As a usable cypher, it has some practical problems. If you restart from the same deck for each message, both messages are encrypted with the same key stream. That's easy to break even with just two messages.
If you continue to use the deck from its ending state from the previous message, the security is better. But if the recipient ever misses a message, they're out of sync. The usual procedure with progressive key systems like this is to transmit a sequence number at the start of each message which tells the recipient where to start.
As a practical matter, people will screw up all that card manipulation. This is a criticism of most paper and pencil systems. In practice, intelligence agencies that use paper and pencil systems need a staff which decodes garbled transmissions, where the key is slightly off.
Whether this cypher is any good isn't clear. Work has been done on analyzing it.[1] It's known that there are bad keys, starting decks which lead to a short cycle, and that these are rare. There's a paper on this out of Moscow's Institute of Cryptology, Communication, and Information.[2] Key comment, after they describe what the paper covers: "Methods based on investigation of group or semigroup properties of stream cypher not published in open literature". They're not saying if they can crack it. But they did prove that it's isomorphic to a cypher which is the same except for some modifications which make it simpler. They may have proved that the fooling around with the jokers doesn't help, but I'm not sure.
"Between Silk and Cyanide: A Codemaker's War, 1941-1945", by Leo Marks, goes into the practical problems of paper and pencil encryption systems in wartime. The British went into WWII using Playfair, which is a crappy transposition cypher. He converted to a system where long one-time keys were printed on thin silk. This allowed spies to carry lots of keying material in a small space.
Thanks for the comments. I thoroughly enjoyed Between Silk and Cyanide. A small correction, the Playfair is actually a substitution cipher (mapping diagrams to diagrams) not a transposition cipher. The Playfair is a paper and pencil cipher that can usually be broken by hand with even modest amounts of material[1]. The Playfair (and the Wheatstone bridge) were invented by Sir Charles Wheatstone.
But the burning question is that if Solitaire is not good enough, then what is the replacement? I'm not really aware of any beyond simple otp style systems.
Is that a block? Just seems to me that this is a fairly old article referencing some other fairly old page, which now probably redirects categorically to that BT page.
Yes, I think so. I can see 404s but when it comes to security/encryption links it's not the first time it has happened. I can't access these ones either [0],[1], linked from [2].
For my last job interview, I encrypted the plaintext "DO IT" (as in, hire me!) with solitaire. I still remember sitting in the train on my way to the job interview, frantically shuffling cards to generate the ciphertext.
My interviewer thought it was a fun gesture and it definitely helped in me landing the job. Had they known about these vulnerabilities in the cypher beforehand, I'm not so sure I would've gotten it. :p
I had just finished 'Necronomicon' at the time. I thought I'd do something pro-active and show up with a little thoughtful gift, related to the company's main focus.
>The CPRNG state machine is not reversible, contrary to what the operational notes claim...
>>1. Find the A joker. Move it one card down. (That is, swap it with the card beneath it.) If the joker is the bottom card of the deck, move it just below the top card.
(so in reverse: if A is 2nd card you don't know to make it top card or bottom card).
This ambiguity could be simply fixed: when you move A down, don't skip the top card, just put it at the top. Similarly for B, count the move from bottom to top as one of the two moves. It seems like you are doing less by not skipping a card, but you do create a new valid configuration, so maybe it does not hurt...
I'd add "plausibly deniable" as well - requiring either party to have a copy of "The Lil' Saboteur's Guide To Field Encryption" is probably bad for espionage.
Problems with Bruce Schneier's “Solitaire” (ciphergoth.org)
There's no year in the title, which raised my ire. It's an old article. But it's hard to tell how old this article is. The end of the article has an update dated "2001 August 13" and the Last-Modified header is "Wed, 19 Jan 2005 00:12:22 GMT".
Yes, I agree that would have been wise, sorry about that! These days I'd use blogging software that would date things automatically. However I'm sure this dates from 1999 or before, because it was as a result of writing this that I ended up going to crypto conferences like FSE in 2000.
So most modern webservers, for caching purposes, will return the last modified date for any HEAD request. For old school html, this is the actual results of stat(2) on the html file. You can do this quite trivially with curl or telnet ala:
$ telnet www.ciphergoth.org 80
Trying 80.68.89.15...
Connected to www.ciphergoth.org.
Escape character is '^]'.
HEAD /crypto/solitaire/ HTTP/1.1
Host: www.ciphergoth.org
HTTP/1.1 200 OK
Date: Tue, 12 Jul 2016 14:06:23 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Wed, 19 Jan 2005 00:12:22 GMT
ETag: "174125-164f-3edfc78a8c580"
Accept-Ranges: bytes
Content-Length: 5711
Content-Type: text/html
So my educated guess, is that this article is from 2005. Mods/dang, mind changing the title of the article to reflect that?
No, I don't think so, but knowing when something was written is useful. For example, the article doesn't make mention of any other hand ciphers except for one attempt by the author. Is the lack of alternatives because none exist, or because the article was written a long time ago?
The US Army sometimes uses DRYAD. [1] It's not very good, but if you use a new code sheet every 6 hours and don't send much, it's OK.
The military views secrecy as a short-term issue. The most important secrets are "we're going to attack X at 0500 tomorrow". After tomorrow morning, it doesn't matter if the enemy can read the message. A cryptosystem only has to slow the enemy down enough that they can't react until it's too late. Classic Navy line: "Where the ship was last week is UNCLASSIFIED. Where the ship was yesterday is CONFIDENTIAL. Where the ship is now is SECRET. Where the ship will be tomorrow is TOP SECRET."
If you continue to use the deck from its ending state from the previous message, the security is better. But if the recipient ever misses a message, they're out of sync. The usual procedure with progressive key systems like this is to transmit a sequence number at the start of each message which tells the recipient where to start.
As a practical matter, people will screw up all that card manipulation. This is a criticism of most paper and pencil systems. In practice, intelligence agencies that use paper and pencil systems need a staff which decodes garbled transmissions, where the key is slightly off.
Whether this cypher is any good isn't clear. Work has been done on analyzing it.[1] It's known that there are bad keys, starting decks which lead to a short cycle, and that these are rare. There's a paper on this out of Moscow's Institute of Cryptology, Communication, and Information.[2] Key comment, after they describe what the paper covers: "Methods based on investigation of group or semigroup properties of stream cypher not published in open literature". They're not saying if they can crack it. But they did prove that it's isomorphic to a cypher which is the same except for some modifications which make it simpler. They may have proved that the fooling around with the jokers doesn't help, but I'm not sure.
"Between Silk and Cyanide: A Codemaker's War, 1941-1945", by Leo Marks, goes into the practical problems of paper and pencil encryption systems in wartime. The British went into WWII using Playfair, which is a crappy transposition cypher. He converted to a system where long one-time keys were printed on thin silk. This allowed spies to carry lots of keying material in a small space.
[1] https://portail.telecom-bretagne.eu/publi/public/fic_downloa... [2] https://eprint.iacr.org/2003/169