Forgot your password?
typodupeerror

Enemy Code Broken 137 Years Late 61

Posted by ScuttleMonkey
from the things-to-do-when-you're-bored dept.
Random Hall writes "Dr. Kent Boklan, a former NSA employee and current Director of Security Research for Razorpoint Security Technologies, has described how he recently deciphered a message encrypted by Confederate Army General Edmund Kirby Smith on 14 September 1862."
This discussion has been archived. No new comments can be posted.

Enemy Code Broken 137 Years Late

Comments Filter:
  • by iMaple (769378) on Tuesday June 06, 2006 @02:08AM (#15477830)
    I am the enemy, you insensitive clod !
  • it didn't take that long to decode the enigma. That is one of the biggest problems with using technology to encode things, if the hardware falls into enemy hands, it can be deciphered much faster than capturing an enemy troop member high-enough up there in the chain of command willing to devulge the information through torture and such.
    • by patio11 (857072) on Tuesday June 06, 2006 @03:12AM (#15477945)
      Granted, this particular artifact was undecoded until recently, but the Confederates' crypto scheme was busted into little itty bits during the war. The reason was, drumroll please, user error. Just like the Germans in WWII, they had a decently-secure cryptographic method combined with keys which were repeated on a regular basis. I highly recommend the book The Ultra Secret for an in-depth discussion of how far the Allies got on breaking Ultra (the Engima code) even before they captured the hardware -- there were several German signal operators who were sloppy and one particular favorite of the Brits and Poles working on the problem used his girlfriend's initals to encrypt every message for years.

      Cryptanalysis is, informally, the study of turning other peoples' "harmless mistakes" into "catastrophic errors". (Incidentally, this Confederate document got broken because they stored the cyphertext with plaintext which contained a sliver of the plaintext that was encoded, allowing the analyst to do a known-plaintext attack on the cypher. Thats also a boo-boo.)

    • That's also why security through obscurity [wikipedia.org] is bad. If your crypto algorithm is secret (as in a "secret machine" like Enigma, or as in "our brand new military-grade Bull-Shit-Algo(tm) is trade secret"), it becomes part of the key and has to be protected as well (as by Kerckhoffs' law [wikipedia.org]).

      That's where Enigma failed : it's internal functions were part of the secret. Once captured it could be reverse engeneered (and flaws in it discovered).
      Compare to another technology based encoding : PGP, GPG, etc... they all op
      • Enigma failed because of the efforts of Marian Rejewski and his associates. It was mathematical analysis that won the day. Similarly, the Japanese Purple machine was broken and reverse engineered without any access to Japanese hardware.
        • the Japanese Purple machine

          I think it's time for me to re-read the non-fiction again when Purple [wikipedia.org] doesn't sound like the right name and Indigo [wikipedia.org] does.
        • Sure. And I said "Once captured it could be reverse engeneered". Not was .

          Also notice that most exploits of Enigma where based around flaws of the device that needed knowledge of internal workings.
          Whether this interal were know by doing statistical reverse-engeneering on messages (the feats of Marian Rejewski [wikipedia.org] your refering to), or by getting actual machine (mentionned on the Enigma [wikipedia.org] article, but I don't have specific example), the key aspect is that once the working known, the code can be broken. Keeping
          • The first Enigma machines were commercial freely available before WW2. While the Germans did try to keep
            the exact design of the military machine secret, that was just normal paranoia, not because they knew the crypto was weak once you had the machine.
            A standard 3 rotor Eingma has a keyspace of size 6 x 26^6, which in pre-digital computer days looked pretty good.
          • Also notice that most exploits of Enigma where based around flaws of the device that needed knowledge of internal workings.

            The vast majority of cracking enigma messages relied on "cribs", or sloppy handler procedures, like using the equivalent of "qwerty" as a random rotor setting(called "Herivelismus").

            ...the key aspect is that once the working known, the code can be broken. Keeping secrets relies on keeping both the machine AND the keys secret.

            This is plain wrong. The Germans always counted on that the a
      • That's also why security through obscurity is bad. If your crypto algorithm is secret (as in a "secret machine" like Enigma, or as in "our brand new military-grade Bull-Shit-Algo(tm) is trade secret"), it becomes part of the key and has to be protected as well (as by Kerckhoffs' law).

        While there's some truth to this, lack of obscurity is a double-edged sword. If your enemy knows your encryption algorithm, it can attack it from a much better position. How many years has NSA been grinding away at (for insta

        • Call me stuborn, but I stick to Eric S. Raymond's philosophy :
          "With enough eyes, all bugs are shallow".

          If after years of public scrutinity, a very large community of cryptographer consider a given crypto-algo of not being flawed, chances are, that it'll be less flawed than something you secretly put together in hast in some dark and secret bunker.

          Concerning the mention of "military-grade" :
          I mentioned it because most of the time (as proved, for exemple by guillermito [guillermito2.net]), when a program advertise itself as "mi
      • exactly my sentiments!

        and so we vote for open sourced systems for encrypted polling machines ;)

        amen!

        * lon3st4r *

    • It took four years to break the three wheel enigma and that was with access to the Enigma manual that had the plain text of an encoded message. Breaking the form of enigma used by the German navy took longer and the allies spent thousands of man hours building machines that could perform the calculations fast enough. Also, it took additional thousands upon thousands of man hours to create and operate a machine that could decode the four wheel enigma machine when it was introduced in 1942.
  • by onallama (515297) on Tuesday June 06, 2006 @02:19AM (#15477849)
    ...a code doesn't have to be unbreakable forever; it just has to be unbreakable for long enough.
    • by kestasjk (933987) on Tuesday June 06, 2006 @02:30AM (#15477870) Homepage
      RTFA; the author didn't allow himself to use any methods which weren't available at the time. He didn't use computers, and this message could have been broken in the same way and in the same amount of time as when it was written.

      To summarise it was a known plaintext attack. His signature was EKS, and he signed his signature encrypted. The author worked back from there.
      • I have to admit, that was what impressed me the most. I would have written a software solution myself. Doing it all with only his mind, pencil and paper was just way too cool.
    • Not long enough yet, now the South will never rise again.
    • This didn't change the result of the war.

      LK
    • I dunno.

      Something's up if the Confederacy was still issuing messages 137 years ago--in 1869, five ears after that little meeting at the courthouse . . . :)

      (yes, the figures come from the article, which describes the letter appearing in a 1999 catalog, which was indeed 137 years after the message. The article then calls it "recently" decoded in a 2006 article.

      The ever-alert slashdot editors caught this, of course . . .

      hawk
  • Details... (Score:3, Informative)

    by damaged (60781) on Tuesday June 06, 2006 @02:24AM (#15477855)
    First off, why the hell is this under IT?!?

    It would have been nice if the write-up gave a little more detail. It was encrypted using a Vigenere cipher [wikipedia.org] with a key of "BALTIMORE".

    For those too lazy to read the article, here's what the message said:

    The enemy rapidly concentrating at Louisville and Covington. They are confident of soon crushing my force here it is important out communication with each other should be kept open I shall present a bold front in order to deceive the enemy as long as possible and when compelled I shall fall back upon you. Marshall is still far behind. E.K.S.
    • by Anonymous Coward
      First off, why the hell is this under IT?!?
      because cryptography is a technology for securing information.
    • Re:Details... (Score:3, Insightful)

      by MichaelSmith (789609)

      These guys made every mistake in the book. Putting obvious known words in your plaintext "Louisville", "Covington", "enemy" is asking for trouble. There should be a speech code inside the plaintext, one that can be changed from time to time. Use numbers for your places and throw the plan away at the end of the operation.

      Given that there was some really good maths being done 137 years ago the crypto these people used is surprisingly poor.

      • I wouldn't be too critical of the General. A Vigenere cipher was high security compared to many of the ciphers in use at the time. I am puzzled by the Confederate reliance on three "sacred keys". I would have expected them to change keys on a regular basis.

        The telegraph was new technology and it must have taken time to understand its advantages and vulnerabilities. Similar problems accompanied the introduction of radio telgraphy.

        • Re:Details... (Score:3, Informative)

          Napoleon's armies used a far better encryption scheme 60 years earlier.

          Their system was numbers up to (I think) 1000,
          • some of those numbers represented letters, numbers, special characters; several different numbers would map to a single character
          • some mapped to names, places, words
          • some mapped to nothing at all. They were simply there to confuse the issue.

          Sometimes messages were a mixture of clear text and code. One of them (which was meant to be intercepted) ran something like: I am confident of repuls

      • the biggest mistake was in leaving the encrypted message words as they were and not segregating it into four letter groups and leaving the decoder to recover the words back afterwards. It allowed him to geuss that one of the words was a placename... if they'd been four letter groups then he'd have been stuffed. All he would have had then was the short three letter "signature" giving him just "MOR" from the key
      • These guys made every mistake in the book.

        ...or maybe that's just what they WANT us to think. [cue ominous music]

        -Eric

      • Actually, the real problem is that they included the original spaces in the ciphertext. This is basically unencrypted information leaking through. This allowed the analyst to locate the encrypted form of the word "Louisville." It was this one big break that revealed the entire key.

        Had the cipher makers not included spaces, and just packed all the words directly together, this attack would not have been so easy. There are other methods for determining the key of a Vigenere cipher, but they are difficult to

  • by XanC (644172) on Tuesday June 06, 2006 @02:33AM (#15477880)
    As a Tulanian [tulane.edu], anybody who burned down LSU [wikipedia.org] is A-OK in my book. :-)
  • Ho hum. Caeser ciphers aren't new or ingenious...
    • Ho hum. Caeser ciphers aren't new or ingenious...
      A fine sentiment to express had the Caeser cipher (or even a general monoalphabetic cipher) been used here. But it wasn't. They used a Vignere cipher. So next time, RTFA, don't just glance over it.
      • Likewise, Vigenre ciphers aren't new or ingenious.. they are pretty trivial to break nowadays.
        • they are pretty trivial to break nowadays.
          With a computer, sure. By hand, for short messages, they can be very difficult to break. This particular message is something like 280 letters with a keyword length of 9. That means you've only got about 31 letters per key letter for frequency analysis. To make it easier Kirby-Smith kindly left the spaces in, but on the other hand he made some mistakes.
    • Since when is 2/3 of what's on slashdot new or ingenious?
  • 137 Years (Score:3, Funny)

    by MrNonchalant (767683) on Tuesday June 06, 2006 @03:29AM (#15477976)
    Wow. I knew Slashdot had a habit of posting old news, but this takes the cake. I am so leaving for Digg.
  • Lee thinks your plan stupidest idea ever STOP Lincoln not even that big a theater fan STOP Will probably have invented secret service in time to foil plot anyway STOP Come up with something else or quit wasting telegraph bandwidth with these moronic ideas STOP
  • by masterzora (871343) <masterzoraNO@SPAMgmail.com> on Tuesday June 06, 2006 @04:33AM (#15478138) Homepage
    It was a decoy! It was meant to be broken and the South would have won if the North took the bait! Irony is so sweet!

    (Yes, that is entirely a joke. I still expect to see 15 people asking where I found that information, and not just the ones looking for a +5 Funny. Oh well, such is life.)

  • Interesting stuff, must be quite exciting to be the first to see a piece of secret history!
    This is an interesting book I read recently on Vigenere, RSA, and others: The Code Book [amazon.co.uk]. Good read.
  • by kthejoker (931838) on Tuesday June 06, 2006 @09:24AM (#15479172)
    I didn't know Ovaltine had been invented in 1862 ...
  • A new Slashdot synonym for Vista?
  • Deciphering code from the Civil War instead of the War on Terror?!? Methinks this is why Kent Boklan is a former NSA employee.

It's later than you think, the joint Russian-American space mission has already begun.

Working...