Security Aspects: Classic Blunders

Classic Blunders

Error in Encryption leads
to Compromises

Probable Words

Special Characters

Event-triggered
Messages

Poor Choice of
Passwords

Physical Copy of Crypt
Documents

Captured Cryptographic
Devices

Illusion of Security using
'Complicated'
Cryptosystem

Human Operator Errors

Extra Security Measures

Glossary

Security Aspects
Classic Blunders

Error in Encryption leads to Compromises
When message-handling operator makes error in encrypting data. Compromises may occur during requested re-transmission in these cases:

This message can be encrypted using a different key. In any case, it is possible for interceptors to compare the two ciphertext and work out the encryption.

Sometimes, two different messages encrypted with the same key may also be fatal.

When a request for re-transmission results in transmission of plaintext, instead of a repeat of the ciphertext.

The gravity of this blunder is apparent when one considers how anyone could intercept the plaintext message and compare this with the previously encrypted message, and therefore figure out the encryption method and possibly, selection of key.

Probable Word
When important messages are relayed, often unimaginative choice of words could give away the encryption, as specialists in the field of cryptography have amassed a set of most probable words as the nature of the message exhibits. For instance, in decoding love letters, frequency ordering looks for words such as ‘love, heart, fire, miss, life, light’ which are most frequently used. Hence it is important to rephrase messages before they are encrypted and transmitted.

Special Characters
The use of certain clear symbols (or even nulls) for spacing or punctuation has been proven disastrous for those who committed this sin. The double appearance of certain important words could also give away the encryption.

Event-triggered Messages
Nothing can emphasize the importance of encrypting a message well. The slightest carelessness may well reveal subsequent messages. However, not having code books does not mean a message should be transmitted as plaintext. On the other hand, encrypted messages containing obvious news, such as weather report on certain phenomenon that is most obvious to the enemy, could prove to be a fatal leak.
Sometimes, the use of common phrase to describe a sudden, unforeseen event may give away the encryption. This is exploited by the British in the World War II, when they deliberately sank a lighted buoy in order to trigger certain predicted sequence in German encrypted message, to assist decrypting.

Poor Choice of Passwords
The use of commonly used, easily memorable phrases as passwords is highly inadvisable, especially if these bear strong association with the encryptor.

Physical Copy of Crypt Documents
The presence of a physical copy of transmitted data must be destroyed at all cost, since the most obvious, frequently practised method of interception is by physically seizing the crypt documents.

Captured Cryptographic Device
In military operations, whenever a particular installation falls into the captivity of the enemy, the most important step to do would be to secure or destroy any device or code books that are used to encrypt message. Historically, failure to do this had brought about serious setbacks as enemies eavesdropped easily to subsequent communications. During WW II, in many instances, captured submarines or vessels left their encrypting devices intact, to the enemy's advantage.

Illusion of Security Using 'Complicated' Cryptosystem
Altering existing methods by introducing suitable superficial complications may well be a double-edged sword, as it lulls cryptographer into a false sense of security.

Human Operator Errors
Most of encryption method that has been broken, was solved as a result of a tiny error on the part of the cipher officer. As with Germany’s ENIGMA encryption, Stuart Milner-Barry wrote that if not for human errors, "[it] was intrinsically a perfectly secure machine."