back to article Spaniard claims WWII WAR HERO pigeon code crack. Explain please

A 22-year old Spaniard claims that he's cracked a previously unsolved WWII coded message. Others have claimed this before and there's nothing particularly solid to back up the latest effort, but let's have a look at it anyway. Dídac Sánchez claims that he had cracked the encryption scheme used in the last undeciphered message …

  1. DrXym Silver badge


    Get Bruce Schneier on the case.

    1. Michael Wojcik Silver badge

      Re: Snakeoil

      No reason for Bruce to bother with it (though I wouldn't be surprised if he mentions it on his blog - doesn't seem to have yet - since it's getting some press). He and pretty much every reputable cryptography expert have been saying for decades that cryptographic systems which aren't based on solid, published research, including cryptanalysis by experts, are high-risk.

      And, of course, we're not in any desperate need of new cryptography algorithms. Any new system needs a compelling advantage to be commercially interesting, and needs some significant difference to be interesting even as a theoretical exercise. That's particularly true for symmetric encryption, where we have algorithms that perform well under all our (published) metrics and have received a lot of scrutiny.1

      You can find all sorts of proposals for symmetric algorithms on places like sci.crypt (I contributed to a few back in the day). The vast majority never go anywhere because why do the work? And then there are algorithms which have received competent scrutiny but are less commonly used because they are or were encumbered, or aren't endorsed by big customers, or whatever - like CAST, Twofish, and Camellia.

      All the hard problems in cryptography-related areas of IT security are elsewhere.

      1There's arguably some room for innovation in stream ciphers, but with the popularity of GCM the motivation for a software-friendly stream cipher is greatly diminished.

  2. M man

    I'm amazing...nobody can disprove it..

    Now you enjoyed the clickbait...why dont you buy my new untested software

    1. Michael Wojcik Silver badge

      Re: I'm amazing...nobody can disprove it..

      Even if he could prove he'd cracked the encryption, there'd be no reason to buy his software. Even if he could prove he'd developed a new type of symmetric cryptographic algorithm with some advantage over the current state of the art, and had implemented it in his software, there'd be no justification for buying it. "New" is not a selling point when it comes to cryptography.

  3. hatti


    Could come in handy if WW2 starts up again

    1. Anonymous Coward
      Anonymous Coward

      Re: Useful

      Did it ever really end?

      1. hatti

        Re: Useful

        I suppose not, at least one pigeon has not completed their mission

    2. Anonymous Coward
      Anonymous Coward

      Re: Useful

      Could come in handy if WW2 starts up again

      Would that be WW2.1 or WW3? There are certainly enough betas running :(.

      1. TeeCee Gold badge

        Re: Useful

        Apparently we're skipping 3 and going straight to WW4.

        1. veti Silver badge

          Re: Useful

          You mean WWOnline, or WW365?

        2. YetAnotherLocksmith

          Re: Useful

          We've skipped a few cyber world wars, and are going straight to WWW.

  4. ElReg!comments!Pierre

    Surely this isn't a publicity stunt?

    Especially reading this from the contest rules: " If none of the messages coincide with the original text, the notary proved by a certificate indicating the number of proposals received, and the fact that nobody has been able to solve it."

    For now I'm trying to decipher the English version of the website. I'm making progress but I am still having trouble with pieces like "Contestants also achieve decipher it and explain how encrypted, remain in reserve, in case the first contestant gather together one of the two requirements to be declared the winner."

    I think one of the encryption techniques used in that 4YEO software may be Google Translate...

    Now, hearing how he plans to use a text encryption technique to create "a software for encrypting phone calls", as stated o the main page, could be interesting. Or amusing.

    1. Mark 85 Silver badge

      Re: Surely this isn't a publicity stunt?

      Multiple passes through Google Translate and several languages should make pretty much anything indecipherable.

  5. Doctor Syntax Silver badge

    Have I read this right? He's decoded the message and is now going to sell the system used as secure because nobody had been able to decode it?

    1. ElReg!comments!Pierre


      As stated on his website:

      Thanks to the program 4YEO you can send emails, fully encrypted, secure in the knowledge that only you and the recipient can read its contents. Even if the email is intercepted, it will not be deciphered as it has not been deciphered the message of the Second World War.


      1. This post has been deleted by its author

        1. Thecowking

          Re: Exactly.

          If it's a one time pad, that's exactly true.

          The logistics of using a one time pad for every communication are... hard. Especially with the requirement that the pad be of greater length than the data it encodes and the recipient having an idential copy of said pad.

          But a one time pad is simple enough to use by hand and unbreakable if used correctly

          1. Anonymous Coward
            Anonymous Coward

            Re: Exactly.

            If he used a one-time pad that was random, used only once (and I assume lost), then it's practically impossible for this guy to prove that he has done what he claims to have done. I wouldn't buy ice in Antarctica from this con man.

            1. Michael Wojcik Silver badge

              Re: Exactly.

              then it's practically impossible for this guy to prove

              Completely impossible. An OTP, used correctly, makes all plaintexts of the same length1 equally probable. There's no basis whatsoever for supporting a claim that a given plaintext corresponds to a given ciphertext. You have to have some external channel to confirm it.

              1And of course the length can be disguised by various means - abbreviation and reference to external content to shorten it, padding and self-delimiting to lengthen it.

      2. Anonymous Coward
        Anonymous Coward

        Re: Exactly.

        Nothing is every foolproof because fools are so ingenious.

        And I ought to know. I'm one of the most ingenious ones.

  6. dorsetknob
    Black Helicopters

    Howt to heap shit on your own head

    "To date, the intelligence services have been unable to crack this message's code because they were missing the code word, the code book and the encryption method used. After successfully deciphering the method used I have developed a piece of software that I believe is one of the most secure in the world, because I have adapted the British code to the data security required today by new technologies," Sánchez claimed.

    roll in the legal vultures

    Guy has just admitted to breaching the official secrets act + copyright infringment

    black helicopters inbound

    1. Zippy's Sausage Factory

      Re: Howt to heap shit on your own head

      Given that GCHQ have known about the message since 2012 - and issued press releases about it - does rather suggest that it's about as secret as the front page of the Daily Mail.

      As for the copyright infringement bit, well, I think we'd be talking patents rather than copyright - and they'd have expired in the 60s at the latest...

      1. Anonymous Coward
        Anonymous Coward

        Re: Howt to heap shit on your own head

        Stuff protected under the OSA has no time limit. It needs to be positively declassified otherwise it remains secret for ever and a day.

        Some bits of WW2 info are still top secret. I've beed to Kew and seen some of the files and noticed where bits are missing. This was in relation to the liberation of Bergen-Belsen. My Father was in the first tranche of Allied Troops to enter the camp.

      2. razorfishsl

        Re: Howt to heap shit on your own head

        These are the same people who for 70 years let the world believe the Americans had the first computers.....

    2. John Brown (no body) Silver badge

      Re: Howt to heap shit on your own head

      Guy has just admitted to breaching the official secrets act"

      Does that apply to a Spaniard who never signed it?

      1. Richard 12 Silver badge

        Re: Howt to heap shit on your own head

        Signing or not is irrelevant, though nationality is.

        That said, it's pointless self-aggrandisement anyway.

        They used one-time pads for this encryption.

        Make two identical lists of totally random code:value pairs, send one out to the field and keep the other for decoding.

        As long as your one-time-pad generation system is truly random with sufficient entropy, and you can keep both pads secure, it is genuinely unbreakable.

        Inconvenient though, as once the pads are used up, no more messages until you can get a new one to the other party.

      2. Jonathan Richards 1 Silver badge

        Re: Howt to heap shit on your own head

        It applies to anyone in the UK jurisdiction, and you don't *need* to have signed anything to be subject to it. The declaration one signs is merely to confirm that one has had the provisions of the Act drawn to one's attention.

      3. jonathanb Silver badge

        Re: Howt to heap shit on your own head

        Yes, signing the official secrets act makes no difference, you are bound by it anyway. The government only asks people to sign it to make them aware that they are dealing with official secrets.

  7. Scott Broukell

    Message Reads:

    'Send three and fourpence we are going to a dance' - Message Ends

  8. dotdavid

    "To demonstrate the security of the 4YEO system, Sánchez has published a message with an identical structure on his website, where he is offering EUR25,000 to anyone who can successfully decipher it."

    So, er, how do we know he hasn't just posted random gibberish on his site and claimed it is actually encrypted text? Such an encryption scheme would indeed be undecipherable.

    1. Michael Wojcik Silver badge

      For that matter, even if it is a real ciphertext corresponding to some meaningful plaintext and encrypted with his cipher, he can just claim any correct submissions are wrong - unless he's provided some verifier (like a cryptographic hash of the correct plaintext).

  9. Peter Simpson 1



    // all caps and no punctuation for authenticity

  10. Your alien overlord - fear me

    1. His website is done in such poor English, his message is probably just as bad.

    2. Send in Chuck Norris to beat the sh!t out of either sender or recipient and hey presto, you know the message. The only cracking here is of their heads.

  11. Anonymous Coward
    Anonymous Coward


    perhaps a little Navajo could come in handy?

    1. Anonymous Coward
      Anonymous Coward

      Re: probably something like

      Mabel is on the chair

      The dogs are barking

      Where is Mr Smith

      that's the type of messages they used to send and the recipient would know what is meant by each one

      Listen to any WW2 era BBC radio show for hidden ones

      1. Destroy All Monsters Silver badge

        Re: probably something like

        But then you wouldn't need to encrypt it? (Carrying TWO codebooks around is a bit nightmarish)

        1. Steve Knox

          Re: probably something like

          Memorize the code phrases.

          Encrypt so that the code phrases are not obviously code phrases.

          1. pffut

            Re: probably something like

            > Encrypt so that the code phrases are not obviously code phrases.

            As opposed to obviously being encrypted content? Oh yes, so much less noticeable by counterintelligence...

            1. Steve Knox

              Re: probably something like

              Whether code phrases or encrypted content, counterintelligence will likely know they have a message of some value anyway.

              If the message is just code phrases, they'll know they need to get or reverse-engineer* the code book.

              If the message is encrypted as well, they'll have to decrypt it before even finding out that they need a code book.

              The more layers they have to go through, the less likely they'll figure out what that value is.

              * By, for example, capturing conversations and correlating them with events.

              1. Destroy All Monsters Silver badge
                Thumb Down

                Re: probably something like

                The more layers they have to go through, the less likely they'll figure out what that value is.

                You must be the kind of person who keeps your dog on three leashes, one of them electronic.

                Once your sergeant( carrying lots of paper, matches and suspiciously many books by Jane Austin as well as a OTP) has applied all the useless layers he will be holed, have "volunteered" to help the SS with their enquiries or the value of your message will be zero.

      2. Ugotta B. Kiddingme

        Re: probably something like

        "Have you a match?"

        "No, I use a lighter."

        "Better still."

        "Until they go wrong."

      3. Dan 55 Silver badge

        Re: probably something like

        The Red Kipper flies at midnight?

  12. Dave 32

    Poem Code?

    Could the original message (and, thus, presumably 4YEO) be a "Poem Code"?


  13. Cynic_999 Silver badge

    Unless the algorithm is trivial (e.g. ROT13), any attempt to decipher can only be contemplated if there are some known details about the plaintext or algorithm. What language the plaintext is in, for example, or some idea of the algorithm. In most cases several examples of encrypted messages are required in order to make comparisons and perform statistical analysis (e.g. on letter frequencies). So a one-off encrypted message is highly likely to be uncrackable, but if the algorithm is in common use it becomes a far easier task (especially if the algorithm is known via reverse engineering the encryption/decryption program).

    The present commonly used encryption algorithms (AES, DES etc.) have had a great deal of effort put into them to ensure that the encrypted output is not susceptible to statistical analysis or other code-breaking techniques even though the algorithm is known, and there is no similarity (apart from length if random padding is not used) between 2 encrypted versions of the same plaintext encrypted with a different key, and the key cannot be determined even if both the plaintext and ciphertext are available to the code breaker (which they frequently are).

    None of the encryption techniques used in pre-computer times were anything like as strong (except OTP encryption which is logistically impractical for most purposes). I would be very surprised if an individual has come up with a strong encryption method based on a WW2 technique. "Enigma" ciphertext would have been easily brute-forced by a modern laptop PC, and it was very advanced for its time.

    1. Anonymous Coward
      Anonymous Coward

      Are "book" codes easy to crack? The ones where each end uses an agreed edition of a common book and the coding references a word/letter by page, paragraph, line, word/letter offset numbers.

      1. Charles 9 Silver badge

        "Are "book" codes easy to crack? The ones where each end uses an agreed edition of a common book and the coding references a word/letter by page, paragraph, line, word/letter offset numbers."

        It depends on how the book is kept. If it's based on something you have to carry with you, if you're caught they can use the book in your possession to try to decipher the code. Things that are too common (like newspapers) are also risky as the enemy may well have one of these and will try it as a matter of course.

        1. veti Silver badge

          With "book" codes, a lot depends on the discipline of the person writing the coded message. If they do as they're supposed to, and refrain from repeating the same reference too often, then they're pretty good. But if they get lazy and start using the same reference for a particular word - maybe an uncommon word that they can't avoid repeating - then the code becomes much easier to crack.

          (That's one reason why they've fallen out of favour - they're inherently labour-intensive, and only really robust when used by experts.)

    2. Chris G Silver badge

      Plaintext language

      "any attempt to decipher can only be contemplated if there are some known details about the plaintext or algorithm. What language the plaintext is in, for example,"

      Being a WWII RAF message I'm betting on this;


  14. Turtle

    IP over Avian Carriers RFC 1149

    "IP over Avian Carriers (RFC 1149) is an Internet protocol for the transmission of messages via homing pigeon." ( also the following:)

    "In September 2009, a South African IT company based in Durban pitted an 11-month-old bird armed with a data packed 4GB memory stick against the ADSL service from the country's biggest internet service provider, Telkom. The pigeon, Winston, took an hour and eight minutes to carry the data 80 km (50 miles). In all, the data transfer took two hours, six minutes, and fifty-seven seconds—the same amount of time it took to transfer 4% of the data over the ADSL." (ibid)

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: IP over Avian Carriers RFC 1149

      In the 1970s a South African computer centre experimented with a state-of-the art Remote Job Entry terminal for printing and card reading - running at 1200bps. The link was between there and an office about a mile away. The existing system was a guy on a bicycle with a classic large grocery delivery basket on the front. The bicycle won by a handsome margin.

    3. DropBear
      1. Charles 9 Silver badge

        Re: IP over Avian Carriers RFC 1149

        Bandwidth, yes, but what about reliability? The pigeon, for example, could go astray or end up shot down or caught by a bird of prey or a cat. The bicycle or car could get caught in a traffic jam or, worse, crash.

        1. TeeCee Gold badge

          Re: IP over Avian Carriers RFC 1149

          Hmm. You've never had firsthand experience of African telecoms then?

          My money's on the pidgeon.....

        2. Anonymous Coward
          Anonymous Coward

          Re: IP over Avian Carriers RFC 1149 @Charles9

          Dont forget the Bastard Telecom affect!!

          Dig up road and snap cable

          Rewire something

          F*ck Something up on a Friday

          Exchange can cope with the occasional hot weather, and melts (yes it has happened), AKA as the Bent Rails or Leaves on the Track effect.

          etc etc etc.....

        3. veti Silver badge

          Re: IP over Avian Carriers RFC 1149

          Reliability is probably about as good as UDP...

          The real killer is latency.

  15. Anonymous Coward
    Anonymous Coward


    Do not pay attention to the loons - it only encourages them.

    1. wolfetone Silver badge

      Re: Crackpot

      If only we could extend that to Nigel Farage and Katie Hopkins. But alas, people like to feed the loons.

  16. a_yank_lurker Silver badge

    Was this encoded with a one-time pad

    Properly used one-time pads are notoriously difficult (virtually impossible) to crack when certain basic precautions are used. It is possible that this message used a one-time pad which would make breaking it an incredible feat.

  17. Martin Proffitt

    As an amateur code breaker who has gone after Dorabella, the original Pigeon Cipher and Kryptos K4 (Ok, I'm still going after K4), all to no avail, this amuses me.

    OTP codes ARE incredibly hard to crack for one critical reason. Their strength lies in the brevity of the message they portray. The shorter the message, the harder they are to break. Might be OK for posting gibberish to Twitter (which is mostly gibberish anyway) but for anything longer, you're going to get collisions. A lot of them.

    Might as well just give the spooks the keys to the kingdom whilst you're at it.

    Talk about an algorithm for the modern age.

    1. Charles 9 Silver badge

      No, the true strength of the one-time pad is that it's literally impossible to determine the actual message without foreknowledge of it. The reason being a properly-used OTP cipher can actually be deciphered into ANY message of the same or shorter length. The ONLY determining factor in OTP is the pad itself.

  18. Planty Bronze badge

    Man with something to sell seeks free publicity

    When will you learn??? It's bad enough having to suffer android malware FUD from snske sellers, now this...

  19. Alan J. Wylie

    Schneier's Law: Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break.

  20. Dan 55 Silver badge


    I can't help but notice the heavy presence of the word notary as as if it were a guarantee, which usually indicates some kind of charlatanism is being practiced...

  21. Winkypop Silver badge


    Probably just cooking instructions for pigeon pie.

    That's why it hid in the chimney.

  22. cortland

    Leo Marks' code?

    Chief of codes for SOE; read his book "Between Silk and Suicide."

    1. Peter Simpson 1
      Thumb Up

      Re: Leo Marks' code?

      Cyanide. "Between Silk and Cyanide"

  23. Rushyo

    "It's all about the key exchange, stupid."

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021