back to article Spaniard claims WWII WAR HERO pigeon code crack. Explain please

A 22-year old Spaniard claims that he's cracked a previously unsolved WWII coded message. Others have claimed this before and there's nothing particularly solid to back up the latest effort, but let's have a look at it anyway. Dídac Sánchez claims that he had cracked the encryption scheme used in the last undeciphered message …

Page:

  1. DrXym

    Snakeoil

    Get Bruce Schneier on the case.

    1. Michael Wojcik Silver badge

      Re: Snakeoil

      No reason for Bruce to bother with it (though I wouldn't be surprised if he mentions it on his blog - doesn't seem to have yet - since it's getting some press). He and pretty much every reputable cryptography expert have been saying for decades that cryptographic systems which aren't based on solid, published research, including cryptanalysis by experts, are high-risk.

      And, of course, we're not in any desperate need of new cryptography algorithms. Any new system needs a compelling advantage to be commercially interesting, and needs some significant difference to be interesting even as a theoretical exercise. That's particularly true for symmetric encryption, where we have algorithms that perform well under all our (published) metrics and have received a lot of scrutiny.1

      You can find all sorts of proposals for symmetric algorithms on places like sci.crypt (I contributed to a few back in the day). The vast majority never go anywhere because why do the work? And then there are algorithms which have received competent scrutiny but are less commonly used because they are or were encumbered, or aren't endorsed by big customers, or whatever - like CAST, Twofish, and Camellia.

      All the hard problems in cryptography-related areas of IT security are elsewhere.

      1There's arguably some room for innovation in stream ciphers, but with the popularity of GCM the motivation for a software-friendly stream cipher is greatly diminished.

  2. M man

    I'm amazing...nobody can disprove it..

    Now you enjoyed the clickbait...why dont you buy my new untested software

    1. Michael Wojcik Silver badge

      Re: I'm amazing...nobody can disprove it..

      Even if he could prove he'd cracked the encryption, there'd be no reason to buy his software. Even if he could prove he'd developed a new type of symmetric cryptographic algorithm with some advantage over the current state of the art, and had implemented it in his software, there'd be no justification for buying it. "New" is not a selling point when it comes to cryptography.

  3. hatti

    Useful

    Could come in handy if WW2 starts up again

    1. Anonymous Coward
      Anonymous Coward

      Re: Useful

      Did it ever really end?

      1. hatti

        Re: Useful

        I suppose not, at least one pigeon has not completed their mission

    2. Anonymous Coward
      Anonymous Coward

      Re: Useful

      Could come in handy if WW2 starts up again

      Would that be WW2.1 or WW3? There are certainly enough betas running :(.

      1. TeeCee Gold badge
        Coat

        Re: Useful

        Apparently we're skipping 3 and going straight to WW4.

        1. veti Silver badge

          Re: Useful

          You mean WWOnline, or WW365?

        2. YetAnotherLocksmith Silver badge

          Re: Useful

          We've skipped a few cyber world wars, and are going straight to WWW.

  4. ElReg!comments!Pierre

    Surely this isn't a publicity stunt?

    Especially reading this from the contest rules: " If none of the messages coincide with the original text, the notary proved by a certificate indicating the number of proposals received, and the fact that nobody has been able to solve it."

    For now I'm trying to decipher the English version of the website. I'm making progress but I am still having trouble with pieces like "Contestants also achieve decipher it and explain how encrypted, remain in reserve, in case the first contestant gather together one of the two requirements to be declared the winner."

    I think one of the encryption techniques used in that 4YEO software may be Google Translate...

    Now, hearing how he plans to use a text encryption technique to create "a software for encrypting phone calls", as stated o the main page, could be interesting. Or amusing.

    1. Mark 85

      Re: Surely this isn't a publicity stunt?

      Multiple passes through Google Translate and several languages should make pretty much anything indecipherable.

  5. Doctor Syntax Silver badge

    Have I read this right? He's decoded the message and is now going to sell the system used as secure because nobody had been able to decode it?

    1. ElReg!comments!Pierre

      Exactly.

      As stated on his website:

      Thanks to the program 4YEO you can send emails, fully encrypted, secure in the knowledge that only you and the recipient can read its contents. Even if the email is intercepted, it will not be deciphered as it has not been deciphered the message of the Second World War.

      Foolproof.

      1. This post has been deleted by its author

        1. Thecowking

          Re: Exactly.

          If it's a one time pad, that's exactly true.

          The logistics of using a one time pad for every communication are... hard. Especially with the requirement that the pad be of greater length than the data it encodes and the recipient having an idential copy of said pad.

          But a one time pad is simple enough to use by hand and unbreakable if used correctly

          1. Anonymous Coward
            Anonymous Coward

            Re: Exactly.

            If he used a one-time pad that was random, used only once (and I assume lost), then it's practically impossible for this guy to prove that he has done what he claims to have done. I wouldn't buy ice in Antarctica from this con man.

            1. Michael Wojcik Silver badge

              Re: Exactly.

              then it's practically impossible for this guy to prove

              Completely impossible. An OTP, used correctly, makes all plaintexts of the same length1 equally probable. There's no basis whatsoever for supporting a claim that a given plaintext corresponds to a given ciphertext. You have to have some external channel to confirm it.

              1And of course the length can be disguised by various means - abbreviation and reference to external content to shorten it, padding and self-delimiting to lengthen it.

      2. Anonymous Coward
        Anonymous Coward

        Re: Exactly.

        Nothing is every foolproof because fools are so ingenious.

        And I ought to know. I'm one of the most ingenious ones.

  6. dorsetknob
    Black Helicopters

    Howt to heap shit on your own head

    "To date, the intelligence services have been unable to crack this message's code because they were missing the code word, the code book and the encryption method used. After successfully deciphering the method used I have developed a piece of software that I believe is one of the most secure in the world, because I have adapted the British code to the data security required today by new technologies," Sánchez claimed.

    roll in the legal vultures

    Guy has just admitted to breaching the official secrets act + copyright infringment

    black helicopters inbound

    1. Zippy's Sausage Factory

      Re: Howt to heap shit on your own head

      Given that GCHQ have known about the message since 2012 - and issued press releases about it - does rather suggest that it's about as secret as the front page of the Daily Mail.

      As for the copyright infringement bit, well, I think we'd be talking patents rather than copyright - and they'd have expired in the 60s at the latest...

      1. Anonymous Coward
        Anonymous Coward

        Re: Howt to heap shit on your own head

        Stuff protected under the OSA has no time limit. It needs to be positively declassified otherwise it remains secret for ever and a day.

        Some bits of WW2 info are still top secret. I've beed to Kew and seen some of the files and noticed where bits are missing. This was in relation to the liberation of Bergen-Belsen. My Father was in the first tranche of Allied Troops to enter the camp.

      2. razorfishsl

        Re: Howt to heap shit on your own head

        These are the same people who for 70 years let the world believe the Americans had the first computers.....

    2. John Brown (no body) Silver badge

      Re: Howt to heap shit on your own head

      Guy has just admitted to breaching the official secrets act"

      Does that apply to a Spaniard who never signed it?

      1. Richard 12 Silver badge

        Re: Howt to heap shit on your own head

        Signing or not is irrelevant, though nationality is.

        That said, it's pointless self-aggrandisement anyway.

        They used one-time pads for this encryption.

        Make two identical lists of totally random code:value pairs, send one out to the field and keep the other for decoding.

        As long as your one-time-pad generation system is truly random with sufficient entropy, and you can keep both pads secure, it is genuinely unbreakable.

        Inconvenient though, as once the pads are used up, no more messages until you can get a new one to the other party.

      2. Jonathan Richards 1

        Re: Howt to heap shit on your own head

        It applies to anyone in the UK jurisdiction, and you don't *need* to have signed anything to be subject to it. The declaration one signs is merely to confirm that one has had the provisions of the Act drawn to one's attention.

      3. jonathanb Silver badge

        Re: Howt to heap shit on your own head

        Yes, signing the official secrets act makes no difference, you are bound by it anyway. The government only asks people to sign it to make them aware that they are dealing with official secrets.

  7. Scott Broukell

    Message Reads:

    'Send three and fourpence we are going to a dance' - Message Ends

  8. dotdavid

    "To demonstrate the security of the 4YEO system, Sánchez has published a message with an identical structure on his website, where he is offering EUR25,000 to anyone who can successfully decipher it."

    So, er, how do we know he hasn't just posted random gibberish on his site and claimed it is actually encrypted text? Such an encryption scheme would indeed be undecipherable.

    1. Michael Wojcik Silver badge

      For that matter, even if it is a real ciphertext corresponding to some meaningful plaintext and encrypted with his cipher, he can just claim any correct submissions are wrong - unless he's provided some verifier (like a cryptographic hash of the correct plaintext).

  9. Peter Simpson 1
    Happy

    Ob:

    BE SURE TO DRINK YOUR OVALTINE

    // all caps and no punctuation for authenticity

  10. Your alien overlord - fear me

    1. His website is done in such poor English, his message is probably just as bad.

    2. Send in Chuck Norris to beat the sh!t out of either sender or recipient and hey presto, you know the message. The only cracking here is of their heads.

  11. Anonymous Coward
    Anonymous Coward

    Windtalkers

    perhaps a little Navajo could come in handy?

    1. Anonymous Coward
      Anonymous Coward

      Re: probably something like

      Mabel is on the chair

      The dogs are barking

      Where is Mr Smith

      that's the type of messages they used to send and the recipient would know what is meant by each one

      Listen to any WW2 era BBC radio show for hidden ones

      1. Destroy All Monsters Silver badge

        Re: probably something like

        But then you wouldn't need to encrypt it? (Carrying TWO codebooks around is a bit nightmarish)

        1. Steve Knox

          Re: probably something like

          Memorize the code phrases.

          Encrypt so that the code phrases are not obviously code phrases.

          1. pffut
            Holmes

            Re: probably something like

            > Encrypt so that the code phrases are not obviously code phrases.

            As opposed to obviously being encrypted content? Oh yes, so much less noticeable by counterintelligence...

            1. Steve Knox
              Facepalm

              Re: probably something like

              Whether code phrases or encrypted content, counterintelligence will likely know they have a message of some value anyway.

              If the message is just code phrases, they'll know they need to get or reverse-engineer* the code book.

              If the message is encrypted as well, they'll have to decrypt it before even finding out that they need a code book.

              The more layers they have to go through, the less likely they'll figure out what that value is.

              * By, for example, capturing conversations and correlating them with events.

              1. Destroy All Monsters Silver badge
                Thumb Down

                Re: probably something like

                The more layers they have to go through, the less likely they'll figure out what that value is.

                You must be the kind of person who keeps your dog on three leashes, one of them electronic.

                Once your sergeant( carrying lots of paper, matches and suspiciously many books by Jane Austin as well as a OTP) has applied all the useless layers he will be holed, have "volunteered" to help the SS with their enquiries or the value of your message will be zero.

      2. Ugotta B. Kiddingme

        Re: probably something like

        "Have you a match?"

        "No, I use a lighter."

        "Better still."

        "Until they go wrong."

      3. Dan 55 Silver badge

        Re: probably something like

        The Red Kipper flies at midnight?

  12. Dave 32

    Poem Code?

    Could the original message (and, thus, presumably 4YEO) be a "Poem Code"?

    https://en.wikipedia.org/wiki/Poem_code

    Dave

  13. Cynic_999

    Unless the algorithm is trivial (e.g. ROT13), any attempt to decipher can only be contemplated if there are some known details about the plaintext or algorithm. What language the plaintext is in, for example, or some idea of the algorithm. In most cases several examples of encrypted messages are required in order to make comparisons and perform statistical analysis (e.g. on letter frequencies). So a one-off encrypted message is highly likely to be uncrackable, but if the algorithm is in common use it becomes a far easier task (especially if the algorithm is known via reverse engineering the encryption/decryption program).

    The present commonly used encryption algorithms (AES, DES etc.) have had a great deal of effort put into them to ensure that the encrypted output is not susceptible to statistical analysis or other code-breaking techniques even though the algorithm is known, and there is no similarity (apart from length if random padding is not used) between 2 encrypted versions of the same plaintext encrypted with a different key, and the key cannot be determined even if both the plaintext and ciphertext are available to the code breaker (which they frequently are).

    None of the encryption techniques used in pre-computer times were anything like as strong (except OTP encryption which is logistically impractical for most purposes). I would be very surprised if an individual has come up with a strong encryption method based on a WW2 technique. "Enigma" ciphertext would have been easily brute-forced by a modern laptop PC, and it was very advanced for its time.

    1. Anonymous Coward
      Anonymous Coward

      Are "book" codes easy to crack? The ones where each end uses an agreed edition of a common book and the coding references a word/letter by page, paragraph, line, word/letter offset numbers.

      1. Charles 9

        "Are "book" codes easy to crack? The ones where each end uses an agreed edition of a common book and the coding references a word/letter by page, paragraph, line, word/letter offset numbers."

        It depends on how the book is kept. If it's based on something you have to carry with you, if you're caught they can use the book in your possession to try to decipher the code. Things that are too common (like newspapers) are also risky as the enemy may well have one of these and will try it as a matter of course.

        1. veti Silver badge

          With "book" codes, a lot depends on the discipline of the person writing the coded message. If they do as they're supposed to, and refrain from repeating the same reference too often, then they're pretty good. But if they get lazy and start using the same reference for a particular word - maybe an uncommon word that they can't avoid repeating - then the code becomes much easier to crack.

          (That's one reason why they've fallen out of favour - they're inherently labour-intensive, and only really robust when used by experts.)

    2. Chris G

      Plaintext language

      "any attempt to decipher can only be contemplated if there are some known details about the plaintext or algorithm. What language the plaintext is in, for example,"

      Being a WWII RAF message I'm betting on this; https://www.youtube.com/watch?v=5rKYL0tW-Ek

      Uncrackable!

  14. Turtle

    IP over Avian Carriers RFC 1149

    "IP over Avian Carriers (RFC 1149) is an Internet protocol for the transmission of messages via homing pigeon." (https://en.wikipedia.org/wiki/Homing_pigeon also the following:)

    "In September 2009, a South African IT company based in Durban pitted an 11-month-old bird armed with a data packed 4GB memory stick against the ADSL service from the country's biggest internet service provider, Telkom. The pigeon, Winston, took an hour and eight minutes to carry the data 80 km (50 miles). In all, the data transfer took two hours, six minutes, and fifty-seven seconds—the same amount of time it took to transfer 4% of the data over the ADSL." (ibid)

    1. This post has been deleted by its author

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon