Slashdot Mirror
Crack A "Numbers" Station
boss soul writes: "On Friday, NPR did an excellent story
on those infamous 'Numbers Stations' that broadcast on shortwave radio. Since the 1950s,
these stations have been broadcasting nothing but an unidentified human voice reading a string of
numbers. Though most people believe that these broadcasts are used by intelligence agencies to
communicate with their agents abroad, there has never been any way to confirm this ... until now!
The makers of "The Conet Project" (a four-CD set of numbers-station recordings) have thrown down the proverbial gauntlet and announced a
series of "cryptographic
challenges" -- the object of which is to crack an actual numbers station
broadcast. Dust off your Crypto caps, everyone -- I want to see a slashdotter win this one! "
Credit goes to our top codebreaker, Ralphie.
Well, IANACEBIHTGC. (I am not a crypto expert but I've had two graduate classes. In cryptographic protocols and advanced cryptanalysis.
These strings of numbers are very likely to be from a one time pad which given certain assumptions are fundamentally unbreakable. The assumptions are: you never lose the pad (codebook), you never reuse the pad, the pad is truly cryptographically random. The proof of this is fundamental information theory.
If they are not one time pads, then it is possible, but a brute force attack like distributed net only works when you know the algorithm or the general family of them anyway. Also, it helps alot if you know something of the plaintext that you're after. If say, the number stations are transmitting encrypted random data such as the encryption keys for other other communications, then how the hell would you know that you'd found something when you decrypted it.
There just isn't enought information to do anything but put a bunch of smart people in front of the data and see what they can figure out.
I notice they don't describe the prize, and require: All email concerning this challenge must be PGP encrypted.
I wonder just how wise it would be to try to claim victory:
I honestly don't see how someone could hope to succeed at this. Let's say you get distributed.net to jump on the bandwagon. Great. Now what exactly are you going to do? You have arbitrary strings of numbers. This could be a fragment of a single text, parts of multiple texts, multiple complete texts, and so on. Sure, you could scan for patterns first and try to identify delimiters, but were I sending data through this, I wouldn't do you the favor of using a fixed separation string. I'd base it on conditions at the time of broadcast, or on some computation on the ciphertext, or some other thing that's not trivially detectable. In short, you don't know which decryption method to try. It's been pointed out that it's probably a one-time pad anyway.
Even if you can find an algorithm, how big are the keys? How will you know when you've got the plaintext? Something transmitted by the NSA is likely to be in highly obfuscated English at best. Like the handmade strong crypto challenge, the true plaintext might be very strange. How will you recognize that this is the correct decryption and not just a coincidental decryption into random gibberish?
Finally, while I agree that some numbers stations probably are espionage related, I'll bet they keep the noise very high. Many of them are probably reading right off the random number generator of the nearest computer. Did the challenge supervisors pick ones that are actual signal?
This is not to say it's impossible, but the benefit/difficulty ratio seems so high that anybody wizardly enough to succeed should probably be working on developing better algorithms for us instead.