The method eludes me but you can find palimpsest and abscissa in the string of morse code. The letters are there but I’d be lying if I said I knew how it was done. If we look to the letters that are left however, we may be able to retrieve the other words if there are any.

I’ve become more and more convinced that Scheidt may have had a slightly over-generous estimation of an agent in the field. I’m not trying to be unpatriotic but I’ve learned about some of the specializations of the intelligence community and I think it’s safe to say that the CIA or NSA as a product (not a sum) of its members is capable as an entity of solving a problem like Kryptos but any individual part is unlikely to reach a solution on its own and its doubtful that the organization as a whole will devote the necessary time, energy, personnel and resources needed. I guess they have better things to do, hopefully.

Realistically, I know that there is a prioritization in the process and not every ciphertext gets solved and not everything works out. No one can be functioning at 100% all the time. It’s just unrealistic. Something like Kryptos, if found in the field and unless it was considered to be of the utmost importance, would likely be attempted and then ignored. We cannot forget rubber-hose cryptanalysis. Not that I’m suggesting we use it! I’m just saying that there is a line where we can no longer have the suspension of disbelief and must accept Kryptos as a game that uses real life methods to amuse, nothing more. It cannot become a swirling black hole of the lunatic fringe and conspiracy theorists, we must stay grounded in the methods used and taught and then consider creative ways they may have been used.

As the audience, we are not able to use all of the methods available to the CIA to solve an encryption problem. We go as far as our abilities, the law and our morality allow and then we will and we must resort to what is an option for us that is not an option for the CIA and that is to treat it like a game. It can be fun and we should never lose sight of that strength that we possess as hobbyists. We are not limited in time and resources. We have no standard operating procedure to follow. We have the freedom to attempt it in any way we choose but I would ask anyone reading this to make a choice for themselves to attempt to keep it within the realm of the possible and the realistic. The pipe dreams I see littering the internet do little to advance us to a solution or really to inspire further developments of riddles/puzzles/games or cryptology. Let us please stop wasting each other’s time. I will do my best to honor this philosophy by attempting to make it clear, even on some of the ideas that I really hoped would work, to not take them too far and to clearly indicate that no, no they did not work. I may leave the door open to further development of an idea but I must self-govern as must we all.

For those who have not heard of it before, here is a blunt description of what happens in the real world when someone can’t break a code (from our good friend Wikipedia)

In cryptography, rubber-hose cryptanalysis is a euphemism for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion,[1] in contrast to a mathematical or technical cryptanalytic attack. The term refers to beating someone with a rubber hose until they cooperate.

The term originated in the sci.crypt newsgroup in a message posted 16 October 1990 by Marcus J. Ranum, alluding to bastinado:

…the rubber-hose technique of cryptanalysis. (in which a rubber hose is applied forcefully and frequently to the soles of the feet until the key to the cryptosystem is discovered, a process that can take a surprisingly short time and is quite computationally inexpensive).

In practice, psychological coercion can prove as effective as physical torture. Non-violent but highly intimidating methods include such tactics as the threat of harsh legal penalties. The incentive to cooperate may be some form of plea bargain, such as an offer to drop or reduce criminal charges against a suspect in return for full co-operation with investigators.

Although the term is used tongue-in-cheek, its implications are serious: in modern cryptosystems, the weakest link is often the human user. A direct attack on a cipher algorithm, or the cryptographic protocols used, will likely be much more expensive and difficult than targeting the users of the system. Thus, many cryptosystems and security systems are designed with special emphasis on keeping human vulnerability to a minimum. For example, in public-key cryptography, the defender may hold the key to encrypt the message, but he may not hold the decryption key to decipher it. The problem here is that the defender may be unable to convince the attacker to stop coercion. In deniable encryption, a second key is created which unlocks a second convincing but relatively harmless message (for example, apparently personal writings expressing “deviant” thoughts or desires of some type that are lawful but taboo), so the defender can prove to have handed over the keys whilst the attacker remains unaware of the primary hidden message. By using these techniques, threats to operators or other personnel will be ineffective in breaking the system. The expectation is that rational adversaries will realize this, and forgo threats or actual torture.

In some jurisdictions, statutes assume the opposite — that human operators know (or have access to) such things as session keys, an assumption which parallels that made by rubber-hose practitioners. An example is the United Kingdom’s RIP Act, which has made it a crime to not surrender encryption keys on proper demand from a government official as authorized in the statute. That users of some cryptosystems may not be able to do so, as noted above, is not addressed by the statute.

Rest assured James Sanborn, you’re safe from the huddled masses trying to solve this thing. As hopefully sane people, I can’t imagine someone thinking they could attempt something and I do certainly hope that you keep yourself safe from the crazies. For the rest of us, well, we know the secret is that everyone would accuse us of cheating and the public backlash would be significantly more awful than anything I care to imagine.

My my my, I’m getting a little wordy these days. I’ve got to remember to find some more pictures…

Kryptos Fan

p.s. I think it’s very possible to pull a lot of good hints out of the morse code letters. Quagmire iii can be found as well. There must be some logical way to explain how we’re supposed to get the hints. Maybe I can find more and then we can sort out the method later?

Advertisements