Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption Security

Handmade Encryption Challenge 95

Pike writes: "Amateur cryptographers may wish to get out their pens, calculators and scratch paper to take a shot at this short encryption challenge. Solve it, get a $25 gift certificate from thinkgeek. It's pretty hard though, so good luck." But since this isn't wartime, there is at least the stub of the plaintext to check against.
This discussion has been archived. No new comments can be posted.

Handmade Encryption Challenge

Comments Filter:
  • by Anonymous Coward

    I'd like to get a look at the problem, but it looks like it will have to wait for an hour until the site recovers from being slash-dotted.

    An encryption method that can actually be encoded by hand isn't too terribly useful in this day and age of hundred plus bit encryption. Any code complex enough to actually hold up to computer analysis is likely to take too long to generate with pen and paper to do any good. However, it might be possible to change some of the word in a message ("4or" for "for", "l8" for "late", etc, or even word substitution), before using an encoding scheme to make an attempt to break by computer useless. Interesting problem.

  • by Anonymous Coward
    to!p! ue osle are n
  • by Anonymous Coward on Wednesday May 03, 2000 @03:43PM (#1093757)
    Strong Cryptography May be Easier Than It Looks
    In conjunction with geeky.org, here is JIPW's first cryptographic challenge; probably the last. I actually doubt anyone will be able to solve this, barring visitors from the NSA. In fact, if you can solve it and be the first to send an email to contest@geeky.org with the full decrypted message, I'll give you a $25 gift certificate at thinkgeek.com, and a good dose of general recognition and fame on this site of course.

    For a discussion about this and other crypto puzzles, see the story on geeky.org.

    Getting you started
    If the Amish did cryptography, this is what it would look like; nothing was used to create this code but a pen and spiral-bound notebook. No computer tricks or supremely advanced algorithms. It is very tricky however. Here are a few parameters and guidelines:

    The plaintext is hidden in the encoded section below begins with "the message is" (without quotes). This allows you to know when you've solved the puzzle.
    The ciphertext begins and ends with clearly defined markers which are not part of the ciphertext. The rest of this page and this website provide no clue to the solution.
    If by some miracle you do it, send an email to contest@geeky.org with the full decrypted message in it.
    It's really hard. Harder than it looks. Be warned.

    -----CIPHERTEXT BEGIN-----

    From: The House at Outspar Ave

    [image]

    "Sirs and Ladies, we regret to explain by means of our seven couriers, commissioned in the fall of the thirteenth year ago how that our chicken house, killing its quixotic jouster -- in fact the boxer and jouster combined -- has made us reexamine our feelings on the ghastly meanings and other sundry implications. Now that the hedonistic quantities and kilometers of really red staple studded tracks have been and will be made subject to judicial committees and kin, they will probably seek to march the crooked gaffers out of hill country. To us, regulations are all much too far from common people. For example, killjoy laws about jousters counteract the will of the vulgar people. The key to special gun enhanced treatment tells some undisciplined underlings where to go and who understands. Should we let the puny minority override the nation? If not, undulate. Research for hairiness is no priority. As for us (yes, sounds zany), most won't gulp these incredible sacks of stuff many of the lawyers decided to let print in sans-serif. On the jelly front, the Olson brand that aspirates in very damp conditions was yanked because of kryptonite concerns. The notice that was on it was quizzical. If they quit, I say every big Crimean fool or other wag should have bitten their own can. They nixed our yew nativity, in spite of Geneva."

    -----CIPHERTEXT END-----
    There you have it. Expect to see updates to this page as participation warrants.

    - JD
  • How about "The ESR Charity Telethon"? Maybe we could raise enough money to make him rich enough to write another insulting "Get Off My Lawn, You Poor People" essay. Which could be posted here.

    Seriously, though. I'd agree that it's just another kick in the teeth every time Slashdot slips a little more in the commercial realm. I guess if they're not even going to pretend to be unbiased, I can deal with it. Still, it feels like we're watching a sell-out in progress, and it's sad.

    ----

  • I've been trying to design a strong hand cipher myself, though I've set my goals rather higher than this guy. My current proposal is http://www.cluefactory.org.uk/paul/mirdek/ [cluefactory.org.uk]. If you've seen Schneier's Solitaire, you're familiar with the idea.
    --
  • Try http://www.cluefactory.org.uk/paul/crypto/mirdek/ [cluefactory.org.uk]. Bugger, I tried to cancel but too late!
    --
  • Not quite. An a and a d disappear from aadstro. His username is lenigan and mail system is
    astro uiuc edu.

    There's another fellow who rot13s his address as well as having a word to subtract, that one is a little trickier.
  • A code doesn't have anything to do with what the units are, they're just frequently words. A code is a code when you've got a big mapping instead of an algorith you apply.

    With the mapping:

    bird = bomb
    cat = house

    The phrase:

    put the bird in the house

    has been encoded rather than enciphered, but the difference lies in the fact that the key is a pattern less mapping instead of a system that's applied.

    If you took a sentence, and replaced each word with its antonym you'd have a subsititution cipher rather than a code, even those your units are words.

    A mono-alphabetic substibution cipher w/ a "patternless" mapping (ex: not shift, etc.) is both code and cipher.
  • The secret message is:

    Buy more Ovaltine
  • The image has to be involved. It's a heraldic blazon of some sort. Now we just need somebody who knows their heraldic terms to tell us how to describe that blazon and we can go from there.

    Anyone? Know their heraldic terms? How about alt.heraldry (IIRC)?

    Droit devant soi on ne peut pas aller bien loin...
  • It's not a strict heraldic charge; you're not allowed to put a bend azure on a field purpure like that. And it's very atypical to see a chief of different color from the bend (and uncommon to have both chief and bend). Also, the shape is atypical.

    I'm not an expert, but I'll give a try based on what little I know. Someone who knows this stuff a lot better than me is sure to come along and correct it. Here goes anyway.

    Purpure, chief sable, bend azure, molet or at middle chief, square or at sinister chief, arrowheads argent dexter and sinister.

    Note, molet is a cadency specifying the third son of the family, but it is usually a 5 pointed star. So possibly, replace "molet" with "star of David". And this isn't really my forte anyway. Oh well. It's a start.

  • Purpure,
    Purple field
    chief sable,
    A black bar at the top of the crest.
    bend azure
    A diagonal bar (bend) from top left to bottom right in blue.
    molet or
    A star of cadencey (indicating that the third son of the family carries the shield) in gold. (a molet is usually a five-pointed star, though)
    at middle chief
    At the top of the shield, in the center.
    square or at sinister chief
    A square, in gold, at the top left of the shield (as seen by the person carrying the shield.)
    arrowheads argent dexter and sinister
    Arrowhead insignia in silver on both left and right sides.

    See? Not that hard. (Not that correct, either). Some info can be found at this link, [geocities.com] provided it isn't mangled by the slashdot daemons.

  • Whatever happened to the Edgar Allan Poe encryption challenge [bokler.com] posted here on Slashdot about two months ago? Were any Slashdot readers still working on it? While both are interesting cryptographic challenges, I think the Poe challenge has more historical significance due to Poe's stature as one of the greatest literary minds of the 19th century and should be worked on by some talented /. readers.
  • So every time slashdot posts something that relates to a commercial entity, it's automatically being biased and is only out to make a quick buck? What do you suggest they do? Never list news if it involves an entity related to slashdot financially? I think this is a cool story. It's just something fun to do if you're bored one afternoon. Stop trying to read so much into every little item that passes slashdot's front page. There are plenty of other things to bitch about if you feel like whining.
  • That's not funny. I know.. but it's still +4 funny. If you don't like the joke, look at it this way - the really amusing thing is that the moderators thought it was funny.

  • I don't understand... what does this "500 internal server error" mean. Is it some kind of code? I hit reload and now it says "Connection timed out." Time? Maybe you need to keep reloading it because the code changes each time you reload it. And what the hell is a "slashdot effect"? If you ask me, this "slashdot" thing is the real enigma.. Commander Taco? Why would you want to command a legion of tacos? Tacos, Time, 500.. it's all starting to make sense... the area 51 pictures.. they must be XOR'd encryption.. I can use this thinkgeek thing to decode the secret to area 51 and free the legions of tacos for my commander! YES! I SOLVED IT!
  • Now then, is the part

    "From: The House at Outspar Ave"
    crypto or not?

    I would assume yes.. but you never know
  • If you're going to use PGP to distribute your one time pad, you might as well just use PGP to exchange all your messages. Afterall, any system is only as strong as it's weakest link, so no matter how random the pad is, once it's figured out that's what you're doing, attacks would turn to PGP... Note that 4096 bit RSA is plenty strong in theory right now, but if you're confident enought to use it to distribute your keys, you might as well use it to distribute your messages as well.

    So far as using a book as your key... I'd think that wouldn't be the wisest decision... A book is hardly random data. Not that I could break your code, or write a program that could, but i'm sure if it was at all important enough that someone with the resources wanted to figure out what you were talking about, they could.
  • It translates to:

    "The message is not here."

    That's great steganography if I've ever seen it!
  • I find it more interesting that our government gives subsidies to the tabacco companies, then sues their asses. Go figure.
  • Real encryption has to assume that the bad guys already know the algorithm.
  • by Uriel ( 16311 )
    At least, it COULD be more secure. If there's a 'trick' to this, one traitor could let the trick slip. Then where are you?

    If it's a fully reusable effect not involving one-time pads, then observing several messages would probable clue people in on the general nature of the encryption.

    Now, if you will accept that fact, then allowing any crypto person in the world scrutinize the method and pass comment could lead to greater strength for the algo...

    So in theory, an open development model can help in crypto, past a certain point. Look at various public key encryption systems on the market now: As best as is known from massive scrutiny, they are still impossible to break outside of brute force. Yet their inner workings are hardly a secret...they are strong for reasons other than obscurity.

    You did ask...
  • The code-talkers were brought into the war because the US army needed a way for troops in combat to communicate over the radio, without the japanese understanding them. It was only used for speech transmissions in combat situations. It was never a written cipher.

    This is the only reason it was never broken. Had it been written out and transmitted in morse code, as most machine ciphers were, it would have been broken very quickly. The nature of spoken navajo as being very alien to the japanese language was the only thing preventing them from interpreting it. Add to that the fact that it was spoken in high-stress combat situations by men who were probably trying to take cover while yelling responses into a radio, and you can see why the japanese never broke it.

    In point of fact, the US navy used one-time pads for all of it's critically secret transmissions. These are provably unbreakable. They are however, inconvenient. Machine ciphers were used for less critical communication.

    Code-talkers were used because rapid communication was required. It had nothing to do with the security of the navajo tongue. This is a misconception that is largely the fault of the semi-illiterate hacks at the X-Files.
  • by Pope ( 17780 )
    It's the sample text that appears when you look at a TrueType font in the Finder!

    Pope

    Freedom is Slavery! Ignorance is Strength! Monopolies offer Choice!
  • by AJWM ( 19027 ) on Wednesday May 03, 2000 @02:30PM (#1093779) Homepage
    It may well be encrypted too, but the message (encrypted or not) is also hidden by steganography: the thing doesn't look like an encrypted message. Which was probably the point.

    My guess is is that it's stego'd into the jpg image. Hmm, maybe not, that'd require a bit more than pen and notebook unless one was really a glutton for punishment. So it's likely in the text. But $25 isn't enough to persuade me to spend much more time on it.
  • As far as I can make out the aillilu puilliliu is just a rhyming-folky thing. The closes to puilliliu that I know of is a nasty Hibernicization of the english "pool". Ta = present tense of the verb "to be". an = the thus, "the goat is mad" if the previous translation is to be believed. I can't verify that buille is mad. However "ar" = on literally. So "poc ar buille" must be an idomatic expression.
  • Offtopic, however, I don't much care at this point :)

    So my town was on the news the other day because of a law passed saying cats have to be on leashes. The news in Philadelphia runs a story about it, and interviews this woman with one nasty blacktooth who has about 20 cats. The point? For some reason it is inevitable that the idiots will have the loudest mouth. That is also evident here, where we find people pointing out such "obvious commercialism" as somebody COMPLETELY INDEPENDENT of Andover.net and Slashdot getting their news posted because they ran a contest and were nice enough to buy a $25 gift certificate from Thinkgeek. You really think timothy gave a rats-posterior about the fact Thinkgeek was in there? If you do, I have a great e-mail where Bill Gates will give you money for forwarding it along. Seriously. It works.

    Point is, why don't you people who constantly criticize Slashdot and it's authors create your own site, post your own news, and get your own userbase. Then, when you've done that, you can whine about whatever you wish.

    Later,
    -Jeff

  • by Rombuu ( 22914 ) on Wednesday May 03, 2000 @02:47PM (#1093782)
    ...all the "security though obscurity is a bad idea" people to tell us how much more secure this message would be if the guy had published a description of how he encrypted it?
  • That actually depends. If the system of encryption creates a "group", a mathematical structure which is closed under the encryption operation, then for all keys k_i, where E(k_i,P) denotes encryption of P using the key k_i:

    E(k_j,E(k_i,P)) = E(k_m,P)

    for some k_m in the keyspace. Encrypting twice is just like encrypting with some third key. Some ciphers are not groups (although showing one is not a group is a non-trivial task), including DES. That's why triple DES is more secure than standard DES. None of the ciphers mentioned by the first poster have increased security under multiple encryption. Vigenere multiple times with different keys is just Vigenere with another key. Hill involves multiplying matrices against plaintext vectors, and decryption involves multiplying by their inverses, and that means A*B*C*D*p is just M*p for some matrix M which is the product of our 4 keys, so multiple encryption with Hill doesn't help either, since finding M^-1 is no harder than finding A^-1 alone, or B^-1 alone, etc. Permutations are groups, so multiple encryption doesn't help there either. I'm not entirely sure that chaining several together as suggested might not help though, even though individually multiple encryptions by any of the three schemes is useless. Would somebody with more mathematical background care to comment on whether making the encryptions within a single system non adjacent in the chain? i.e. is V(H(P(H(V(p))))) more secure than V(V(H(H(P(p))))) which we know is definitely no better than V(H(P(p)))?
    --

  • There is a one hundred percent secure criptography called one time tab that consists in choosing a random key of the size of the message you want to transmit. If you can transmit the key securly you can then simply add the key to the message and only the person who has the key can unencript the message (even if an atacker knows part of the message). Without any knowledge of the keysize or the algorithm this could be easely be a one time pad of some sort.
    --
    "take the red pill and you stay in wonderland and I'll show you how deep the rabitt hole goes"
  • by plett ( 30224 ) on Wednesday May 03, 2000 @02:48PM (#1093785)
    The caption on the crest of arms is in Celtic. It appears to mean The Mad Billy Goat [lincolnu.edu] in English. It's perfectly possible that not only is the message encrypted, but the plaintext is in Celtic. According to the above link, An Poc ar Buile is the title of a song. As a guess, the plaintext could be the lyrics to this song.
  • by jfunk ( 33224 ) <jfunk@roadrunner.nf.net> on Wednesday May 03, 2000 @06:52PM (#1093786) Homepage
    let's assume that the image itself is not involved, because you couldn't create a jpeg image without a computer.

    Don't assume my friend, you can't post a web page without a computer either.

    That image is easily drawn on a piece of paper. I have a feeling that the image and it's caption are very much involved.

    Of course they could be there to throw you off the track...
  • It seems quite plain that "jouster" refers to the star of David (jouster-->'Jew star'), and the boxer refers to the yellow box in the corner. Clearly the two are supposed to be "combined", but how is not clear. Perhaps the "sundry" aspect of the two refers to their yellowness (sundry-->sunny).

    If I had more time, I'd proceed on the theory that the passage is just full of really bad puns based on the words' phonetic sounds.
  • Multiply encrypting text does not improve the security -- in fact it actually makes it easier to break. And these are all trivially breakable algorithms.
  • I suspect that there's got to be some database from which the words were taken (ie. more than a pen and spiral notebook). The database would have to be widely available to make it worthwhile, otherwise the database has to be distributed with the key and the ciphertext.

    Furthermore, the sentences have correct (or close to correct) grammatical structure. So there's a constraint on how you form the sentences... More than just first or second order random selection of words would suggest...

    let's assume that the image itself is not involved, because you couldn't create a jpeg image without a computer.

    As someone has already pointed out though, while it's always harder to decrypt something where the algorithm is unknown, a real cypher challenge would release the algorithm as well, and see whether the attacker can either decode the message without the key, or guess/derive the key from the message and any other known quantities (ie. plaintext fragments etc)...

  • The image caption is in some sort of gaelic language. I haven't been able to decipher which one(s), though. (sorry, bad pun) It is very prominent, which seems to imply some meaning or use.

    An and ar are common in gaelic languages, typically being an article (ie, "the"), a preposition ("in") or a pronoun of some sort, depending on the language. Buile means "frenzy" in Irish, but I could not find poc in Irish, although I did find pog, which means "kiss". An Old Irish form of pog is poc.

    In Scots Gaelic, poc means "put into the pocket," according to the online dictionary I used. I could not find buile in Scots Gaelic, though. My best guess is that the caption is in a form of Irish Gaelic. Possible translations I can come up with from the meanings of the individual words are:

    • "The kiss on frenzy"
    • "The kiss our frenzy"
    • "Kiss on Frenzy?"
    • "Kiss our Frenzy?"

    None of these appear to make much sense, but they don't have to make sense. Of course, this could be a deception meant to lead me off track.

  • Yeah, but which is gonna raise a red flag at the NSA faster: A message encrypted with patterns similar to those used in the latest greatest encryption, or a letter from Bob about how his mommy didn't love him enough?
  • Well Netscape's lame for some reason.... You can highlight a selection, go to File->Print, and the radio button for "Print Selection" instead of the whole document is SHADED OUT! How stupid. IE can... Opera can... But Netscape shows you the operation is there and then tells you that you can't use it. It's like the "End Task" button on 98's task manager. It's there, but it really doesn't do what it's supposed to.
  • by Pike ( 52876 ) on Wednesday May 03, 2000 @02:52PM (#1093793) Journal
    Interesting point...brute force computing [distributed.net] just isn't practical in many situations, unless, as I said, you are the NSA and live 10 years ahead of the rest of the science/mathematics world.

    Now I'm really curious to see if anyone figures this out, because if no one does, it would mean that (gasp!) criminals still have easy ways of communicating securely over the net without using government-restricted encryption techniques. On the other hand, I've made it tough enough that I'll be really surprised if anyone solves it.

    I might even jack up the reward if this survives an attack by the slashdot crowd...

    -JD
  • by Pike ( 52876 ) on Wednesday May 03, 2000 @03:00PM (#1093794) Journal
    That would ruin the contest of course :-) I will do that A) when somebody solves it or B) when something like a year has passed and no one has solved it.

    -JD
  • by Pike ( 52876 ) on Wednesday May 03, 2000 @04:41PM (#1093795) Journal
    I honestly didn't know thinkgeek was an andover site. I wanted to throw in some kind of prize, but I didn't want to just hand out some cash. I thought about books, or a case of penguin peppermints, but a friend suggested a gift certificate and it immediately made sense to me. I picked thinkgeek because it had a nice range of products that the potential winner would like to choose from. I supposeI could have chosen copyleft.net too.

    On a side note, it's kind of funny to see people saying "I'd never do this for a mere $25". I know people who solve puzzles like this in the newspaper with absolutely no incentive. I figured the prize and the (relatively) small recognition would just be frosting on the cake.

    -JD
  • "Pike in hand"...

    Seems more than a coincidence..
  • ... but then I ran out of absinthe.
  • the lyrics to the song mentioned in the crest can be found here [indigo.ie]. Now if only someone could translate them for us:)
  • by astrophysics ( 85561 ) on Wednesday May 03, 2000 @04:11PM (#1093799)
    Call them what you wish, but they all contain a secret message... Check out http://web.mit.edu/puzzle/www/

    BTW- These puzzles were actually solved (by multiple independant groups) in just a few days. Too bad all the old ones aren't still online.
  • A real test of decryption skills needs to assume that you don't know the algorithm.

    Not at all true. You would be considered very skilled if you could, say, recover the plaintext of a message encrypted with 128-bit keyed Blowfish given only the ciphertext. You know the algorithm, but it's still a major challenge.

    Of course it is not _required_ that one know the algorithm in order to test skillz. Especially attacking a cipher which can be implemented by hand. Though there are do-it-by-hand ciphers which would be quite hard to crack - for instance encrypting with Vigenere, Hill, Permutation, Hill, Vignere [all with different keys] would be a major challenge. Though also very slow.
  • criminals still have easy ways of communicating securely over the net without using government-restricted encryption techniques.

    OK, say you're using this in some country like China. Do you really think the cops are not going to come knock on your door and take you away, just because you've been using a paper-and-pencil cipher and not 3DES? Yeah, right. If they can't break it, they'll come get it out of you personally. "Secure communication" and "not government restricted" are diametrcally opposite in such countries, no matter what method is used.

    And if you're not in such a crappy country, you have easy access to SSH, PGP/GnuPG, OpenSSL (well except the US because of the damned RSA patent), S/MIME clients, etc, etc. Not to mention the dozens of crypto libraries floating around. So there is no reason to use such a slow and relativley insecure method.
  • Yeah, but which is gonna raise a red flag at the NSA faster: A message encrypted with patterns similar to those used in the latest greatest encryption, or a letter from Bob about how his mommy didn't love him enough?

    Well then you don't want crypto, you want stego. Different (though related).
  • None of the ciphers mentioned by the first poster have increased security under multiple encryption. Vigenere multiple times with different keys is just Vigenere with another key.

    Yes, but if you use the ciphers in the order I suggested, they don't commute. Unless I'm doing something stupid (BTW, yes, I do know something about crypto, I'm just finishing up a 300 level crypto class and a 400 level crypto class this semester). Matrix multiplication, permuations, and xor should not commute with each other under most circumstances, however. Consider this:

    Lets say we choose a set of keys for the ciphers and then encrypt the plaintext x. Specifically, we choose the keys for the Vignere ciphers to be the same (call then K1). Remember V_K(V_K(x)) == x (I'm using the xor version of Vignere here), and that the keys for the Hill and Permuation ciphers stay the same.

    Then choose another set of Vignere keys (again equal to each other), and encrypt x again (I'm encrypting copies of x, not the first x again). Call these keys K2.

    However: Each ciphertext letter of a Hill cipher depends on several letters of the plaintext. Since V_K1(x) != V_K2(x), and we don't change the keys for the Hill ciphers, H(V_K1(x)) != H(V_K2(x)). By extending this we see that H(P(H(V_K1(x)))) != H(P(H(V_K2(x)))).

    This last step is not mathematically correct (in the sense that I can't prove it): it's just intuition. However, it seems highly unlikely that H(P(H(V_K2(x))) would change in such a way that
    V_K1(H(P(H(V_K1(x))))) is equal to V_K2(H(P(H(V_K2(x))))) [most of the time, anyway], due to the avalanch cause by changing the key in the first step (the first Vignere cipher), and the subsequent Hill and Permuation ciphers.

    So [assuming you agree that my last step sounds reasonable], we see that V(H(P(H(V(x))))) is more secure than V(V(H(H(P(x))))) in at least this one special case (there are other I can think of too). I can't think of a general case proof right at the moment, and anyway I have a Calc III final in 2 hours that I really need to study for.
  • Does anyone else find it amusing that AOL owns Netscape yet uses IE in their software?

    Perhaps that because IE5 is light years ahead of Netscape 4.7 in every conceivable way, except for the lack of OS compatibility. And since AOL does not care about that *right now*, they have to choose the superior browser. The Mozilla project will change that, and rumor (not to mention logic) has it the next version of AOL will be be based on Netscape 6, and an upcoming set-top box will be based on Linux.

    -rt-
  • It's possible that the image has some significance. It has a square in the upper
    right, then an six-pointed star on a row below
    that. Then there are two arrows facing left,
    a big "\" bar, and two arrows facing right.

    Let's see if this comes across
    (square)
    (star)
    \ (left-pointing arrow)
    \ (left-pointing arrow)
    \
    (right-pointing arrow)
    (right-pointing arrow)

    I'm thinking there may be some element of
    "read two rows right-to-left, then two rows
    left-to-right".

    Or maybe not.
  • Yes that's true- but the converse is as well. A real test of decryption skills needs to assume that you don't know the algorithm.
  • If the method that you used to encrypt the message were know would it be easier to attack? It this cryptography by obscurity? The reason that I ask is that it's quite easy to encrypt something with a relativly simple algorithm if no one has a chance of finding out what the algorithm is.

    For example if the shapes in the picture above the text were a key to the letters needed to find the message. That would only be secure if no one else could find out how you encrypted your message.

    Still it's a nice challange thanks.

  • That's not funny.
  • You don't need to send 99% of garbage. One time pad (true one time pad, the type you are describing) is fully unvolnurable to cyphertext only attacks, and to attacks in which you know some of the plaintext. This is, of course, the information source is 100% random.

    You can come close enough by encrypting with almost random data, but then it's more a question of "how good is your pseudo random generator", rather than "how good is one time pad".

    One more note - with one time pad, the key length is identical to the plaintext length, making it a not very strong encryption in terms of key length/encryption strength ratios. Nothing close to DES/3DES/Blowfish/Serpent etc.

    In fact, it is so weak that if the key length is very short (say, square root of the plaintext, which is still very long), an english text is vulneruble to cyphertext only attacks (which are much less likely with DES, even if you don't use CBC).

    Shachar.
  • umop ap!sdn w,I 'aw dlaH aseald auoawos

    Thad

  • This is by no means the kind of crypto the /. audience is interested in,

    Wow, am I glad that there's finally someone who can speak for the entire slashdot audience. Because, as we all know, we're all exactly the same kind of person, and all of us have the same opinion of everything.

  • To email me, subtract my nick from my email address, starting with the second character. (hint: adto.uiuc.edu is wrong)

    Dude, you should give US$ 25,00 to the guy who discover your e-mail address.

    --

  • Well, the paragraph doesn't even make sense. Makes me think it has to do with words in the sentance, eg ever 3 letters or whatnot and then rot13 it or some weird crap. It looks too damn hard to be able to break the code. This is when making a beowulf cluster WON'T work! doh! hehe. Or maybe the code has to do with the words in there, eg happy, sad, secure, etc. This is really a stumper...
  • This is either a mistake or off topic - but the thing about the gelatins being non-vegetarians is true - but what I've read about it was that it's collagen that's present in the skin of animals that is made into gelatin. The way I heard it, it was the skin (not the outer hide, but the parts underneath that) that is boiled, reduced and somehow processed into powdered form. To get an idea of what I'm talking about, you could get a pork shoulder and boil it for a long time, then letting the liquid cool off, it will set into geletin.

    The good thing is that there are many other vegetarian sources for gelatin, such as agar agar.

  • Hey, if I have the message encrypted using 4096-bit RSA, how much less time would you take to decrypt that? Don't tell me that you actually TRUST that I am not lying to you, and not using say, 3DES instead?

    If you don't understand cryptography, don't mouth off!

  • The caption on the crest of arms is in Celtic. It appears to mean The Mad Billy Goat in English.

    Celtic?? WTF is Celtic? Furrfu! It looks like Irish Gaelic, which is a celtic (for various values of celtic) language, but there's no such language as 'celtic'.

  • Well, I'm not a master cryptanalyst by any stretch of the imagination. At first glance though, this looks more like a code than a cipher; that is, I think that each word and/or sentence are the "units" of the "cryptography" rather than each character.
    On the other hand, they may be employing steganography, and or some algorithim in which every Nth character/letter is skipped. If I was really interested in solving this, a perl script that could analyze all possible skipping patterns would probably be my first attempt. But neither fame nor $25 bucks at ThinkGeek are enough motivation to zorch my finals. Good luck to the rest of you.
  • try searching for: 'from the house at outspar ave' on altavista (without the quotes). It's weird.
  • Well, the things in the paper are simple substitution ciphers that can be decrypted through frequency analysis quite easily. It's not much different from an ordinary crossword puzzle. This is the ciphertext with an unknown encryption algorithm, somewhat akin to a crossword puzzle without any clues.
  • Would that seem disengenuous after the /. Basement Clearance Sale?

    Trolls for $0.99! Everything must go!

  • Dinsdale! My man, you are a solid troll.
  • I may be an optimist, but I think thay would obviously have.

    (My use of Linux being another side effect of hideous optimism.)
  • by ClayJar ( 126217 ) on Wednesday May 03, 2000 @03:06PM (#1093823) Homepage
    First, let me make a note to all those who rushed to post "Andover's influence" posts. You are not simply mistaken; you are sorely mistaken. This little challenge is by "JIPW", which is, of course (as stated on the top of the page), "Joel's Improved Personal Website". The fact that Joel apparently thought that a $25 gift certificate to thinkgeek would be nice is beside the point (I'd imagine he'd spring for copyleft.net is you were offended by thinkgeek).

    Slashdot's posting of the token prize is irrelevant. $25 will not make or break Andover. They obviously thought it was a neat little challenge to anyone who is interested in such mind games, and having a prize is nice but unnecessary. Okay, now that's done. Real post follows:

    It seems to me that the point "Joel" is trying to get across is that even today in the age of high encryption, and old fashioned handwritten code can be quite useful. Remember the "code-talkers" of World War II. The risk of the Allies having their codes broken was too great. Their were encryption schemes (Enigma, anyone, even though it was the enemy's), but since the fate of much of the world was at stake, an ingenious plan was created. They used members of the Navaho tribe to develop a secret, unbreakable code.

    This step away from the technological methods of the day proved to be not only as secure as existing technologies, but it was never broken. The technological way may currently be the easiest, but their is always room for ingenuity.

    One last example: have you ever been talking to a friend and understood each other perfectly, but nobody around had any idea what it all meant? All the script kiddies in all the world might not figure that one out (but you might want to mix technology and old-fashioned ingenuity, considering you might have the NSA, corporations, script kiddies, your old girlfriend, three lawyers, and Metallica after your communications).

    If this post is redundant by the time it shows up, you have my apologies. I just figured I'd think first and post later. No offense, anyone, okay?
  • You could use a one time pad... simply post/pgp/hand deliver (this is the best option) a book, or a large file of random (whatever) characters...

    then when you want to email someone something secret, just xor each char of your plaintext with each char of the file you gave them, and voila... an effectively random stream, that even brute force would have trouble with...for instance if you made sure the first 99% of your message was junk in the first place, so even a successful decrypt looked like rubbish.
  • Purpure, chief sable, bend azure, molet or at middle chief, square or at sinister chief, arrowheads argent dexter and sinister.

    This must be what my friends hear when I'm talking code. Not a clue what you're talking about here, I had no idea there was so much to heraldry, I'm gonna have to check this out.

  • If it can be cracked from just one sample then the algo is really weak.

    But there are weak algorithms which are difficult to crack if you have only one sample and not told what the algorithm is.

    Even I could come up with an algorithm that's uncrackable with only a single sample.

    In effect it's similar to the case of a one time pad - except that it's more of a one time algorithm. If you use a different algorithm for each kilobyte, people are going to have serious difficulty cracking your stuff.

    In order for a proper evaluation/examination there should be more samples and the algorithm should be provided as well.

    Cheerio,
    Link.
  • It's partly made from animal fat, specifically that scraped from the inside of the hooves of animals who have them -- usually horses. (So marshmallows, Jell-O, and other gelatinous foods aren't vegetarian, though seaweed jello is rather good.)
  • I was working on that. A little at first then a little more, then more,then more. When I stopped sleeping my wife took it away from me, which was probably a good thing.
    Ciao
  • I've hunted down the lyrics to "An Poc ar Buile", translated into English. Perhaps this could be the plaintext, and then again, we may be taking a garden path approach. :)

    An Puc ar Buille (translated by R. Kavana and T. Woods)

    As I set out for Dromore town,
    Pike in hand to go a-workin',
    Who did I meet on the hillside
    But a tan puck goat stone mad for scrappin'.

    He chased me through the hedges and ditches
    Around the bog in frenzied runnin',
    But when his horns got caught up in in gorse
    I leapt on his back despite his buckin'.

    There were no rocks nor gaps between
    He didn't jump, the puc ar buille,
    And me hanging on to save me life
    When he jumped clean of the Faille Brice

    The garda sergeant at Rochestown
    Called all his forces to surround us,
    But the goat stuck both horns suas his thoin,
    And gobbled up his brand new trousers.

    In Dingle town the next afternoon,
    The parish priest addressed the meeting
    And swore it was the Devil himself
    He'd seen riding on the puc ar buille.

  • I'd be interrested where I could find a script or program to crack codes like this. Maybe I should look in obvious places, though. Like in "Spys Like Us" where they crack a code with a Lucky Charms box :-)! Seriously, is there any type of a Swiss Army Knife crypto breaker (any major platform will work)?


  • This is true. However, if the message were encoded with a one time pad, then it would be impossible to decrypt. Every possible plaintext of the same length would be equally likely. So basically, you'd have to guess the correct answer. Their contest would have probably have no winners. Maybe that's what they're trying to do. I don't know.

  • Ahh, but would they have posted this story if the prize wasn't related to an andover.net site?

  • I hope the 'lyrics' don't have any meaning to break the code. The song is originally in Irish and it has been translated differently by different people. Infact, there are even multiple version of the song in original Irish lyrics online:

    Ar mo ghabháil dom siar chun Droichead Uí Mhórdha, and
    Ag gabháil dom sior chun Droichead Uí Mhóradha.
    are the first lines of the song according to Here [indigo.ie] and here. [www.ucc.ie]

    It seems odd that the song name would be put in there as the rest of the text of the message seems to be words chosen randomly (Probably for their letters, not their meaning).

    Currently I'm guessing that the image is something you have to cut out and then after aligning the text properly and running the cut-out over the page and putting the yellow square over a certain letter then the arrows will point to 4 letters of the message. Something just needs to determine the alignment of the text.

    Or something to that effect....

  • Many modern encryption schemes use a repeated pattern of bit shifting and XORing in what are known as mixing rounds. The output from round n is the input for round n+1. I've attempted to do something similar to this message, in hopes of stumbling across the solution. This is what I got using the Babelfish decryption algorithm (English to spanish to english to german to english to /.) Of: The house in the avenue of Outspar " Mr. and the ladies, we were sad to explain by means of our seven couriers do assigned in the case of décimotercerjahr, how this our house of the chicken to terminate its quixotic more jouster -- actually the boxer and the combined more jouster -- that reexaminamos into the meaning horrorosos and in other different implications did our feelings. Now, those the quantities and the kilometers, which are of tachonadas hedonistic, really red staple seeks out, was and in opinion of the committees was done and to the Gerichtskinships, probably tries it, to border gaffers rotated country of the hill. To us the regulations are much also far all from city. E.G. the laws, which are on jousters killjoy, oppose the will of the vulgaeren people. The key to the increased processing special weapon says to unite underlings, which where one are undisciplined, go and who understands. It must we leaves to the minority puny replaces the nation? If No., undulate. The investigation for pilosidad is not no priority. Up to us (, the tones zany), the majority swallows not saliva these unbelievable coats of the material, which leaves many of the determined attorneys to the printing in sans serif. In the front side of the jelly, the trade name was situated kryptonite deleted by Olson, which strives into that very damp conditions, at the principal occupations of. WARNING, which was in their, was quizzical. If they leave, one to possess it knows legend I that each large crimeoidiot or a menee seins must have bitten other one. Nixed ours nativity the disk, despite Geneva ", This is, I'm sure, the right answer, as babelfish translations are always perfect. ;)
  • As someone already quite cleverly pointed out, this is not really comparable to what is today regarded as interesting cryptography, as modern cryptographers have to take into account that whoever they wanted to hide the message from already know the algorithm.

    Moreover, if the message is not something like "this is the message aeroigb ekrgjlk jpojp jpojerjgkrj rjpgorjij ...", the encryption method is even more useless, since it in some way must be related to the message been send, as obviously takes more things into account than what characters/symbols are included in the message.

    This is by no means the kind of crypto the /. audience is interested in, and I doubt this $25-to-solve-a-close-to-impossible-crypto-contest belongs anywhere at all but on some kind of puzzel-page.

    That said, I should make clear that I understand that the author did not intend to make this the new RSA, and that some /.ers may find this kind of stuff interesting.

    But then again, wednesday just happens to be my whining day of the week.

  • IE5 did the trick - I just tried it. Pretty quickly too, had 6 pages off my HP 4000 before I could walk to the printer.

    Does anyone else find it amusing that AOL owns Netscape yet uses IE in their software? Or that the U.S. govt is the largest customer of Microsoft?

  • Damnit. I can get "The message is" from any sentence in this crypto. First I got it from "From: The house at Outspar Ave", then I got it much easier from combining the first sentence before the comma with the last sentence after the last comma, hoping sentences would be made by taking the pairs from the beginning and the end and putting them together. But the thing that bothers me most about it, is that I also got "Salvatore" from the encrypted text after I already got, "The message is" using my original 4 - 5 rules to decrypt it. I couldn't get Dali though, so I have no clue.

    I'm going to work on this for 8 more hours, but the thing I want to comment on is that from what I've done alone, I can say that this message did *not* require a word database to cypher. By using simple rules (not that they are being used) such as, "vowels negate all leading consenants within a cypher word" (just for example), you would turn sentences into groups of cyphered consenants which need only vowels between them.

    That way, you could add quite a bit of wording to the cypher'd message which would be easily skipped over (knowing the rules) when decrypting. Any sentence, if you have rules to allow you to increase its cyphered size can be made to sound legitimate, the problem is you will end up with a message 4 times as large.

    I think that's what's being done here, if you look at, "From: The House at Outspar Ave", you can already see there are more letters than there are within, "The message is". The annoying part of it is, is that the sentence backwards is the perfect amount of letters in the first 3 words.

    I'm going insane. I apologize to everyone who does not follow.

    Anyone here ever write messages down the left hand side of there high-school essays, a guy I knew used to write "Catholics Smell" down his margin in every essay. He was an A+ student.

  • It can't have anything to do with lines, since it's posted in html. Thus how many lines the message requires depends on the size of the window, and I don't see the Amish being able to do that.

    But yeah, that picture probably has something to do with it. Probably tells the recipient what he needs to do to decode it.

    Dyolf Knip

  • But then again, wednesday just happens to be my whining day of the week.
    In which case maybe you should have a second login, "Joe E Whiner", for use on Wednesdays. :-)
    Brett
  • Who the heck wants to put a bomb in a cat?
  • ack, i meant aastro.uiuc.edu, lneingn

    "spare the lachrymosity when the fulminations have inveighed"
  • yeah, i noticed that wasn't it after a while, i was bored and testing several possible solutions, immediately each was returned because it was invalid, but the last one i entered didn't return as soon as the others, so i thought i got it, it was returned a few hours later

    "spare the lachrymosity when the fulminations have inveighed"
  • You're good, Siggy. You walk a thin line between the personae of the subversive genius and the blatant toady. A very thin line indeed...
  • > > That's not funny.

    > I know.. but it's still +4 funny. If you
    > don't like the joke, look at it this way -
    > the really amusing thing is that the
    > moderators thought it was funny.

    So it's meta-funny: we laugh at the people who laugh at the joke. Reminds me of Beavis and Butthead...

  • I wonder if all these l33t cod3rs parading around slashdot will solve the puzzle.

    probably not.
  • why can't he just use his photographic memory?
  • That message would be much more secure if it wasn't encrypted at all. Because then nobody would even bother reading it.
  • Why don't you just use a Polaroid camera?
  • did you notice that the first arrow on the left hand side of the shield is smaller than the other 3? the box is in the upper right hand corner (as opposed to left) as well. this may have something to do with how its read - some of the text may be bidirectional? Also, wonder if how many points are on the star and direction of the band/crest (ul ~ lr) has anything to do with it?

"Hello again, Peabody here..." -- Mister Peabody

Working...