After Weeks of Trying, UK Cryptographers Fail To Crack WWII Code

← Back to Stories (view on slashdot.org)

After Weeks of Trying, UK Cryptographers Fail To Crack WWII Code

Posted by timothy on Friday November 23, 2012 @10:18AM from the reopen-bletchley-park dept.

An anonymous reader writes "A dead pigeon discovered a few weeks ago in a UK chimney may be able to provide new answers to the secrets of World War II. Unfortunately, British cryptographers at the country's Government Communications Headquarters (GCHQ) have been unable to crack the code encrypting a message the bird was tasked with sending and say they are confident it cannot be decoded 'without access to the original cryptographic material.'"

58 of 263 comments (clear)

Min score:

Reason:

Sort:

No surprise there by Anonymous Coward · 2012-11-23 10:22 · Score: 5, Insightful

Given that the original message looks supiciously like it was encoded with a one time pad, it's really not at all surprising that they can't crack it without the relevant pad. Which was probably destroyed a long time ago.
1. Re:No surprise there by K.+S.+Kyosuke · 2012-11-23 10:30 · Score: 3, Funny
  
  Which was probably destroyed a long time ago.
  Which is, some time after destroying the one-time pet?
  
  --
  Ezekiel 23:20
2. Re:No surprise there by v1 · 2012-11-23 10:51 · Score: 5, Informative
  
  One time pads are not impossible to crack, provided you have some clues about detecting a successful decoding.
  [ citation needed ]
  Here, let me help you.
  citation
  
  In cryptography, the one-time pad (OTP) is a type of encryption which has been proven to be impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key (or pad) of the same length as the plaintext, resulting in a ciphertext. If the key is truly random, as large as or greater than the plaintext, never reused in whole or part, and kept secret, the ciphertext will be impossible to decrypt or break without knowing the key.
  So unless you classify the key as a "clue" (rather than a cluebat) you need to rethink that.
  
  --
  I work for the Department of Redundancy Department.
3. Re:No surprise there by Anonymous Coward · 2012-11-23 10:54 · Score: 2, Insightful
  
  One time pads are not impossible to crack, provided you have some clues about detecting a successful decoding. A decoding that renders a perfectly structured sentence with proper spelling, and/or recognized jargon could be picked out by computer as a "highly probable content" from all the other gibberish decoding.
  Your statement demonstrates a fundamental misunderstanding of the one-time pad. One-time pads are not like other forms of encryption, they are simply modular arithmetic with a set of random characters. The encrypted data could decode to literally anything, depending on the key used.
  https://en.wikipedia.org/wiki/One-time_pad
4. Re:No surprise there by Ksevio · 2012-11-23 10:54 · Score: 3, Informative
  
  No, a proper one time pad is random and the results will also appear random. The only vulnerability is if the pad it was generated off of isn't truly random or if it's improperly used. If the pad was used more than once or used repeatedly over the message, then there might be hints to decode it. Otherwise, you can brute force it all you want, but you're just as likely to come up with an incorrect "decoded" message as the real one. Since each letter of each word is coded with its own key, guessing the word "Germany" doesn't help you figure out if the word after is "attacks" or "retreats".
5. Re:No surprise there by jspoon · 2012-11-23 11:01 · Score: 5, Funny
  
  Grandparent is getting OTP mixed up with ROT13. I do that all the time. It cost me my job once.
6. Re:No surprise there by BetterSense · 2012-11-23 11:07 · Score: 4, Informative
  
  No. You reveal that you do not understand one-time pads.
  
  Given a ciphertext N characters long, there exists a one-time pad that will decrypt that ciphertext to ANY clear text message. So if you have an N-length bit of ciphertext (as it appears these chaps do) and you brute force it and decode an N-length string that 'looks' correct (e.g. "The fleet has launched") that's just great...the problem is that THAT clear text is equally likely to be the correct clear text as any other string of text that long, including all perfectly-structured sentences, with correct pronunciation, containing jargon...in all languages...that long. And if they are salting and/or stuffing the clear text, you don't even have the length as a clue.
7. Re:No surprise there by Pseudonym · 2012-11-23 11:07 · Score: 3, Insightful
  
  One-time pads are impossible to crack, in the sense that all messages are equally likely. Think about this for a moment. You can think of many plaintexts of that length. Each one could be the result of a different pad. Since those pads are equally likely, the plaintexts are also equally likely.
  We do have the message length, and we also have some information in cleartext (e.g. the time it was sent and who sent it). That's it.
  There are weaknesses in an OTP system, but they are typically due to poor key management.
  
  --
  sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
8. Re:No surprise there by BitterOak · 2012-11-23 11:09 · Score: 4, Insightful
  
  Your citation is incomplete. Key reuse is one way to weaken the encoding without forking over the key itself, though this needs multiple messages encoded with the same key.
  If you've re-used a key, you're no longer using a one time pad. (Hint: Why do you think it's called a one time pad? [emphasis mine])
  
  --
  If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
9. Re:No surprise there by l0ungeb0y · 2012-11-23 11:09 · Score: 5, Funny
  
  Messages small enough to be carried by pigeon were most likely necessarily small
  So you're saying that this message was quite literally a "tweet".
10. Re:No surprise there by 0123456 · 2012-11-23 11:13 · Score: 3, Insightful
  
  You're right. If you know what the decoded message is, you can easily decode it without knowing the pad.
  Otherwise, you have no chance if the pad was correctly created and used, as any character in the message can decode to any other character.
11. Re:No surprise there by somersault · 2012-11-23 11:17 · Score: 4, Interesting
  
  Nope..
  
  it is possible to "decrypt" out of the ciphertext any message whatsoever with the same number of characters, simply by using a different key, and there is no information in the ciphertext which will allow [the reader] to choose among the various possible readings of the ciphertext.
  Got that from this . It's an interesting read. In a message encrypted by a one time pad, even two letters right next to each other may not represent the same letter in the original plaintext..
  
  --
  which is totally what she said
12. Re:No surprise there by PolygamousRanchKid+ · 2012-11-23 11:18 · Score: 2
  
  If the pad was used more than once or used repeatedly over the message, then there might be hints to decode it.
  You mean one-time-pad-recycling? Like in environmentally friendly Soviet Russia . . .
  http://en.wikipedia.org/wiki/Venona
  
  --
  Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
13. Re:No surprise there by v1 · 2012-11-23 11:24 · Score: 4, Insightful
  
  Your citation is incomplete. Key reuse is one way to weaken the encoding
  Please re-read the entire cited text. Pay special attention to "never reused in whole or part"
  (also, even a single re-use can completely compromise all other messages that used a given pad, if the plaintext of a single message encoded with that pad is discovered by other means)
  I'm not a cryptoanalyst, but I play one on TV
  
  --
  I work for the Department of Redundancy Department.
14. Re:No surprise there by 0123456 · 2012-11-23 11:35 · Score: 4, Insightful
  
  You still don't get it.
  You might know that the message is 'The Commies have XXX tanks' where XXX is a number, but if the pad is correctly generated and used, the XXX can decode to any three digit number whatsoever, so that knowledge gives you no information at all.
15. Re:No surprise there by Jappus · 2012-11-23 11:39 · Score: 4, Informative
  
  But as stated elsewhere, messages are not random, so the laboratory exercise does not represent the real world.
  When you send a spy in to determine the number of tanks crossing a certain bridge, you don't consider an order for lamb chops and left hand threded eels to be a proper decoding.
  Yes, but you don't understand the fundamental problem of your argument. With an OTP, the sentence "0 tanks crossed" is just as likely as the following:
  "2 tanks crossed"
  "3 tanks crossed"
  "4 tanks crossed"
  [...]
  "144 tanks cross"
  "346 tanks cross"
  And so on and so forth. You can only run a reasonability analysis, if any of those above was less reasonable than the others. So not only would you need to know that there is a spy and that the spy counted tanks (instead of, say, planes or flowerpots), you would also need to know the exact number he counted and that the spy has not counted wrong. You'd also need to know how he phrased the answer.
  In short: You'd need to already know the decoded message to say which decoded message is correct. The reason is very simple: In a One-Time-Pad, the key and message are completely interchangeable. Given only the encrypted text, it is just as hard to find the key as it is to find the original message. This is the ideal property all encryption methods strive for.
16. Re:No surprise there by hawguy · 2012-11-23 11:55 · Score: 4, Insightful
  
  While that is true, you will note that i said probable content. Yes there are any number of equally valid decodings. However few will make sense in the context in which they were sent.
  The assertion that there are any number of possible decodings only works when you have zero knowledge of expected content, and as such its a tired and juvenile objection.
  It's not that there are "any number of equally valid decodings", but there is every possible decoding. If the word "APPLE" is encypted with a one-time pad into "XYZZY", there are potential one-time pads that will decrypt that string into "APPLE", "IPHONE", "STEVE", "WINMO", "GOOGL", "ANDRD", "SBRIN", "LPAGE", "BILLG", etc.
  How do you know which of those is the "valid decoding"? How does your knowledge of expected content help you?
17. Re:No surprise there by mysidia · 2012-11-23 12:05 · Score: 5, Informative
  
  even two letters right next to each other may not represent the same letter in the original plaintext..
  Any cipher worth its salt will have this characteristic.
  A one time pad is a mixing operation; a combination of random data with the plaintext being protected, using an operation that preserves entropy; which means that none of the randomless from the one time pad bits are lost EVEN though the plain message being encrypted is non-random, the result will have exactly as much randomness as the more random of the two bits being mixed, and therefore it is mathematically impossible to discover the value of a single bit of plaintext, without knowing the corresponding bit of one time pad.
  Nor is it possible to determine the value of any single bit of one time pad, without knowing the corresponding plaintext bit.
  Any attack requires discovering the value of the one time pad through an outside source, or exploiting a weakness in the pad, such as key reuse, OR inadequate random number generator used to produce the pad.
  The only thing you can ascertain about the one time pad by looking at the enciphered message, is its maximum potential length, since you can see the number of symbols that are printed on the card, and that will be a finite number.
18. Re:No surprise there by ceoyoyo · 2012-11-23 12:07 · Score: 4, Insightful
  
  He's right, you clearly don't understand how one time pads work.
  With a properly used one time pad, ANY message (of the same length) is equally valid. Typically you salt the message with some nonsense or whitespaces too, so any message of length = the length of the encrypted message is possible.
  So you can make up any message you want, gibberish or real words, and you have no idea if it's the real message or not. You cannot use frequency analysis, dictionary attacks, content hints, or anything else against a properly used one time pad.
  You're thinking of simpler encryption algorithms that DON'T use completely random pads. Things like Enigma. If you know something of the content of the message that can help immensely in decrypting those messages, but again, prior knowledge, guesses or whatever have no effect on the security of a properly used OTP.
19. Re:No surprise there by __aajfby9338 · 2012-11-23 12:11 · Score: 2
  
  You can discount gibberish and orders for lamb chops if you are quite confident that the message was, for example, English text, and that "lamb chops" was not a code phrase for something like "crates of ammunition". But you still can't distinguish between "FOURTEENTH TANK BRIGADE WILL ATTACK ON NOVEMBER TWELFTH" vs. "EIGTH INFANTRY BRIGADE RETREATING WITH HEAVY CASUALTIES". In any case, code words, code phrases, abbreviations, jargon and spelling errors can all be reasonably expected in legitimate military and espionage communications, so without detailed inside information, you can't even discount a possible decoding like "RABBITS ARE RUNNING DUE TO CRITICAL LAMB CHOP SHORTAGES". For any given message length, it is quite possible to come up with possible decodings of the same length with exactly contradictory meanings. Thus, even in real life, an intercepted OTP message only gives you an opportunity for traffic analysis.
  When properly implemented, one-time pad messages are truly unbreakable in the lab and in practice. Successful cryptanalysis of them is only possible when serious mistakes are made, such as using a single key more than once, using a key that can be predicted by some means, etc.
  As an aside, Between Silk and Cyanide was an interesting account of one person's involvement in WW2 cryptography related to espionage operations. If we can assume the author's account is accurate, then there was a lot of WW2 espionage activity using ciphers other than OTP, and OTP (in particular, OTP using letters rather than numbers) was a later development in the war, still further delayed by the complications of distributing key material. So, it makes sense to me for cryptologists to have made an attempt at breaking this recovered cryptogram based on the possibility that some system other than OTP was used to encipher it.
  Incidentally, five-letter groups of seemingly-random characters is a common form for enciphered text, and is not specific to OTP. It's conventional to break enciphered text into five-letter groups to make it easier to avoid losing one's place when transmitting it by telegraph or teletype. Cipher machines such as my US WW2 M-209B or my Soviet cold-war Fialka even automatically space the ciphertext out into five-letter groups. It takes actual analysis of a ciphertext to determine what system(s) may have been used to create it. For practical purposes, there will often be information called "indicators" embedded in the ciphertext, so that a busy cipher clerk will know which machine to use and which key to load into it to process that message. There are extant examples of such indicator systems that I've seen, such as in WW2 training materials for message center staff. Knowledge of the indicator system(s) in use by a particular adversary can help a cryptographer determine the best approach for a particular intercepted message, such as "assume this message is a Playfair cipher from some low-level guy we don't really care about", "send this one straight to the folks breaking Enigma traffic", or "put this one in the don't-bother-trying box".
20. Re:No surprise there by BetterSense · 2012-11-23 12:21 · Score: 3, Insightful
  
  It's humorous that you encourage me to use my head, when you are so completely wrong. Since you don't believe me, I can only invite you to read up on cryptography and one-time pads, until you understand exactly why and how you are wrong. Afterward, please attempt to educate others so that the world wastes less time arguing over solved problems.
  
  The reason one-time-pads cannot be broken is fairly non-intuitive, but it's worth understanding. You should understand that it is beyond pointless to even attempt to brute-force a one-time-pad transmission, because you know before you even begin wasting CPU cycles that you WILL find EVERY N-length message that can exist, and you will have no reason to favor any of them. That's why you don't even try. You jump right to trying known/broken ciphers, frequency analysis, looking for possible misapplications of the one-time-pad technique, or something else, because brute-forcing one-time-pad transmissions mathematically cannot work. It's not that it doesn't work, or that it's too hard, but it mathematically is beyond being possible for it to work.
21. Re:No surprise there by Chris+Mattern · 2012-11-23 12:28 · Score: 3, Insightful
  
  Key reuse is one way to weaken the encoding without forking over the key itself,
  In which case, YOU AREN'T USING A ONE-TIME PAD! It's called "one-time" for a reason, you know.
22. Re:No surprise there by v1 · 2012-11-23 12:39 · Score: 3, Insightful
  
  Length isn't even relevant. Proper use of a OTP recommends simply copying the remaining pad past the end of the cleartext, or to a random length beyond it. This makes it impossible to determine the length of the cleartext. The cleartext just ends in a standard End of Message, which can only be identified by the recipient with the pad key. "We will attack at dawn. End of Message." could be transmitted as a two page block of ciphertext. It's not a waste since the pad cannot be reused in whole or in part anyway. That entire page of pad just gets torn out of the book and burned when the message is sent.
  
  --
  I work for the Department of Redundancy Department.
23. Re:No surprise there by OneAhead · 2012-11-23 12:40 · Score: 5, Interesting
  
  Now you're just making a fool of yourself. People already linked you to a wikipedia page that explains in detail why you're wrong, yet you stubbornly refuse to read it (or perhaps you're too daft to understand what it says?)
  
  Here's a demonstration. From TFA, the secret message is:
  AOAKN HVPKD FNFJU YIDDC
  RQXSR DJHFP GOVFN MIAPX
  PABUZ WYYNP CMPNW HJRZH .
  NLXKG MEMKK ONOIB AKEEQ
  UAOTA . RBQRH DJOFM TPZEH
  LKXGH RGGHT JRZCQ FNKTQ .
  KLDTS GQIRU AOAKN
  
  My sources are telling me that "AOAKN" is most likely the identifier of the OTP or code page that was used, so the actual content of the message is
  HVPKD FNFJU YIDDC RQXSR
  DJHFP GOVFN MIAPX PABUZ
  WYYNP CMPNW HJRZH NLXKG
  MEMKK ONOIB AKEEQ UAOTA
  RBQRH DJOFM TPZEH LKXGH
  RGGHT JRZCQ FNKTQ KLDTS
  GQIRU
  
  Being a 1337 cryptography expert, I determined that the code page in the sender's code book started with:
  SBXDZ CUYSG ECWKO CMRSZ
  JRGOH DIRFA JRWEP LFXRK
  OLULB XHHAW UGKLL NUUKT
  JQPKX LMUGR IGRCC AHKCW
  OKMZZ LQOSK PPGNH YPPVW
  NRVDT RNHYD CNCCY RUVJO
  VCNNA
  Don't believe me? Go to this page, copy-paste the above "actual content" in the field that says "input" and the key in the field that says "key", and click decode.
  
  Oh wait, I was wrong, the real key is:
  ZTLJV VJXRU VERZP YMUND
  PYLYB WBHJV ZUWCR ESJNL
  FMYUI KMCKU HWYID NIJTM
  ZBITS VNBFI TGIWG MLKQS
  RMQLD PWASI AHNAS LHFBN
  PWYUN XRTPM MVDFU HXKMO
  IUUAK
  
  Allright, I'm just messing with you, it's
  JHVGR QUHCQ YFZAC EILSG
  YVTCW PABZG QALLG HVBDG
  OLAZV LGLAS QJGWZ WHVRY
  YROWQ XBAPU WTIEY UTOHI
  YXZRU ALALV OPGXD USLCW
  YSBDI GNILZ OWTSM TUMCB
  PZANC
24. Re:No surprise there by DrVomact · 2012-11-23 12:52 · Score: 2
  
  Given that the original message looks supiciously like it was encoded with a one time pad, it's really not at all surprising that they can't crack it without the relevant pad. Which was probably destroyed a long time ago.
  I'm curious: how do you tell by the looks of a cyphertext that it was encrypted with a one-time pad? Yeah, it's written in groups of five characters, and makes no (obvious) sense...but that is no clue as to the method used to encrypt the text. Breaking up words into equal groups is done (obviously) to obfuscate word boundaries, it's not a practice restricted to one-time pads.
  
  --
  Great men are almost always bad men--Lord Acton's Corollary
25. Re:No surprise there by __aajfby9338 · 2012-11-23 13:31 · Score: 4, Interesting
  
  Well, that's a matter of semantics. If you implement a large-scale, properly-designed one-time pad system, but then a pair of lazy and/or ignorant code clerks re-uses individual OTP sheets for some of the traffic between them (contrary to orders and training, of course), then do we say "it's not a one-time pad system", or that "it's a misused one-time pad system"? Either statement might be arguably valid.
  Or maybe all of your code clerks properly use each sheet once and then immediately destroy it, but the factory that produced the keying materials messed up and included duplicate sheets mixed into some of the books, resulting in compromise of the system. Which has actually happened, by the way. You might say that it wasn't actually an OTP system, or you might say it was an OTP system in which implementation mistakes were made which compromised some of the traffic. Those mistakes may have been unintentional errors or deliberate acts by undercover agents to weaken the system, but the folks who designed and oversaw the system intended to deploy a proper OTP system and thought that they were doing just that.
  Or maybe you create an OTP system, distribute good keying material without blunders like repeated pages, but then an undercover agent runs out of keying material, has no way to obtain more, and then must choose between stopping communication, communicating in plaintext, or re-using OTP sheets to get critical information through and hoping that the adversaries don't detect the situation. I lean towards calling this situation "not OTP", but it's still a matter of semantics.
26. Re:No surprise there by Coryoth · 2012-11-23 14:10 · Score: 3, Informative
  
  That's a codebook, not a one time pad. They are distinctly different. Code books are theoretically crackable given sufficient ciphertext and a model for the plaintext (e.g. English). In practice "sufficient" ciphertext is never going to happen. One time pads are uncrackable in theory. In practice mistakes can be made that make them not true one time pads and thus potentially crackable (but that require multiple messages using the same pad -- not the case here).
  
  --
  Craft Beer Programming T-shirts
27. Re:No surprise there by gadzook33 · 2012-11-23 14:40 · Score: 5, Interesting
  
  Actually I read something interesting about WWII One Time Pads. Apparently the pads were generated by women (typically) drawing ping pong balls out of a hopper and writing down the letters. The problem was if they drew the same letter multiple times in a row, they might put it back thinking that it wasn't "random" enough. Of course, in doing so they changed the distribution of letters to no longer be uniform. My understanding is that this very quickly erodes the cryptographic integrity of the one-time pad to the point where you can start to look for the plaintext based on letter frequency. I'm not saying that's applicable here (and I have to imagine the cryptographers would have looked at this) but interesting nonetheless.
28. Re:No surprise there by Anonymous Coward · 2012-11-23 15:40 · Score: 5, Funny
  
  That last batch activated my copy of Windows XP.
29. Re:No surprise there by Anonymous Coward · 2012-11-23 15:43 · Score: 4, Interesting
  
  Actually I read something interesting ...
  By 'something interesting' you must mean Neal Stephenson's Cryptonomicon. I agree, it is quite an interesting book. One of my favorites in fact.
30. Re:No surprise there by Burning1 · 2012-11-23 15:54 · Score: 2
  
  If I recall correctly, you can recover the key simply by compareing the two encrypted messages. You don't even need the plaintext.
31. Re:No surprise there by slew · 2012-11-23 16:09 · Score: 3, Insightful
  
  As another aside, one of the weaknesses of the Enigma Cipher was that the subsitution wheels never substituted one letter with the same letter. This fact turned out to be somewhat helpful in breaking the cipher...
  Many early ciphers had weaknesses that were the result of not fully understanding the loss of randomness from seemingly logical "optimizations".
32. Re: No surprise there by grumbel · 2012-11-23 17:01 · Score: 4, Interesting
  
  A clue does not help you a bit. The only thing you can get out of a OTP is the maximum length of the message, but not the minimum or actual length,. Everything else is completely arbitrary and depends completely on the key. You can literally decode all possible messages with that maximum length out of that encrypted sequence with the right key. All Twitter posts ever written, all messages passed around in WWII, a whole bunch of Haiku's and what ever else you want you can get out of that sequence with the right key. That encoded sequence is essentially just random junk without the original key. The only clue that brings you to the original message is the original key used to decrypt it.
33. Re: No surprise there by gumbi+west · 2012-11-23 17:05 · Score: 3, Insightful
  
  Your point can only be this: the set of messages that might reasonably have been sent can be guessed as the deciphered text. The actual encrypted data gives you zero information on that if the OTP was used properly.
34. Re:No surprise there by Sulphur · 2012-11-23 20:55 · Score: 2
  
  I don't think you have even the remotest idea what Venona was.
  It was the code used by the atomic spies. Alexander Fomin (nee Feklisov) was the agent in charge of the ring. Klaus Prigsheim a faculty member at KU was the host when he talked in IIRC 1960. Arthur Schlesinger Jr. was his debate counterpart. Fomin sounded a lot like Bela Lugosi.
  Several point out that it is not a OneTime Pad if you reuse the pad. The pad was reused because of the workload, and the code was broken. Fomin said that Ethel Rosenberg was not involved.
35. Re:No surprise there by AK+Marc · 2012-11-23 21:16 · Score: 3, Informative
  
  True-Scotsman is saying that someone born in Scotland doesn't count as a Scotsman because he doesn't act correctly. That's a false/useless assertion that's factually wrong and asserted only to move the goalposts for the "correct" definition. A "one-time" pad used more than once isn't just a misused one-time pad, but is also a "two-time" (or more) pad, and, by definition, is no longer a one-time pad. That's not a no true Scotsman argument, but a "you defined it properly - no fair" argument.
  
  --
  Learn to love Alaska
36. Re:No surprise there by joss · 2012-11-24 00:38 · Score: 2
  
  The people running the program understood this stuff at least as well as you. The girls picking out the balls would have been working with exceptionally clear and inflexible rules.
  
  --
  http://rareformnewmedia.com/
37. Re:No surprise there by wvmarle · 2012-11-24 02:02 · Score: 2
  
  Deviating of course weakens it. But in practice, this may be irrelevant.
  Imagine you're a German code cracker, and your men intercept like 100 messages sent out by the British forces (by shooting those pigeons) that are known to be encrypted using one-time pads and using code words. Maybe two of them have used the same pad: you don't know which ones, nor that this is actually the case.
  As one-time pads are known to be uncrackable, you're likely not even going to try.
38. Re:No surprise there by Capt.Albatross · 2012-11-24 02:27 · Score: 2
  
  Strictly speaking, Venona was the project to decrypt the intercepted messages, started once it was realized that the encryption keys were being reused. Nevertheless, MrNaz is adopting troll-like behavior in his snarky and cryptic post, and his post here, unlike yours, contributes nothing to the discussion.
39. Re:No surprise there by TeknoHog · 2012-11-24 03:30 · Score: 2
  
  Any cipher worth its salt will have this characteristic.
  I see what you did there.
  
  --
  Escher was the first MC and Giger invented the HR department.
40. Re:No surprise there by arose · 2012-11-24 13:26 · Score: 2
  
  It's like saying that long division performed with an error is not long division any more, and that therefore it's impossible to get wrong results with long division. Then furthermore defending such a position on the basis that "division" is right in the name and getting incorrect results means that you weren't dividing at all, but rather something else entirely.
  
  --
  Analogies don't equal equalities, they are merely somewhat analogous.
41. Re:No surprise there by Pseudonym · 2012-11-25 14:42 · Score: 2
  
  Actually, it was even worse than that. The same physical wires were used both for "input" and "output".
  Let me try to explain. Each rotor was a short cylinder with 26 contacts on each end. Inside the wheel were wires which connected the pads on one end with the pads on the other end. Typically, these were not the same pads. So applying a voltage to a pad on one side would make the voltage appear on some corresponding pad on the other side. This effectively implemented a permutation of the alphabet.
  The machines, of course, had several (interchangable) rotors, which rotated after every keypress. Ignoring the rotation for the moment, pressing a key would apply a voltage to one of the pads on the first wheel, then the voltage would be transferred through the wheels to the other side, so you'd apply one permutation, followed by another, followed by another.
  However, the lamps which indicated the "output" letter were not (electrically speaking) on the other side of the rotors. They were back on the keyboard side. On the other side of the rotors was a component known as the "reflector ring", which implemented yet another permutation which never mapped a letter back to itself, and then reflected the electrical signal back through the rotors. The lamps were wired to the same side of the rotors as the keys.
  That's the main reason why Enigma could never substitute a letter with itself: you need a separate return path to make a circuit.
  (Note: This is the basic Enigma design. The actual machines changed throughout the 30s and 40s, usually implementing a new security measure withing weeks or months of the Polish or British cryptographers cracking the previous one. The introduction of the steckerboard was the biggest hurdle, and famously it was Alan Turing himself who worked out a method of breaking it. I digress.)
  The weakness wasn't actually that Enigma couldn't map a letter to itself, though that did help a little. The weakness was actually that the permutation applied by the rotors in one direction was "undone" on the way out, which revealed an awful lot about the design of the system to anyone who knows some group theory. Someone like Marian Rejewski, in particular.
  You see, the bare Enigma can be thought of as a group action on an alphabet. We'll call the group action of the rotors W, and the group action of the reflector ring R. Then the overall cipher is C = W' R W. Now here's the neat bit: C and R have the same conjugacy class and hence the same cycle structure. By analysing the cycle structure of C (which you can do by traffic analysis, since all operators in the same domain started off with the same rotor settings every day), you can completely recover R.
  This theorem, by the way, is informally known as the theorem which won World War II.
  
  --
  sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
Cracked! by Anonymous Coward · 2012-11-23 10:27 · Score: 4, Funny

I just installed windows XP using the first row.
Easy! by Anonymous Coward · 2012-11-23 10:40 · Score: 5, Funny

Wenn ist das Nunstück git und Slotermeyer? Ja! Beiherhund das Oder die Flipperwaldt gersput!
1. Re:Easy! by Anonymous Coward · 2012-11-23 11:14 · Score: 5, Funny
  
  Wenn ist das Nunstück git und Slotermeyer? Ja! Beiherhund das Oder die Flipperwaldt gersput!
  HHAHAHAHAHAHAHAHAHAHAHAHA!
  
  *dies*
2. Re:Easy! by Anonymous Coward · 2012-11-24 10:39 · Score: 2, Informative
  
  It was from a Monty Python sketch.
  http://en.wikipedia.org/wiki/The_Funniest_Joke_in_the_World
Its worse than that. by Anonymous Coward · 2012-11-23 10:50 · Score: 5, Interesting

My Aunt was a radio communication specialist in the channel islands where they communicated with the underground and later the anti Nazis within the third reich. My Dad was involved in counter espionage within Great Britton. They were both recruited by the Canadian military and then trained by the combined British and Canadian military intelligence division long before the US joined in.
Not only was key info done with one time cipher it also used specialist language. For instance the word pie after decryption might be construed to be to mean supplies. Only the individuals who were taught the language could decode it and no more than a few individual agents sending info from within Germany or France used the same code specific language.
If the pigeon corpse was from D Day then it would have been really early in the landing. As the beach head was secured the code receiving specialist people moved in to undisclosed places in Normandy. Are they absolutely certain the pigeon was from D Day? If not it may have been from other sources as my aunt told me there was some underground agents using them before 1944...Some even in the Dieppe region!
1. Re:Its worse than that. by ewanm89 · 2012-11-23 11:26 · Score: 2
  
  The message was sent to GCHQ in Cheltnam to decode, GCHQ is what replaced the Government Code and Cipher School which was based at Bletchley Park and had 2 tasks: 1) keep our communications secure using codes and ciphers and 2) break AXIS codes and ciphers. People focus on the second one but the first is also important and we were very good at both parts. Now they kept copies of the code books like you describe (our bomber crews replaced them regularly and were charged with burning their copies if they crashed), these were mostly used for spoken communication where one is still saying words into a radio. I expect they just can't figure out which cipher key was used as this is a cipher not a code. And they would just have to go through the codebooks to find the right one if they found it was a code too.
Re:lol by Anonymous Coward · 2012-11-23 10:52 · Score: 5, Funny

Really, Mr. Ballmer, you need to take some anger management classes.
The Next Step. by gallondr00nk · 2012-11-23 11:00 · Score: 2

In the UK, in our authoritarian wisdom, we made it illegal not to provide passwords or decryption to encrypted material.
GCHQ are now well within their rights to arrest the pigeon to learn it's secrets.
Re:Weeks by Deadstick · 2012-11-23 11:13 · Score: 5, Informative

You would seem to miss the point. Here's a message encrypted with a one-time pad: WXYZ. Want to brute-force it? OK, try all the permutations of four letters that can exist in the OTP (36^4 of them, if the pad accommodates English letters and digits). Spoiler alert: One of those permutations will yield LOVE. Another will yield HATE. Which one is the correct message?
Re:Weeks by drkim · 2012-11-23 11:20 · Score: 2

...One of those permutations will yield LOVE. Another will yield HATE. Which one is the correct message?
Considering this is /. probably: NERD
What if that is the one time pad? by LordZardoz · 2012-11-23 11:50 · Score: 4, Interesting

What if that is not an encrypted message, but the encryption key for a message?
I am not a cryptography expert, but I suppose there would be no way to discern the two right?
If it is the key and not a message, than no amount of decryption effort would matter.
END COMMUNICATION
Re:Weeks by __aajfby9338 · 2012-11-23 12:22 · Score: 2

Neither. The correct message is "BUTT". :)
Re:There's an Idiocracy joke in here somewhere. by DrVomact · 2012-11-23 12:45 · Score: 2

For all we know 4 or 5 pigeons were released, each with only every 4th or 5th letter of the text, all encoded differently. With that kind of packet loss even three letter agencies would be at a loss
Actually, I'm pretty sure there were two copies of the message sent. I deduce this because of the arabic numeral "2" entered on the form field titled "Number of copies sent". Also, there's the identifier codes for two pigeons on the message. Or didn't you look at the pretty picture in TFA?

--
Great men are almost always bad men--Lord Acton's Corollary
One-time pad by ebcdic · 2012-11-23 12:46 · Score: 2

Having "some clues about detecting a successful decoding" doesn't help with a (correctly-used) one-time pad. Every message of the correct length can encode to the same cyphertext, for some one-time pad, so in the absence of the pad the cyphertext contains no information at all about the message except its length.
Just to be quite clear about this: you say "[a] decoding that renders a perfectly structured sentence with proper spelling, and/or recognized jargon could be picked out by computer as a "highly probable content" from all the other gibberish decoding", but *every* perfectly structured sentence of the right length with those properties is a possible decoding.
Re:It's not ROT13 by marcosdumay · 2012-11-23 13:55 · Score: 5, Funny

What did you run twice? The XOR one time pad or the ROT-13?

--
Rethinking email
Re: encoded with a one time pad by neonsignal · 2012-11-23 18:18 · Score: 2

... and in this case, sent with a one time pigeon