glob September 1, 2014 10:16 AM

The underlying idea is not bad (they avoid the use of spaces in the messages and even use a rudimentary rotation system, which is, amusingly, not too dissimilar from the principle behind WW2’s Enigma). However, they’re limited by the fact that they must memorize it all (they can’t rely on mechanical means), so in the link above they only have two possible permutations (GZM and GZV). Very basic, but it did the trick for a while — the LEAs couldn’t crack it until they recovered someone’s crib sheet.

Kyle McDonald September 1, 2014 10:37 AM

Glob, this code looks even less robust than the one mentioned in the article you link to. The one Bruce links to has spaces, and focuses on non-latin characters, symbols, and punctuation. It looks like it might only be a substitution cipher, with some choices made for mnemonic purposes like “y” being flipped upside down, “@” being either “o” or “a”, etc.

Steinar H. Gunderson September 2, 2014 10:49 AM

It’s a simple substitution cipher, with the first three letters saying which of the alphabets to use (they seem to have two, numbered 1 and 2). See for the alphabets.

I am amazed that a) law enforcement actually found this hard to crack, and b) that if they really intercepted ciphertext messages they could not crack, they didn’t manage to stop them.

/* Steinar */

Thoth September 2, 2014 11:34 AM

Not surprising law enforcement rely on technology to help them make their breaks more often these days. The days of paper and pencil are behind. They don’t have a cryptographer amongst them anyways and I am pretty sure they did not bother to seek out experts or intelligence agency to do codebreaking.

Aaron Toponce September 2, 2014 2:15 PM

@Marco Tedaldi- Yes, there can be strong field ciphers without the aid of a computer. They are generally cumbersome and error-prone, but functional. There is the one-time pad, if used correctly, is 100% unbreakable, both in practice and in theory. But all rules absolutely must be adhered to. There is also hand ciphers using playing cards. Many have attempted this, including myself, after being inspired by Solitaire by Bruce himself. There may be new techniques currently unknown that are currently not broken.

Chris Abbott September 2, 2014 7:38 PM

Why don’t they just use smartphones and text using something like TextSecure and RedPhone? It seriously doesn’t make much sense to me.


AES and other modern ciphers are basically polyalphabetic substitution ciphers without something like CBC, so, nobody should ever use EBC. I don’t know why it’s still an option in OpenSSL.

Reply to Chris Abbot September 3, 2014 1:53 AM

Chris: “Why don’t they just use smartphones”

Read the article! 🙂

The system is a response to not being able to use phones, e.g. for gang members in prison.

RonK September 3, 2014 2:50 AM

@ Anura

Solitaire is “broken”, since its security goal was to be as secure as a modern computer-calculated cryptosystem: see URL

I put broken in quotes, since it makes no sense to use the same kind of security criteria for hand-calculated ciphers that one would use for hardware-calculated ciphers. For example, no one need worry about an attack on a hand-calculated cipher which requires even 2^20 examples of ciphertext.

I’ve also thought about inventing a more secure hand-calculated cipher. My first attempt was just too complicated to be close to practical.

Joe September 3, 2014 12:08 PM

Without a computer, you only need pencil and paper and knowledge of basic math functions. Next tool to pencil and paper is 3 dice; next is a calculator.

@ChrisAbbot : I know of RedPhone but that is Android only.
I have installed and use APG Android Privacy Guard.
I also have 2 copies of GnuPG program.


Anura September 3, 2014 12:53 PM


It’s not broken until someone has a viable attack against it. A bias of 4.4% instead of 3.8% is something to be concerned about, but it doesn’t necessarily translate into an attack.

Wesley Parish September 3, 2014 8:40 PM

The chief thing the gang are aiming at is time. And the one thing they’re hoping is that the police won’t do a complete search of visitors and confiscate any items they don’t understand.

All pen-and-paper ciphers are breakable: each advance in ciphers over the years has lasted until sufficient usage has been documented and patterns found. Once the patterns have been identified, the cipher is broken. That’s why one-time pads are so useful. If the pattern is changed in a sufficiently random manner, then finding patterns becomes more difficult, because the likelihood of messages being long enough to show a discernable pattern is reduced.

I’m surprised that no one in the police departments in El Salvador and the Honduras have dug out some of the old books on cryptography that Dover, for example, have published, and trained some of their staff in some of the simpler ciphers, such as the Vignere. It’s not rocket surgery or brain science, after all. 🙂

Buck September 3, 2014 10:30 PM

@Wesley Parish

It’s not rocket surgery or brain science, after all. 🙂

Now, I may be suffering through my own personal biases, but it seems as though, perhaps you yourself are also dealing with a case of the “curse of knowledge” 😉
Not sure what the cost is of training up basic crypto skills that can be used in the field (I’ll even concede the lost opportunity cost of learning vs. protecting)… But, I’d imagine, logistically it would probably make a lot more sense to contract out that work to third-party experts. Experts who are detached from the situations, and who may have no real emotional or other connections to the case at hand!
However, if Vignere (or a similarly simple) cipher does in fact have a large-scale resurgence in the criminal community, then, yes, it will probably become a good use of human resources…
Even then, think of the steganography! We’d have to train every beat officer every trick in the book to identify the potential secret messages of any target imaginable – which would certainly be a massive waste of personnel resources and plenty of lost time that could be spent on much more fruitful endeavours.

Joe September 4, 2014 4:49 PM

@Wesley-Parish : Exactly .

@all-interested–To all: Remember the FBI and DEA take courses from NSA at
the Crypto School. I am sure the FBI has a Cryptanalysis Suite Programs
to read pen paper ciphers.


Mike Amling September 4, 2014 5:58 PM

RC4 and VMPC can also be implemented with a deck or two of cards using modulo 52 or 54 or 104 or 108 arithmetic instead of modulo 256. I have no idea how their security would stack up to Solitaire.

RonK September 8, 2014 12:27 AM

@ Anura

A bias of 4.4% instead of 3.8% is something to be concerned about,
but it doesn’t necessarily translate into an attack.

As you probably know, there are many kinds of attacks. The bias immediately translates into a distinguishing attack (assuming the cleartext is natural language, and not itself random, of course).

A good workaround for this weakness would be to whiten the cleartext by using a real source of randomness: cleartext -> OTP followed by (cleartext ^ OTP). This halves the datarate of the overall algorithm, however.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.