Breaking The Rules

147 views
Skip to first unread message

Richard Heathfield

unread,
Nov 26, 2021, 5:24:53 AM11/26/21
to
To: GCHQ, Usenet Division.
Subject: Latest intercepts.
Priority: Urgent.

Agent Alicja has sent this transmission within the last hour:

0D 17 10 0F 04 00 13 11 11 02 17 1D 13 01 1C 08
00 14 09 00 0B

Within a few minutes, Agent Bobski sent the following TWO messages:

0B 09 18 12 0C 0F 11 09 0F 14 08 08 0F 0C 1F 05
0C 06 0C 1C 15 11 18 1E 0C 0D 00 15 0E 16 08 0F
05 1E 10 18 0F 1A 16 15 1B 10 1E 07 0B 17 14 05
17 0C 11 14 0D 14 0A 01 0C 18 05 0F 0F 01 06 0C
04 08 0C 1A 1E

03 1F 08 12 19 09 1C 14 00 0C 14 08 1E 18 12 0F
04 17 19 17 15 11 02 02 0C 0A 1D 08 04 01 07 0F
07 1A 1E 06 12 1E 1B 02 06 1C 03 18 00 06 0A 03
17 0E 16 09 04 11 19 1C 0E 14 13 12 18 0A 1B 18
1C 0F 1C 1D 08

Just now, Agent Alicja replied as follows:

16 0A 00 0D 0B 00 1B 1A 1D 16 0B 1B 0F 1A 1D 11
14 00 0A 0C 1B 08 10 1D 11 1B 19 18 0E 12 19 08
0D 04 10 06 06 1C 1D 00 00 0D 16 00 05 0C 1C 0B
00 0C 01 00 0C 1D 0B 08 02 17 00 08 1A 00 12 07
10 0A 15 19 03 1C 11 0C 18 11 1F 19 1E 15 11 1D
08 0C 1C 0D 1D 0B 1A 00 0D 13 1A 15 19 00 01 00
15 0A 06 00 0F 0A 17 1A 1E 0C 00 0D 15 16 0C 0E
17 0A 0D 07 10 03 17 10 1B 14 1A 16 00 18 1A 1D
1A 17 11 0C 15 0A 0E 1D 19 1A 04 00 00 00 15 0C
11 1A 1B 15 0C 19 11 00 1D 18 17 1A 14 00 19 1D
02 10 0C 18 1D 07 10 04 00 1C 19 04 0D 1D 1D 07
11 1D 17 1A 16 10 19 09 05 1C 0B 18 07 12 01 01
0C 0E 0F 05 10 1D 12 01 1C 0C 0B 00 0C 0E 15 00
07 01 00 19 1D 13 0C 16 08 00 03 00


We are fairly sure that Alicja and Bobski are using pads. I know the
rules say it's impossible, but MI5 needs decrypts anyway, so break all
the rules! A life may be at stake! Get to it, folks!

--
Richard Heathfield
Email: rjh at cpax dot org dot uk
"Usenet is a strange place" - dmr 29 July 1999
Sig line 4 vacant - apply within

Chris M. Thomasson

unread,
Nov 26, 2021, 5:36:40 AM11/26/21
to
decrypt fantasy:

Agent Alicja: This is secret?
Agent Bobski: LOL! Heck yeah it is... ;^)
Agent Alicja: Right on Brother! OTP's galore! ;^)

Stefan Claas

unread,
Nov 27, 2021, 7:55:06 AM11/27/21
to
Not sure what you mean with breaking the rules (language barrier)
but if MI5 knows these two persons are agent Alicja and agent
Bobski and one of them operates in the United Kingdom, why do not
pay a visit, put the agent under hypnosis to reveal the secret and once
the agent woke up the agent or his agency does not know what happened.

Or do agents carry a phone home listening device with them, which
at borders can't be detected, so that their agency is always 24/7 in
contact and informed with what is going on at a special location?

Regards
Stefan

Richard Heathfield

unread,
Nov 27, 2021, 8:29:39 AM11/27/21
to
It's a hint to get you started. What are "the rules" for the
cryptosystem that Alicja and Bobski are believed to be using?

> but if MI5 knows these two persons are agent Alicja and agent
> Bobski and one of them operates in the United Kingdom, why do not
> pay a visit, put the agent under hypnosis to reveal the secret and once
> the agent woke up the agent or his agency does not know what happened.

If you want to pop round to either Alicja's or Bobski's place, go right
ahead. But I don't suppose you have their addresses, so that might not
be a winning strategy.

What cryptosystem are Alicja and Bob using?

What are the rules for that system?

Stefan Claas

unread,
Nov 27, 2021, 10:15:54 AM11/27/21
to
I am no expert like you or others here, but according to the first
short message, it could be length-preserving encryption which
has nothing to do with OTPs.

> > but if MI5 knows these two persons are agent Alicja and agent
> > Bobski and one of them operates in the United Kingdom, why do not
> > pay a visit, put the agent under hypnosis to reveal the secret and once
> > the agent woke up the agent or his agency does not know what happened.
> If you want to pop round to either Alicja's or Bobski's place, go right
> ahead. But I don't suppose you have their addresses, so that might not
> be a winning strategy.
>
> What cryptosystem are Alicja and Bob using?
>
> What are the rules for that system?

Se above, I am no expert.

Regards
Stefan

Richard Heathfield

unread,
Nov 27, 2021, 10:29:59 AM11/27/21
to
You do me too much honour.

> but according to the first
> short message, it could be length-preserving encryption which
> has nothing to do with OTPs.

Consider this: in the 20+ years or so I've been kicking around
sci.crypt, I hope I have earned a reputation for setting fair problems.
I think the first message is a stiff challenge but certainly crackable.
I don't want to give too much away but don't overthink it or ponder
using anything too terribly sophisticated. Eve's kid sister could
probably crack it. (The second and third are harder.) And think hard
about the hint given in the subject line.

Max

unread,
Nov 27, 2021, 12:40:36 PM11/27/21
to
On 27.11.21 16:29, Richard Heathfield wrote:

[...]

> Consider this: in the 20+ years or so I've been kicking around
> sci.crypt, I hope I have earned a reputation for setting fair problems.

No objection there.

[...]

Hi Richard,

are you ok with discussions and exchanging ideas about the solution here
or do you prefer everyone to approach this on their own?

Cheers,

Max

Richard Heathfield

unread,
Nov 27, 2021, 12:56:19 PM11/27/21
to
That's a decision for everyone to make themselves. Curmudgeons will
prefer to work alone, grumpy old buggers that they are, and they will no
doubt shield their eyes from any public discussion in what is, after
all, a discussion group. But you guys had better get on with it, because
the clock is ticking. Collaboration may be essential, or Something Bad
might happen!

Richard Harnden

unread,
Nov 27, 2021, 12:59:12 PM11/27/21
to
You also posted this elsethread:

37 09 0B 53 1C 4F 01 57 1B 45 0C 16 16 53 00 17
04 01 4B 00

Relevent at all?

Richard Heathfield

unread,
Nov 27, 2021, 1:12:07 PM11/27/21
to
I don't recognise it, can find no article in which I posted it, and have
grepped my challenge files for "37 09" without result. Sorry, Richard,
but it's a <shrug></shrug> from me.

Richard Heathfield

unread,
Nov 27, 2021, 1:14:23 PM11/27/21
to
AH! I REMEMBER!

No, that is nothing to do with this.

Richard Harnden

unread,
Nov 27, 2021, 1:19:04 PM11/27/21
to
Fair enough.

I figured it was probably one of /those/ replies.

Richard Heathfield

unread,
Nov 27, 2021, 1:24:11 PM11/27/21
to
It was indeed. (And it is in its own way a problem that may prove
interesting to those who consider such puzzles interesting. That is,
yes, there is a plaintext behind it... and no, it's not expletive in
nature!)

Ben Sturman

unread,
Nov 27, 2021, 4:14:17 PM11/27/21
to
I'm thinking "breaking the rules" might refer to re-using a pad--something that
would be against the rules in one-time pads. I don't know if that means both
parties are using the same pad, or each has a separate pad being reused.

I see that the minimum value of each ciphertext element is zero and the
maximum is 1F, which is 32 different values.

Richard Heathfield

unread,
Nov 27, 2021, 5:09:29 PM11/27/21
to
On 27/11/2021 17:56, Richard Heathfield wrote:
> On 27/11/2021 17:40, Max wrote:
>>
>> are you ok with discussions and exchanging ideas about the solution
>> here or do you prefer everyone to approach this on their own?
>
> That's a decision for everyone to make themselves.

I see that observations (and indeed good and useful observations) are
beginning to come in. To allow people the greatest freedom possible I
plan to resist the temptation to comment on such observations myself,
unless specifically summoned in my capacity as oracle.

Chris M. Thomasson

unread,
Nov 27, 2021, 7:10:36 PM11/27/21
to
On 11/27/2021 4:55 AM, Stefan Claas wrote:
> On Friday, November 26, 2021 at 11:24:53 AM UTC+1, Richard Heathfield wrote:
>> To: GCHQ, Usenet Division.
>> Subject: Latest intercepts.
>> Priority: Urgent.
>>
>> Agent Alicja has sent this transmission within the last hour:
[...]
>> We are fairly sure that Alicja and Bobski are using pads. I know the
>> rules say it's impossible, but MI5 needs decrypts anyway, so break all
>> the rules! A life may be at stake! Get to it, folks!
>
> Not sure what you mean with breaking the rules (language barrier)
> but if MI5 knows these two persons are agent Alicja and agent
> Bobski and one of them operates in the United Kingdom, why do not
> pay a visit, put the agent under hypnosis to reveal the secret and once
> the agent woke up the agent or his agency does not know what happened.

What if the two agents do not know what the key actually is. They have a
little usb drive. Alice encrypts, sends and destroys the usb device. Bob
decrypts and destroys his device. Now, the key is gone forever.

Max

unread,
Nov 27, 2021, 8:54:55 PM11/27/21
to
On 27.11.21 22:14, Ben Sturman wrote:
> I'm thinking "breaking the rules" might refer to re-using a pad--something that
> would be against the rules in one-time pads.

This is my thinking as well.

> I don't know if that means both
> parties are using the same pad, or each has a separate pad being reused.

Richard gave away that the messages have different difficulty levels,
the first being the easiest. So, I think, each message uses its own pad
and the repeats are inside the message. As Bobski sends two messages in
a row, he might use the same pad for both messages.

>
> I see that the minimum value of each ciphertext element is zero and the
> maximum is 1F, which is 32 different values.
>

Indeed. The messages are a bit short for a decent frequency analysis.
The first message has 3x 00, 3 double entries and the rest singles. If
the pad is reused, we need the length of the pad, XOR stretches of that
length together to get rid of the pad, try to find zeros (=equal
letters) and start from there, assuming that those are high frequency
letters. Maybe it's better to start with XORing Bobski's two messages
first (I haven't done this yet).

So far I haven't found any clue for the length of the pad of the first
message. I think it's unlikely to be 1 as the frequency analysis would
probably show more spikes (as he uses 32 characters, I guess there are
also spaces, which should be the most common. As the most common
character ("00") only appears three times in the first message one of
which is the second to last spot, I doubt this is correct. It could of
course be that the message is written in reverse (I think Richard did
this before, but it could have been someone else, too.) and it starts
with "I".

That's all I've got for now. Maybe tomorrow.

Cheers,

Max

Stefan Claas

unread,
Nov 28, 2021, 2:17:11 AM11/28/21
to
On Sunday, November 28, 2021 at 1:10:36 AM UTC+1, Chris M. Thomasson wrote:
> On 11/27/2021 4:55 AM, Stefan Claas wrote:

> > Not sure what you mean with breaking the rules (language barrier)
> > but if MI5 knows these two persons are agent Alicja and agent
> > Bobski and one of them operates in the United Kingdom, why do not
> > pay a visit, put the agent under hypnosis to reveal the secret and once
> > the agent woke up the agent or his agency does not know what happened.
> What if the two agents do not know what the key actually is. They have a
> little usb drive. Alice encrypts, sends and destroys the usb device. Bob
> decrypts and destroys his device. Now, the key is gone forever.

I wrote secret (the message content) and not secret key. :-)

Regards
Stefan

Chris M. Thomasson

unread,
Nov 28, 2021, 2:25:46 AM11/28/21
to
Rubber hose Bob, and starve Alice... That should work.

Stefan Claas

unread,
Nov 28, 2021, 2:28:55 AM11/28/21
to
On Sunday, November 28, 2021 at 2:54:55 AM UTC+1, Max wrote:
> On 27.11.21 22:14, Ben Sturman wrote:

> > I see that the minimum value of each ciphertext element is zero and the
> > maximum is 1F, which is 32 different values.
> >
> Indeed. The messages are a bit short for a decent frequency analysis.
> The first message has 3x 00, 3 double entries and the rest singles. If
> the pad is reused, we need the length of the pad, XOR stretches of that
> length together to get rid of the pad, try to find zeros (=equal
> letters) and start from there, assuming that those are high frequency
> letters. Maybe it's better to start with XORing Bobski's two messages
> first (I haven't done this yet).

While I am not in the code breaker business, but Richard said Eve's
sister can probably break it and we have 32 values I thought why
not see what the HEX values show if you use them as base32 alphabet.

But I have no clue if this would be helpful.

0D 17 10 0F 04 00 13 11 11 02 17 1D 13 01 1C 08 00 14 09 00 0B
N R Q P E A T R R C X 5 T B 4 I A U J A L

Regards
Stefan


wizzofozz

unread,
Nov 28, 2021, 4:54:54 AM11/28/21
to
Op 28-11-2021 om 02:54 schreef Max:
> letters) and start from there, assuming that those are high frequency
> letters. Maybe it's better to start with XORing Bobski's two messages
> first (I haven't done this yet).

I tried this, but got no real results yet. I do use a slightly different
method though. I just slide some guessed plaintext like ' the '
(including spaces) along the first message and assume it's correct at
that position. From that I calculate the guessed key and apply it to the
second message. If that results in not too much garbage, the guess for
the key at that position could be correct.
I also tried the other method, where I slide a guess along the xor of
the ciphertexts. No much luck either (expected, since I think the
methods are equivalent).

Here's my code (python2) for both methods if someone wants to try. The
files should contain the 'raw' binary data, thus created with xxd or so.

The only thing I found matching is at offset 21 'trynot' and 'thenhi',
but this may be coincidence. Other common words give me nothing. I don't
think spaces are used.


Method1:

#!/usr/bin/python
import sys

# open two files. xor the first file with a word to guess part of the
key and see what happens with the other file
# usage: progname guess file1 file2

c1=open(sys.argv[2],'rb').read()
c2=open(sys.argv[3],'rb').read()
cn2=[ord(c) for c in c2]
cn1=[ord(c) for c in c1]

guess=sys.argv[1]

gl=len(guess)

for i in range(len(c1)-gl):
gk=[ord(g)^c for (g,c) in zip(guess,cn1[i:]) ]
print i,''.join([chr(k) for k in gk]), ''.join([chr(g^c) for
(g,c) in zip(gk,cn2[i:])])



Method2:

#!/usr/bin/python
import sys

# open two files. xor the files and slide a guess
# usage: progname guess file1 file2

c1=open(sys.argv[2],'rb').read()
c2=open(sys.argv[3],'rb').read()
cn2=[ord(c) for c in c2]
cn1=[ord(c) for c in c1]
cncomb=[x^y for (x,y) in zip(cn1,cn2)]

guess=sys.argv[1]

gl=len(guess)

for i in range(len(cncomb)-gl):
print i,''.join([chr(ord(g)^c) for (g,c) in
zip(guess,cncomb[i:])])

Richard Heathfield

unread,
Nov 28, 2021, 5:44:57 AM11/28/21
to
On 28/11/2021 09:54, wizzofozz wrote:
> Op 28-11-2021 om 02:54 schreef Max:
>> letters) and start from there, assuming that those are high frequency
>> letters. Maybe it's better to start with XORing Bobski's two messages
>> first (I haven't done this yet).
>
> I tried this, but got no real results yet. I do use a slightly different
> method though. I just slide some guessed plaintext like ' the '
> (including spaces) along the first message and assume it's correct at
> that position. From that I calculate the guessed key and apply it to the
> second message. If that results in not too much garbage, the guess for
> the key at that position could be correct.

Thus Spake The Oracle:

(1) Your approach for Bobski's message pair is correct, which is all I
really expected anyone would manage.
(2) Using your code and a slightly better crib (knowing the plaintext
helps a lot here!) I have only been able to tease out about half of the
message. Unless you are much cleverer than I am (which, of course, you
are) I doubt whether you will do much better.
(3) Which rule did Bobski break here?

Alicja's first message is much easier. Which rule did she break?

Alicja's final message is bloody hard! Still possible, I think. The
first step is to work out which rule she broke for the message.

Chris M. Thomasson

unread,
Nov 28, 2021, 5:06:55 PM11/28/21
to
On 11/27/2021 5:54 PM, Max wrote:
> On 27.11.21 22:14, Ben Sturman wrote:
>> I'm thinking "breaking the rules" might refer to re-using a
>> pad--something that
>> would be against the rules in one-time pads.
>
> This is my thinking as well.
>
>> I don't know if that means both
>> parties are using the same pad, or each has a separate pad being reused.
>
> Richard gave away that the messages have different difficulty levels,
> the first being the easiest. So, I think, each message uses its own pad
> and the repeats are inside the message. As Bobski sends two messages in
> a row, he might use the same pad for both messages.

[...]

Using the same pad for both messages definitely seems like a
possibility. Or, breaking the rules just might mean that the OTP's were
generated using a PRNG, instead of a TRNG? Humm...

Chris M. Thomasson

unread,
Dec 1, 2021, 1:26:57 AM12/1/21
to
Scary part. The Rubber Hose works, like 99.999...% of the time, and Eve
sends a message to Alice... In Bobs honor... How ya doing Alice!? Fun times.

Chris M. Thomasson

unread,
Dec 1, 2021, 1:29:42 AM12/1/21
to
Ahh.. Bob does not know the secret key, but Eve forced the comprised
rubber hosed Bob to contact Alice using other means... Now Eve has a
secret key... Eve has her eyes set on Alice now!

https://youtu.be/6ZwjdGSqO0k?list=RDMMeXDU9um19HM

Cheech

unread,
Dec 1, 2021, 6:24:00 PM12/1/21
to
On 12/1/21 12:26 AM, Chris M. Thomasson wrote:

[.....]

> Scary part. The Rubber Hose works, like 99.999...% of the time, and Eve
> sends a message to Alice... In Bobs honor... How ya doing Alice!? Fun
> times.

The 0.001% of the time that the hose doesn't work:

https://youtu.be/zNvbrRvQgmE?t=531


Chris M. Thomasson

unread,
Dec 1, 2021, 7:47:58 PM12/1/21
to
AHAHAAHHH! ROFL!!!! Well, touche!

lol.

Richard Heathfield

unread,
Dec 3, 2021, 7:28:31 AM12/3/21
to
On 26/11/2021 10:24, Richard Heathfield wrote:
> To: GCHQ, Usenet Division.
> Subject: Latest intercepts.
> Priority: Urgent.
>
> Agent Alicja has sent this transmission within the last hour:
>
>  0D 17 10 0F 04 00 13 11 11 02 17 1D 13 01 1C 08
>  00 14 09 00 0B

Agent Alicja, for whatever reason, broke an important rule of using
one-time pads.

KEY MUST BE AS LONG AS MESSAGE

0D 17 10
0F 04 00
13 11 11
02 17 1D
13 01 1C
08 00 14
09 00 0B

Brute force need not be too painful, given that a source tells us that
Alicja's and Bob's pads consist entirely of Latin alphabetic characters.

Richard Heathfield

unread,
Dec 3, 2021, 11:40:13 AM12/3/21
to
On 03/12/2021 12:28, Richard Heathfield wrote:
> On 26/11/2021 10:24, Richard Heathfield wrote:
>> To: GCHQ, Usenet Division.
>> Subject: Latest intercepts.
>> Priority: Urgent.
>>
>> Agent Alicja has sent this transmission within the last hour:
>>
>>   0D 17 10 0F 04 00 13 11 11 02 17 1D 13 01 1C 08
>>   00 14 09 00 0B
>
> Agent Alicja, for whatever reason, broke an important rule of using
> one-time pads.
>
> KEY MUST BE AS LONG AS MESSAGE
>
> 0D 17 10
> 0F 04 00
> 13 11 11
> 02 17 1D
> 13 01 1C
> 08 00 14
> 09 00 0B
>
> Brute force need not be too painful, given that a source tells us that
> Alicja's and Bob's pads consist entirely of Latin alphabetic characters.
>

XOR with:

KEYKEYKEYKEYKEYKEYKEY

Result:

FRIDAYXTHIRDXDECEMBER

That's today! Has time run out? Are you too late?

MM

unread,
Dec 3, 2021, 12:18:37 PM12/3/21
to
On Friday, 3 December 2021 at 16:40:13 UTC, Richard Heathfield wrote:
> KEYKEYKEYKEYKEYKEYKEY
>
> Result:
>
> FRIDAYXTHIRDXDECEMBER

Dammit! I missed by the proverbial hair.

Cyberchef is a great tool for trying these out!

M
--

Richard Heathfield

unread,
Dec 3, 2021, 12:28:40 PM12/3/21
to
On 26/11/2021 10:24, Richard Heathfield wrote:

> Within a few minutes, Agent Bobski sent the following TWO messages:
>
>  0B 09 18 12 0C 0F 11 09 0F 14 08 08 0F 0C 1F 05
>  0C 06 0C 1C 15 11 18 1E 0C 0D 00 15 0E 16 08 0F
>  05 1E 10 18 0F 1A 16 15 1B 10 1E 07 0B 17 14 05
>  17 0C 11 14 0D 14 0A 01 0C 18 05 0F 0F 01 06 0C
>  04 08 0C 1A 1E
>
>  03 1F 08 12 19 09 1C 14 00 0C 14 08 1E 18 12 0F
>  04 17 19 17 15 11 02 02 0C 0A 1D 08 04 01 07 0F
>  07 1A 1E 06 12 1E 1B 02 06 1C 03 18 00 06 0A 03
>  17 0E 16 09 04 11 19 1C 0E 14 13 12 18 0A 1B 18
>  1C 0F 1C 1D 08

In Agent Bob's replies, for whatever reason, he broke an important rule
of using one-time pads.

KEY MUST BE USED ONCE ONLY

Using Wizz's Python program, try a Tiltman "zig zag" attack, and
learning from Alice's short first message FRIDAYXTHIRDXDECEMBER let's
assume X is used for space; and this reply may well be a request for
clarification, so try XPLEASEX as a crib. Also try to guess what Bob may
be asking - maybe time, place, or both, and possibly "provide"?

MM

unread,
Dec 3, 2021, 12:34:29 PM12/3/21
to
On Friday, 3 December 2021 at 17:28:40 UTC, Richard Heathfield wrote:
> Using Wizz's Python program, try a Tiltman "zig zag" attack, and
> learning from Alice's short first message FRIDAYXTHIRDXDECEMBER let's
> assume X is used for space; and this reply may well be a request for
> clarification, so try XPLEASEX as a crib. Also try to guess what Bob may
> be asking - maybe time, place, or both, and possibly "provide"?

Hmm. I was working on the theory of Bobski's same-length messages
being significantly related.

M
--

Richard Heathfield

unread,
Dec 3, 2021, 12:50:34 PM12/3/21
to
They are related in the sense that they are a reply to the message from
Alicja, and they seem to be the first and second halves of one
contiguous reply. Perhaps he was nearing the end of a pad and used the
same key in a spirit of economy?

Or if you think this is too hard (which it might be), consider which
rule might have been broken when composing the final message (the much
longer one from Alicja to Bobski). If you get that one, we're talking
serious gold star and pat on back.

wizzofozz

unread,
Dec 3, 2021, 1:34:40 PM12/3/21
to
Op 3-12-2021 om 18:28 schreef Richard Heathfield:
> On 26/11/2021 10:24, Richard Heathfield wrote:
>
>
> Using Wizz's Python program, try a Tiltman "zig zag" attack, and
> learning from Alice's short first message FRIDAYXTHIRDXDECEMBER let's
> assume X is used for space; and this reply may well be a request for
> clarification, so try XPLEASEX as a crib. Also try to guess what Bob may
> be asking - maybe time, place, or both, and possibly "provide"?
>

My improved version produced this:

60 about -> viral
20 adopt -> adult
20 adult -> adopt
39 charm -> tumor
20 pants -> paths
20 paths -> pants
25 stood -> tires
25 tires -> stood
39 tumor -> charm
60 viral -> about

with a '1000 most common English words' list.
I also used a list of 180000 words or so, but I had to kill that (I
guess it was a bit too brute-force (obviously, but it was worth a try)).

The improved version basically does the same as the previous program.
Difference is that it takes a word from a list, slides it along ct1^ct2
and checks if the result is also a word in the list.
Actually we can stop after half of the list, because it's symmetric (you
can also see it in the output above).
The words have to be same length and start at the same resp position in
the ciphertexts, so we have to have a bit of luck.
We don't know if a word belongs to ct1 or ct2.
It seems that the xor's of small letters are the same as capital letters
(so a^z == A^Z).
And I was right about thinking that no spaces were used (I xored
everything with ' ' and got mostly garbage).

I will try some more this weekend.

Ozz

Richard Heathfield

unread,
Dec 3, 2021, 1:50:30 PM12/3/21
to
On 03/12/2021 18:34, wizzofozz wrote:
> It seems that the xor's of small letters are the same as capital letters
> (so a^z == A^Z).

This is because all ASCII upper case look like this:

010.....

Complete it 00001 for 'A', 00010 for 'B', 00011 for 'C' etc.

All lower case like this:

011.....

Complete it 00001 for 'a', 00010 for 'b', 00011 for 'c' etc.

The XOR relationship you noted directly follows.

Chris M. Thomasson

unread,
Dec 3, 2021, 6:32:37 PM12/3/21
to

wizzofozz

unread,
Dec 3, 2021, 7:27:38 PM12/3/21
to
Op 3-12-2021 om 19:50 schreef Richard Heathfield:
> On 03/12/2021 18:34, wizzofozz wrote:
>> It seems that the xor's of small letters are the same as capital
>> letters (so a^z == A^Z).
>
> This is because all ASCII upper case look like this:
>
> 010.....
>
> Complete it 00001 for 'A', 00010 for 'B', 00011 for 'C' etc.
>
> All lower case like this:
>
> 011.....
>
> Complete it 00001 for 'a', 00010 for 'b', 00011 for 'c' etc.
>
> The XOR relationship you noted directly follows.
>

Nice explanation, thanks.

But, it means that for the message that Bobski sent, there are 2**69
plausible solutions; Bobski could have tried to confuse Eve by mixing
uppercase and lowercase .. So, we know the message, but we will never
know if it was the actual message Bobski sent (unless we ask him).

The crib-tip did really help, and solving went in 'burst'. Every time a
guess is correct, you jump forward, and then it takes some time again
for the next correct guess.

Anyway, I don't understand the message, but I think the md5 in all
uppercase is:
msg1: 1f14ba17bda2deef3efb21397eaa0b4c
msg2: 921a47aae77d4c733a3f6cb39758245a

in all lowercase:
msg1: ef2c17fb8b378cad5b3a8970ebf3a659
msg2: cc0915373f25737fa7d32faa3d49a3db

I suspect Alicje is confused as well.

Ozz

wizzofozz

unread,
Dec 3, 2021, 7:48:46 PM12/3/21
to
Op 4-12-2021 om 01:27 schreef wizzofozz:
>
> Anyway, I don't understand the message, but I think the md5 in all
> uppercase is:
> msg1: 1f14ba17bda2deef3efb21397eaa0b4c
> msg2: 921a47aae77d4c733a3f6cb39758245a
>
> in all lowercase:
> msg1: ef2c17fb8b378cad5b3a8970ebf3a659
> msg2: cc0915373f25737fa7d32faa3d49a3db
>

I got an off-by-one (as usual :-( ) in my code and didn't include the
last character of each message.
So, the md5's above are for the messages minus their last character (and
without newline).

Ozz

Richard Heathfield

unread,
Dec 3, 2021, 10:01:53 PM12/3/21
to
On 04/12/2021 00:27, wizzofozz wrote:
> Op 3-12-2021 om 19:50 schreef Richard Heathfield:
>> On 03/12/2021 18:34, wizzofozz wrote:
>>> It seems that the xor's of small letters are the same as capital
>>> letters (so a^z == A^Z).
>>
>> This is because all ASCII upper case look like this:
>>
>> 010.....
>>
>> Complete it 00001 for 'A', 00010 for 'B', 00011 for 'C' etc.
>>
>> All lower case like this:
>>
>> 011.....
>>
>> Complete it 00001 for 'a', 00010 for 'b', 00011 for 'c' etc.
>>
>> The XOR relationship you noted directly follows.
>>
>
> Nice explanation, thanks.
>
> But, it means that for the message that Bobski sent, there are 2**69
> plausible solutions; Bobski could have tried to confuse Eve by mixing
> uppercase and lowercase .. So, we know the message, but we will never
> know if it was the actual message Bobski sent (unless we ask him).
>
> The crib-tip did really help, and solving went in 'burst'. Every time a
> guess is correct, you jump forward, and then it takes some time again
> for the next correct guess.

Yes, that's how Tiltman's zig-zag attack goes, hopping back and forth
between plaintexts and trying to tease out the two messages.

>
> Anyway, I don't understand the message, but I think the md5 in all
> uppercase is:
> msg1: 1f14ba17bda2deef3efb21397eaa0b4c
> msg2: 921a47aae77d4c733a3f6cb39758245a
>
> in all lowercase:
> msg1: ef2c17fb8b378cad5b3a8970ebf3a659
> msg2: cc0915373f25737fa7d32faa3d49a3db
>
> I suspect Alicje is confused as well.

Alicja's London flat was raided last night, and the following decrypts
(of ciphertext believed to be from assassin Bobski) were found in her
wastepaper basket.

IXHAVEXONLYXAXLIMITEDXNUMBERXOFXUMBRELLAXTIPSXPLEASEXPROVIDEXMEXWITHX

ANXACCURATEXPLACEXANDXTIMEXORXIXWILLXHAVEXTOXINJECTXQUARTERXOFXLONDON

How close did you get?

wizzofozz

unread,
Dec 4, 2021, 3:14:59 AM12/4/21
to
Op 4-12-2021 om 04:01 schreef Richard Heathfield:

>
> Alicja's London flat was raided last night, and the following decrypts
> (of ciphertext believed to be from assassin Bobski) were found in her
> wastepaper basket.
>
> IXHAVEXONLYXAXLIMITEDXNUMBERXOFXUMBRELLAXTIPSXPLEASEXPROVIDEXMEXWITHX
>
> ANXACCURATEXPLACEXANDXTIMEXORXIXWILLXHAVEXTOXINJECTXQUARTERXOFXLONDON
>
> How close did you get?
>

I got the complete messages, without the last X and N, if that is what
your asking (see my other post with rectification of the md5's).

eg:
echo -n
IXHAVEXONLYXAXLIMITEDXNUMBERXOFXUMBRELLAXTIPSXPLEASEXPROVIDEXMEXWITH |
md5sum
1f14ba17bda2deef3efb21397eaa0b4c

You said in an earlier post that you were able to tease out only half of
the message of Bobski using my python script. Can you elaborate, since
as I have shown, it's possible to get the whole message (given the
'please'-crib)?

Ozz

Richard Heathfield

unread,
Dec 4, 2021, 4:48:13 AM12/4/21
to
On 04/12/2021 08:14, wizzofozz wrote:
> Op 4-12-2021 om 04:01 schreef Richard Heathfield:
>
>>
>> Alicja's London flat was raided last night, and the following decrypts
>> (of ciphertext believed to be from assassin Bobski) were found in her
>> wastepaper basket.
>>
>> IXHAVEXONLYXAXLIMITEDXNUMBERXOFXUMBRELLAXTIPSXPLEASEXPROVIDEXMEXWITHX
>>
>> ANXACCURATEXPLACEXANDXTIMEXORXIXWILLXHAVEXTOXINJECTXQUARTERXOFXLONDON
>>
>> How close did you get?
>>
>
> I got the complete messages, without the last X and N, if that is what
> your asking

No, just the gist, which I see from below that you've clearly got.

> (see my other post with rectification of the md5's).
>
> eg:
> echo -n
> IXHAVEXONLYXAXLIMITEDXNUMBERXOFXUMBRELLAXTIPSXPLEASEXPROVIDEXMEXWITH |
> md5sum
> 1f14ba17bda2deef3efb21397eaa0b4c
>
> You said in an earlier post that you were able to tease out only half of
> the message of Bobski using my python script. Can you elaborate, since
> as I have shown, it's possible to get the whole message (given the
> 'please'-crib)?

It was probably because I was rather stricter with my cribs to myself,
relying only on what little I could remember of the plaintext. Hence my
caring generosity in handing them out to you. ;-)

Still one message to go, and nobody has hinted that they have even
worked out which rule it breaks.

++++++++++++++++++++++++++++++++++++++++++++++++++++

Breaking: An East European dissident journalist was murdered on
Westminster Bridge yesterday afternoon. A passing police constable
noticed agents Alicja and Bobski attempting to lift the journalist's
lifeless corpse over the bridge parapet and challenged them; since they
were unable to account properly for themselves he arrested them both at
the scene.

We now need a lawyer-resistant, complete, 100% accurate break of
Alicja's final message to Bobski, for a successful conspiracy
prosecution. Work together on this! There is no I in TEAM.

wizzofozz

unread,
Dec 4, 2021, 10:44:27 AM12/4/21
to
Op 3-12-2021 om 19:34 schreef wizzofozz:
> Op 3-12-2021 om 18:28 schreef Richard Heathfield:
>> On 26/11/2021 10:24, Richard Heathfield wrote:
>>
>>
>> Using Wizz's Python program, try a Tiltman "zig zag" attack, and
>> learning from Alice's short first message FRIDAYXTHIRDXDECEMBER let's
>> assume X is used for space; and this reply may well be a request for
>> clarification, so try XPLEASEX as a crib. Also try to guess what Bob
>> may be asking - maybe time, place, or both, and possibly "provide"?
>>
>
> My improved version produced this:
>
> 60 about -> viral
> 20 adopt -> adult
> 20 adult -> adopt
> 39 charm -> tumor
> 20 pants -> paths
> 20 paths -> pants
> 25 stood -> tires
> 25 tires -> stood
> 39 tumor -> charm
> 60 viral -> about
>
> with a '1000 most common English words' list.

So in hindsight the improved version guessed everything wrong.
I checked, and 'please' is in the 1000 words list. Unfortunately,
'njectx' is not.
With the current COVID situation, the first line "60 about -> viral" is
not an unreasonable guess. Nice example of how brute-force can go
completely wrong.

Ozz

wizzofozz

unread,
Dec 4, 2021, 7:28:08 PM12/4/21
to
Op 4-12-2021 om 10:48 schreef Richard Heathfield:
>
> Still one message to go, and nobody has hinted that they have even
> worked out which rule it breaks.
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Breaking: An East European dissident journalist was murdered on
> Westminster Bridge yesterday afternoon. A passing police constable
> noticed agents Alicja and Bobski attempting to lift the journalist's
> lifeless corpse over the bridge parapet and challenged them; since they
> were unable to account properly for themselves he arrested them both at
> the scene.
>

The third rule Alicja broke is that the key is not random.
Searching for the location of the incident in the ciphertext, I learned
that Shakespeare is involved in the key. I partially decrypted the
message, but I need some sleep :-)

Ozz

MM

unread,
Dec 4, 2021, 7:48:45 PM12/4/21
to
On Friday, 26 November 2021 at 10:24:53 UTC, Richard Heathfield wrote:
> To: GCHQ, Usenet Division.
> Subject: Latest intercepts.
> Priority: Urgent.
>
:
> We are fairly sure that Alicja and Bobski are using pads. I know the
> rules say it's impossible, but MI5 needs decrypts anyway, so break all
> the rules! A life may be at stake! Get to it, folks!

Spoiler for the last message:
42 45 58 4f 4e 58 54 48 45 58 44 4f 57 4e 52 49 56 45 52 58 53 49 44
45 58 48 41 4c 46 57 41 59 58 41 43 52 4f 53 53 58 57 45 53 54 4d 49
4e 53 54 45 52 58 42 52 49 44 47 45 58 41 54 58 46 4f 55 52 58 50 4d
58 49 58 57 49 4c 4c 58 53 54 4f 50 58 54 48 45 58 56 49 43 54 49 4d
58 4e 45 58 54 58 54 4f 58 59 4f 55 58 54 4f 58 41 44 4d 49 52 45 58
54 48 45 58 42 4f 41 54 53 58 57 48 45 4e 58 49 58 54 41 4b 45 58 48
49 53 58 41 52 4d 58 54 48 41 54 58 49 53 58 59 4f 55 52 58 4d 4f 4d
45 4e 54 58 54 48 45 4e 58 41 46 54 45 52 57 41 52 44 53 58 57 41 4c
4b 58 53 4c 4f 57 4c 59 58 41 57 41 59 58 4a 55 53 54 58 4c 49 4b 45
58 49 4e 58 54 52 41 49 4e 49 4e 47 58

M
--

Richard Heathfield

unread,
Dec 4, 2021, 10:10:03 PM12/4/21
to
On 05/12/2021 00:28, wizzofozz wrote:
> Op 4-12-2021 om 10:48 schreef Richard Heathfield:
>>
>> Still one message to go, and nobody has hinted that they have even
>> worked out which rule it breaks.
>>
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>> Breaking: An East European dissident journalist was murdered on
>> Westminster Bridge yesterday afternoon. A passing police constable
>> noticed agents Alicja and Bobski attempting to lift the journalist's
>> lifeless corpse over the bridge parapet and challenged them; since
>> they were unable to account properly for themselves he arrested them
>> both at the scene.
>>
>
> The third rule Alicja broke is that the key is not random.

Correct!

> Searching for the location of the incident in the ciphertext, I learned
> that Shakespeare is involved in the key. I partially decrypted the
> message, but I need some sleep :-)

I see what you did there. :-)

Richard Heathfield

unread,
Dec 4, 2021, 10:14:59 PM12/4/21
to
Note-perfect. I think wizz got there too, so you both get bragging rights.

Chris M. Thomasson

unread,
Dec 4, 2021, 10:58:09 PM12/4/21
to
On 12/4/2021 4:28 PM, wizzofozz wrote:
> Op 4-12-2021 om 10:48 schreef Richard Heathfield:
>>
>> Still one message to go, and nobody has hinted that they have even
>> worked out which rule it breaks.
>>
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>> Breaking: An East European dissident journalist was murdered on
>> Westminster Bridge yesterday afternoon. A passing police constable
>> noticed agents Alicja and Bobski attempting to lift the journalist's
>> lifeless corpse over the bridge parapet and challenged them; since
>> they were unable to account properly for themselves he arrested them
>> both at the scene.
>>
>
> The third rule Alicja broke is that the key is not random.

I was wondering if the key was from a PRNG instead of a TRNG.

wizzofozz

unread,
Dec 5, 2021, 4:04:33 AM12/5/21
to
Op 5-12-2021 om 04:14 schreef Richard Heathfield:
> On 05/12/2021 00:48, MM wrote:
>> On Friday, 26 November 2021 at 10:24:53 UTC, Richard Heathfield wrote:
>>> To: GCHQ, Usenet Division.
>>> Subject: Latest intercepts.
>>> Priority: Urgent.
>>>
>> :
>>> We are fairly sure that Alicja and Bobski are using pads. I know the
>>> rules say it's impossible, but MI5 needs decrypts anyway, so break all
>>> the rules! A life may be at stake! Get to it, folks!
>>
>> Spoiler for the last message:
>> 42 45 58 4f 4e 58 54 48 45 58 44 4f 57 4e 52 49 56 45 52 58 53 49 44
>> 45 58 48 41 4c 46 57 41 59 58 41 43 52 4f 53 53 58 57 45 53 54 4d 49
>> 4e 53 54 45 52 58 42 52 49 44 47 45 58 41 54 58 46 4f 55 52 58 50 4d
>> 58 49 58 57 49 4c 4c 58 53 54 4f 50 58 54 48 45 58 56 49 43 54 49 4d
>> 58 4e 45 58 54 58 54 4f 58 59 4f 55 58 54 4f 58 41 44 4d 49 52 45 58
>> 54 48 45 58 42 4f 41 54 53 58 57 48 45 4e 58 49 58 54 41 4b 45 58 48
>> 49 53 58 41 52 4d 58 54 48 41 54 58 49 53 58 59 4f 55 52 58 4d 4f 4d
>> 45 4e 54 58 54 48 45 4e 58 41 46 54 45 52 57 41 52 44 53 58 57 41 4c
>> 4b 58 53 4c 4f 57 4c 59 58 41 57 41 59 58 4a 55 53 54 58 4c 49 4b 45
>> 58 49 4e 58 54 52 41 49 4e 49 4e 47 58
>
>
> Note-perfect. I think wizz got there too, so you both get bragging rights.
>

Yes, well done to both of us. I wasted some time on frequency analysis
and striping and the usual monoalphabetic subst cipher attacks, before I
decided to google what the third rule was again.
I then realized the key might be from a book or so (because 'not random'
was the only rule left to break, and a codebook is probably the only
option to communicate some keymaterial without having to communicate the
whole key to Bobski), and remembered that I did see some words (while
searching for westminster), but I thought not much of it because of the
word 'TIS' (which I did not recognize and thought was garbage). So I
decided to google for 'whether tis' anyway, and found the poem.
In hindsight, ignoring 'whether', may not have been so smart.

Anyway, thanks to Richard for the very nice well-written (the subtle
jokes, setting/location etc) challenge with a great storyline.

Ozz

MM

unread,
Dec 5, 2021, 4:50:32 AM12/5/21
to
On Sunday, 5 December 2021 at 03:14:59 UTC, Richard Heathfield wrote:
> Note-perfect. I think wizz got there too, so you both get bragging rights.

I got lucky!

A guess at the first few words dropped the key into my lap :-)

M
--
Reply all
Reply to author
Forward
0 new messages