AltSci Blog

Dec 21, 2015

A certain game reminded me of a cryptography trick that I learned years ago and haven't had the opportunity to share. First, let's talk substitution ciphers. I'll give two challenges, one with spaces and one without.

GZKH YOQU TKP QY QB BKOB Q OATOPY KOWE BZ TXQBE O AZHF 
QHBXZUSCBQZH TKEHEWEX QV BXPQHF BZ ENJAOQH YZVEBKQHF 
YQVJAE COHB JEZJAE GSYB YBOXB XEOUQHF TKEXE VP VQHU 
YBOXBY TXQBQHF

PKCCAMSVCNSLADUYDUCLQUFDTCAFZSGDPFNTFSCCNXSTFKGDTXADUMM
SKLSMPODUCLXSFVKPFFZSJNMPFVKMKXMKVZXNISFZSMSPFDJFZSODMC
LKYZKTYSOMNFSKJSOPSTFSTYSPFDLSPYMNQSOZKFADUKMSOMNFNTXKQ
DUFJNMPFBDZT

The trick for the first one is to look at the list of possible two-letter words. Here is the top 101 words in order of occurrence in AI3.

of
in
to
is
as
by
on
at
an
In
or
it
he
be
He
It
no
up
On
fr
As
es
so
St
if
At
do
An
US
By
No
UK
uk
To
TV
we
If
id
Dr
go
BC
Mr
Of
My
my
OF
Jr
We
me
Me
CD
us
Is
am
Co
So
Al
AD
Up
DC
al
io
cm
Ed
FM
PC
Be
Do
hi
EP
Go
kg
FC
NY
yo
3D
AM
DJ
SS
LP
UN
co
Op
ad
os
Sr
Ma
SR
EU
mg
CA
Or
Wu
IP
MA
Oz
Oh
Am
HD
un
kW

There are plenty of two letter words in both challenges, so it should be fairly straightforward how to solve those. Once you've tried values for the two letter words, see what substituting the rest of the characters does to other words. You might find obvious words. If you have a dictionary on your system, you can use grep to find a word automatically. If you have the AI3 wordlist, you automatically get the results in order of likeliness which improves the search many times. It also contains words that a normal dictionary doesn't have.

If you ever accidentally delete /usr/bin/emerge (happened to me when I ran emerge -aC dev-lang/python-exec), don't panic. That file is just a wrapper for /usr/lib/python-exec/python2.7/emerge. So you can fix your system by temporarily using /usr/lib/python-exec/python2.7/emerge.

Yes, it's that simple. This is also a useful way to execute pylint and pyflakes on python3 files while still having your system's default python be python2. Simply run /usr/lib/python-exec/python3.3/pyflakes (substituting whichever version of python you use instead of 3.3) and you're set. Yes, it was actually designed to work that way.

In case you want more to read, read this. In case you're more interested in playing than reading, click here.

Let's Encrypt Nosudo Scripts 0.1 [sig]

Let's Encrypt is a free SSL certificate authority that is designed to let users encrypt their website correctly. This has let me save around $81 creating certificates for all my domains (9 domains with Let's Encrypt, one without). Let's Encrypt was designed for the overly-trusting user who is willing to run code they download off github as root. Experience and paranoia teaches us not to run untrusted code as root or even as a user that isn't fully sandboxed. How do we deal with this? This technical document is for the admin who can read code and find vulnerabilities in Bash, Python, and protocols, not for the faint of heart.

Let's Encrypt Nosudo was designed for that. It takes a few hours to sign 10 certificates, so maybe 30 minutes per cert. But Let's Encrypt only issues certs with duration of 3 months which means that every 2-3 months you have to spend 30 minutes per cert. If you have 9 certs, that's a huge time investment. So like me you want to automate Let's Encrypt so that you don't have to spend 5 hours every 2-3 months. This is what these scripts are for.

Sono.us: link shortener for the author
AltSci Network: sites by same author
AltSci Blog: Unified blog for Javantea. Search this blog and others by the same author