Download and Install
In order to install Cipher1, you will need to download the following three files, available from:
http://www.fortunecity.com/tatooine/blish/137/
cipher1a.zip
632KB
cipher1b.zip
706KB
cipher1c.zip
592KB
You should download them into a temporary directory, such as C:\temp.
Once downloaded, you will require a utility such as WinZip (the free evaluation version, available from http://www.winzip.com/ is fine) to extract the files. You can save these files in the same temporary directory. Once extracted, you will have 5 additional files: setup.exe, setup.lst, cipher1.cab, cipher2.cab, and cipher3.cab.
Double-click on setup.exe to being the installation routine. Setup will do the rest, copying the files into the appropriate directory and creating a shortcut in your Start/Programs menu.
You can create a shortcut on your desktop by double-clicking on My Computer, then double-clicking your C: hard drive, opening Program Files, then ROT13, right-clicking on cipher1.exe, and dragging the icon to the desktop. When you release the right mouse button, you will be given several options, including: "Create shortcut here". That is the one you should choose.
Note: Please be aware that if you downloaded Cipher1 between 6pm EST Wednesday, 11/03/99 and 4:00pm EST Tuesday, 11/09/99, you will need to download the bugfix also found on:
http://www.fortunecity.com/tatooine/blish/137/
If you are having problems with some aspect of downloading or installing, please e-mail me at: [email protected]
========================================================================
Using Cipher1
Starting the program
When you click on either the shortcut in your Start: Programs menu or
one you have created on your desktop, please bear in mind that there will
be a lag of at least several seconds before the program starts. It is very
graphics-intensive, and uses a tiled custom background. The program simply
requires some time to set that background up. Please be patient. Do not
try to start the program again. (See the screenshot at: http://www.fortunecity.com/tatooine/blish/137/)
ROT13
"ROT13 is a simple encryption program commonly found on UNIX systems; it is also a simple substitution cipher. In this cipher, "A" is replaced by "N", "B" is replaced by "O", and so on. Every letter is rotated 13 places.
"Encrypting a file twice with ROT13 restores the original file.
P = ROT13 (ROT13 (P))
"ROT13 is not intended for security; it is often used in Usenet posts
to hide potentially offensive text, to avoid giving away the solution to
a puzzle, and so forth.
"Simple substitution ciphers can be easily broken because the cipher does not hide the underlying frequencies of the different letters of the plaintext. All it takes is about 25 English characters before a good cryptanalyst can reconstruct the plaintext."
[Schneier: Applied Cryptography, pp. 11 (ISBN 0-471-12845-7)]
Here is what enciphering with ROT13 looks like:
The message:
MEET ME AT THE LIBRARY AT NOON
Becomes:
ZRRG ZR NG GUR YVOENEL NG ABBA
Try it with Cipher1. Select this text, MEET ME AT THE LIBRARY AT NOON, copy it, and click the button in Cipher1 marked "Paste From Clipboard". Then click "ROT13".
You may even have an option in your browser or e-mail program to "decode" text encoded with ROT13.
Note: ROT13 is color-coded in red to indicate that it offers
the minimum possible security available through the different options in
Cipher1. ROT13 does not require a keyword
to operate.
Encipher/Decipher
This is a simple substitution cipher, the algorithm for which I found several years ago in the Encyclopedia Britannica, IIRC. To construct a cipher alphabet, start with a five- or six-character "keyword", such as KINGS.
Starting with the keyword, write the alphabet in a rectangular arrangement as follows:
K I N G S
A B C D E
F H J L M
O P Q R T
U V W X Y
Z
If a letter appears in the keyword, do not write it again below. Just skip that letter and write the next one in sequence.
Now, instead of reading left to right by row, read down, starting in column 1. Your cipher alphabet therefore becomes:
K A F O U Z I B H P V N C J Q W G D L R X S E M T Y
Match this arrangement up with the alphabet in its normal order (the plaintext alphabet):
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
K A F O U Z I B H P V N C J Q W G D L R X S E M T Y
Every time A appears in your plaintext, you replace it with the letter K. B becomes A, and so on. For example, this message:
MEET ME AT THE LIBRARY AT NOON
Becomes:
CUUR CU KR RBU NHADKDT KR JQQJ
Cryptographers will often write such a message in this form instead:
CUURC UKRRB UNHAD KDTKR JQQJX
in groups of five letters, ending with a "null" character, in this case, X. This serves to break up the natural spacing of words, and offers a very slight increase in security through obfuscation. Cipher1 will break the text up in this fashion, but does not pad out the last five-letter group with nulls.
You can try this for yourself by using the keyword "KINGS" in Cipher1, copying the message MEET ME AT THE LIBRARY AT NOON, and clicking the button marked "Paste From Clipboard". Then click "Encipher" (not RC4 Encipher - that option is explained below).
Like ROT13, the Encipher/Decipher combo in this program is trivial for an experienced cryptographer to break, given only a very small number of characters of ciphertext.
Note: The Encipher/Decipher combo is color-coded in yellow to indicate that it offers only slightly better security than ROT13. An experienced cryptanalyst will have no trouble at all in recovering text encrypted with this option. Encipher/Decipher does require a 5- or 6-character keyword.
Some basic information on solving simple substitution ciphers like these may be found on my website:
http://www.fortunecity.com/tatooine/blish/137/
under "Cryptanalysis".
Another very good source is:
http://www.fortunecity.com/skyscraper/coding/379/lesson1.htm
RC4 Encipher / RC4 Decipher
"RC4 is a variable-key-size stream cipher developed in 1987 by Ron Rivest for RSA Data Security, Inc. For seven years it was proprietary, and details of the algorithm were only available after signing a nondisclosure agreement.
"In September, 1994 someone posted source code to the Cypherpunks mailing list - anonymously. It quickly spread to the Usenet newsgroup sci.crypt, and via the Internet to ftp sites around the world. Readers with legal copies of RC4 confirmed compatibility. RSA Data Security, Inc. tried to put the genie back into the bottle, claiming that it was still a trade secret even though it was public; it was too late. It has since been discussed and dissected on Usenet, distributed at conferences, and taught in cryptography courses.
"RC4 is simple to describe. The algorithm works in OFB [Output-Feedback Mode]: The keystream is independent of the plaintext. It has a 8 * 8 S-box: S0, S1, . . ., S255. The entries are a permutation of the numbers 0 through 255, and the permutation is a function of the variable-length key. It has two counters, i and j, initialized to zero.
"To generate a random byte, do the following:
i = (i + 1) mod 256
j = (j + Si) mod 256
swap Si and Sj
t = (Si + Sj) mod 256
K = St
"The byte K is XORed with the plaintext to produce ciphertext
or XORed with the ciphertext to produce plaintext. Encryption is fast -
about 10 times faster than DES. Initializing the S-box is also easy.
First, fill it linearly: S0 = 0, S1 = 1, . . ., S255
= 255. Then fill another 256-byte array with the key, repeating the key
as necessary to fill the entire array: K0, K1, . . ., K255.
Set the index j to zero. Then:
for i = 0 to 255:
j = (j + Si + Ki) mod
256
swap Si and Sj
"And that's it. RSADSI claims that the algorithm is immune to differential
and linear cryptanalysis, doesn't seem to have any small cycles, and is
highly nonlinear. (There are no public cryptanalytic results. RC4 can be
in about 21700 (256! x 2562) possible states: an enormous number.) The
S-box slowly evolves with use: i ensures that every element changes
and j ensures that the elements change randomly. The algorithm is
simple enough that most programmers can quickly code it from memory."
[Schneier: Applied Cryptography, pp. 397-398 (ISBN 0-471-12845-7)]
Some sample output from this function is as follows:
Using the keyword: KINGS (be sure to type it in exactly, or copy and paste - the keyword for the RC4 function is case-sensitive)
This text:
MEET ME AT THE LIBRARY AT NOON
Becomes:
88 C9 C1 16 A5 CE 5C 62 6E 19 3D F4 30 42 9A 76 E8 F6 87 D8 3C 70 11 31 7B 5B 04 CF 6A A7 F6 83
Since the output of RC4 will be ASCII in the range 0-255, I needed to represent each character as hexadecimal in order to be able to e-mail enciphered messages. Don't worry - there's nothing extra you need to do to decipher it. Just copy and paste it back into Cipher1, being sure to use exactly the same key, and click "RC4 Decipher".
Note: RC4 Encipher / RC4 Decipher is color-coded in green to
indicate that of all the options presented by Cipher1,
RC4 offers the highest security. Please read the Note on Implementation,
immediately below, for more information on the security offered by this
version of RC4. RC4 does require a keyword. The keyword can (and
should) be a maximum of 5 characters. Additional characters will be ignored.
Please remember that the keyword is case-sensitive and must be typed in
exactly.
Note on Implementation
I used RC4 with a 40-bit key (5 ASCII characters) because RC4 with a key of more than 40 bits is considered a munition by the US Government. If I were to place RC4 with a key not limited to 40 bits on my website, and someone from outside the US downloaded it, that would make me an arms trafficker. I would go to jail. The implication, of course, is that a group or an agency with the right resources can readily crack RC4 with a 40-bit key. You may consider the Cipher1 implementation of RC4 to be secure enough for the purposes of a role-playing game, but do not use Cipher1 for anything that would cause harm or embarassment to you if it became public knowledge. Please do not take this warning lightly.
Information that will enable you to easily program your own version of RC4, not limited to a 40-bit key, may be found at the following locations:
CipherSaber: roll-your-own strong encryption project
I have working versions in both the BASIC programming language that comes with every Windows PC, and C/C++. If anyone would like to implement their own version, I'd be more than happy to help.
If Arnold Reinhold, author of the original Ciphersaber site, hasn't convinced you that knowing how to do crypto is a good thing, look here:
ACLU Brief on Privacy In America: Computer, Phones, & Privacy
FROM CROSSBOWS TO CRYPTOGRAPHY: THWARTING THE STATE VIA TECHNOLOGY
Cryptography,
Freedom and the Surveillance State
Learning more
Crypto-Log: Internet Guide to Cryptography
If you are having problems with some aspect of using Cipher1,
please e-mail me at:
[email protected]