Re: Newbie - How can I figure out which cipher was used...

From: X (x_at_x.x)
Date: 08/26/04 

Date: Wed, 25 Aug 2004 20:40:41 -0400

On Wed, 25 Aug 2004 23:45:56 GMT, Jim Gillogly <jim@acm.org> wrote:

>Chances are it's not one of these: the index of coincidence is
>too high, and with a Vig (or autokey) with a reasonable length
>key you'd get a much lower overall IC.

Ok. There's at least a little comfort in that. I've spent a week
learning more about Vigenere than I ever hoped. :-)

I've managed to crack some of my own Vigenere (and found many tools to
do it automatically, like vcrack, vigsolve, etc.) But I'm having
trouble with autokeys.

As for the IC, you say it's too high; is there some kind of reference
on what approximate IC I should expect from cipher X? I've got a few
I've generated from my own tools (wrote a few ciphers to "practice"
on, that's a lot of fun.) but I'd rather not have to write 40
different ciphers just to get the ICs. I've read that english is
around .0667 and that I can find the key lenght of Vig's using it, but
not much more on using it for other types of ciphers.

I've also wondered about a "triple" Vigenere (because of the 3). Would
ciphering 3 times with different keys alter the IC? How hard would a
triple vig (with 3 different keys) be?

>It's not Enigma, because again the IC is too high. With 700
>characters you have a chance of a diagnosis because letters
>can't encrypt to themselves: that is, the letters ETAOINSHRDLU
>when taken as a whole will show up less (perhaps significantly
>less) than in the underlying language. I'm not sure if 700 is
>long enough for that, though. And besides, it's not Enigma. :)

Well, unfortunately, 700 and a few is all I've got :-). I hadn't
thought about letters not enciphering themselves; I'll check that out
and see if I can get some leverage from that.

>It's not traditional Playfair, because it has digraphs with two
>of the same letter. Of course, one can always worry that the
>kind used for the JFK PT109 message was used here, which *does*
>allow the doubled letters, but that's unusual. It doesn't
>smell very digraphic, though.

I didn't spend much time on Playfair either. I'll look up that JFK
PT109 to see if it could apply, but from what I understand, it should
be a more "commonly known" cipher.

>> I found some interesting information on the "Index of Coincidence" and
>> I get peaks at 5, 7 and 35... but I'm not sure how to proceed from
>> there. The highest peak is at 35, would that indicate a 35 character
>> key?
>
>I doubt it, but there may be *something* in there. It is
>indeed high in the short sample you gave. I'd put it on
>the list of "interesting phenomena to try to explain".

That's what I'm wondering about. The IC is pretty stable, but jumps at
5, 7 and 35 (I've tested the IC up to 100). I've only learned about
the IC yesterday, so I've got more investigating to do there... I
haven't found much about it on the internet.

>Gronsfeld will break the same way as Vigenere. Fractionated Morse
>has its own oddities -- I don't have a very specific test for it,
>but it's always worth a try.

Maybe. Haven't seen much on F. Morse (except how to cipher with it) on
the internet. Not much about attacking it.

>If it's a substitution of some sort, with 700 characters it's
>not unlikely that there are some good long repeats that will be
>helpful. These can indicate repeated words or phrases. The
>3-letter repeats in the sample aren't convincing, though.
>Looking at repeats is in general interesting and enlightening
>with an unknown, and their absence helps you rule things out.

I'm led to believe that the message itself is just a jumble of random
words; not in any way grammatical sentences. So I can't count on
finding a lot of "the", "and", etc. I also think I know how many words
I'm supposed to end up with.

I guess even with random words, some letter combinations must show up
more often than others.

>You're on the right path. You might look further at the "3" hint.
>Is the full plaintext a multiple of three? Does a frequency count
>of the whole thing as trigraphs show any interesting phenomena?
>Do the first, second and third letters of the trigraphs have any
>particular consistency or oddity? The IC has peaks at 6 and 12
>also (for the sample you gave), which could indicate a factor of
>three being involved.

I posted only a short sample because I want to break it myself (didn't
want someone to reply saying "Oh, that. Pfft! It's a simple Reverse
Crypt-Fu cipher using a sliding key window with anchovies" or some
such... :-)

I'm on a path alright. Only I feel like it's heading right into a
brick wall. I've been playing around with the 3 for a few hours,
haven't found anything interesting yet. I hope it doesn't mean "triple
ciphered"! (I can handle double Rot-13, but beyond that...)

I'll try the x-graphs (by the way, I found some of your messages on a
thread on how to break an autokey with tetragraphs... very
interesting!)

And then I remembered seeing your name a few times while searching on
the web and on Googling it found out about how you solved most of the
CIA's Kryptos monument. Color me impressed!

Relevant Pages

  • Re: Newbie - How can I figure out which cipher was used...
    ... > determine which cipher was used to create the CT? ... that is, the letters ETAOINSHRDLU ... 3-letter repeats in the sample aren't convincing, ... second and third letters of the trigraphs have any ...
    (sci.crypt)
  • Re: Ive seen things you people wouldnt believe...
    ... characters to characters (usually letters to letters), ... the code word for a plaintext word was chosen ... have the words you need, you are reduced to a substitution cipher, ...
    (rec.arts.sf.fandom)
  • Re: Another thought about beale treasure Ciphers
    ... I meant to say Beale signature. ... You need only suspect this cipher a fraud and the ... information from the Beale letters? ... start to see problems forming in a future word in the remaining ...
    (sci.crypt)
  • Re: How easy it is to solve "classical" crypto?
    ... then with Hill cipher (lets say you dont know the ... These repeats will still ... there should be a good number of repeats in the Hill output. ...
    (sci.crypt)
  • Re: Keyword Question
    ... Cipher: securityabdfghjklmnopqvwxz ... It only works because I know where the plain alphabet letters are ... That still doesn't explain how the keyword was chosen. ... And neither does 'security' have any special significance here. ...
    (rec.puzzles)