A 1941 Paper-and-Pencil Cipher

Schneier's blog links to a photo of a 68-year-old code being employed in wartime, with a plausible explanation of what is going on in it. (The photo is from the Life Magazine archive we discussed when it went live.) "What you see here is a photo that never should have been allowed to be taken, and one which provides an amazing, one-of-a-kind glimpse into the world of WWII espionage and counter-espionage. As far as I can tell, what is shown in this picture is an FBI agent in New York encrypting a message, passed from 'DUNN'... through Sebold, prior to transmitting that message to Germany via shortwave radio. ... [T]his appears to be real cryptology at work."

Duh?

[east coast]

Why didn't he just use a computer for this? I swear, those people were so dense.

Re:Duh?

[bobdotorg]

Why didn't he just use a computer for this? I swear, those people were so dense.

They weren't dense, Windows DE (Depression Edition) kept crashing that day with repeated PCODs (Punch Cards of Death).

Though now that I think about it, I've come to the realization that every version of Windows is Windows DE.

Re:

[Anonymous Coward]

They weren't dense, Windows DE (Depression Edition) kept crashing that day with repeated PCODs (Punch Cards of Death).

And 60 years later, we realize that even in the future nothing works.

Re:Duh?

[corsec67]

Punch Cards of Death

Would that be a IBM Doily [wikipedia.org]?

Re:Duh?

[Sanat]

Back in the day of card punches in order to certify that a card punch was working properly a whole box (qty 2000) cards were fed, punched and read with only one error permitted. This was CDC equipment on the CDC 3100 and 3200 models.

If something was not quite adjusted properly usually a failure would occur much earlier in the cycle.

Sending out a new operating system was done with punch cards. A simple bootstrap program was keyed into the core and executed which would input from the card reader and a whole box of cards needed to be read without error.

The CDC card punch (can not remember the model number ... maybe 3114) also had a read station in it so that a read after write cycle could be employed. The error exit could be used to offset the card in the output deck about 1/4 of an inch so that the individual card could be easily located and re-punched.

Reading a lace card was a real dicey test. Usually we alternated rows and columns.

PCOD sounds about right.

Re:

[dpilot]

> Reading a lace card was a real dicey test.

I thought lace cards were what you stuck in the decks of other people in the computer lab, not your own. Kind of like "How many med students does it take to screw in a light bulb?"

Caveat: I have done real work with punch cards, I even made a lace card for the fun of it, and to see how fragile it was. But I have never stuck such a card anywhere where it could be fed into a reader.

Re:

[Reziac]

I still have a couple of lace cards Here Somewhere, from high school... dunno who made them, but they floated around our computer programming class.

I remember when we got a paper tape reader... it was a big upgrade over loading our IBM1620's OS from punch cards!

Re:

[srmalloy]

I thought lace cards were what you stuck in the decks of other people in the computer lab, not your own. Kind of like "How many med students does it take to screw in a light bulb?"

As I recall, the most entertainment with punchcards wasn't slipping lace cards into someone else's deck, but in taking blank cards, punching them as an 80-column 'DUP' field, and sticking them onto the program drums of the IBM 029 keypunch machines, then flipping the program mode switch to 'ON'. An unsuspecting user sitting down to punch out some cards for their FORTRAN program without noticing either the program card or the switch position would punch their first card normally, then as soon as it registere

Re:Duh?

[Anonymous Coward]

Actually, back then he probably was the "computer."

It had a definition before we invented the machines.

Re:Duh?

[VagaStorm]

Oh, indeed, http://en.wikipedia.org/wiki/Human_computer [wikipedia.org], they even did parallel computing :)

Re:

[troll8901]

Just read this TFWA. Score one for women!

Have I mentioned I worship smart, intelligent women?

Re:

[elgatozorbas]

Imagine a Beowul cluter of these...

Oh wait. It's called college.

Re:

[laddiebuck]

I never knew that "dual-core computer" was a sexual fantasy before it was a geek term...

(Well, I did know, but that'd spoil the joke... All right, here's another one: why the teacher fantasists? Well, half secretary, half nurse...)

Re:

[Hurricane78]

Eww... your sexual fantasies about two-headed humans are disgusting... :P

Schneier's post

[bobbozzo]

Since tfa didn't link to Schneier's blog, here it is:
http://www.schneier.com/blog/archives/2008/11/1941_pencil-and.html [schneier.com]

Re:Schneier's post

[elgatozorbas]

Imagine a Beowulf cluster of these...

Oh wait, it's called college.

Re:Duh?

[timeOday]

Why didn't he just use a computer for this?

Actually he was a computer - that's what they called people [wheels.org] who did mundane computations before machines took over their job.

Wait, I thought...

[WED Fan]

Actually he was a computer - that's what they called people...

I'm confused, I thought...

Soylent Green == People

Computers == People

Soylent Green is edible.

People are edible.

Question: Will be Dell laptop work with a South Beach diet?

Re:

[z-j-y]

Actually he was a computer - that's what they called people who did mundane computations before machines took over their job.

I doubt that his job was mundane or his title was "computer". Cryptanalysis is more than just some algorithms, you cannot crack the codes by using computers (meat or electronic) alone without human insight and intelligence(which we don't know how to program yet)

Re:

[CrossChris]

He didn't use a computer because the Americans were too thick to develop one. We had them in the UK more than a year before that photograph was taken!

Human computers

[El Lobo]

More than 13 000 special trained persons worked with encryption/decryption related tasks in WWII (and that's allies only). Yes, there were no computers then the way we know them now, but 13 000 people working shifts day and night was a significant force as well.

Re:Human computers

[Linker3000]

Wow - imagine if those people clustered around someone reading Beowulf!

Re:

[estarriol]

Funniest Slashdot comment I've ever seen, thanks!

Re:Human computers

[lysergic.acid]

speaking of which, here's a screen shot of an early pre alpha build of the Folding@Home [google.com] client.

Re:

[aliquis]

Ah, I see their problem, they all seem to use the same algorithm but it always generates the same result. Personally I go with a more randomized approach.

Ic eom Beowulf!

[spaceyhackerlady]

Hwaet! We Gardena in geardagum,
theodcyninga, thrym gefrunon,
hu tha aethelingas ellen fremedon.
Oft Scyld Scefing sceathena threatum...

I think it loses something in the translation. And not just because Slashdot botches the eths and the thorns.

...laura

Re:

[jdege]

Monster Grendel's tastes were plainish
      Breakfast just a couple Danish...

(Maurice Sagoff)

Re:

[Reziac]

Wow, now THAT's what I call encryption! ;)

Re:

[trevdak]

I'd like to see them run linux.

Re:

[BlueStrat]

Wow - imagine if those people clustered around someone reading Beowulf!

Yes, but did they use Linus' great-great grandfather to organize the operation?

Re:Human computers

[memristance]

Of course, some methods were better than others [xkcd.com]...

Re:

[3waygeek]

Not counting this guy [milk.com].

Very cool!

[vvaduva]

Very cool; this is handy for beginning students and those keeping a history of cryptography, which boomed starting with WWII.

Double bluff

[adamwright]

We may consider, however, that the people allowing the photograph to be taken may not have been *entirely* honest when setting up the contents and cryptographic "method" being demonstrated.

Re:Double bluff

[mlwmohawk]

You are working on the assumption that what you see is an authentic photo of someone actually working.

If you have any professional experience at all, you'd know that pictures are NEVER taken of actual work. The photos are always staged to look good.

Be it a technician posing in front of the product with tools, an engineer posing in front of an oscilloscope with an interesting wave form displayed, another engineer in front of a very neat and orderly (but complex looking) white-board, and so on. Every company in which I've worked, the arrival of a photographer is carefully orchestrated.

All pictures have a perspective and something that the photographer's employer wishes to convey. It is very likely that the picture is a standard professional photo that shows "what it looks like" without showing actual work. The words chosen carefully to spark interest in the subject by those who view it. Like now.

Re:Double bluff

[argent]

You are working on the assumption that what you see is an authentic photo of someone actually working.

It doesn't matter whether it was staged or not, it only matters that it contained code words relevant to what we now know was an active intelligence operation at that time it was taken.

Re:

[mlwmohawk]

It doesn't matter whether it was staged or not, it only matters that it contained code words relevant to what we now know was an active intelligence operation at that time it was taken.

Of course the words are relevant to what we know, we know the information we are allowed to know. This picture is no different.

Re:Double bluff

[Anonymous Coward]

Of course the words are relevant to what we know, we know the information we are allowed to know.

You're just being a jackass. His point is that if the information was such that the Germans could have deduced that they were being double-crossed then it makes no difference in the world if it were staged or not. It's still a blunder.

Re:Double bluff

[westlake]

If you have any professional experience at all, you'd know that pictures are NEVER taken of actual work. The photos are always staged to look good.

LIFE's photo essays were always scripted before production.

The editors knew the story they wanted to tell and the photographer would be sent out to capture it on film.

He might resent the constraints.

But his logistical and technical problems are mostly solved. People know he is coming, all his ducks are in a row.

He should have no problems making his deadline and if the schedule isn't realistic or he hasn't received the proper clearances, he has the editors to blame.

Consider the lighting and composition in these photographs.

These are not candid shots.

The photograph in the archives is not, of course, the photograph in print. There would have been a dramatic loss of detail.

Re:Double bluff

[devnullkac]

There is another picture [google.com] with the same message apparently being approved by Hoover. It also shows most of the text so carefully covered up in the photo in TFA. Part of it is in shadow and perhaps someone more skilled than I with GIMP can tease it out (frankly, I think you'll need access to the photographic negative), but "... the following message to:" is what's visible. This lends credence to the "setup" theory, since that's hardly worth covering up for a photo op and even if it were, why be so careless as to reveal it in another photo (on J. Edgar Hoover's desk, no less).

Re:

[Z00L00K]

It is possible that this was a partial setup, but in this case it was the question of a deception message that was about to be sent using encryption that was probably already blown at the time.

And mind that the encryption wasn't US encryption, but German encryption so if the encryption was blown and the agent was already cold then it may have been a semi-arranged situation where it was real life data that already had cooled that was used.

And the whole setup could have been intentional from the intelligence

Re:

[jdege]

It is possible that this was a partial setup, but in this case it was the question of a deception message that was about to be sent using encryption that was probably already blown at the time.

Yep.

The worksheet shows the cryptanalysis of a simple transposition cipher using a technique that was included in Helen Gaines' "Elementary Cryptanalysis", published in 1939.

Whether it was ever a secure cipher I can't say. But by the late 30's, it was appearing in the advanced puzzle magazines.

what's the big deal?

[gEvil (beta)]

I don't see what the big deal is. You guys have never seen someone doing a word search puzzle before?

Re:what's the big deal?

[Tumbleweed]

I don't see what the big deal is. You guys have never seen someone doing a word search puzzle before?

And the answer to today's word jumble is: "NORMANDY"

Re:what's the big deal?

[Alpha Whisky]

Like this? http://www.historic-uk.com/HistoryUK/England-History/Crossword.htm [historic-uk.com]

Cryptography vs Cryptology

[Doc Ruby]

What is at work there is cryptography , not just "cryptology. It's actually the generation of encoded symbols, not just any practice connected to the study of hiding information.

Re:

[ResidntGeek]

Maybe the blogger was using "this" to mean his own post. He was using cryptology to figure out what was going on in the picture.

July 1940 != prewar

[Anonymous Coward]

Just because America was neutral doesn't mean the war hadn't started.

Re:

[IvyKing]

Since the US did not declare war on Japan until December 8, 1941 (and Germany on December 11, 1941) July 1940 is legitimately pre-war as far as the US is concerned. BTW, the first US casualties from WW2 took place in China in 1937.

Re:

[vux984]

Since the US did not declare war on Japan until December 8, 1941 (and Germany on December 11, 1941) July 1940 is legitimately pre-war as far as the US is concerned.

er... By that logic since Switzerland did not declare war at all, July 1940 is legitimately 'prewar' for them too? Of course, so is November 2008... in fact as far was the Swiss are concerned there was no war?

Are we still 'legitimately pre-World War II as far as the Swiss are concerned'?

Any Swiss care to weigh in on this absurdity? ;)

Re:

[z-j-y]

To be fair, it's pretty hard to count all the wars in Europe.

Re:

[IvyKing]

er... By that logic since Switzerland did not declare war at all, July 1940 is legitimately 'prewar' for them too?

Since Switzerland didn't declare war, "pre-war" is a non-sequitor for them. The US was still pretty much on a peace-time economy in 1940 and full war time conditions didn't start until December 1941.

I agree with the Chinese viewpoint that WW2 started in 1931 as there was pretty much continuous fighting taking place there until 1945 - the US had sent the "Flying Tigers" to help out the Chinese prior to the Pearl Harbor attack and a US gunboat was sunk by the Japanese in 1937. The Eurocentric view is that

Re:

[vux984]

Since Switzerland didn't declare war, "pre-war" is a non-sequitor for them.

Not at all. Just because a country wasn't in the war, that doesn't mean they don't acknowledge that it existed, that it started or that it ended. Switzerland can talk about what it was doing pre-WW2, post-WW2, and during WW2 without it being a non-sequitor.

I agree with the Chinese viewpoint that WW2 started in 1931...

The date the world has agreed a war started is pretty arbitrary in almost ANY war, but it serves as useful frame of r

Re:July 1940 != prewar

[lysergic.acid]

according to the comments FTA, the phrase "pre-war German espionage code" is referring to the age of the encryption algorithm being used, not when it was used in the photo:

Thiago: It's not meant to be Americentric: Duquesne entered German service in February 1939, and I'm willing to bet that the cipher in question dates back earlier than that, based on what I know of wartime crypto history. As I recall, at the time (1939-1941) the high-level military and diplomatic traffic was encrypted with Enigma machines, and everything else used codes that dated back to the early 1930s, or before (and were fairly easily broken by, e.g., Bletchley Park.)

Hence, "pre-war", as opposed to a later, military, war-time code.

The cipher

[Anonymous Coward]

from comments under the article (for those who don't read comments except on slashdot):
It looks to be just a transposition cypher. The "key" is the arrangement of columns from 1-18. You write the message down with 18 columns across, then read down each column in the order given by the key, grouping in 5s. I suspect the caption is actually correct ... you wouldn't need such a complicated worksheet and all those typed strips for encryption, but they would make it easier to get the columns lined up when decrypting, so I imagine the cryptographer is decrypting the message to make sure it was encrypted correctly before sending it.

Re:

[jdege]

I've posted it over there, I'll post it here.

Read section 12-3 of FM 34-40-2:

http://www.umich.edu/~umich/fm-34-40-2/ch12.pdf [umich.edu]

This technique of solving incomplete columnar transposition ciphers had been described in the open literature prior to 1941.

It was described in Helen Gaines' "Elementary Cryptanalysis", published in 1939. Many of the techniques in Gaines' book originated in M.E. Ohaver's column "Solving Cipher Secrets", in "Flynn's Weekly Detective Fiction" magazine, which ran from 1924 to 1928. I'd

Re:

[jdege]

It's beyond the realm of possibility that any German intelligence agency would have been using single transposition in 1941.

Or not!

I was reading David Kahn's "The Reader of Gentlemen's Mail" - his biography of Herbert Yardley. In 1941, Yardley was working with the Canadian government, helping them set up a crypto bureau. Most of what they were cracking were messages to German spies working in South America - and yes, they really were using a simple transposition cipher, just like had been appearing in puzzle books for decades.