Mafia Boss Using Crook Crypto Captured 378
boggis writes "Discovery is running a story on Bernardo Provenzano, the recently arrested 'boss of bosses' of the Sicilian Mafia. He apparently wrote notes to his henchmen using a modified form of the Caesar Cipher, which was easily cracked by the police and resulted in further arrests of collaborators. Discovery's cryptography expert describes it as a code that 'will keep your kid sister out'."
Substituion Cipher? (Score:4, Informative)
People have been using frequency analysis [wikipedia.org] for over a thousand years to crack substitution ciphers!
Not very smart (Score:5, Informative)
To put that into computer terms, he ROT13ed the text. This sort of cipher was used by Caesar not because it was secure, but because most people couldn't read. Even those that could read undoubtedly lacked sufficient education to consider a cryptoanalysis of the text. But if someone does consider a cryptoanalysis, it is incredibly easy to break this cipher.
Simply substituting the first letter with each letter of the alphabet allows for a brute force attempt at decoding by then replacing the rest of the letters with the exact same offset used on the first character. This method ensures that the message will be decrypted even if the alphabet has additional characters. (Either for purposes of obfuscation or additional information.) The only method that can be used to prevent an attacker from using this simple decoding method (you don't even need a computer!) is to mangle the alphabet somehow. For example, if the alphabet is backwards an attacker would have more trouble decrypting the cipher. Even then, however, a simple statistical analysis on the occurance of the letters would quickly decrypt the message and reveal the secret alphabet used.
That being said, this particular mobster was smart enough to realize that a simple cipher like this would be insufficient to deter a decoder. So he attempted to confuse would-be attackers by using a number code to obscure names. I imagine that he thought that attackers would assume that he was using a codebook to keep track of the assigned names. Unfortunately (for him), his 8th grade education was obviously insufficient for him to know that his number sequences are very similar to compression techniques. Anyone with experience would note that the codes were far too long, and that the number 1 appeared quite often. Its appearance suggests that its a "trigger" for interpreting the next number differently.
So there you have it, security through obscurity does not work.
Re:If only.. (Score:3, Informative)
Or you could try the one in Cryptonomicon. The details elude me, but I recall it being something like RC4 with a deck of cards.
This was a cipher called Solitaire, which was created by Bruce Schneier. It has been horribly broken.
Simon
Re:Not very smart (Score:2, Informative)
Kahn Do. (Score:1, Informative)
Re:How many letters are in the alphabet? (Score:3, Informative)
Re:If only.. (Score:5, Informative)
Re:If only.. (Score:2, Informative)
To see all of the problems concerning the solitaire algorithm, see http://www.ciphergoth.org/crypto/solitaire/ [ciphergoth.org]
Cryptography is not the important point (Score:5, Informative)
The important point is that he managed to stay at large, not as a fugitive, in the neighbourhood of Corleoni (Sicily, Italy) for almost 43 years without being noticed or identified and while still heading at full steam the Cosa Nostra [wikipedia.org]!
So, as far as security and privacy is concerned, a good design can make poor technology rock!
Solitaire (Score:5, Informative)
(The article does exist in the Internet Archive at
http://web.archive.org/web/20050206214237/http://
It does describe what sound like they might be some problems with the randomness of the keystream, but it doesn't seem like a complete break. Sorry for pasting the address, but Slashdot doesn't seem to like IA links much.)
Anyway, I'd be curious in knowing what the problems with it are.
Re:Showing your hand: word to the wise-guys (Score:3, Informative)
Well we don't know if that's the only way they had of breaking it. It was probably one of the easiest though. Often the weakest part of any cryto algorithm isn't the algorithm. It's cheaper and faster to go for the soft targets first.
Re:If only.. (Score:1, Informative)
http://www.resonancepub.com/homecrypto.htm [resonancepub.com]