Sending secret messages to your friends is fun, but today it’s so simple that you don’t even notice it anymore: practically any serious messaging system features encryption of some sort. To teach his kids about cryptography, [Michal Zalewski] therefore decided to bring the topic to life by building a handheld encryption system, called the CryptMaster 2001.
The system consists of an identical pair of hand-held devices built on prototype PCBs. A standard 16×2 character OLED display is used as an output device, which generates the ciphertext in real time as the plaintext is entered character by character through a rotary encoder. An ATmega328P manages the input and output routines and performs the encryption.
For ease of use, [Michal] wanted to use a reciprocal cipher, meaning one that uses the same operation for encryption and decryption. Trivial ciphers like ROT13 would be a bit too easy to crack, so he devised a slightly more complex system where each character in the input is encoded using a separate rearranged alphabet – a basic polyalphabetic substitution cipher.
[Michal]’s kids apparently had some good fun with the CryptMaster 2001, until his eldest son managed to reverse-engineer the encryption method, enabling him to decode messages without having access to one of the devices. This made the project a pretty decent lesson about the limits of basic cryptography: simply swapping letters doesn’t present a real challenge to anyone. Luckily, much more secure methods are available, even if you’re only using pen and paper.
Vigenere cipher would be a logical next step.
Vigenère doesn’t fulfill the criterium that the same function is used to encrypt or decrypt
Beaufort cipher would be the logical next step. It’s just as secure as Vigenere. The Beaufort cipher has the advantage that it is a self-inverse cipher, also called a reciprocal cipher ( https://en.wikipedia.org/wiki/Symmetric-key_algorithm#Reciprocal_cipher ) — the same function is used to encrypt or decrypt.
I need a CryptMaster 2001.
“until his eldest son managed to reverse-engineer the encryption method”
As it seems not to have been a scripted part of the educational opportunity, some particularly meaningful learning happened at this point.
Sounds like this was encoding and not enciphering. Decoding is much easier to do. You cannot rely on any computer to ‘randomize’ an encryption set. If a computer created it then a smarter computer can decrypt it. OTPs are about the surest way to encrypt, and it must be truly random using dice or other means.