Creating a cipher

This isn't a post specific to a computer technique, but it does relate to security.

What the heck is a cipher, anyway, and why would I want one?

As a matter of course, I teach every staff member this when I give them numeric security codes of any kind. The purpose is to allow the person a way to write down the code in letters, rather than numbers. The beauty of this is that they can then carry the code around with them on a piece of paper and, unless you know their cipher, it is senseless to anyone else. For that person, it gives them the added bonus that they can relatively quickly decrypt the cipher if their memory fails them. I can't count the number of times I've gone back to mine to work out if the number really ended in, say, 36 or something different.

The reason I figured I'd share this technique here is that it can be useful to anyone that needs to carry around sensitive numeric data on a card in their wallet. Safe combinations, door codes, security pass numbers, whatever. If it's numeric, it can be encoded and written down.

While I learned this technique from my boss, I understand that the it actually originated for use in encoding inventory stocking dates. Back in the day when all items were tagged with one of those sticky label guns, the vendor would place the price on one line, and a 4-8 digit code on another line, representing the date the item was put on the shelf (or expired.) There are obviously variations, but the main purpose was the same; it gave a vendor a way to plainly label how long a product was on the shelf, without the customer being able to read it.

Creating a Cipher

So how do we do it? It all comes down to one word: PATHFINDER. This is a very special word, which I'll talk more about later. For now though, assign one number to each letter as follows:

From an inventory perspective, we can then encode a date of, say August 31, 2008 as RDTPARRD. If you work this backwards, using the above, you'll see that the letters correspond to 08312008.

The benefits of this can immediately be seen. Just for a second, assume that you have a safe combination of 45-61-22 that you want to have with you. Naturally, you don't really want to write it down on a piece of paper, in case you lose it. Encoding it with the cipher solves this issue, as you can carry write down HF-IP-AA. Unless someone knows what you've done, and your word, chances are fairly good that they won't have a clue what it is for.

There are a couple of keys to making this work for you.

Key #1: The 10 letter word

I mentioned that "Pathfinder" is a very special word. The reason is that it contains ten letters, of which none repeat. This is essential, as there is one unique letter in the word for each number, and is the single key to the construction of your very own cipher. In fact, the hardest part of setting up a cipher is generating that special word. There just aren't that many in the dictionary, and you hardly want to share one with someone else. So what do you do?

The answer is simple... make one up! It can be a phrase, two or more words, an acronym or whatever else makes sense to you. So long as you can remember it and no letters repeat, you'll be just fine. Let's look at a couple of samples that might work:

• Orangefish
• NaughtyKid

Feel free to use one of these if you like, but just remember not to tell anyone what it is.

By contrast, assume that you were to pick a word that did have repeating letters in it, like NaughtyDog. If you number each character in the word, you can see that both 4 and 0 would be labelled as G. So which would you choose when decoding?

Key #2: 0 or 1?

The next key is applicable to coercing the letters back to numbers. When encoding, you may start your cipher at 0 or at 1, as shown in the picture below:

They key to successful decryption, of course, relies on your remembering what number you started with. Hopefully, if you can remember your word, you can remember this minor detail. For most people it is a matter of preference anyway, so it's unlikely that you'll mess this part up.

Key #3: Protect it

Like the PIN number for your bank card, the cipher will only offer any kind of security until someone discovers it. Giving away your secret word means that the person will have access to decipher anything that you have coded, so be careful with your word. By this point, you've probably already figured out how hard it is to come up with a good word, so don't give it away! If they need a code, just give them the code, not the key to all of them.
Some tips to protecting it when you write your encrypted information down:

• Don't make it obvious. Writing "Safe combination = xx-xx-xx" on a card is probably a stupid thing to do.  Likewise, something like "xx/xx/xxxx" cries out as a date.  Giving obvious clues about the encrypted data can give someone both a reason and the schema to break your cipher*.
• Don't encode stuff that doesn't need to be. For example, encoding your Birthday or a phone number is a waste of time.  The less time you spend decrypting your keys, the less anyone notices and wants to try it themselves.
• Don't decode your info on the same paper as your encrypted version. Accidentally leaving that somewhere gives the whole thing away.

*Ciphers can be broken by guessing, providing there is some context to work with. Mind bender games do exist in many puzzle magazines that do exactly this. Granted, they have some kind of clues, which is why I don't recommend encrypting obvious information with obvious descriptions.