NSA Cracked the Kryptos Sculpture Years Before the CIA Did

We interrupt this blog for some important inter-agency rivalry.

The fourth part is still uncracked, though.

Older links.

Posted on July 26, 2013 at 1:19 PM • 16 Comments


ScottJuly 26, 2013 2:03 PM


Something about this comment makes me shudder.
NSA++ would probably have fixed that.

G van GrijnenJuly 26, 2013 3:42 PM

Somehow it's quite comforting that a sculptor can keep the brightest minds at work for 23 years.

And that there is still no solution for the fourth part of the riddle.

Or perhaps there is, but the NSA decided to keep it a secret.

Because that's another thing to note about the NSA.

That something as playful as solving a puzzle must be kept a secret, only to be mentioned in internal memos.

NobodySpecialJuly 26, 2013 4:03 PM

But the NSA was reading the sculptor's mail and listening-in on his calls

G van GrijnenJuly 26, 2013 4:23 PM

@Tracey Reed,

Could be.

But this case teaches us that the CIA seems to acknowledge that there is a lighter side to life, that you could actually enjoy it, and that solving puzzles could be harmless and not a threat to the nation.

I suspect this is not the case with the NSA.

boogJuly 26, 2013 5:46 PM

@G van Grijnen

Or perhaps there is, but the NSA decided to keep it a secret.
So that when somebody else finds a solution, the NSA can speak up and say "yeah well we totally did that already years before you"?

Paul RenaultJuly 27, 2013 8:49 AM

What if the sculptor pranked the CIA and the NSA by making the fourth part just random noise?


EphJuly 28, 2013 11:11 AM

Isn't it quite likely that the artist mistyped and made some error? Similar to encoded messages from some criminals, which were unencoded due to flaws.

G van GrijnenJuly 28, 2013 3:34 PM


Your associating artists with criminals is quite interesting.

But frankly, I couldn't say whether the artist made an error, or deliberately created some random noise to spite his client as one reader of this blog seems to suggest.

Or if this is true riddle that has been solved by the NSA.

In this case we will see proof in an internal memo leaked in 2023.

Or if this is a true riddle that hasn't been solved yet.

I don't know.

Wesley ParishJuly 28, 2013 10:13 PM

I had to laugh at the news that the Vigenere cipher was used for the first part. That just a randomized n+x substitution cipher. It's hard, but it's fun ... and it took the NSA and the CIA how long to work it out?

Now if Sanborn had used commercial code books for the plaintext of his last message then a Vigenere cipher, leaving clear plaintext for the name Berlin ... but are commercial code books even extant these days? (I have no objection to feeding the CIA and the NSA red herrings - they need to diet; on the other hand, it seems very likely that Sanborn has used Vigenere for the last message, because he's said NYPVTT is BERLIN, and TT=IN gives a hint to the depth of the Vigenere used, and the codeword used.)

Ian MellorJuly 29, 2013 3:25 AM

"These days the NSA is best known for its broad, indiscriminate spying on Americans and foreigners. "

Love it! The more it gets said, the more likely it is to change. Or become an expected norm.


Mike BJuly 29, 2013 7:06 AM

If I were a guy making a sculpture like this I'd encrypt the last segment with a one time pad. Sounds like something xkcd's Black Hat would do.

@NobodySpecial That's called thinking outside the box. Cryptanalysis shouldn't limit itself to only those techniques considered "sporting". It would also be the only way to deal with a one time pad.

@Ian Mellor If you call and e-mail history is already being sold to every marketer under the sun how do you have a reasonable expectation of privacy?

G van GrijnenJuly 29, 2013 3:27 PM

@Wesley Parish,

I can imagine your fun at the gigantic stupidity of the NSA and the CIA who were totally clueless about the Vigenere cipher.

Dirk PraetJuly 29, 2013 7:29 PM

@ Wesley Parish

If it's a simple Vigenere, they would have probably cracked it already. It would be horribly wrong to assume that all folks working at the NSA are utter imbeciles. I personally find it more likely that if the 4th part was cracked after 9/11 or was revealed to contain something deemed inappropriate, chances are that it's probably classified. Anyone tried a FOI request yet ?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..