John Chamberlain
Developer Diary
 Developer Diary · You Heard It Here First · 20 January 2005
Creating a Secret Message
The problem of sending a secret message is as old as writing. Even today it is hard to send a truly secret message. I recently had the problem of sending a secret message and was perplexed. If you think it is easy, sit down and try to do it yourself!

The first problem is that you cannot use a computer the reason being you have no assurance that your computer is secure. For all you know somebody in Russia is logging all your keystrokes. Even if your computer is physically isolated from a network many of the standard mechanisms to encrypt things are vulnerable to cryptoanalysis. For example, if any part of the message, the "clear text", is known to the code breaker it is very easy to solve. Many people send emails, for example, using PGP ("pretty good privacy"), a system that uses prime number factoring to generate keys. If the sender includes their (well-known) signature block at the end of the message, however, it is easy for a professional cryptoanalyst to figure out the key.

An additional problem was that I needed a brief and simple way to communicate the key to the recipient. If I used a short key to encode the whole message, however, it would be vulnerable to computer attack by brute calculation. How could I have a short key yet ensure that the code was unbreakable?

What I did is make a two-part encryption. The first part was a brief phrase that I encoded with a short key. The phrase described a literary work and a section of that work. The second part of the message then used the text of that work as the key. As long as the recipient can get access to the work in question they can decode the message. Moreover the code is more or less unbreakable because the identification phrase is too short to figure out the short key, whereas the main body of the message is protected by a key that is as long as the message as in a Vernam cipher.

The main vulnerability to this method is that the code breaker might guess which work was used to encode the message or have a gigantic database of all the books in the world which could be systematically tried against the message. For example, it would foolish to use a passage from the Bible as the key because that would be the first book the analyst would try. Therefore the trick is to think of a work the recipient will have access to, but which will likely not be in a code breaker's database.

Once I had my work chosen I had to create the code--not a trivial task. For one thing, if you make a single typo or leave out a letter somewhere it will ruin the rest of the code, so perfection is necesssary. I used graph paper and laboriously put each clear text letter, key letter, and its translation into neat columns. Then I triple checked it before making the message transcription. Finally I burned the worksheet. Can't let that fall into enemy hands.

At last I had the holy grail of diplomats and spies: a secret message!

return to John Chamberlain's home · diary index
Developer Diary · about · · bio · Revised 20 January 2005 · Pure Content