How do you get there? You have a message text and you have a cipher text and you have an algorithm to go from one to the other. Seems like a cipher to me.
It's splitting hairs to make a distinction, but a cipher has an intended recipient and potential eavesdroppers, whereas a puzzle has no known recipient other than the potential eavesdroppers.
A good cipher has to be readable by the intended recipient, and not by eavesdroppers, whereas a good puzzle cannot be impossible to crack.
In that sense, DRM is a sort of anti-puzzle, as the intended recipients are treated as the eavesdroppers, instead of the other way around.
Interestingly a one time pad may be crackable. Its theoretical uncrackability is only true if a truly random number generator is used. Most cryptography is fine with urandom but a one time pad requires using something like radioactive decay to generate your pad.
This is one reason (among many) why it's impractical for most crypto purposes.
Assuming a flawless CSRNG, 128 bits of entropy is more than enough to withstand current attack power. It's hard to predict the future -- quantum computers employing Grover's algorithm could conceivably have 2x or more attack power per unit energy -- but 256 bits should be adequate for a long time.
It's fine to use low-grade sources of entropy like timestamps as long as we have enough of it. I might only generate a few bits of actual entropy per second when I move my mouse in somewhat predictable arcs, but if I keep at it for a while, I'll generate 256 bits of entropy eventually.
Right, but his point is that you're not really talking about an OTP anymore, but rather a stream cipher that's as strong as the RNG. It will situationally be quite secure, but not the theoretical unbreakability of an OTP.
I would expect that the message was sent by Willaim after he died to people who knew him. A sort of inside joke, that people like me, seeing his tombstone would completely miss.
That said, I could see one making the case that it is steganography.
I don't think 'good' and 'bad' really come into play, a caesar cipher is still a caesar cipher even if it is pretty easy to crack. But when you see it, it doesn't look like something else.
Ideally, it should be "cryptographically" difficult to distinguish a steganographically-encoded message from an ordinary (noisy) encoding. The comparison between these kinds of cryptograms and steganography does about as much violence to the concept of steganography as it does to the concept of cryptography.
I realize that when I talk about ciphers I don't distinguish between those which are easily reversed and those which are difficult to reverse. Kerckhoff was really concerned with cryptographic systems as a whole but his first principle that "The system must be practically, if not mathematically, indecipherable." would seem to be a function of the environment and the adversary.
To illustrate my thinking, I consider the mechanism on a Hallmark Diary cover that prevents you from opening it without the 'key' just as much a "lock" as the mechanism on the file cabinet that keeps secret material secret.
Given that, would my understanding be correct that any information obscuring or access preventing device which is susceptible to a 'lay person' inverting it, is, in your definition of things, a puzzle?
If that is correct, is the caesar cipher also a puzzle?
The conventional way to look at it would be to call rotation ciphers toy ciphers. They ostensibly depend on a key (the rotation) but fall apart trivially even without them.
I think the point downthread, about cryptograms being designed deliberately so that unrelated readers might eventually have some hope of figuring them out, adds nicely to the definition.
On the other hand, the Caesar cipher was supposedly really used by Caesar, and not with the intention of unrelated readers figuring it out. According to Wikipedia:
> It is unknown how effective the Caesar cipher was at the time, but it is likely to have been reasonably secure, not least because most of Caesar's enemies would have been illiterate and others would have assumed that the messages were written in an unknown foreign language.
So perhaps it’s best to think of it as a real cipher that was obsoleted by technological advances... much as modern ciphers can be obsoleted by advances in cryptanalytic techniques or computer hardware.
For a more modern example you could consider Navajo code talkers in WWII. As I just learned (you might know way more about this than me :), the code talkers weren’t just translating their messages into the Navajo language; rather, they typically spelled out English text using one code word per letter. Thus, what they did can definitely be seen as a cipher, in more than just the vague sense of a way to keep a message secret. And the list of code words could be seen as a key... but only to some extent. If they had just invented a word-per-letter code in English, the enemy would have been able to write down the words, and perhaps ultimately decipher the code using frequency analysis, which was a well-known technique at that point. Much of the code’s security rather depended on the use of the Navajo language, which was tonally complex, had few speakers, and had no published dictionaries at the time. These are all factors that don’t follow Kerckhoff’s principle: if the enemy had obtained Navajo speakers and proceeded to decipher the code, rekeying with a new word list wouldn’t have brought back the original level of security.
Of course, the scheme would not stand up well to modern computer-based techniques, and if used today would have to mostly be considered a toy cipher. But in its original historical context it was not a toy.
(And on the flipside, there are other historical ciphers that are just as obsolete thanks to computers, but did follow Kerckhoff’s principle with respect to attacks available at the time - such as the Enigma machine.)
