Ciphers and Codes, Oh My!

In previous posts we’ve looked at encryption and decryption, and talked about how messages are obscured, but at a very basic level, have you heard of ciphers and codes? Have you ever wondered about the difference between the two?

On a recent visit to Bletchley Park I came across a notice with the image shown above, so I thought I’d share it with you.

A code is a word, phrase or numbers which is converted into different words, phrases or numbers.  All the recipient needs is some kind of guide to explain what the codes mean – in the case of the image, “You Attack at Dawn” was encoded as “Buy Some Milk”, so the recipient would need to know what “Buy Some Milk” really meant.

As well as the example given in the image, there are others seen in movies, TV shos and elsewhere.  For example, the Wikipedia entry for Star Trek II: The Wrath of Khan explains the use of a code by saying “Though Khan believes his foe stranded on Regula I, Kirk and Spock use a coded message to arrange a rendezvous.” This was, as Kirk and Spock said, “by the book” where days became hours and hours became minutes.

A cipher transforms individual letters, or small groups of letters, into some other combination, perhaps even using symbols. To read the message, the enciphered (encrypted) text needs to be deciphered (decrypted) somehow.  This is what codebreakers do – they try to decipher the original message.


A while back I mentioned in my post on Backups that we needed to talk about Encryption, so here we are. First of all, I need to explain what encryption is. At its simplest, its a way of making a message unreadable by anyone other than the intended recipient.  

I should also point out that there is a difference between a code and a cipher, though they tend to be used interchangably. A code is where each word in a message is replaced with a code word or symbol, whereas a cipher is where each letter in a message is replaced with a cipher letter or symbol. In fact, when most people say “code,” they are actually referring to ciphers.

Why encrypt anything?

Why would you want to use encryption though? You may say that you’ve nothing to hide, but think about that for a second. Say you’re accessing your bank account – would you want anyone who is able to intercept the messages you send to be able to read them? What about if you’re paying for something online? Would you want someone to be able to read your credit card number and security code? What about if you’re in contact with your doctor or hospital about a medical condition? You get the idea I hope…

For these reasons, and many more, communications between our computers, our laptops, tablets and smartphones and a whole host of services, whether financial or health related, or just generally private, are encrypted for us.  If you’ve noticed some web pages start with https rather than http – that means that the former are encrypted and should be more secure.

How does it work?

Encryption has been around for millennia, though with the advent of more and more complicated maths and now computers, the processes have changed dramatically.  I’m not going to go into the detail of how it all works here, other than with a very simple example. 

Going back 2000 years, a common method of encryption would be to substitute one letter for another.  The most popular way of doing this was called a Caesar Cipher (after the Roman emperor), and worked like this:

First of all, write down the alphabet


Then, move the letters along a number of places. In the example below, I’ve moved them 3 places, so A now sits below where D was:


Write your message using the new letters.  In this example, HELLO would be:


As you can imagine, this would not take long to decode, but worked quite well in a time when a lot of people were illiterate.

Jump forward to today and you use huge prime numbers, really clever maths and quantum computers in an ever changing, rapidly evolving battle to keep messages confidential.

Encryption in history
There are two really interesting stories about encryption from World War II which I’d like to share with you.

The first is all about Bletchley Park and Enigma. I’m sure you’ll have heard of them, or at least of the film The Imitation Game, one of several which have covered the activities of Britain’s code breakers. Their work in breaking the German codes are said to have shortened the war by at least 2 years, but it’s relatively unknown that Enigma was actually broken in the mid-1930s by Polish code breakers. Not long before war broke out the machines were changed to make them more difficult to break. If you ever have the chance to visit Bletchley (it’s near Milton Keynes in England) you should do so -it’s a fascinating and absorbing day out.

The second story is less well known. Clever maths and computers are all well and good, but there’s another way to make messages unintelligible. Write them in a language that only the sender and recipient understand.  That’s what the Americans did, using teams of Navajo tribesmen. Other than members of the tribe, only a handful of other people spoke their language. The Navajo working in this way were known as Windtalkers, and were deployed throughout the Pacific. 

Passwords and encryption

Sorry, but I have to bring passwords into this.  You may have heard of plain text password storage – that’s where a password is stored and isn’t encrypted. Most systems now use a process called hashing, which is a form of encryption. This involves taking the password and applying some maths to it to get an unrelated string of text, which is then stored. When you log in again and enter your password, it is typically hashed again and that string compared against the one which has been stored. If you type the same passsword, the hashes will match, but even a small change will result in no match. Note that you don’t “unhash” the text.

Here’s an example to illustrate this. I used a common tool called an MD5 hash generator (try it, you can find free ones using Google), and ran it against the word password. The hash which was generated was:


I used the same tool, and this time used a capital letter P in Password. The result?


You can see that they’re totally different.

When hackers try to break into systems, they have ways of accessing the stored passwords, which as you now know are hashed. BUT – they have a pregenerated list of common passwords and even dictionary words with their associated hashes. It’s easy for them to scan the hashes looking for a match in their list. (The lists are called Rainbow Tables.) This is one reason why you should never use common passwords, or dictionary words: they’re the first ones to be tried by hackers and therefore the first to be broken.

Further reading

If you want to know more about the history and how things have changed, I’d recommend reading Simon Singh’s The Code Book, though be warned that towards the end the maths gets quite heavy! You’ll also learn more about Enigma, the Windtalkers, dead languages and about Alice, Bob and Eve (aka Mallory) who are used to explain a common form of encryption used today which uses a Public Key Infrastructure (PKI).

The Code Book

Having seen Simon Singh explaining how the Enigma machine worked while at a conference, I picked up this book. It charts the history of codes and ciphers from well before Roman times to the current day, and shows how they have developed over time. It was also very useful to read the difference between code (replacing words) and ciphers (replacing letters): most of what was discussed in the book fell into the latter category.

Singh writes in a very clear and informative manner, and makes the history of the topic interesting and at times exciting. I have to confess that some of the maths which was used went over my head, though I understood the general meaning in what was being said.

I was fascinated by the work done to understand the Linear A and Linear B languages, and the fact that initially scholars of Ancient Greek were convinced that neither text were part of that language: it must have been incredible for the person who finally worked out that Linear A was indeed Greek, albeit 500 years older than that used by Homer 3000 years ago.

The assertion that the most unbreakable code was that used by the Navajo code talkers in the Second World War is quite an interesting one. I understand that if you use a language that no-one else understands, then you improve the chances of it not being understood, but the fact that new phrases had to be introduced for English words which don’t appear in the native language must introduce some opportunities for the code breakers to make a start. Some form of frequency analysis would have some effect, but I think that the differences between Japanese kanji and English Roman script had something to do with it too.

The development of near-identical public key cryptography technologies by mathematicians in the US and the U.K. at approximately the same time is also an interesting revelation. (Diffie-Helman and RSA were both more or less simultaneously discovered on either side of the Atlantic, though GCHQ were slightly ahead in each case.) The fact that the cryptologists in the UK were based at GCHQ and therefore unable to share any of their work externally (or to review external solutions) shows I think that given enough time any technology can be “discovered” by different people in different locations.

In summary, I believe that this book is a good introduction to many different concepts, along with many good examples of each concept. It is well worth reading.