by Steve Manchir
So recently we’ve been working on encryption issues; implementing secure encryption between Java on a mobile device and Python on the server. Nothing too difficult, though it can be tedious making sure all the proverbial t’s are dotted and i’s are crossed. During a recent stand-up meeting I joked that if we needed to meet an upcoming deadline, I could implement an implementation of ROT-13 encryption pretty quickly, which would work for appearances sake.
Rather than the round of hearty laughter I was expecting at my witty retort (they are called stand-up meetings for a reason, yes?) I was met with confusion. People didn’t know what ROT-13 was! This made me feel sad, and old. (That, or they didn’t think my joke was funny, which seems rather unlikely.) In order to rectify this situation, here’s a short rundown of ROT-13.
Back in the 1990s, before fun was invented, people would post things on the ‘Internet’ for the enjoyment of themselves and others. Back then, though, this mostly meant ‘Usenet’ which unlike today’s 3D multimedia-enhanced ‘web’ was purely text-based. Posting a hilarious photo of a cat was out of the question for most people outside of major research universities. Instead, you might want to discuss a current television program or show off your l33t math skills. Simple enough! But say you want to post a math riddle and the answer, or ‘spoilers’ about your favorite teen drama, in such a way that it’s ‘hidden’ but easily accessible, so that people who don’t want to see it can’t, but anyone who does can (fairly) easily get access? What then?
One way to handle this is adding a whole bunch of whitespace, so the user has to scroll down the page to see what’s next.
| | V
This is annoying.
So instead you might jumble up the text in such a way that it wasn’t obvious. For this purpose, ROT-13 works well. So instead of:
Joel escapes from the Satellite of Love using an escape pod hidden in a box of Hamdingers.
You might write:
Wbry rfpncrf sebz gur Fngryyvgr bs Ybir hfvat na rfpncr cbq uvqqra va n obk bs Unzqvatref.
And that’s ROT-13.
Since it started as a purely visual abbreviation, there’s some debate as to whether it’s pronounced ‘AR-OH-TEE 13′ or “ROTe 13″ as in ‘rotate’. The latter is more in spirit with the nature of the thing, but I think the former sounds fancier, which is important in the world of cryptography, what with the AES and CBC and SSH and PDQ.
Oh, so what actually IS it? Well, I was hoping you’d have figured it out by now, especially with that image up there, but the clue is in the word ‘rotate’. You simply take each letter and ‘rotate’ or shift it 13 places in the alphabet. Thus, ‘A’ becomes ‘N’, and so forth. It’s an example of a Caesar cipher, which were invented thousands of years ago by Julius Caesar in order to protect his salad dressing recipes. He would shift each letter a few steps in the alphabet, perhaps 3 or 4, and send this altered text to the person who was preparing dinner. It worked quite well, mostly because nearly all of his opponents couldn’t read.
The use of a shift of 13 is clever because our modern alphabet happens to have 26 characters, thus the same method can be used to encrypt and decrypt the message. It should be obvious that this in fact offers no real secrecy; any substitution cipher is vulnerable to frequency analysis and the like. It’s basically the internet equivalent of a decoder ring, pig-Latin, or writing the answer to a puzzle upside down on the last page of the book.
Which goes to show you that just because something appears to be encrypted and you used an algorithm with a fancy name that you found on the internet; that doesn’t mean it’s secure. This goes for more than just trivial things like ROT-13. Even encryption methods that one seemed unbreakable are now known to be so easily hacked that you might as well be sending your credit card information directly to the Russian mob. So be careful out there.
P.S. You might think that last paragraph was a lame attempt to attach a vaguely relevant moral from a pointless side-trip into Internet trivia. For that I can only say: Lrf, lbh’er cebonoyl evtug.
P.P.S. Want to code up your own ROT-13 algorithm? If you’re using the Vim text editor, you don’t have to! Just type the command ggg?G to ROT-13 your entire text file. It’s easy, fun, and will totally freak people out if you do it right before checking the file into source control.