it wouldn’t fit the description given in the book.
ajay • October 14, 2011 9:26 AM
eggbert: In the context of the book an “identity check” definitely has to be usable over radio. Which means that London can’t show Manelaus a lot of photos and ask ‘which of these photos is yours’.
And it has to be the case that if Pandarus is captured, and tells the Gestapo exactly the same thing that he told Manelaus, the Gestapo cannot then impersonate Manelaus without Manelaus’ cooperation.
On the other hand, it doesn’t have to be a challenge-response system and it doesn’t have to be different every time. According to Foot, IIRC, an SOE agent identity check was just a codeword that was included in every transmission.
eggbert • October 14, 2011 9:34 AM
thanks, ajay.
so with the public radio solution, that would do, right?
Pandarus tells Manelaus:
– Turn on the radio to the station “radio Cologne”.
– Remember the first five words starting at exactly 6:31pm and 45 seconds.
– I will go to the next room and come back at 6:32pm (to make sure you’re ok).
London can also listen to radio Cologne and note the words at the same time-stamp.
The Gestapo would need a timestamped recording of every radio-station to reconstruct the words with these instructions. For WWII technical possibilities, that might be very difficult.
ajay • October 14, 2011 9:34 AM
The tricky bit is that Manelaus was recruited in the field, so he’s presumably never been to London: you aren’t allowed any out-of-band communication with him, other than what Pandarus said.
So you can’t just have Pandarus say “use keyword 15 off the list you memorised during your training”. And you can only have Pandarus say “use the name of your wife’s third cousin” if
a) London knows the name of the cousin already and
b) the Gestapo don’t and have no way of finding it out.
Bob T • October 14, 2011 9:42 AM
- Pandarus is told to give Menalaus a code word of “Bruce” to use as an identity check.
- Menalaus is told by another agent to use a word that his contact (Pandarus), who is unkown to this other field agent, has a propensity for using.
- “Jesus” is the word that Menalaus will use for his identity check on the radio.
- Pandarus gets caught, tortured and eventually gives in that the identity check that he gave to his contact is “Bruce.”
This is why Nick stares at the ceiling and says, Jesus… Of course, Jesus!
ajay • October 14, 2011 9:48 AM
eggbert: like it. I didn’t quite follow your first explanation – didn’t realise you were talking about public radio rather than SOE broadcasts.
That would work assuming Manelaus’ watch is accurate, and they pick a live, non-scripted broadcast on Radio Cologne, of course. Wouldn’t be much good using the news.
Ben • October 14, 2011 10:01 AM
Wow, it would have been better to explain the context of this “conundrum” because a lot of people seem to be confused by it.
The way I understand it: P goes to occupied Europe to tell M an identity check that M will then use when sending coded messages OVER THE RADIO – the purpose of the check being to confirm that M hasn’t been coerced or replaced by an imposter. There’s some way that if P is captured by the Nazis, he can’t say what the check is.
Also, the check is presumably something less obvious to eavesdropping Nazis than “put the word BANANAS at the beginning of every message”.
So the suggestions about photographs, torn paper etc. don’t work.
Possible clues: P blasphemed “so frequently I was convinced he was devout” (implying he wasn’t really devout). The system couldn’t be used by anyone but P without variation.
My guess is the answer is something to do with the rosary. P gives M a rosary in a certain configuration that is meaningful to M (for its religious significance) but not to P, who can’t then remember it. That satisfies the “nothing in writing” check and of course a rosary isn’t a suspicious thing to carry.
Another possibility is if P doesn’t know where M transmits from, but the base does – he can tell M to look out of his window and include something in his message based on what he sees.
~thc • October 14, 2011 10:28 AM
I think this riddle is a play with expectations. The hint is “find a way to vary it”.
The first part is a letter which should be intercepted and read by the enemy (Gestapo). They should think there is a unique way of “Pandorus” identifying himself.
The true “Pandorus” (and the true “Manelaus”) knows (s)he has been told nothing by signals in London. When asked by “Manelaus” (s)he will truthfully answer “Nothing.”
An enemy spy or impostor would not.
If the enemy captures “Pandorus” or an impostor acting as “Manelaus” asks for the identification (s)he can only answer “Nothing.”, which has a different meaning to them and is in accordance with the letter.
Kevin Wood • October 14, 2011 10:33 AM
I think you have to assume that this was not a two-part operation, that is, London did not contact Menelaus before or after the contact with Pandarus to say “by the way, the code isn’t actually what Pandarus told you, it is really that habit that Pandarus has”.
Also, the text says “Pandarus… would be unable to remember it”. It doesn’t say that Pandarus never knew it in the first place, which I think is significant.
Finally, the variability challenge is highly significant.
BGA • October 14, 2011 10:37 AM
Nothing was passed in writing, but I don’t necessarily read it as nothing having been written down, just that a piece of paper didn’t change hands. If the identity check (code word?) was written somewhere on P’s body where he couldn’t see it, M could read it and then erase it, without P ever having anything to forget. Reminiscent of Herodotus’ tale of a message tattooed on a slave’s head… Maybe passes the simplicity test, but not sure about the variability issue.
Kevin Wood • October 14, 2011 10:45 AM
Again, the text refers to “the secret of P’s ability to forget the security checks which he had to pass on”.
I think P had to have knowledge of what it was he was passing on. The suggestion that P was just a covert channel for the actual code just doesn’t fit.
B. D. Johnson • October 14, 2011 11:00 AM
What if it’s something like a face?
You show Pandarus a photos of Manelaus’ sister (without telling him who the person actually is) then tell Manelaus to bring a photo of his sister and two other similar-looking women and have Pandarus pick out the correct one.
It’s be impossible to remember enough detail to describe someone’s face exact enough to positively ID them, but when you saw them that bit of grey matter that identifies faces “clicks.”
Phil • October 14, 2011 11:13 AM
Sounds like it would work in similar ways that messages were passed to the resistance over public radio in WW1. The secret message would be embedded in some pre-arranged story so that a third party would not know the significance.
In this case, the agent could be told something important as if it were casual conversation. Did you see the ball game last night? Boston really didn’t do well. The coach really blew it.
The subject matter would be of interest to the agent in a general way but they would not expect the conversation to be the message. However, they might easily recall the statement. If captured they wouldn’t know the significance of the statement. So couldn’t reveal it other then to say we talked about baseball.
At the other end, the receiving agent simply has to say, what did your handler say about the boston game? Answer, “the coach really blew it”.
In this case you could voice many superficially innocent opinions about the coach. The opinion is the message. Unless the receiver is aware of what is significant, he can’t reveal the secret since he deems it trivial.
Further, as with radio broadcast, this could be one of several conversations shared with the messenger. The messenger would not be aware of which conversation was even significant. Yet they might thing their boss is awfully chatty!
Bob T • October 14, 2011 11:30 AM
The text does not say that it depended on P’s ability to forget. It says on his inability to remember. You can’t remember something that you don’t know. It says the solution was simple, not some complex process of someone knowing something and then forgetting.
Nor is there any reason to assume that is wasn’t a two part operation. I’m pretty sure this wasn’t the first contact of M by British Intelligence.
Bob T • October 14, 2011 11:34 AM
Furthermore, you would have the third party tell M where to meet the person from signals to receive their ID check in the first place.
Kevin Wood • October 14, 2011 11:40 AM
Bob T… read it again.
“Nick reminded me that as Head of Signals that he was my zone commander, and asked if I’d kindly tell him the secret of P’s ability to forget the security checks which he had to pass on”.
Ed • October 14, 2011 11:44 AM
It could be something that was shocking or surprising so that the event and details of it would be remembered, but was never told he’d have to recall those events. Not knowing that there were some specific details that would be later used, he didn’t know it’s significance and therefore couldn’t disclose it until asked about it the right way. Yes he could tell a story about what he saw, but he wouldn’t include all of the significant elements.
tye • October 14, 2011 11:49 AM
Pandarus’s scent could be used as the identity check, Menalaus would know the scent for validation. If Pandarus dies, the scent would be lost for good.
Bob T • October 14, 2011 11:53 AM
In the original letter, Nick said in italics, “if caught later by the enemy, he would be unable to remember it.” But yes, Kevin, Nick asked him to tell him “secret of P’s ability to forget.” What it doesn’t say is what Nick’s response was. I think Nick’s answer would be that P never knew.
Brett O • October 14, 2011 11:54 AM
I think that Ben and ~thc are probably closest to solving. skip the chatter about radioisotopes and eyelid tatoos. The context is WW2 resistance underground, not Starship Enterprise. I am still considering all the photo-based solutions. However, photos werent transmitted over radio from occupied France . The rosary solution is also compelling. It would be a physical corolary to the underground broadcasts of “The farmer is going to harvest his cabbage on Halloween” meaning the underground attacks the Nazis on the full moon. That was the method used when codebooks couldnt be used. Has anyone asked Tony Snow to comment?
Bob T • October 14, 2011 11:57 AM
Actually the author is giving Nick his answer, but anyway…
tm • October 14, 2011 11:57 AM
You could use a pattern on a keyboard or such. I can’t remember the first 7 keys left to right in the middle row (asdfghj) but easy enough to tell you what they are.
Fred • October 14, 2011 12:02 PM
“What is my favorite color”?
Trichinosis USA • October 14, 2011 12:19 PM
People are so dependent on “stuff”. Pictures, music, blah blah blah. No, guys, it’s a lot more simple than that. No physical record of anything to remember.
A series of hand signals. 🙂 Oldest trick in the book. The sender didn’t know sign language, the recipient did. Or perhaps something as simple as the recipient was looking for a particular hand signal that the sender wasn’t aware of.
Note a huge gap in widespread interest in (American) sign language between the 1880s and the 1950s, when interest was revived again at a college near Washington DC.
http://f99.middlebury.edu/RU232A/STUDENTS/elefther/history.htm
http://www.gallaudet.edu/About_Gallaudet/History_of_the_University.html
But an alphabet for the deaf was not necessarily the way this was done. If I recall correctly, British thieves had a nonverbal “cant” that incorporated hand signs, too. And of course, let us also not forget the Freemasons.
Roflo • October 14, 2011 12:35 PM
After reading the above comments, I’m convinced the answer is a negated one. Such as: “Which of the following symbols do you NOT recognize”.
For P to reveal something if caught, he’d have to list all the symbols he DOES know; making it impractical. Plus, he might forget some.
P can’t say which ones he doesn’t know, becasue.. well.. he simply doesn’t know them.
Slava Belkov • October 14, 2011 12:44 PM
How about PANDARUS being color-blind? And showing MANELAUS some color he does not distinguish to be transmitted over the radio? Conforms to low-repeatability. Pretty simple, but won’t utter ‘Jesus’ from me.
I like idea of ‘here and now’ password given by eggbert (Radio Colone). There is no hint on how the correct validation would be transmitted to HQ.
PS: Craig Trader‘s comment is the best
Baz • October 14, 2011 12:47 PM
I was thinking, a password you can give but cant reveal is one you dont know you’ve been given. The password needs to be memorable though.
Introduce the agent to a very pretty girl (the boss’ daughter, a canteen waitress, etc), who makes a pass at the agent, lying about her name, which is the fact he ‘knows’ that no-one else could, but he doesnt know its value.
Dave • October 14, 2011 12:52 PM
I’ve read all the comments previous to this one and here are the key points I get from this story, and I admit the details were confusing to me at first. Thanks to those who have helped to clarify.
The process:
1. Signals briefs Pandarus (the handler), gives him the identity check he will later give to Manelaus (the agent in the field).
2. Manelaus gets this check from Pandarus in non-written form, and uses it in future radio messages as a unique identifier in communications to Signals.
Notes:
1. Under torture or examination, Pandarus must be incapable of divulging the check, voluntarily or otherwise.
2. Pandarus also could not divulge information about the ID check that would allow it to be easily reconstructed. This means it can’t be something easily discoverable that he just doesn’t happen to know, like the definition of a foreign word.
3. The check has to be subtle enough that simple examination of the radio messages from Manelaus won’t reveal it easily, but obvious enough that Signals will recognize its presence.
4. Pandarus must be truly unaware of the check itself. Therefore, he must at most be aware of a message that Manelaus will interpret in a way that neither Pandarus or the Nazis know.
5. Something about the technique is tailored to Pandarus, but Signals believes it can be adapted to other handlers somehow.
So:
Signals gives information A to Pandarus.
Pandarus relays A to Manelaus in some way he may or may not be aware of.
As a result, Manelaus receives information B that he uses in future radio messages.
So either Pandarus is unaware of A and passes it literally, or is unaware of the transformation to B, and the Nazis wouldn’t know it either.
Like Slava Belkov, I thought of colorblindness too, like Signals gives Pandarus a tie to wear once and he can’t tell what color it is, but Manelaus can.
Slava Belkov • October 14, 2011 1:04 PM
Dave: thanks for support. But colorblindness is quite repeatable, while author thinks it’s one-time game.
I’ve thought Signals just instructed Pandarus to create a check, but did not transmit the check itself.
rodmar • October 14, 2011 1:47 PM
So P recruits M in the field and gives M the code that he should use to prove is identity to P.
Someone else tells M how he could identify P without P knowing about it.
So in reality what happens is that P without knowing identifies himself to M, and not the other way around.
So if P is captured even if he discloses the code, the code is useless because in reality its M that identifies P, and its M who in reality can tell who is on the other side of the line.
M is the field agent and is the real asset to protect. If P is captured then they only need to find another P’ and repeat the process.
This way M is always protected.
Bottom line; its not P that identifies M, its M that identifies without P realizing it.
rodmar • October 14, 2011 1:49 PM
In the end what P knows its useless
Playing with the hypnotism idea:
– Person doing identity check is hypnotized, and compelled to quip a phrase Y when he hears phrase X. He is then to forget that he heard X. Under hyponsis he forgets that he ever knew X or Y.
– Person doing the identity check is then told that his key phase is Y. Anyone who can tell him Y is identified as the correct person
– Person whose identity is in question is tought that those who must identify him have been primed with phrase X. Anyone questioning his identity is given the phrase X, will spout Y, then he tells them Y right back at them.
Knowing X is tantamount to identifying the person to anyone. However, only the controller and field agent know X. Everyone else has forgotten it. Everyone identifying the agent knows their own particular Y, but that doesn’t identify the person.
parker • October 14, 2011 3:18 PM
Assumption: P has yet to identify M.
P doing the identity check doesn’t know himself yet how he is going to identify M. M would produce the recorded conversation that P had with Signals to then validate M’s identity.
Shadowfirebird • October 14, 2011 3:19 PM
I think the “Jesus” plus the “find a way to vary it” suggests that its something workable but really dumb.
Example: The first time my wife met a friend of mine, she turned to me and said — to his confusion — “you were right about him”.
I’d previously told her that the first thing he would say to her would be to offer to take her to bed.
jchimene • October 14, 2011 3:48 PM
Given:
(1) The identity check must be memorable for an indeterminate length of time;
(2) Forgotten as soon as it’s transmitted;
(3) “He was the first agent to use it, but unless I could find a way to vary it, was likely to be the last.”
(4) “… and wrote a UFA…”
Here’s a hint: George Carlin’s famous monologue about seven words you can never say on television.
Quick (or take your time, it doesn’t matter) curse a blue streak for N minutes, then remember the sequence, emphasis and content of your curse
Rob • October 14, 2011 3:59 PM
I think it has to be around the idea that Pandarus knows the question, but not the answer; and that the answer can only come from Manelaus and is easily verified. Things such as “tell me something about the day we met”. P knows about the day, can cannot predict what M will say. (This assumes that P will always be the one verifying M.)
Mike • October 14, 2011 4:01 PM
BGA’s answer makes the most sense by far. P has to know he’s carrying a message, and know how to tell M where the message is, all without P knowing the message. Usually that’s done with a sealed document, but this would work too.
Rob • October 14, 2011 4:01 PM
Edit: BUT cannot predict what M will say
jchimene • October 14, 2011 4:30 PM
@Rob: In all cases like that, won’t P will remember the answer?
@Mike: There’s nothing in writing. See the original document. I suppose you could interpret a tattoo as /passing/ nothing in writing. And, there is precedent for your theory in Pynchon’s “Gravity’s Rainbow” in which Pirate Prentice has messages tattooed on his upper lip.
Pandarus knows the identification token, in a general sense. The token comes from his vocabulary, but he doesn’t know the exact sequence, as it’s made up on the spot, and immediately forgotten. The original document is quite clear that P. knows the token. The twist is that not only does he know the token, but that he cannot remember it. Note that the author does not say: “forgets it”. He quite clearly says “… unable to remember it.” Those are two different, though seemingly related issues. One does not (usually) forget one’s vocabulary. However, it’s quite like that one will not remember a specific sentence.
If P. draws on his ample, bawdy vocabulary, he’ll be able to identify himself, repudiate the identification to an antagonist, and is in possession of a repeatable technique. He’ll won’t remember the exact sentence. He will remember the words that formed that sentence.
If a stranger walks up to you, starts cursing a blue streak for an extended duration, and you’re expecting it, that’s a strong form of identification. I’m going for somewhere in ’41, when the British were in starting in Greece.
Consider the quote: “Pandarus, who’d blasphemed so frequently I was convinced he was devout…”
And the footnote: “Has nothing changed in fifty years except Britain’s prestige?”
Serious Listening Cat • October 14, 2011 4:35 PM
Here’s my idea:
P receives a photo album, and HQ knows that N of these photos are known to M (relatives, classmates, etc.), and the rest are NOT known to M.
P tells M to go over the album, destroy it, and use N as the validation code (P doesn’t know it). Maybe transform N (some lookup in the bible or today’s sports section).
Maybe this method can’t be used again (or at least too many times) because N is bound to be small and if the Nazis know the method, they can guess N randomly and impersonate as SOME of the agents (they won’t know which, but a success rate of 5-10% is something you can work with).
They can also intercept photo albums (at customs check) and add a few photos of French celebs to them. This may increase N and ruin the credibility of an agent, and if it’s a benign photo album – the only damage would be some raised civilian eyebrows. Nobody would dare complain to the Nazis about it 🙂
This doesn’t explain Jesus, but maybe it’s a red herring: As Steven M. Bellovin said, maybe Marks was not allowed to disclose the method, and the Jesus anecdote is what’s left of the story after the deletion.
Chance • October 14, 2011 4:42 PM
I’m curious if it isn’t something to do with our thought processes, like a broken analogy test. For a (bad) example:
dog is to airplane as cat is to:
a) car
b) bird
Depending on how you think, either of the two answers are the correct. However, I tend to always chose a similar “theme”. For example: in the above I would choose “bird” because cat doesn’t fly, but bird’s do. Whereas my daughter always chooses car since it is biological vs mechanical.
I can give her an analogy and, knowing how she thinks, I can choose any number of items on the list knowing which one she would select from any set of analogies.
But it does require knowledge of the person’s general mentality.
parker • October 14, 2011 5:16 PM
P used 1or a sequence of curse words as the token, and M would respond with the sequence to check his identity. P wouldn’t remember it because he uses so many curse words all the time that he wouldn’t be able to keep track afterwards.
Gaston • October 14, 2011 5:32 PM
Some sort of hash. For example, Pandarus might be given a song to sing. Manelaus performs an operation on the song, such as determining the page in the hymnal it is located in, or the number of verses. Pandarus has the challenge plaintext source but does NOT know the correct algorithm. Manelaus knows the algorithm and except as an identity challenge does not even need to know the type of plaintext.
Pandarus could be dispatched without even knowing what music to use as a challenge and is then only provided it on an as necessary basis.
Chikokuma • October 14, 2011 8:37 PM
How about this: Pandarus was briefed by signals (== signals department) to commit suicide after telling Manelaus the identity check. Simple. Effective. 😉
jammit • October 14, 2011 9:55 PM
This probably means nothing, but he did look at the ceiling.
Dequeue • October 14, 2011 10:10 PM
“…without anything passing in writing”: In my opinion, this means it was passed orally.
My answer is that Pandarus was given a paragraph of text written on paper, phonetically, that he reads aloud to Manelaus. The paragraph of text is in a foreign language that Pandarus does not speak, but which Manelaus understands. Since it is written phonetically on paper, Pandarus can say all of the sounds, but Pandarus won’t know what he is saying. Manelaus will know what Pandarus is saying. The paper is not passed on, but destroyed after being read aloud. Hence, nothing in writing is passed.
Let’s assume that the text is several paragraphs long (not all of it is necessarily relevant to the identity check). Not knowing the language and not knowing what he is saying, but saying a lot of it, Pandarus will not be able to recall the very long jumble of nonsensical sounds that he spoke to Manelaus.
Pandarus is the first, and likely the last, agent to use this scheme. This, to me, implies that Pandarus is the special part that is difficult to vary, not something about the scheme.
The difficulty in varying is that it requires a language known to the recipient and a delivery person who does not speak that language.
Some more guesses:
The statement that the same system will be used with the Zone Commanders suggests that Pandarus will deliver the identity checks to the Zone Commanders using the same method that he used to deliver the identity check to Manelaus. Presumably all of the Zone Commanders speak English. This implies that Pandarus does not speak English, and that the whole difficulty in varying this scheme is that Pandarus was a special agent (pun intended) because he was the only agent who did not know how to speak English.
Nick was “Astonished by its simplicity” when told the explanation of “Pandarus just told Manelaus the identity check in English.”
Okian Warrior • October 14, 2011 10:54 PM
Pandarus has 100 transparencies with letters at seemingly random positions.
Menelaus chooses 5 of these and lays them one atop the other. The letters form a complete page of text with no misspellings, taking overlaid letters as spaces (ie – two or more letters on top of each other is taken to be a space). Then all the transparencies are collected and shuffled.
Pandarus would be unable to remember which transparencies were chosen, and if the text is long and tedious he would be unable to remember the complete text.
Menelaus would have to memorize the unique patterns from 5 of the sheets, but if the characters are sufficiently random remembering the 1st 10 characters of each sheet would suffice.
It’s not simple, but does it satisfy the conditions?
Terry • October 14, 2011 10:56 PM
It was a spelling or grammatical or purposeful translation error.
Pandarus presumably conveyed the check message verbally.
Manelaus heard the message and would transcribe in to any coded messages as he heard it.
Either Manelaus was known to always spell a given word or phrase badly or his native language had a similar sounding phrase that he naturally used instead of the english word dictated to him.
Pityful example:
Pandarus says ‘Instructions are to send “phrase” in every message.’
In context Manelaus, a frenchman, might have been known to be inclined to use the french word “frais” (same sound, different spelling and meaning)
or
Manelaus, based on some specific mission objective, would send the word “Costs” (frais in english means costs) in every transmission.
A virtually non-repeatable trick because it is highly dependent on a personality traits of the specific individual agent receiving the message. The agent conveying the message would have no idea that the code was simple substitute. Pandarus does not actually “forget” the message because really, he doesn’t really know it in the first place (the way Manelaus does).
I’m sure you know someone who always uses affect versus effect or always spells “they’re” as “there” or always types (or morse code’s) potato as potatoe.
The uniqueness of the trick is to find such a trait and to convey a message that will cause them to trigger on that fault as needed.
Added bonus: If captured either agent would likely repeat the word sounding like “phrase”, which would likely be interpreted as “phrase” – especially since it came from an english HQ.
Given the WWII context it is likely the agents were of different language and/or cultural background. French, German or Russian. I’m sure some word trickery could be found for a particular agent that would provide different meanings in “speak versus hear” or “say versus spell” criteria.
— and if that is overly complicated….
M is told before the mission that any Check phrase he is provided is to be shifted 1 letter (or some other conversion). P arrives and says your Check phrase is “Bats”. M sends “Cats” and is verified as good. But this doesn’t meet the hard to repeat condition.
Supe • October 15, 2011 4:39 AM
It is a picture tattooed to some body part which Pandarus cannot easily see. For example bottom of foot. Manelaus will chomp this body part of when recognizing Pandarus.
1) This is why Pandarus “blasphemed so frequently”.
2) Cannot be varied easily.
3) It is not writing per se. That’s why picture.
4) Manelaus could be doctor, knows how to amputate.
5) Missing leg wouldn’t caught anyones notice during WW2.
6) Picture is in bottom of foot because you can keep it pretty much always covered and do not see accidentally, so Pandarus doesn’t actually know what the picture is.
Jurgen • October 15, 2011 5:12 AM
Concluding from the number of comments, it must have something to do with the Funniest Joke in the World http://en.wikipedia.org/wiki/The_Funniest_Joke_in_the_World
anonymous • October 15, 2011 9:03 AM
As many suggest things that fail replication are in photos and music for most of us. A dozen similar songs but only one would fit and unless you have a background in music, you can’t reconstruct or describe it well enough to replicate.
Constant exposure to photos or music does increase the odds of reproduction and recall.
ConfusedInMenlo • October 15, 2011 11:53 AM
The “Crying Game” comes to mind
as does a Nun lifting her habit.
Filksinger • October 15, 2011 3:44 PM
Most of these possibilities fail one or more tests. However, I noticed some things that were either misunderstood, or are sufficiently unclear in the above debate that I thought I would mention them:
The book said that P would be unable to recall the check. Some people above say that the book said he would “forget” it, but this is incorrect. Only Nick, who did not know the secret, referred to the secret as forgetting the identifier. It is not necessary that Pandarus forget, only that he be unable to remember, and Nick interpreted this, possibly incorrectly, as forgetting.
The identification signal is not “passed in writing”. This makes it unlikely that it was written down at some point in the field, but not completely out of the question. However, it makes it unlikely that it was written down in some way and then shown to M, as this would be “passing in writing” in my book.
We are told it is unlikely that anybody else will use this method. This eliminates easily replicated methods, which most of the above are.
If it were not for the fact that it is not easily replicable, it could be done like this: a list of twenty women’s names followed each by a word, and M is told to pick the word following his mother’s name. Fits all the criteria, except that this is easily duplicated.
Another such option is by Morse Code. P, who doesn’t know Morse Code, flashes a series of lights at M from a list, then destroys the list when M repeats them back to him. M, who knows Morse, finds this easy to do and remember. P forgets all the details once they are done and his list is destroyed.
Again, P would forget but M would remember, but it is too easily duplicated to fit the criteria. It does, however, have one advantage: it fits that this is a signals code, as M is a radio operator and thus would know Morse.
@Trichnosis USA
I think you have it. I believe Manelaus was deaf, and a rare user of American Sign Language. Pandarus was given a piece of paper with a series of signs on it which, after he showed the signs to Manelaus by hand, he then destroyed. Manelaus was dealing with signals because he could communicate entirely by Morse code over the radio, which does not require hearing, and which signals of course understands perfectly.
CleverIdeaGuy • October 15, 2011 6:18 PM
Its a reference to use a zero knowledge proof.
Example rough draft
Person A enters a house. He will know the key when he sees it. He sets up a light, Illuminates a door, the door he nails shut from the other side. in a closet he puts a book open to a select page highlighted with verse and paragraph outlined. And on the last door he sets a pigeon to escape the house when the door is opened.
He leaves
Another trusted person arrives with the principle who is instructed to enter and move through the house looking to remember the obvious. His instructions are to leave the house on the other side within 5 minutes and not to return. the Trusted person burns the house 15 minutes after the principal enters it.
When in the house the principal to proceed needs to kick in the secured door, read the outlined passage which happens to be highly relevant to a childhood experience related how grandma escaped from …., and then dove escapes in front of the principal on his way out.
When he meets his secret contact, neither of which know each other, the identity check will be someone who says “kicking the door to grandmas house will set you free to fly away.”
Ian Mason • October 15, 2011 6:24 PM
@Filksinger: “was deaf, and a rare user of American Sign Language”
Exceedingly rare, as this was a European agent being run by the British SOE. I fear you might be being just a tiny bit parochial here.
@Everybody
There seems to be some confusion here about what the “identity check” being described is. Not surprising, as the context is missing from the example but is present in Marks’s book.
An identity check (also know as a security check) was some unique word or phrase that field agents were given to use in their radio reports to London to confirm that the signal was from them. These signals were encrypted; the identity check was included in the message before coding, so that the enemy wouldn’t glean the identity check from simple interception. They were also given a different identity check to use under duress.
A message received by London with a duress check, or simply missing an identity check was to be taken as evidence of enemy capture.
One idiot, running agents in Holland, ignored the absence of security checks in messages from the field and went so far as to send a signal to the field reminding the agents (who had been captured) to use their security checks. Subsequent messages from the field had security checks and this was taken as evidence that all was well. The entire Dutch network was subsequently rolled up by the Nazis. No doubt he went on to father a generation of civil servants and lawyers.
Okian Warrior • October 15, 2011 7:54 PM
Pandarus is mentally challenged.
Menelaus shows Pandarus something that Pandarus can’t do, but which he can easily recognize. For instance, folding an Origami crane or tying a decorative knot.
Pandarus would recognize the form and know that it is the right knot or Origami form, but wouldn’t be able to recall how to make it.
Being mentally challenged, he also wouldn’t be able to vividly describe it.
The term “Jesus” is uttered when Nick is told that Pandarus is retarded. Pandarus is likely the only one who can use this trick.
Yatwong • October 15, 2011 8:27 PM
as Ian Mason mentioned, the check is a code included in the message sent back to London, so things like tattoo, photo… seems unlikely.
My guess is it involve something very trival in words,for example Menelaus was shown send messages start with “My Dear Commander” (send code messages in front of him many times but not telling him the importance of it), when Menelaus send his own messages, he will simply copy what Pandarus did and use the same manner as if it is a standard way of reporting.
Frances • October 15, 2011 9:58 PM
Very entertaining, gentlemen. After you have finished speculating, do read the book. It is very readable and Marks had a sly and rather deprecating sense of humour which I’m sure you will enjoy.
sahlberg • October 16, 2011 3:59 AM
P brings a 30 year old photo of a person M knew
from his childhood and the instruction “the check is the name of this person”.
P does not know know the name of the person on the photo, and can neither remember or forget the password/name. If captured with or without the photo P knows nothing more than “the check is the name of the person on this 30 year old photo”.
If captured, P can not remember the check since he never knew it.
Gabriel • October 16, 2011 9:30 AM
Perhaps this is based on something Pandarus was known to a few to recite incorrectly? For example, since a religious orientation has been discussed, perhaps he is supposed to recite a certain line of the Apostle’s Creed or Biblical scripture that he would always get wrong. But only signals and the zone commander know what he does incorrectly. So if captured by the enemy, Pandarus would correctly inform them under duress that he was supposed to recite a passage from something, but the enemy would not realize that the identity check was the error that Pandarus would make. Instead, they would recite the correct version of the passage, informing his handlers that Pandarus had been captured. To make this even harder by the enemy to detect, the error could have been a trivial, but habitual one, such as using the wrong article or pronoun. Thus, if Pandarus were to recite the passage for the enemy, they would probably overlook the tiny error. This would be difficult to apply for other agents, because you would have to observe them for a time. Perhaps even instruct them on something they don’t know incorrectly, by inserting such subtle errors when you train them.
Mbourgon • October 16, 2011 10:24 AM
Maybe he has a speech impediment? Something he is, something that won’t be noted, something he can’t remember.
Michael J • October 16, 2011 8:12 PM
I would suggest that they had two bank notes with consecutive serial numbers, one note each.
After identification, discard or destroy the note and you will not be able to recall the serial number.
Doug Hudson • October 17, 2011 7:07 AM
Knowing the writing style of Leo Marks, I wonder if it is something as simple as this:
1. Signals gave Pandarus a rubber capsule to swallow containing the identity check for Manelaus
2. Pandarus “passes” this for Manelaus when they meet
This passes the criterion of being unrecallable, from Pandarus’ perspective. Unfortunately, it does not pass the criterion of being difficult to vary.
Doug Hudson • October 17, 2011 7:11 AM
Alternatively, there could be a clue in the codenames. They are both characters in Shakespeare’s Troilus and Cressida. Pandarus is portrayed as an aged degenerate and coward, who ends the play by telling the audience he will bequeath them his “diseases”.
Consequently I wonder if the identity check is passed biologically in some way?
Michael • October 17, 2011 8:58 AM
A lot of people are breaking some of the rules. HQ doesn’t know who M is, so they can’t separately send him anything. Further, they can’t base the check off of anything they know M knows because they don’t know M.
P is a British agent tasked with giving information to field agents. Odds are he’s not mentally handicapped, deaf, or the guy from Memento.
And presumably, if P were caught before the handoff to M, he still shouldn’t be able to remember it. Thus “written instructions for passing a signal that he doesn’t recognize” won’t work because he could still give up the instructions.
CuRooster • October 17, 2011 9:04 AM
It’s obvious. It is his aniversarry. 🙂
Greg • October 17, 2011 10:35 AM
Small clarification: Though mentioned in this snippet, “UFA” is completely unrelated to the question at hand. Marks pushed to issue agent original poems for use with codes (see poem code), as opposed to published poems which the Germans might identify when trying to decrypt traffic. He kept a box of original compositions for use, and some were not usable for various reasons, and were marked “Unsuitable For Agents”. Often, following a stressful or significant work encounter, Marks would write a poem related to it, which of course would be unsuitable for agents as it often touched on internal politics of SOE itself.
Jason • October 17, 2011 12:54 PM
I think several of the folks were on the right track, but perhaps overly specific.
All that is required is that the authenticator can recall an act that they cannot themselves recreate, “I don’t know art, but I know what I like” style.
It could be that P is awful with accents or foreign languages. M could repeat a phrase in Swahili that P knows by ear but cannot utter. Or maybe P can’t carry a tune in a bucket, or do Sign (as someone else mentioned).
To vary it you’d have to find authenticators with this rare, shall we say, disability.
Some random guy • October 17, 2011 1:47 PM
My guess is that it was a behavior/quirk that P used in conversation/reporting, but would not remember himself doing. For instance, looking at the ceiling, rubbing his nose, scratching his ear, etc.
If it were over the radio, he may have used abbreviations, or misspelled particular words. It’s not something he would even necessarily be aware of so he couldn’t recall himself doing it, even though he did the behavior constantly.
Random Pundit • October 17, 2011 3:35 PM
OK here’s my stab at it…
What if P have just memorized the security check phrase backwards?
P would be given the phrase verbally to memorize ( which he did not ever write down so as to prevent himself from mentally reversing it )
M would write it down as it was spoekn to him and reverse it for later use.
Since it was jibberish, P would be able to recall it only until he delivered it to M and then it would fade from his memory quickly.
It was either that or pig Latin. 😛
-ac- • October 17, 2011 5:33 PM
Made me think of autotuning the news. And bruises.
But cyanide seems to be the answer.
Jonathan • October 17, 2011 5:34 PM
@Ian
“An identity check (also know as a security check) was some unique word or phrase that field agents were given to use in their radio reports to London to confirm that the signal was from them.”
Good security checks were subtle so there’d be some hope that they’d evade detection if a captured agent’s sent messages could be decoded and analyzed. And since the security check was present in every legitimate message they sent, to prove it wasn’t forged or they weren’t captured and forced to send false information, obvious unique phrases would be hard to miss; hopefully most agents’ security checks were better than that. (although Mark’s had a poor opinion of them; so maybe they weren’t).
A subtler check could something be certain words consistently misspelled, or a fixed pattern in the message (fourth word always starts with the letter ‘r’, etc)
I want to emphasis something you implied, which is that for a signal check to work it must to be known by both the agent and Signals back in London.
So all the interesting ideas posters had about improvising one based on something P spontaneously said in M’s presence wouldn’t work because Signals would be ignorant of what was said.
The ideal aim of this method would be that Signals (S) and M would know the check, but that P would be unable to give the Gestapo the information needed to forge M’s security check – even if P was apprehended before meeting with M. It would probably be acceptable if P was only unable to reproduce it later if P could send a message with P’s security check (evidence P wasn’t captured at that time) after M first made contact with a message using M’s security check.
The hard bit is that (IIRC) all of Signals’ information about M came through P. So they have no separate channel or special knowledge to use to send or construct a security check that P could pass to M without P being able to remember it. Hypothetically, if P told them M’s sister’s name, or M’s date of birth that could be used as the basis of a security check mechanism. But P would be likely to remember both the method he told M and M’s sister’s name/date of birth; which defeats the purpose.
So this needs to be something easy for P to pass on, that both S and M will know, that P is unable to remember, and that can be used to subtlety but repeatedly modify messages being encoded and sent via morse code.
Fridz • October 17, 2011 8:39 PM
Two easy steps:
Step 1: P has a one-time-use assignment code known to S for assigning authentication ID to M.
Step 2: P gives M the one-time-assignment code and tells him to pick his own code and send it, along with the assignment code to S without revealing it to P.
“Jesus!”
Bill • October 17, 2011 11:54 PM
Step 1: Agent 1 tells Agent 2 25 miles North.
Step 2: Agent 2 goes exactly 25 miles from a predetermined point not known to Agent 1
Step 3.Agent 2 makes a measurement specific to that location that is known by whomever Agent 1 is acting on behalf of. (The exact value of the force of gravitation at that point, signal strength of a known radio signal, the number of white cobblestones on a short path, the color of the nearest wall ect)
This code will now be known by both Agent 2 and his audience, but not Agent 1.
Homer • October 18, 2011 1:37 PM
Perhaps the names offer clues. In The Iliad, Book IV, Pandarus shoots an arrow at Menelaus. The arrow is deflected by Athena, and strikes Menelaus in the abdomen, inflicting a non-fatal wound.
The “way to vary it” may imply finding a method that doesn’t risk more serious injury, rather than implying anything unique about the two participants.
This same passage was posted in a blog 6 years ago, but not solved then either:
http://callosum.blogspot.com/2005/04/unforgettable-and-unrecallable.html
Dave Oldcorn • October 18, 2011 2:53 PM
I think the posters who point out the notes on Jesus and blasphemy may be on the tail of the truth. Marks was an expert crossword-setter (in the English cryptic style, heavy on anagrams and lateral thinking rather than facts) and it seems to me as though hiding a clue in the text would be his kind of thing.
Not that I have any significant idea what it might be, although I think most of the guesses on this page misunderstand the rules.
Incidentally, anyone who reads this site who has not read Between Silk And Cyanide should go order it from bookshop of choice right now, and expect to be awake at 4am finishing it off if they make the mistake of starting it too late in a day. It is an astonishingly brilliant book.
Bill • October 19, 2011 2:36 AM
I think I have it. Sometimes you can only remember things done while drunk, when drunk. The phenomenon is call State-dependent memory.
Obviously some are more prone to this than others. One whom is very prone to this could be put in an altered state through hypnosis or an unknown mind altering drug and then taught the check. The person they are meeting could then give the same drug or hypnotic command to perform the check. After the effects wore off, the person may have no idea what the trigger is and is therefore unable to recall the event even under torture.
Britpop • October 19, 2011 4:15 AM
@Terry [October 14, 2011 10:56 PM]:
“M is told before the mission that any Check phrase he is provided is to be shifted 1 letter (or some other conversion). P arrives and says your Check phrase is “Bats”. M sends “Cats” and is verified as good. But this doesn’t meet the hard to repeat condition.”
M can’t be told anything “before the mission“. P recruits M in the field. If HQ could communicate directly and securely with M, then HQ wouldn’t need P to pass an identity check to M.
HQ uses P (and P alone) to pass an identity check to M, in such a way that P cannot reveal the identity check to anyone other than M.
Natanael L • October 19, 2011 9:07 AM
So HQ want to communicate with a (semi-)random stranger (M) through a proxy (P) with no end-to-end encryption on the way there (only intermediate (HQP and PM)), make sure P the proxy won’t remember what it is, and yet it must be easy, and it must be sent “in one batch” (P gets all instructions at once)?
Hmmm…. That’s not exactly an easy problem to solve.
I’d guess they’re using some “repetetive” cipher on a long string.
Example: M is given a method to calculate something using an algorithm and a long secret number. He gets a number that is the first “token” for M to use. He uses the easy algorithm on the temporary token number and his secret number to generate the identifier.
There’s a thousand ways to make such easy algorithms, they just have to be very repetetive (do X 58 times on the Y numbers on position Z, then shift one step right, repeat) to not be easily breakable.
P would forget the long numbers quickly.
Also, are we assuming M can use a computer or similiar device? Does HQ know anything about M in advance? What does M knows about HQ (he could know something P don’t, thus P can’t recall it)?
Bill Clay • October 19, 2011 3:50 PM
A take on Milan’s answer:
“Which of these voices is your son/daughter”?
Britpop • October 20, 2011 3:17 AM
An identity check permits a claimed identity (“M”) to be authenticated by HQ via some shared secret.
An alternative technique would be for P to forget M, rather than the shared secret, so that under duress, P might give up the shared secret, but not link it to any identity.
However, since P recruits M, and at some point must give the check to M, it’s hard to see how P can subsequently not know M.
Britpop • October 20, 2011 3:20 AM
Even worse, the price of the book on Amazon.co.uk has increased by 10% since 18th October, presumably thanks to the interest generated here.
Scott • October 20, 2011 11:51 AM
If they’re checking in physical proximity, it could be as simple as writing something on the agent’s back, where he couldn’t see it.
Simon Bridge • October 21, 2011 1:54 AM
We want to send an ID check Q with P to give to M in such a way that P cannot disclose it if caught and questioned. How would we go about this?
Clearly the only way to be sure is if P does not know Q.
for eg. We could give P a sealed envelope containing Q, but if he is captured on his way to the meeting the envelope will be discovered – same with any other means of concealing Q on P’s person – for instance by some code that only M and we know.
A. We could choose a Q that M already knows – we know this from previous communication (how else could M have been recruited?) In this case, P’s job is actually to instruct M to use it but without knowing what it is … say, if it is the answer to a question. However, we have to pick something that the enemy, nor P, could figure out from the clue he carries. This would provide the problem of uniqueness so it looks good for the method actually used.
B. We could send P with a Q known to him. P instructs M to make up a secret ID check S of his own to use in the future. M combines S and Q in his next transmission in a specified way.
If P were captured after the first transmission, then he can tell all and the information is no good but it still could be used to impersonate M if P is captured before the handoff. The advantage here is that the information is much more time-sensitive … P can delay by lying, for example, about what Q signifies, long enough that we realize that he has been captured.
C. Of course, the only truly safe way is to make sure that P is dead. We send another agent to shadow P who does not know Q or M and with instructions to kill P if it looks like he’ll be captured. This fits simplicity but it does not need to be varied to be used by others… though, on hearing of this method, others may refuse ID-check missions.
A looks promising – we’d need to know a lot more about M and how he was recruited to know the exact method. Presumably he was not a complete stranger to everyone or what assurance that M is not an enemy agent? Perhaps he went to Eton with the Brigadier and therefore knows the nickname the lads gave to the bedder’s daughter?
B. also suggests, more generally, that the ID check changes after the handoff making information about it time sensitive. The method of the change needs to be something that P cannot anticipate – but leaves open the possibility that a bible could be used – say, the next transmission reveals which edition of the bible is being used and Q is picked from the bible on a formula involving the time of day or somesuch.
In fact, M can make it as complicated as he can tell us about it in his first verifiable transmission so P need not know the formula for the change. eg. a simple approach would be for the first Q to be a particular word in the bible, and M picks another word of his own, from the same page. The number of words between becomes the step to create the next Q. P cannot know the step – the enemy needs both P and the first transmission to work it out.
I can get even more devious than that.
Chris A • October 21, 2011 5:54 AM
This is so simple it hurts.
P thinks he’s been given a code to give to M.
M hears P blaspheme a lot and thinks this is actually his code.
S receives transmission from M identifying with blasphemy. S thinks “Yes, M has met P, identity confirmed”
Jon • October 21, 2011 5:30 PM
This may have been brought up before, but here’s a simple solution:
P is a dead ringer for someone M knows.
P does not know he’s got a doppelganger, and so can’t give up the name (or met him once, and has been tested to ensure he can’t recall the name).
Both signals and M know the name of the doppelganger. The check is simply P asking M “Do I remind you of someone? – Use that name as your check”.
M will respond affirmatively to P, identifying M to P, and gets the check without P ever knowing what it is.
Also, this explains P’s uniqueness, and the unlikelihood of finding another suitable match between agents and people they know.
Too simple? Have I missed something?
J.
Otterhai • October 22, 2011 8:34 PM
“If caught by the enemy, he will be unable to remember it.”
This conditional statement feels like a clue; that somehow being caught actually negates the identity check. Not that it still exists but that P. will not be able to remember it if he is caught. kind of like a change in state. being caught triggers the state of being unable to remember it.
hypnosis doesn’t feel right. cipher’s don’t either. its more like an IQ test.
i think.
netabuse • October 23, 2011 7:56 PM
Judging by the description, the secret was
1) Something P was aware would be given to him by S, or was aware was different from the usual system S uses (he cursed frequently, but “said he’d try the system out”)
2) Something P would be unable to recall
3) unwritten or immaterial, i.e.: an affectation or assumed fact that would stand out to S, in communiques from M
So this has to be something that would be unremarkable to P, but would identify M to S.
Since P is the only shared secret, one can only assume that some property of P was the secret. And this secret has to be conveyable as a word.
It would be easy to say that S lied about M to P, or lied about P to M, but the assumption is that P recruited M, so this is unlikely. (for example, P dresses up like a Priest, and M believes he is speaking to ‘Your Holiness’ or some such, or P is told that M’s name is ‘Aloysius’ when it is actually ‘Emilio’, both of which would be unlikely and remarkable)
I really can’t imagine what property of P was the secret, but there must be one, in affect, appearance, or action.
AJ Finch • October 24, 2011 11:00 AM
I don’t understand from the passage whose identity was being verified. But whoever it was:
Perhaps it was a behaviour of which he was not aware. For example, perhaps he always typed “teh” in stead of “the”. … But without realising it. I.e. If you asked him how to spell “the” he would always tell you T-H-E, but when sending you a message he would spell it “teh”?
GraspingAtStraws • November 3, 2011 10:29 AM
Okay, my own $0.02 and that’s about all it’s worth…
Perhaps there is a clue in the subscript:
- I have been advised that for security reasons I must forget how it worked! Has nothing changed in fifty years except Britain’s prestige?
Telling the agent to use something that P wouldn’t know about, M would recognize, that isn’t variable. Something that hasn’t changed in 50 years, perhaps?
Still no solution but wanted to put the idea on the brainstorming map.
Jasonw • November 4, 2011 12:25 AM
For someone not to be able to recall something of importance such as a challenge response, I would say the answer would have to be less important than the process it was created by.
For example, it the challenge was, “How’s James these days?” the response would be based on a letter or combination of letters in whatever name the challenger asks about. Thus a response could be, “He’s running around with Adam lately.”. That is, if you knew you would be asked a name and told to respond using a name that started with the 2nd letter of whatever name you were given.
Further, HQ and the field agent could change the letter/number or name/place for different challenges for different people, so it could be somewhat flexible.
I saw this idea recently as a technique used to identify members of a secret society ages ago. Pretty clever low tech.
dilbert • November 10, 2011 7:58 AM
I bought the book, read it, loved it!!! Great read detailing the coding efforts back during the war. I think anyone that reads this blog would enjoy the book.
WaitJustOneSec • December 6, 2011 6:44 PM
I am reading the book and there is something that people need clarified.
Agents did get briefed before going in to the field. There are several chapters in which Leo Marks himself has to “teach” these agents how to use their poem codes and security checks. Some of them where like instructions to “misspell every 6th word.”
The Holland traffic had three agents who either never followed the instruction or stopped following the instruction for their security check.
I’m not up to this particular passage yet (so maybe in this one particular case the agent was still in the field) but if you can be briefed before you are sent in to the field then it certainly could be a picture or set of pictures.
Either way… I’ll be up all night reading.
Jon Paine • January 11, 2012 7:52 AM
Pandarus was in the field recruiting agents who would have had no previous contact with SoE. Therefore for SoE to validate a new agent’s identity in a radio transmission all the new agents must be able to chose their own security and duress checks without Pandarus having to tell SoE what they were.
Since Pandarus was equipped with silk WOK’s and paper LOP’s (read the book), it seems trivial for him to give a line from the WoK or LOP to each agent and radio SOE “Menelaus has line 1, Priam has line 2 etc.
Therefore SOE can validate the identity of the agent if they use the correct string from the WoK.
Pandarus will be unable to memorise the identity check (a whole WoK was quite big with small printing) and once memorised by the agent will be burned.
If you haven;t read the book, do so. It is an awesome read.
Jon….
Dave • March 16, 2012 11:09 AM
If I understand correctly, this isn’t a check to validate PANDARUS to MANELAUS during their face to face meeting, it’s to verify that later radio traffic it truely from MANELAUS. This might be a little out there, but what if P really can’t remember the identity check?
Say signals tells P that M’s identity check is to use “Sally” in every transmission. But signals tells M that P will forget what the identity check is and say something while he’s trying to remember it. Use what he says in your transmissions as your identity check.
P then meets M and says “Your identity check is…Oh Jesus, give me a minute… Oh yeah, “Sally”.
P wouldn’t be able to give up M’s identity check because he thinks it’s “Sally”, if he can even remember that.
It’s really simple, nothing’s written, and it’s almost impossible to vary. How many agencies activly recruit agents with poor memories?
Vles • March 16, 2012 2:06 PM
I put my euro on the mirror effect. You tell the agent conducting the check how to behave, what background story to present and what to say which is a rough mirror of the person to be identified. The person to be identified will react strongly to this. It boils down to human psychology. If the person to be identified is a man and the person conducting a check a woman, he might just fall in love with her, especially if he is stressed, isolated. It evokes strong empathy. Tough cookie who sees through this…
:o)
Vles • March 16, 2012 2:20 PM
Then again some people like me continue to put their trust in aint Nicolas. Play with trust, play with empathy and love. 😛
Sumon • June 16, 2019 8:10 AM
Pandarus could
-deliberately send a known message in an indecipherable; and the variation from correct keys is the basis for the security checks. SOE know what the key, or word, should have been.
-Use a LOP to tell SOE an identifier of P’s own choosing
-Repeat something chosen by Pandarus in messages, which satisfies a requirement from SOE, ie misspell words of your own choice. The frequency, the position, etc, of misspelt words in message, or letters in words could the basis for the check. This requires repetition to confirm the check.
.
These approaches are secondary levels of code.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Milo • October 14, 2011 6:56 AM
The utterance of “Jesus” makes me think of an involuntary response that is somehow repeatable and more or less unique.
You and I probably respond differently when being pinched in the butt. If a third-party can note your response and check it later, it could give some measure of identity verification.
That’s the best I’ve got…