Crack the Code In US Cyber Command's Logo

Dan writes "According to Wired: 'The US military's new Cyber Command is headquartered at Ft. Meade, Maryland, one of the military's most secretive and secure facilities. Its mission is largely opaque, even inside the armed forces. But the there's another mystery surrounding the emerging unit. It's embedded in the Cyber Command logo. On the logo's inner gold ring is a code: 9ec4c12949a4f31474f299058ce2b22a.'"

md5?

[betterunixthanunix]

Looks like it is the same length as an MD5 sum...

Re:md5?

It is a dumb md5 hash and nothing more.

"USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."

Re:md5?

[the_one_wesp]

And my misplaced hopes that a government agency would actually do something creative come crashing to the ground and a violent speed....

Re:md5?

[WrongSizeGlass]

Looks like it is the same length as an MD5 sum...

The MD5 sum of the secret Cyber Command PR effort to get geeks to talk about it without delving too deep into the actual workings and mission of the Cyber Command. Hmm, I wonder if it will work?

Re:md5?

[jimmyswimmy]

$ echo -n "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries." | md5sum
9ec4c12949a4f31474f299058ce2b22a  -

Re:md5?

[v1]

and just how are we supposed to find anything "meaningful" in the result of a one way hash? To say that a one way hash (with an arbitrary sized input)"encodes" anything is just plain stupid.

Oh I know! It's the original draft of the Constitution of the United States! Imagine that, all in 16 bytes! What amazing compression! Really, you're not going to fit much "meaningful" beyond a telephone number in a ciphertext THAT small. It's a hash.

Re:md5?

[simcop2387]

whoever you are, you deserve a cookie.

echo -n "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries." | md5sum
9ec4c12949a4f31474f299058ce2b22a -

Re:md5?

[Doomstalk]

That's because it is an MD5 sum

Re:md5?

[DIplomatic]

Keep digging, I'm pretty sure this will end up as promotion for a new Halo game. :P

Re:md5?

[societyofrobots]

Its just a hash of their mission statement:
http://en.wikipedia.org/wiki/United_States_Cyber_Command

"The text '9ec4c12949a4f31474f299058ce2b22a', which is located in the command's emblem, is the MD5 hash of their mission statement."

Re:md5?

[commodore64_love]

So what's the maximum length message that an MD5 number can hold?

Re:md5?

[geekoid]

No they don't. It was trivial. Perhaps I should say: The First part was trivial.

Don't tell me I am the only one that noticed how oddly worded that is? I mean, if you are just going to md5 something, why word it so poorly? Why the double meaning of 'domains'?

Maybe I am reading too much into it, but my experience show that this would be typical double meaning often used by covert operations.

Re:md5?

[sepelester]

So what's the maximum length message that an MD5 number can hold?

Infinite - 1

Re:md5?

[ailnlv]

its just a hash; in theory you shouldn't be able to recover the original message from an md5sum, since several messages can have the same sum. There is no maximum length to what you can hash using md5.

Re:md5?

[Aphoxema]

MD5s don't hold information, they're a trap-door. It's perfectly possible that another combination of characters would lead to the same MD5, but it's incredibly unlikely that those characters would be lingually meaningful.

Passwords are often "stored" server-side as a hash. Why I quote "stored" is because the password isn't stored at all! The server doesn't know the actual password, you would have to digest every possible combination of characters to find a hash that exactly matches the one stored on the server, but by knowing a string that already does (your password) you're already there.

MD5 alone is a poor choice for trapping important strings because it is possible to "plan" a collision... for example, if a web-site offered you a file and an MD5 hash to test the source of that file, with enough cleverness and computing power another party could give you a different file with the same MD5 hash.

Re:md5?

[CrimsonAvenger]

So what's the maximum length message that an MD5 number can hold?

Holy crap you're stupid.

No, he's ignorant.

It's arguably stupid to not google it first to find out what it is, but that's a common failing on /. (and everywhere else in human space).

Re:md5?

[severn2j]

Doesn't pretty much every government department make a hash of their mission statement?

Re:md5?

[baryluk]

rfc1321
"The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input."

So it basically means that there is no limit.

(newer hashes, for safety or becuase they use ctr-like modes, define maximal lengths, for example SHA-1 and SHA-256 have limit of 2^64-1 bits. SHA-384 and SHA-512 have limit of 2^128-1. Still 2^64-1 bits is bilions of gigabytes.)

Re:md5?

[Qzukk]

So if we watch the logo carefully, we'll know when someone tries to change the mission statement?

Re:md5?

I think you mean "my cat is now servant-less".

Re:md5?

Gotta love when you DO Google something, and one of the search results is a forum where somebody else asked your same question, and the only response is a kind person saying "why don't you Google it?" Argh. Hopefully nobody will end up on this forum when searching for "maximum length message MD5"on Google.

Re:md5?

[hoggoth]

The person who figured this out got a visit from a mysterious man named 'Centauri' who invited him to join the US Cyber Command's fight against the Ko-Dan Empire.

Re:md5?

[Squeeonline]

wow that's amazing, although I wish it was something funnier :-/ All glory to hypnotoad or something similar.

Re:md5?

[jandrese]

That's one of those classic "design by committee" mission statements that end up bogged down with every single little thing the company does because everybody has their own little fiefdom that they want represented.

Re:md5?

[geminidomino]

against the Ko-Dan Armada.

FTFY...

Geez, getting that reference makes me feel very "Get off my lawn"-y

Re:md5?

[commodore64_love]

>>>So it basically means that there is no limit.

C'mon. You mean to tell me I can take the collected works of Harry Potter and boil them down to a 128 bit MD5 number? Wow that's some amazing test compression. Even ZIP isn't that good!

Okay no, I really don't believe either you or wikipedia. Given the number carved on the Cyber Command's logo, there has to be a set maximum length the decoded text message could be.

Re:md5?

[StikyPad]

There's always kryptos; part 4 has yet to be decoded. Have fun.

Re:md5?

[radtea]

It's pretty sad that someone had to write a whole story surrounding the mystery behind this md5 hash sum, when it is plainly written in black and white on wiki, hence your link.

There's a whole school of modern journalism built around ignoring easily accessible answers to relatively trivial questions. If you've followed any of the recent economic debates you'll find that it's full of "but they never say anything about what they mean by XYZ" claims regarding their opposition, only to have the opposition respond with links to where they explain clearly what they mean by XYZ.

I used to think that the Web would make it harder for people to play this sort of stupid Straw Person type of argument, either postively--by imputing to your opponent an argument they are not making--or negatively--by ignoring explanations and justifications your opponent has clearly made. I thought the Web would improve human communication and engagement in argument. But what it has done is simply reveal the depths to which stupid people will dive to preserve their faith-based beliefs against any and all opposition.

I'm pretty sure that almost all the argument on the Web is one big game of "let's pretend we don't know anything because the world is more 'provocative' and 'exciting' that way."

It is increasingly clear that the average person lives their life entirely within the epistemological limits of Humpty Dumpty, to whom words meant what he wanted them to, and nothing else. In the present case, "mystery" apparently means "something that I can't be bothered to google."

Re:md5?

[ILuvRamen]

or a trip to another planet to try an experimental stargate dialing system lol

Re:md5?

[QuantumBeep]

for f's sake, u arrogant bastards

with my students

Let me guess, Irate Text Messaging 301?

Re:md5?

[LoSt180]

It wasn't on the wiki yesterday when Wired posted the story. If you view the Revision history on the article, you will see the Mission portion has been heavily edited late last night and this morning.

I find today's assumption that a Wiki is a static and never changing reference material pretty appalling..

Re:md5?

[LoSt180]

I was using wrong mission statement! When I copied the statement from the Cyber Command Factsheet, the md5 hash wasn't matching. Apparently the "correct" version is missing the comma after "synchronizes" and uses a space instead of a hyphen in "full spectrum". So close.

Re:md5?

[idontgno]

Sheesh.

Either you're trolling or you don't comprehend the difference between hashing, encryption, and compression.

You display a practical understanding of compression: output size is proportionate to input size. But again, since compression algorithms work in blocks or streams of data, there's no theoretical limit to input size. Things like filesystem file size limits may apply, but again, if it's a stream compression with a stream input (e.g., network socket) and a stream output (ditto), there's no limit (other than externals like the finite lifespan of the Universe).

Encryption's affect on size is different than compression. Without padding, encryption output size should be the same as input size. Many algorithms do pad short inputs, so there may be a small increase in output size. Again, since ciphers can operate in stream modes, there are no inherent limits (other than, for instance, available one-time-pad data for OTP ciphers.)

Hashing, on the other hand, is in essence an extremely fancy checksum, specifically designed to use cryptographic functions in order to radically increase the likelihood that the hash value derived from any particular input is relatively unique (i.e., the hash of a particular input is radically different from the hash of another particular input which is almost identical to the first--small differences in input yield obvious differences in output.)

Checksums are, by practical definition, fixed-size, and that size is much smaller than the majority of the potential inputs. The classic checksum is a single check digit: (running total of input) mod 10. Cryptographic hashes (such as MD5--which stands for Message Digest Algorithm 5, btw) are defined to be 128 bits. No matter how long the input is, the MD5 algorithm always produces a 128-bit output, because it iteratively processes bytes of the input 128 bits at a time.

C'mon. You mean to tell me I can take the collected works of Harry Potter and boil them down to a 128 bit MD5 number? Wow that's some amazing test compression. Even ZIP isn't that good!

It's not compression. Compression requires reversibility. Hashes are, by definition, not reversible: a "trap door function". The idea is that you can take an input and digest it into a 128-bit number which relatively uniquely represents it, but you can't reverse the 128-bit number and recover the original input. That would be foolish: "I'll reverse the hash, edit the text, re-hash it, and send it on its way; no one will be the wiser."

Re:md5?

[icebraining]

Actually, writing "go google it" takes 16 times less the effort to write (measured in characters typed) than GP's post.

Re:md5?

[deuterium]

You're right in that no one has explicitly stated how they "naturally" got to the mission statement, you're just supposed to know that it's an obvious bit of text to check against this hashing algorithm, and then shout "stupid" at people like you.

Re:md5?

[meustrus]

As stated above, the md5 doesn't actually hold the information. It's a "one-way" encryption. There's no way to "decrypt" the hash into the information that created it, because the information is lost. The only way to find what generated the hash is to guess and generate. In this case, the earlier AC just guessed it was the mission statement (based on the clue in TFA) and simcop tried it out.

Because it is "one-way" and an arbitrary amount of information can be lost, there is no limit to the size of the hash. It is very possible to take anything from a two-char string, to the entire Harry Potter series, to the entirety of all data produced by mankind, and produce a 128-bit MD5 sum.

Another way of thinking about it is this: Say that 2+2=4. Now, we know the answer is 4. That doesn't tell us that the equation is 2+2. It could have been 3+1, 4*1, sqrt(16), or anything, really. Similarly, just because we know the answer is 42, doesn't mean we know the equation. 42 is the MD5 sum of life, the universe, and everything, and just because it's meaningless now doesn't mean it was meaningless before it was hashed.

Re:md5?

[Americano]

You've never worked for a division/company/department that has a "mission statement" or "vision statement" before?

This is typical bureaucratic jargon, I read it and thought for a second - "Hey I worked at that place before!" And then I realized that they didn't also claim they were going to "synergize... [their] product offerings while remaining the provider of choice for world-class enterprise solutions."

Re:md5?

[dov_0]

because it was figured out long ago, check out the wikipedia article for "US Cyber Command"

Actually if you check the history on that article, it was put up just after the publication of TFA, on the 7th of July this year.

Re:md5?

[ryanleary]

whoooooosh.

I got it!

[bsDaemon]

Don't ... forget to... drink... your ovaltine?!?! a lousy commercial!?

Re:I got it!

[PrescriptionWarning]

funny, I decoded it and it came out "Ph4rma increase your p33nas size today for less $$$$"

Re:I got it!

[dkleinsc]

Drat, I thought it said "Azh nazg durbataluk, azh nazg gimbatul"

Re:I got it!

[Verteiron]

Geez, warn a guy before you start flinging that stuff around, will you? My monitor went dark for a second there!

Re:I got it!

[spong]

It's really reads "All your base are belong to U.S.".

Already Solved

The first reply in the Reddit thread already has the answer: http://www.reddit.com/r/programming/comments/cmxm0/proggit_if_you_decode_this_i_will_love_you/

Obviously...

[buddyglass]

...its their public key. :)

Re:Obviously...

[bonkeydcow]

I was thinking the same, only I was going to say it's their private key.

Next Up

[PixieDust]

Sony sues US Cyber Command for posting an AACS key (yes I know it's not).

And...

[stressclq]

It was quite swiftly found out to be the MD5 hash of (remove quotes): "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."

News at 11..

Re:And...

[epiphani]

Err, I take it back. It's a hash of the string itself, not a file containing the string.

Sigh.

Re:And...

[tuffy]

There's no newline at the end of the text. Try using "echo -n" over it.

Re:And...

Fail.

MD5

[FalconZero]

It's (obviously) MD5 length. The results of a quick reverese MD5 lookup are as follows :

USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

However, as we all know, MD5 isn't 1-1. It could well just be a conincidence, or something completely different.

Re:MD5

[betterunixthanunix]

Actually, it turns out that every paragraph USCYBERCOM publishes will have the same MD5 hash; they are showing off their ability to find collisions.

What you say?

[oodaloop]

It's "All Your Base Are Belong To Us!"

Wait, too soon?

Wait!

[multipartmixed]

9ec4c12949a4f31474f299058ce2b22a?!!

That's the combination to my luggage!

I reckon

[Hognoxious]

"Help, I'm being held prisoner in a logo factory"

Re:I reckon

[StikyPad]

REPEAT 360 [FD 3 RT 1]
RT 90
PU
FD 100
PD
REPEAT 360 [FD 1 RT 1]
HIDE TURTLE

That's no LOGO factory -- it's a Death Star!

Nothing to see here, move along.

It's no secret. Somebody called their office and asked what it was. It's the mission statement.

I'm sure the conspiracy nuts will just say that's a convenient hash collision and that the real message is the date and time the Loch Ness Bigfoot Anti-Christ from Betelgeuse heads up the New World Order.

easy

[circletimessquare]

that's the US government's Windows Product Key

and the purpose of Cyber Command is to keep track of all software activation and licenses, and make sure no bonehead buys a region 2 dvd disk

the only reason Cyber Command's mission is opaque is that the government fears being sued by the BSA and MPAA because they installed windows xp on every government computer from a cd they bought in hong kong for $12, and they put an avi of "The Hangover" they got off of pirate bay on a network drive

UP UP Down Down Left Right Left Right B A

[ZirbMonkey]

It seems pretty obvious.

Daddy, drive slower!

[magusxxx]

If you don't know : whose data not to touch : you must not value : your freedom very much : Burma Shave

Silly government!

[scorp1us]

Don't they know MD5 is deprecated. They should be using SHA-1. Off to a disappointing start already...

Re:Silly government!

[debrain]

Don't they know MD5 is deprecated. They should be using SHA-1. Off to a disappointing start already...

SHA-1 is deprecated, too. They should be using SHA-2, or if they really want to show off SHA-3.

Re:Silly government!

[mackil]

I find your lack of Salt disturbing...

Re:Silly government!

[Ungrounded+Lightning]

Don't they know MD5 is deprecated. They should be using SHA-1. Off to a disappointing start already...

Military group logos are not intended to be secure. They are intended to be easy to recognize quickly and to inspire group pride. So they are symbolic, transparent, sometimes ironic and/or making an in-joke (such as three spur gears meshed, an arrangement which could not possibly turn), and often using archaic elements as historical references.

MD5 is a cryptographic hash that, though now dated, was strong for its time, is commonly recognized, and if I recall correctly was the FIRST such hash function to achieve broad recognition for its use as a digest hash for detecting message tampering. Using an MD5 hash of the mission statement as an element of the logo is perfect form.

The logo will no doubt outlast any current hash, so using a more modern digest algorithm would just date it - and make it less historic.

wasn't meant to be a code

[v1]

Think about it. What organization wouldn't be at least somewhat interested in trying to put their entire mission statement in their logo? Success. And appropriate for them to use a hash for it. Although their choice of hash was poor. You'd think they would have used a more modern hash that's considered more secure? But maybe they wanted to go with that because they weren't intending for it to be secure, just fit, and be appropriate.

Re:wasn't meant to be a code

[betterunixthanunix]

I think a SHA256 sum would have been too long to fit on the logo:

7521ea74913335fc0fb3a47dfa0ca32636ff59bceabadee0dcfbf25ad85a03eb

That is twice as long as the MD5 hash; the logo has limited space, and I am guessing they did not want to force people to use a magnifying glass to see the numbers.

Wait a minute...

[natehoy]

It's written in an obscure script on the inside of a golden ring?

Well, duh. Isn't it obvious?

"Three Rings for the Elven-kings under the sky,
Seven for the Dwarf-lords in their halls of stone,
Nine for Mortal Men doomed to die,
One for the Dark Lord on his dark throne
In the Land of Mordor where the Shadows lie.
One Ring to rule them all, One Ring to find them,
One Ring to bring them all and in the darkness bind them
In the Land of Mordor where the Shadows lie."

Quick! We need some midgets and an active volcano!

Beware the word "cyber"

[SlappyBastard]

Where you see the word cyber, there is an idiot nearby waiting to waste your money.

Obviously....

[lattyware]

It's the WEP key for their WiFi. Handy for all staff who forget easily.

Re:Cyber Command doesn't understand MD5 do they.

[s0litaire]

It's a continuation of the US's "Security by obscurity" policy.

Re:Unwise

[networkBoy]

hey, on the bright side if they try to change it and say it's always been that way, we can point at their logo (especially any that are engraved) and say: nuh-uh you changed it!
-nB

Another level of coding?

[SloWave]

What's more interesting is if you take the first letters of each word in their mission statement and parse them correctly, you get 'UPC is a cat' followed by a list of acronyms for all sorts of shadowy secret organizations and technologies...

upc is a cat dto ados dod in a pta wd cfs mco io tea ia de UA foa i cad tst oa

MD5 - supposed to be pretty basic

[Firethorn]

I almost replied before I saw the GP's post explaining it, but was hesitant because I was wondering if you were trolling.

'googling it', in this instance, or looking it up on wiki is fairly logical because it will give you a well written description without us going through the effort of writing it ourselves.

I didn't realize it was essentially a random, unrecoverable number.

It's deliberate that you're not able to recover the original message from the MD5 sum, but 'random' is very much NOT true. It's used as data verification - a small change, even just a bit, in the message stream will result in a vastly different number. But feed it the same data, and you'll get the same number back, every time.

This allows you to verify things like messages and binaries haven't been altered from their original verified state.

Mysteries within mysteries...

[Tetsujin]

When you run the numerical code in the US Cyber Command's logo through a standard two-pass RSA decryption, match it against known quantum fractal ciphers, look at it in a mirror while standing on your head, and de-converge your eyeballs to get the stereo effect, it reads as follows:

"A/S/L?"

But what could it possibly mean?