Disa Johnson

Cipher Enthusiasts: Decoded Messages From WWII

A very interesting World War II cipher came to light today, as letters home from a British captive passed through German censors and made their way to MI9 (British Intelligence). The explanations for the cipher may be difficult for some to understand, it took me 30-minutes to come up with a better angle. I thought I might shed additional light on the cipher to help readers figure this stuff out and get the most enjoyment from it.

The cipher deserves to be explained from how it was probably originally intended at MI9. Think of the number 3 as a series for everything. This is can be insightful from the fact that people are equipped to more easily remember things in series of threes than with any other number-based mnemonic device. This important subtlety may have served to help operatives teach the cipher, remember it and aid in encoding / decoding speed.

A great fact about the number 3 is you can more easily construct an alphabet grid with it than with other numbers. An alphabet grid using the number 4, for example, requires double the stopgap characters. Five requires 4 stopgaps, or alternatively either combining or dropping letters altogether. You only need one stopgap for the alphabet encoded into threes, and MI9 chose the period ‘.’ to complete it, making it divisible by 3 (27 characters). This is the alphabet used to encode and decode the messages:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z “.” (stopgap).

Using three, you can form 9 rows or columns. Using 6 and other divisions could provide additional complexities that are not necessary and were not used in these letters. Here we have a terrific example of when human ingenuity has beaten man-made machines. When we rely on substitution ciphers, we must always be wary of machine power which can be applied. A human method can fool computer-aided solutions by virtue of using a logic system that falls outside their domain. Think of the number three as usable for a multitude of purposes.

A series of ideas around the number three, when combined with the letter writing method kept this cipher hidden. The method is a crafty recipe for writing the letter: Start with a signal that the letter contains an encoded message using date format or underline. After an obvious salutation, encode the grid size using the next two words by their length, which dictates the size of the message. “Last week” translates to 4 columns, 4 rows and “lucky again” translates to 5 columns, 5 rows.  Fill the grid with every fifth then fourth word of sentences, and so on, then read it all in reverse. The article does a good job demonstrating this.

Words like “mark” could be confidently written in cleartext, saving space, governed by the fifth then fourth word recipe above. Unlike the number grid system used here to encode the most sensitive words, this works out to simply jumble and toil cleartext intermixed with plain words as written in letter content. An additional cipher was used to encode potentially more sensitive words, which went through an intermediary number system and back again, used for names of operatives (“Elder”) and telltale nouns (“Renten.”). A word “the” in this recipe would mark the start, or “but” would mark the end of a string of words where the letters would form a greater sequence encoded additionally.

“I can’t imagine what his new number on the envelope means, maybe he has been turned over to rather different occupations,” the first letters of which are used for encoding the word: “Renten.” The letters are broken into groups of 3 so “I can’t imagine” works out to by ICI and so on: ICI WHN NOT EMM HHB TOT RDO. The actual letter that ICI represents translates through an intermediary number “333” for the letter “R” and so on to spell: Renten. The key at this point is how MI9 built the lookup table using numbers and its alphabet.

Using three columns and a number series pattern, the alphabet is arranged into 3 columns and 9 rows. Each letter has a unique three-digit number associated with it, where each three letter combination encodes and decodes to the corresponding number by their appearance in columns 1, 2 or 3. This three digit number reveals that ICI represents the letter “R” arriving at the three digit number by column number and is the key to encoding and decoding this cipher. You only need know how numbers 1, 2 and 3 are applied and in which sequence to ensure the unique three digit for each of the 27 letters in the alphabet.

Go down each column and write numbers. The first number in each column counts left to right: 1s all the way down, 2s, then 3s all the way down 9 rows. The second number will go down in a pattern of 3 1s, 3 2s and 3 3s: 111, 222, 333. The last digit will go down: 123, 123, 123 each and all the way down. The result is you have a 27 letter alphabet (A-Z plus “.”) and each letter having a unique three digit number pattern. Rotate the alphabet and encrypt it with any start letter you like. Below, the alphabet starts with “A” as per normal. In the article letter, the alphabet starts with the letter “S” for the actual message. Officers can learn and recall the cipher around the number 3, and rotate the alphabet by any start letter, which can be deciphered on the fly:

A-111 J-211 S-311

B-112 K-212 T-312

C-113 L-213 U-313

D-121 M-221 V-321

E-122 N-222 W-322

F-123 O-223 X-323

G-131 P-231 Y-331

H-132 Q-232 Z-332

I-133 R-233 .-333

To encode and decode ICI, use the table in the article to lookup which column these letters appear in the table. The above table will only give you the number 111 which corresponds to the letter “A” by illustration. The letter “I” actually appears in the third column, as does the letter “C” to arrive at the number 333. Find 333 corresponds to the letter “R” for “Renten.” You can see the letter “R” for “Elder” is encoded separately with: OUC. Note that all those letters also appear in the third column, which decodes to the letter “R” once again by virtue of the number: 333.

Once you know how to read this pattern, you will be able to encrypt and decrypt messages using the MI9 method provided to soldiers and used successfully in WWII. One can only imagine that this cipher at MI9 utilizes 9 rows to encode the most sensitive words in a memorable way, by way of a series in threes. Could that number of 9 have had any special meaning to MI9 back then? I won’t imply anything knowing about the “number 9” lyric looped by John Lennon in one of his Beatles songs. That’s a British invasion of an entirely different sort. Good fun to be had today from a time that is finally able to be celebrated out in the open.

For more fun and mystery by way of Bletchley Park, find the third episode of Bletchley Circle airing tonight on PBS.

Ghost in the Wires Ciphers (paperback)

With a 15-minute break I’m going to just write a little about security. Last week we experienced an all out brute force attack on Wordpress-powered websites. While this was a minor blip in security news, it’s part of a rising level of security news that we’re going to hear about this year. There are a few fundamental facts about computer software that make online security an ongoing issue, the most important of which are the inability for computers to generate random numbers.

This may come as a surprise to you, since computers can seem so random at times. Seriously though, it’s virtually impossible for a computer to generate a random number, something that has truly never been done before. The problem is in the nature of infinity. How can you generate something and instantiate it into an infinite universe? The minute you use any process, even if it’s as trivial as firing neurons in your brain, it no longer can be considered a random event.

The same thing impedes a computer’s ability to generate randomness. The notion that it should generate anything at all is a process, and in that process lies the weakness that can be attacked to gain access to a password. Every encryption cipher has the basic weakness in that it cannot possibly be actually random. The nature of security in a cipher is that you make it overwhelmingly difficult to crack your cipher. Therein lies your security, not the fact that you can write a program that simulates randomness. A computer cannot generate the randomness you seek.

That is how the ciphers in Ghost in the Wires were written. In order to attack them, you must recognize the patterns. I (we) made them accessible only to the cleverest cipher crackers, and they have only been gotten once. There is a place in the adventure where the point about randomness reaches its most esoteric peak. In my opinion, it is that peak that is the best part about the cipher adventure that is Ghost in the Wires. You must follow the story and find the clues which unlock the prize of revealing the cleartext so that you can answer the questions and send them along to Kevin and myself.

Lots of luck!

Time To Publish Code

I have a bunch of code laying around for various things, in a variety of languages, for a variety of purposes, written over a variety of years and at a variety of competence levels. That’s one of the things I hope to sort with Dev Bootcamp. A certain number of social media accounts are required, all of which I previously had.

I hadn’t bothered to write much code in the public sphere yet. There are a couple of reasons for that, one of which is security. The code I’ve written powers my websites. I don’t want someone to find a flaw in my code and exploit it to write bad things using my websites. I’ve had people write bad things about me, and it’s a wrenching experience.

Another reason is that I’m the sort of programmer who is hired to do one specific thing, as in a surgical strike (as my friend Fred calls it) and fix something going awry. An example of this is to fix a PHP shopping cart that blew up on an e-commerce website. That’s a very real example of a recent job. It paid one hour!

It seems the better you are at programming, the less you’ll be paid for jobs that seem like a large accomplishment. I found a flaw in the code, patched it up and the shopping cart was back online. It took me more time to sell one hour of programming time than complete the job, so my hourly rate was averaged way down.

Enter Dev Bootcamp. I’ll be programming a lot in one language and learn to write more complex expressions (as my friend Fred puts it). That is my goal, and as long as I complete the course satisfactorily, I’ll be a much better programmer for it. I’m pretty excited about that. Maybe I won’t have to try and sell myself so much and just get to work solving problems.

Tumblr Is Too Easy And It Just Works

The more I play around with blog platforms, the more I think for personal use Tumblr is perfectly acceptable. I like the simplicity even better than Wordpress for teaching others how to blog or manage a website. It does not always work though. Themes can clash with badly written browser plugins. That’s true of anything I guess.

I experimented with blog software for Heather way back before it was hip, (2002), and determined it was perfect for tinkerers as writers that don’t want to bother learning HTML. The power of those tinkerers and writers has finally convinced me it fundamentally changed the Web sometime last year.

I played with Moveable Type for reasons that it had excellent caching options at my host, and its speed would fly. I quickly got bored and was convinced Wordpress was a better choice for the sheer popularity of it. The more I watched blogs publish in the SEO space, the more ubiquitous Wordpress became.

Strong developer support followed. Tumblr I was surprised by, lately. Although I always thought of it only for tinkerers, it works perfectly well for powering bona-fide websites that only require basic features. I even like it for domains, although Wordpress is more robust there as well.

Pointing DNS to Tumblr is a bit confusing, since configuring it for my registrar (recommended by Tumblr!) I required to set it up exactly opposite from the instructions. Strange. I’ll make a post about it sometime. I am in the middle of deciding which domains I am willing to move to Tumblr.

After setting it up for an athlete, I’m not so sure anymore. One other business I help is perfect for it. Tumblr just works. Like Apple though, it has quirks for getting set up. Once you’re set up though, you’re good to go. It just works.

Rest in peace Jimi!

Chicago Sunday Weather

My favorite season is fall. Although technically we’re still summer until the equinox and coincidentally my birthday, September is when I like to reflect on a great many things going on with life. Usually reserved for reflecting on my own life, there’s a lot of turmoil going on in the world for me to concentrate wholly on me. It’s particularly bad around the globe and in the US we are heading into an important election. I have practically no control over events as large and looming, so it’s a distraction from what I would otherwise like to be doing. I like to get to NYC for my birthday. It’s such a great time to experience the city. I am almost as happy to just stay put in Chicago if it means progress in business or other things. The weather yesterday at German American Fest was amazing, as it is today. It’s terrific Chicago Sunday weather. I’m gearing up for a late afternoon run. I can’t wait to run down my street.