Pen and Paper Crypto: A basic exploration of substitution ciphers

Cryptography is an essential part of today’s online information security. Without cryptography there would be no way to safely store your private data on remote servers (it is stored encrypted right?), to safely complete online transactions or to authenticate with online services (you make sure SSL is enabled on the websites you visit, correct?).

Cryptography and information security, however, is not new. It has served as a tool for secure information exchange throughout history, playing a very important role on events that have marked humanity. With time, it has also been rapidly evolving and as new cryptographic techniques are created, more sophisticated attacks are devised, becoming a never-ending game of catch-up.

The first known real cryptographic techniques were very basic, but are both fun to play with and provide a good foundation to understand modern crypto practices and their weaknesses. In this article I’ll be exploring some of these techniques, how they work and provide interactive “playgrounds” to experiment with.


The first one is Rot13. This encryption method is more of an obfuscation technique, because it doesn’t provide real security since the key to encrypt is public. However it has been used effectively on online forums to hide messages that are not meant to be read right away. Movie spoilers or puzzle solutions are some good examples.

This algorithm works by assigning a number to each letter of the alphabet. For example, A=1, B=2, C=3 … Y=25, Z=26. Then for each letter on the message, we add 13 to it. If it goes over Z, then wrap around and start on A. This is visualized better on the playground below.

One of the most interesting properties of this encryption technique is that the encrypted text is all that’s necessary to get the original message. You can try this by copying the Cipher Text into the Plain Text field on the playground above.

Caesar Cipher

The Caesar Cipher is a variation on Rot13 in which the rotation by 13 is no longer fixed. This means that our key space and therefore the security of this encryption algorithm is increased 26-fold (yep, mindblown)

If we designate X to be the shifting value when encrypting, then the key to decrypt an encrypted message is (26 – X). You can try it below.

Vigenere Cipher

The Vigenere Cipher is like having multiple Caesar Ciphers chained together, each with a different shift value. The number available key combinations now multiplies by 26 for each instance of a caesar cipher. So, if you have a 3 character key (a character represents a shift value), our key space is 26 * 26 * 26 = 17576.

While the key space for the Vigenere cipher is much larger, all these encryption techniques have some flaws that make it easy to break. I’ll explore the basic technique for this attack in part 2 of this series.

The code for the encryption playgrounds is available here:

At Olark, we constantly spend time teaching and learning from each other. We have a weekly Show n’ Tell session, where we spend time learning from each others’ skills and interests. This post is an adaptation of one of our Show N’ Tell sessions I did.


My Internet (and MIDI) controlled Necktie

Pinoccio Nexopixel Necktie 1

A necktie with NeoPixels sewed into it with conductive thread. Powered by Pinoccio

Internet connected wearable devices are getting more and more common these days. There are many devices available off-the-shelf right now, but there is something special about being able to imagine and create your own. To accomplish this, I truly think the best platform right now is to use a Pinoccio.

Continue reading

Controlling a Gakken SX-150 synth with Arduino

The Gakken SX-150 is a really inexpensive analog synth (about $50, now available at the make store). This synth is included on a Japanese magazine (I wouldn’t expect less from them) so that makes it 2*2 times as cool.

Since its release, someone already has created a module to add midi support to it using the atmel attiny2313, but I’ve wanted to use an Arduino board to do it, to keep things easy to prototype and hack.

My implementation uses a single DAC IC chip, the MCP4921, which sells for about 2 bucks from Mouser. The current version uses the Arduino, only to read one byte, as a midi note, from the serial connection and sends that to the SX-150. I could have created the full midi circuit to make it a standalone solution, but that increases the cost and complexity of the physical connections. I’ll probably do that on a later revision.

So, in order to receive midi data, I wrote a small Processing sketch that receives midi, and sends the note information through the serial port to the Arduino.

The Arduino connection diagram looks like this:

And the final connections, like this:


And.. the whole thing sounds like this:

On the video, I’m using Ableton Live to send midi data to the processing sketch using a Network Midi connection on the Mac. On windows, you should be able to use Midi Yolke to accomplish the same thing. Then, I make sure that the processing sketch receives midi on that same virtual midi connection and sends the data through serial to the arduino. So, depending on your system configuration, you might have to tweak the Processing sketch a little bit to make sure it is reading and writing to the right midi and serial ports.

The flow of data from the sequencer to the synth looks like this:
Ableton Live => Virtual Midi Connection => Processing Sketch => Serial Port =≶ Arduino => DAC => SX-150

And finally, the source code:

Now, hook it up and make some noise!

The importance of having an open relationship with your IDE.

IDE’s: you either love them or you hate them, but there is no question about it: they do make a developer’s life easier. Developers that are really good with such a tool can seriously count on them being an extension of their body, an invisible limb, a partner. They physically hurt when the IDE crashes, they clean it, take care of it. But is this good or bad? Are developers leaving part of their brain on software? I think so. The worst part if they leave it there for too long they might not get it back.
Technology changes way too rapidly for programmers to develop such a strong relationship with a tool like this. Is this relationship beneficial? Absolutely, but you have to be ready to dump your software partner at a time when you least expect it. I know of stories where broken software hearts means having to change jobs.
The beauty of this relationship is that cheating on your IDE does actually benefit you as a developer. Besides, the IDE won’t get mad at you, even if it finds out. So my fellow developers, free yourselves. Play with other IDE’s, languages, techonologies and don’t be afraid. Times change rapidly, embrace change.

Playing JawBreaker with your friends’ head

I wrote this little game a couple of months ago and get a kick out of it every I see the main page. It is a clone of the JawBreaker game that comes with PocketPC, but I changed the “balls” with some friend’s heads. If anyone wants their own custom version (with the heads of _your_ friends instead) drop me a line.

You can click on the images to download the game.