cipherwheel.py
is a software implementation of the Field Notes cipher wheel that ships with "Clandestine" (Fall 2018). The notebooks are of excellent quality and subscribers get access to a physical cipher wheel. The literature accompanying the release included puzzles (see messages.txt
) that require the wheel - or this code - to solve.
The cipher wheel is a two-rotor wheel with a 36-character alphabet (A-Z and 0-9) that places half of the alphabet on one rotor and half of the alphabet on the other rotor, alternating letters. While it is more complex than a straight one-direction shift (like ROT13) it is still a static alphabet that can be attacked with frequency analysis. One other consequence of this design is that pairs of adjacent keys can create identical outputs - so instead of 36 x 36 possible unique keys, there are 36 x 18. The two rotors in the default configuration generate a null offset with keys XW
or XV
-- that is, with either of those keys, "A" becomes "A", "B" becomes "B", and so on.
I implement the Field Notes cipher wheel specifically, making use of R. Ballestrini's code for monoalphabetic shift ciphers but replacing the random alphabet with the Field Notes double-shifted version. The rotors are hard-coded but can be altered to support your own efforts. Altering the rotors will invalidate some of the unit tests - for example, you'll need to understand where your new rotor settings generate null ciphers. testharness.py
was intended to iterate over all keys and identify conditions where the wheel was not working correctly; this can be turned into a feature if you have adjusted your rotors but do not know where your new null ciphers live on the dial.
This is a monoalphabetic substitution cipher, which is a toy cipher. It encodes, rather than encrypts, your secrets. It is not adequate for protecting secrets with real-world consequences. This is adequate for protecting television spoilers, riddles, and any other puzzle that can be solved by a high school student with fewer than ~4 hours of effort. If your threat model includes anyone who has read even a single book on codes and ciphers, they will have been exposed to the phrase "substitution cipher" and, using search engines, they will be able to trivially discover interactive solvers like this one.
If you're interested in actually encrypting your secrets, consider learning to use AES-256.