Feeds

Codebreakers find evidence for hidden puzzle in GCHQ challenge

'Tell me I'm on the right track, GCHQ, so I can get some sleep'

Choosing a cloud hosting partner with confidence

Codebreakers are split over whether there might be a hidden challenge in the GCHQ-set code-breaking puzzle set last week.

The signals intelligence agency set a puzzle at canyoucrackit.co.uk in its attempt to drum up potential interest in a career at the spy centre from outside its traditional graduate programme. The three-part puzzle was broken independently by several people, but Dr Gareth Owen, a computer scientist and senior lecturer at the University of Greenwich in England, was the first to post a detailed explanation of the crack.

The challenge involved making uncovering a code-word starting with a 16x10 grid of paired hexadecimal numbers. The first stage involves recognising that the numbers are executable code (a decryption algorithm) as well as unpicking some steganography involving the image of the numbers. The second stage involves building a virtual computer to execute code that, when correctly done, outputs the link to the third stage.

The third stage involves finding the licence key to run a linked program. Finding the licence key involves decoding the program and seeing how it works. Three hidden numbers from the first two stages of the process are needed to get the final answer that reveals the keyword.

Other amateur codebreakers who also tried their hand at the codebreaking challenge included John Graham-Cumming, the man behind the project to build Charles Babbage's Analytical Engine. Graham-Cumming also launched the successful petition for an apology from the British government for its persecution of Alan Turing.

Intriguingly, Graham-Cumming reckoned there might be a hidden part four to the GCHQ Code Challenge because of the amount of non-random data in part two. In addition, GCHQ modified its canyoucrackit.co.uk website to say "The challenge continues"... further suggesting there might be some hidden puzzle.

We put these observation to Owen who got in touch with his contacts at GCHQ, who told him that that data that Graham-Cumming has put under the microscope is just a "random filler" adding that they had wanted to set up a puzzle at this point of the challenge but they "ran out of time to do anything interesting".

That explanation satisfied Owen, at least to the point where he decided not to commit to another all night in code cracking, but not Graham-Cumming, who continues to have his doubts. "I don't believe that's the whole story," Graham-Cumming writes. "There's a distinct pattern worth investigating."

Graham-Cumming explains his theory about a hidden challenge in some detail in a blog post here. He concludes, good-naturedly, "If anyone from GCHQ is reading... can you email me a simple 'carry on' or 'stop wasting your time'. Need to sleep..."

Doubts about the "random junk" explanation in the canyoucrackit.co.uk puzzle arise not just because the spy agency is naturally a master at misdirection but because a previous puzzle from GCHQ a few years back had a hidden solution as well as a main solution.

"The data is far from random at at least one level as I've recovered the key and crypto mechanism as demonstrated," Graham-Cumming added on Tuesday morning. "It has been confirmed that I am correct on that." ®

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
DOUBLE BONK: Testy fanbois catch Apple Pay picking pockets
Users wail as tapcash transactions are duplicated
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.