The primary draw here is the X.html page, A free, minimal, open-source, highly effective Vigenere encryption/decryption, javascript-run program that could be very useful to anyone desiring confidentiality in their communications, print or email.

As simple as it is, this full-keyboard one-time-pad encrypts text that the NSA, CIA, FSB, MSS can't crack.

IT'S A TEXT FILE ! Look at it! STEAL THE SOURCE CODE! and run that off-line! It runs independently, without any internet connections, under any and all java-script enabled browsers. (including TOR)

Привет мои российские и украинские друзья. Из-за популярности этой программы в ваших странах, у нас теперь есть кириллический версию xC.html. Мой перевод возможно быть шероховатой. Свяжитесь со мной, если я что-то важное пропавших без вести.

Welcome to



кириллический версию xC.html

a simple vigenere.html


and the

Transposition tool

This is the supporting instruction, & B.S. page for that dinky, dangerous, pocket-encrypter. Before you geeks start to criticize it's simplistic and crude interface bear in mind the limiting criteria I chose:

  1. One page, no links (thus, no forms), workable under all JavaScript enabled browsers.
  2. It has to be transparent. That means completely accessible & understood source code.
  3. No links. No cookies. No money.
  4. The encryption/decryption system could be handled with pencil & paper.
  5. It can work 100% off-line from a saved copy off a flash drive.

All that said, I welcome any suggestions that might improve the concept (B.I.M. there will be NO renumeration of any kind whether I use your ideas or not, just gratitude). Admittedly it was a quick & dirty little project that I came to think might be important.

The above limitations don't apply to this Home page however. (bypass this page simply by: But here, below, I can blog, give detailed instructions, discuss spy-craft & fun-stuff, offer sympathetic links, communicate with you, and even possibly advertisements at the bottom. This is a big, bloated, web site, to support a very small, tight, powerful, "dangerous" encryption tool.

Under no circumstances should you think THIS page -OR ANY OTHER LIVE PAGE- on the Internet is secure.

Xcryption (X.html) (opens in nearby tab) is SO simple it could confuse. Remember the simple toy "Secret Decoder Ring" that shifted the 26 characters (no space) of the alphabet? Believe it or not, that toy decoder ring is fully capable of cranking out unbreakable secret messages if the One Time Pad rules are used. Well xcryption is the SAME THING!, only it uses all 94 ASCII printable characters available on the keyboard, and with the convenience of a computer. -or you can do it the hard way. Here are details if Xcryption is not already clear as water to you:


First, let's have fun with it. We can deal with the serious spy-craft later. As a cryptologist once said, "There's coding that keeps your little sister from reading your journal, and coding that stumps the spooks." For now let's play.

The system is a simple Vigenere encryption that rather than using only the 26, all-capitalized, no-space, no-punctuation characters like this, Xcryption uses all the ascii characters on the keyboard from #32 (space) to #126 (tilde). At each "pass" you have the choice of adding UP or subtracting DOWN each character of your PLAIN TEXT (secret message) with each character of your PASS-PHRASE (passwords).

If you had to, you could work out the 'cryptions with a pencil & paper.

Open X.html in a neighboring window or tab and get used to switching back & forth.
Each time you want to make a fresh pass or iteration, hit the Refresh/Reload button on your browser. This clears everything for a new entry.

Starting out you have two choices: CODING UP [Cancel] or CODING DOWN [OK]. It makes little difference which one you choose except that you will have to choose the opposite when you want to decrypt the message.

"Message Here". Here goes your PLAIN TEXT, the secret message. Example: This is a secret message.
Hit OK. You may see the text show up in background.

"code phrase". Enter the password(s). Example: purity

The inputs clear away and at the bottom you'll see four pieces of information:

  1. Whether you coded UP or DOWN
  2. The plain text
  3. The pass-phrase
  4. The Encrypted text - cipher-text -the result

Coding UP

this is a secret message.

I don't know about you, but I'm a Copy & Paste fool! It is one of the greatest inventions of Mankind!

Highlight (mouse-over, left-button-hold, drag-down) the gobbledy-goop that is your encrypted message, the last line.
Note: the first characters of both the pass-phrase and the message have to line up. Never start either with white space. Do not add any leading white space with sloppy highlight/copy skills. Enlarge your screen size if it helps.

Copy (Ctrl-C) to clipboard.

Paste (Ctrl-V) wherever you like...
...but for now -after you've snagged a copy- let's hit the REFRESH/RELOAD button and decrypt the cipher-text: e^\]tcduTih_ThX^tgVifK\_

Choose UP or DOWN - as long as it's NOT the one you chose before
In the "put 'er here", Paste the secret message: e^\]tcduTih_ThX^tgVifK\_
Pass Phrase: purity

Now you'll see a reverse result:

Coding DOWN
this is a secret message.

That's all there is to the basic, fun version. Enjoy it. Play with it. Practice encrypting & decrypting. Experiment with all the variations.

Each RELOAD/REFRESH is a whole new play. You can't hurt anything. Next we'll look at the serious side. (or skip to the Fun Stuff)


There are of course, many levels of security. We'll start out "lite", and work our way down to full "Tin-Foil-Hat" paranoia.

Lite: 95 % of the time I expect Xcryption to sit in a neighboring tab or window while the user is composing his/her email while on-line.

Xcryption's little input windows don't make the best text editors. You will find the copy/paste functions from other sources works great for stuffing in large messages. I copy & pasted this page's entire contents in the plain-text "put 'er here" box, and in the "code phrase" box, and decrypted the results. I actually don't know what FireFox's INPUT limitations are. I haven't found them yet.

Compose your plain text message in whatever editor you enjoy. Copy & Paste it into the "put 'er here" input box in Xcryption running in another window. Enter in a pass-phrase to generate your encrypted message (shows up on one long line at the bottom). Highlight & Copy the encrypted message and Paste it where your email message would go.

SEND. Presumably the email receiver has the password/phrase (exchanged previously), knows whether to code:UP or DOWN (both if he forgets!), and reverses the procedure.

Decrypt the following subversive, dangerous, and soon-to-be outlawed message:

Code: DOWN
pass phrase: for liberty

H\_ RbSKe^_USX UKWNrhbLga aRDZrb[U[\nQiDXXtgVbX QSVVbh_Kogol]XLYZlrojhVVHeXkcScra_ObYh[`LbTbYObZ[Vhfdb _SJNgtnOU`sRVYKft\`oTb\VLY[^hNoghRiIUebmfdb dRLI[tnOUl N\HeTX]\cgoZOGsr7o[ojhRXbGraiUWrt_KLTrd`fQUu`OVeTc^fefu_ZDZ\dhZ{rpb\V[\cafYavN\LGUasfd[el]DSXtIIZXcaiH\\c]LcralNHY\\hfdb _OG[VZy[XXml_QJXgyHRfoY_WKr9_Z`btV]Pqr^nfYf aRHOetlPW[txiLZr^mfd[eV\bJhisrogol^KXblyVVY `_FNr<i]UenZOQZ~

-this gives you some idea of where I'm coming from.

Heavier: The "for liberty" example above may look pretty cryptic. For over two hundred years the "simple" Vigenere cypher was thought to be unbreakable. But not so much anymore. There are several "Vigenere Code Breaker" programs on the internet. One came pretty close to cracking one of my Vigenere encryptions, and that was one of "toy" ones! Non-spook, unprofessional hackers have the tools to perform "brute force attacks" on your messages.

It is especially easy for them when your message and the pass-phrase are both in plain english.

Embedded in: H\_ RbSKe^_USX UKWNrhbLga aRDZrb[U[\nQiDXXtgVbX QSVVbh_Kogol`.....

is both: "all experience hath shewn that mankind are more disposed ....."

and worse: "for libertyfor libertyfor libertyfor libertyfor libertyfo ...."

"Well, I'll just run my code 'through the blender' two or more times with different passwords ..."

Yes, that would be a little better. And your recipient would only have to remember two (or more) phrases: "and justice" would work; but here's the catch: When you combine the two (or more) passwords you'll still get one (though nonsensical) pass-phrase: I_X X`W[]Y`

"for liberty" + "and justice" = " I_X X`W[]Y`"

and while your operatives may remember "for liberty / and justice", the hackers don't care and will find the repetitive pattern: I_X X`W[]Y`I_X X`W[]Y`I_X X`W[]Y`... quite usable.

Heavier Still: "So what if we want Unbreakable Cypher?" We gotta go for the

One Time Pad

As noted above, the keys to breaking the Vigenere is ONE: Find the repeated password/pattern, and TWO: Look for the tell-tale signs of "English" that will show up in the message & password/phrases, making them dead give-aways.

Thus the Rules of the One-Time-Pad:

  1. Make your pass/phrase as long or longer than the message (thus no repetition)
  2. Your pass/phrase must be composed of random unrecognizable junk.
  3. and the pass/phrase is never used again (so it stays unrecognizable).
Where do I find a pile of random, unrecognizable junk? Fortunately Xcryption is a great junk maker (too often sometimes). Highlight & Copy to clipboard any text that is as long as your message, encrypt it with a password of your choosing, and use the resulting "garbage" as a pass-phrase.

NOTE: DO NOT USE YOUR MESSAGE AS A PASS-PHRASE FOR ITSELF - for a million reasons we'll get into later. Don't be lazy here, Find an obscure text.

TIP:With all this copy & pasting going on, you'll find a simple side-editor (Notepad, Pluma, etc..) indispensable as a temporary "depository" for all your clipboard dumps.

Abiding by these simple rules (and a few additional precautions mentioned below in the Tin-Foil Hat section) you should be able generate encrypted messages even the NSA cannot crack.

But an encryption system is only as good as it's stupidest operators.

Safe House Protocols

You can be as clever and cautious and devious and convoluted as you like encrypting messages, but the people receiving your messages have to LITERALLY be on the same page you are, to decrypt cipher-text. Pre-arranged "understandings" should be worked out, and practiced, in "safe house" face-to-face meetings.

My "for liberty" example above included the instructions: Code: DOWN pass phrase: for liberty but that is the very information you want hidden from interceptors. You have to work out the details ahead of time. You do not want your agents calling on unsecured, wireless phones asking: What was that password again?,,,"

Below are examples of how you might do it.

the Old Fashioned Way.

Create a pile of "Garbage" pass-phrases and copy them to flash drives, -an electronic version of the classic flash-paper one-time-pads. Of course, like the old paper codes, if your flash drive is found, you're compromised. You should have an file-alteration scheme that each agent carries around in his head.

But then, how good is that? Extortion, warped consciences, Honey-pots, money and torture work! (contrary to what John McCain may say). Then your whole network is rolled up, along with all previous cipher-texts.

It might be better to create a unique pass-phrases with each message, with a unique system for each agent.

How to Communicate Securely
Without a Pre-Arranged Password Exchange


I thought I had a system to do that and published the steps here. BOY WAS I WRONG! The idea was

All hunky-dory UNLESS SOMEONE HAS ACCESS (assume they do) to all three of the transmissions.
They'll take transmission #2 (B to A), and combine transmission #1 (first A to B) and extract B's passphrase,
which they'll use to decode transmission #3 (A's finale to B) before B does.

'Bottom Line: There is NO Security Without
a Pre-Arranged, FACE-to-FACE, Password Exchange!

I hope I didn't screw anyone over with that suggestion. It's not like any of you are TALKING to me!

the kikKi trick

Sending the pass-phrase embedded in the cipher-text is not as secure as the PDF trick, Not by a long shot, but it is handy.

Press Crl-F to go into Find, and scan this page for the word: " kikKi "

You'll find one right in the middle of the encryption below:

!`1%fIlab,eakTS~m]edm[HnrqsK\kcgiStGV)g=|Nw^cq OacYbIXqc7VfWXQ/^`eOe\:G_XWhUEaKcvzC<9oc+fq8b IfndcrN[aH`-iGqmvixlycilJEki]`.l!C\FfqPy/OPA*:YY&UIacr$i&FX^cioVCx^Rndrx-x!Z%n\"Vu!rQbpX`o0bQIHpeg9ZfG$*z^fyy;QytcEdt>Ma,\mIrVKgekYU@IqlAvwi]NkvanTkXN?i##Wth/q`W!Q[SWn3GulmyX#znLlWP%rY)~TNlWZ[Wybv)-\Yh;lL^[jQclQ$G9se\G3xSW`Uxm\}aAecSTjFZ'dCa0hsvb[\f^Vpe0Q{it:f<t TKIqd^xMV[HzpprX]|kikKi_qL%rYlly9uk$kS*%weu$s_yry.\gkz}uS1T\)wV|l+|p$ zqcskcewcil"rkk;xgeX{oMewrW'f`ad"$-7/,bcif.Eh
Y n },dyrdz!ie#)vz)wys#lc_*vQ`ll*Srb!qf+/Zg[*Uwf:fcmof$(&Zin }otNxii)d.)=&tZc w"tu)#^}pcw.;b]`f$xgSv}W$C+kf4#U^,%p_ctw]n
\+Y gegu|Y`Wcq}W//tPV"(|nd%XYV$#Ru!s#q,n.aeknnQZ)l}$e#2%Xwg]+fY4/TY$qZnu&mj)cmYsR'Lukt^c|j$bW!yma?%Suqpx|v+wTe"dojWtA 7a[
.vquluqppmFd/i|XzV& r\dqwt%XplH&!p*r{*mxzMWica%_Ql%eu$sY

All the text behind "kikKi" is pass-phrase, all the text in front of it is message. Code: DOWN

You will of course, have your own variations. A good idea would be to shift "kikKi" a few pre-designated places to the right or left (to be corrected by an informed receiver), because, in case you haven't noticed, if your message doesn't line up perfectly with it's pass-phrase, it's all garbage.

The "kikKi" trick has the advantage that your agents only have to remember one nonsensical, non-English word. BTW: don't use " kikKi ". Get your own word! Actually, get a list of words and use each ONLY ONCE. Gosh, this tin-foil hat is getting tight!

Another variation on the "kikKi" trick: Look at the last characters of the encryption. Nine characters from the end you'll see: " _Ql% ". Reverse the case of the letters and you'll get " _qL% " that happens to be the vital first four letters of the pass/phrase. Scan for " _qL% " and you'll find it. We disguised the cases because REPETITION is what the breakers are looking for. All your agents would need to know is where to look: 9-In, 4-back, change case. Your variations of coarse, will be different.

Best Yet Another variation: Basically this is a "folded" encryption scheme. Smarter breakers will check for that. Here's a brain-flipper for you: Let the "included" pass-phrase be only a preliminary phrase, that needs an additional pass-word run-through Xcryption, before it is the genuine pass-phrase.
There. Now you've sent the pass-phrase with the message, the re-run pass-phrase will be the right length, and random enough to qualify as a one-time-pad. -Maybe.

The problem with the " kikKi " trick is you're still sending the "keys" along with the "lock". Code Breakers have strange brains. They will work 1000 times harder to crack your scheme, than you did to implement it. As clever as we code-makers may think we are, the code-breakers are the real geniuses, and will enjoy prying their way through the smallest cracks we never thought were there.

Even if you enhance the encryption scheme with the Transposition Tools offered below, a Tin-Foil Hat paranoid should feel uneasy. The PDF trick requires a lot more training, and more mistakes could stifle communication, but I believe it is 100 % NSA proof.

the PDF trick

Our objective is for the encrypter and decrypter to generate the same, random appearing, long enough, pass/phrase independently of each other.
No passwords sent with message! or other channels. "They" may know a lot, but they haven't found the technology to read minds yet.
But we need an agreed, external, common accessible source that both sender & receiver can make one unbreakable pass-phrase from. We will never need to decrypt it. If anything, we need to make it "junkier". The further the pass-phrase is from "English", the more hardened will be the cipher-text.

Suppose I sent you the following encryption along with this single instruction: J85

?ba6wPR|}hkiV:lkxdspfpu9&"\imm*Q| tYenhv.hlRm@xiy+'YSe#r/tA~Nna8{Dn$hfiJ9R>lsXn8$E% ]}ugw`kVd{ao{nw]xy!*fnp Vo,YJ|rztp:!blyWumbpe/c~lr gao',rdYsio{i,f'wx}Sru"]Zbq?|=.w_.F$gfz2ir}$LuqT vvwv} oaW]0Eya '*9l)V%q_m_Vs~[,m`)o,q/iio,kR}Lc-W:!G#i_d:h[Y,!}Jm^t{wb.rii nVe%h\|g #rqh}g$ 8um(^c(i`e'$hfywmszO_(S{opo*0h]6s]]od}9hwdd7x _ofzps_P2-Cuqy*~"!V$|&rWpqf;|]og1s~^b`gybhr [tt!i`x,=">zcjo0eUhl-$ixNiygqzTn%jK#,nku(9t"UsyM,'`ax,)'W+rwF}zpYVdc.d;$(x'hd}j vXlvj_7{K#E|*fh\fg&Vn}brqcylu2&KY^bQN$na\{s|yhup{qZ[itd#}0gj%z|#~qs~h_t|dk1dq`}|]rp;+5Xkm_s{Snuy0t\ovuz[sanOhiz4wxb}lbppbXqvs:kexh$#pp|y[xg[#h|bgeL~kkQ;*ETSu@O\>8|;*hms`)tIPu"R(p`~mgw$Vlrmve\vRlzz~q.:mehtyVnqkT)S_~z%/t Y/zjW[-|i{n$iH|`tX)nmVg^W~S~u0"di*dm]hG#-_s! sd(GwCagcwr\giwXn{1u nY"sYZg`}V7&_iv""Y\-q`]L'9

I promise you it is unbreakable unless you were given this pre-arranged information to work with J85:

Good Luck. This works because you have an unlimited supply of easily accessed, untraceable One-Time-Pad material. As powerful as NSA's supercomputers are, I promise you, they aren't powerful enough to check every document on the internet against every possible pass-phrase.
... but VARIATE from the above scheme. They've read this one!

Additional precautions:

Tin-Foil Hat Paranoia

Writing a totally unbreakable, encrypted message is pretty useless if the people you're trying to hide it from are looking over your shoulder while you're writing it! "THEY" have a variety of ways they can & are watching you.
(Besides the secret Mind-Control Radio-Waves emanating from satellites, tv's, telephones, and those Google ads cluttering the bottom.
Our tin-foil hats handle that problem).

Like all good tools, Xcryption comes with it's basic instructions glued to itself in plain sight. Everything about it, it's directions, inputs, operations, and output, all fit on one page, one screen. I expect it will be distributed and used in the PUBLIC DOMAIN by itself, and not everybody will have the pleasure of finding their way to this, it's home page. I am hoping they will eventually, but realistically, like everything on the internet, in the free-world, it's out of my control.

Many people are scared off by the:

"First: CANCEL the Inputs. then: Right-Click on this page and View the Page Source."

That may not be too bad an idea, even if you're getting it from this website. It is possible this whole website may have been hijacked. If "" has not become a household name by the time you're reading this, the brand could have been replaced by anything. The only safeguard you've got for any on-line application is complete access to ALL of the source code. As I instructed further:

If you find ANY WEB ADDRESSES, solicitations for ANYTHING,
or strings of indecipherable data,

Fortunately, it's very short. Basically, you are doing a manual, visual scan checking for viruses and trojans. "What am I looking for if I'm not a JavaScript programmer?"

One easy trick is to scan for periods. Most external links need them.

Even this web site's address:, Xcryption's home base, should not be there!

Nothing should look more mysterious than this:

P$=(String.fromCharCode(K$[i]) + " --- "+String.fromCharCode(L$[i]) + " --- "+String.fromCharCode(M$[i]) + " --- "   )
document.write(P$+" "+i+" "+K$[i]+" "+L$[i]+" "+M$[i]+"<br>");   P$="";	}
Get a trusted nerd to look it over. Then save a copy to a local drive to run when you're off-line.

When I wrote Xcryption (within my fore-mentioned limitations) I went a-googling in search of similar encryption services, asking primarily: "Can they work OFF-Line?" The answer was an alarming, overwhelming, "NO". How are they going to make any money that way? (Only THIS home page for Xcryption appreciates anonymous donations and on-click ad revenue)

Insert Here: comments & links to a few popular encryption programs

This one seemed to have a built-in, on-the-spot encryption program. To test it further I downloaded the whole HTML page, though it was full of mysterious references, sub-routines, and functions. I went off-line to test-run it, expecting it to crash with a "Page Not Found Error" (the tell-tale of a tracker on your trail). I was surprised it didn't crash. No, it CONNECTED AND WENT ON-LINE BY ITSELF! -and my internet service requires a password to connect!

Folks; When I say "disconnect" or "Off-Line" I mean: "pull that sucker out of the wall!". Only when I pulled my modem out of the machine, and wiped out all my cookies, did that encryption program fail to run.

Gawd knows what it left on my computer that I don't know about.
Allow me a little nerdy tirade:In the early days of JavaScript, (the primary language of Web pages, after basic HTML) JavaScript was deliberately hindered with one weakness not imposed on other computer languages: It could not read or write files to your drives other than the constrained world of COOKIES. Those innocent, happy days are over. Now, Anything Goes.

As adamant as these services are about the strength of their encryptions they still require you to send them your messages on-line before they work their "magic" on them and sent them back to you encrypted. Many have you install a local application in which you plug in your "personal" pass-word so that "...even we can't decrypt your message.." -yeah, sure! Anyone who understands the weakness of the Vigenere, knows that's a crock-of-* After they've encrypted your message with their special algorithm, so that: "...even YOU can't decrypt your message...". -No thanks.

These services won't tell you they have Masterkeys

What makes Xcription unique is it is designed to work off-line, preferably miles away from any internet connection. And after you've examined it's innards for external links, you'll know it is not sending your messages straight to The Dalles , Quincy, Clarksburg or Bluffdale.

Nor are your messages being stored in some "secure" depository, promising "never to cave in" to any governmental subpoenas. 1. and 2.

Tin-Foil Hat II

Now that we have eliminated the possibility that the encryption program or service itself is not a direct info-hemorrhage, we need to concern ourselves whether our communications lines are being tapped:

"Though this is a HTML document, DO ALL OF YOUR EDITING OFF-LINE.
Unplug your internet connections to be sure."

Insert Here: News links & examples;


In other words, THEY'RE WATCHING YOU. The Tin-Foil Hat mentality is not all that far fetched.

Many people carry their credit cards around in metallic sleeves to protect from RFID theft.

When did they start parking that van over there?

I suspect my own, personal, G-Man moved in next door: The Hunter Thompson sunglasses, military-styled field-cap and cargo-pants, 24/7 at-home schedule, and the strange, extra domes on top of his trailer, are dead-give-aways. His cover-story as an anarchist, health-nut & musician, is a good one, but blown. Hello B.R. 'see ya around!

If you have reason to be very security conscious, and the very walls of your home cannot protect you from electronic surveillance, you are going to need "Safe House" locations.

I would recommend RANDOMLY selected McDonald's. The decor is so sparse that they can't bug every table, the background noise cloaks conversation, their WiFi has to be logged onto (turn your's OFF anyway, and if you need it, get your power from extension cords far from their power outlets.), and you should be safe.

Take your laptops and thumb-drives there to do your Ultra-secret conversations, compositions & encryptions (-Once encrypted, delete the original plain-text and pass-phrases from Notepad-depository), and come in from the cold with nothing but encrypted material.

I would recommend emailing the cipher-text from a different location than where you composed & encrypted it, -but that's just me.

Fun Stuff

The previous sections showed how to use the simple, little, Xcryption to make totally unbreakable, unbreachable, serious, and dangerous, encrypted messages.

But unbreakable messages are not any fun.
Code-Breaking is fun. And if a message is unbreakable (as one-time-pad encryptions are), you're wasting your time.

For those smart-assed, eye-rolling skeptics out there, who don't believe me, let's get this out of the way:

$1000.00 REWARD

I am offering a One-Thousand Dollar Cash Prize to the first person who cracks the message below.

(I would feel confident offering a Million$, but I don't have a million$, so what incentive would that be?). Perhaps some mid-level analyst in the CIA, FBI, or IBM employee, will take up the challenge and plug the code into the company machine to see what it can do. Good Luck!
If it should be cracked (HA!), I'll pay up, shut down Xcryption.html, and turn the remaining months of this web site's life into a tribute to the Master Code Breaker,
-or whatever avatar he/she wishes to offer as a front

I will tell you only this about the cipher: it was created using only the tools available on this web site.
It's publicly-accessible pass-phrase source & instructions will be revealed at a future date.

$C@dXW?]!z&t%bRrloSZ_5IaQHumLAdDcLI7_Q^K3rTKTQSVETCTPMOlB=}WTMYgUEERYKBePZHS !Vh^8[Y\_TPPNR/LH^:eb?Y_AETL2F^}EUI?6aPIcNu}.GS`RDDdKRRGFRQSeEZ^Xue}PRUKiLmXDbLZbXG,8T]M]G1gYLbYG<WI@erI;YoZl$mX.&(p_QC[Gk^\nbOYjL]$f8TUkES_DO?&mW@we]YZFMDZRDae+>JVLb>]\APtZBN[<Kd!QVsop+$3![bzlm,{@Q<YbEMBJ"h<iJ=e]H.\R6KR@^X@IUeRQlM.DP0!u)RN&dSKWio,eHIEXDiGQ\80_SRMHU?RADbiN9=PgpqnN:SB\q]]PAAHjTCP)bbe<BV[XEJLYJKX]Dpg5OSmY@KHfguuw\$tpv\WU]bTHVWM=P[Dk_EJ/tD@IESdFWth5Ygh8\Xp'xum>Fuj_YAOcEV_Lh/ 8F`h?cg\cLJKWhJcOaGM4]H)hH?>g<_kMCI^BhINH%BT^vb["

Now that that's out of the way, we can have fun with "breakable", pencil & paper ciphers. Bring your kids on board for family challenges .

Note: Most secret-code/encryption schemes demonstrated stem from the good-old days when the work was done by candle light with quill & parchment, and what you wrote could cost you your head. Thus: ALLCAPSANDNOSPACESORFORMATTING is what your messages will look like for all the FUN demonstrations. You'll be able to import & export examples from/to other cryptology websites, and of course, slip back into pencil&paper mode, which is always fun. And everybody can scribble on their own papers without having to crowd over the computer.

Also, full Tin-Foil Hat Paranoid, One-Time-Pad, unbreakable-even-with-a-supercomputer encryption may be way more than you need.
Often, a simple password cipher will do the trick. If, as in a time sensitive situation (a raging battle for example), you don't need an indefinitely, forever-unbreakable code, -Just one that will remain unbreakable long enough for the out-dated message to be irrelevant.



Cracking my cipher may net you a $1000.00, but it won't get you the glory or notoriety of cracking the fourth part of Kryptos
The claims of earliest solving of the first 3 sections, (dubiously claimed by the NSA) took Two Years! Even though the "KRYPTOS"-altered alphabet portion is parked right beside the cipher-text all along!

NOW You Too Can Have Your Own Kryptos-Maker.

A good example of how to run the program will be to plug in Kryptos's own solutions to it's first encryption:

For "Vigenare?" enter: Palimpsest

For "Alpha-Embed?" enter: Kryptos

you can ignore the first "Secret Message?" But for "Secret Message to decrypt?:" enter:


And Look at the BONUS!: For the price of entering in your choice of passwords (Alpha-Embed & Vigenere), you'll get a nifty little table you can print to your own edible, dissolvable ink, Flashpaper, pocket-sized, pencil&paper, encode/decode table!

(This is almost as cool as the full 26-rotation Secret Decoder Ring I got from
You have to ask specially for the "26" as-is, secret BETA version)

I'll write a super-Kryptos, full-keyboard version, if there comes a demand for it.

the Caesar Cipher

Kryptos-Maker is loaded with tools for the beginning cryptologist. Let's begin by breaking it down to it's individual components: Run the program again, but for "Vigenere?" enter only "a" . Enter nothing in the other choices.

The output will look like this:

  A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Which translates, table-wise, to: For every letter on line "1" replace it with the letter at the top (or vice-versa) "There is no change", yes. You could call this "ROT-0" or "rotation zero" or "rotation A". -a start to the classic Caesar Cypher , the first one we learned in Cub Scouts, Example: GH LNL XNT BZMS QDZC SGHR , a mere shift of one (ROT-1), that you should be able to break in your head. Julius Caesar was known to go 3 places over (Rot-C), which may have been adequate in his time, when very few of his enemies were literate. ROT-N / ROT-13 is a popular cypher on the internet and has the advantage that all the letters line up in both directions A=N and N=A (RetroWorks default de-coder ring is locked to ROT13).
    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
1   N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
The simple Caesar shift is limited to only 25 permutations (excluding the non-shifting, "zero" or "A"). Though the code-maker has 25 choices, all the code-breaker has to know is 1 letter to crack the whole code. (BTW:The entire, handy, 26 X 26 table shows up if you enter all blanks in Kryptos-Maker)

Fun with your kids: have them write you a secret message using pencil&paper, a Kryptos-Maker single-letter table, WITH SPACES, and bet them you can crack it. Look for an isolated letter and you'll know it has to be the only single-letter word in English, "a", and there is your rotation key. If there is not a isolated letter, you'll have to go for the two & three letter words and actually do a little code breaking to find the ubiquitous English, but you'll look like a genius until you show them how you figured it out. (And now you know why SPACES are left out of cipher-texts. -They tell you where the words are! This should not be a problem with Xcryption, if you abide by the One-Time-Pad rules, and minimize white-space to ONE character length.)

a Scrambled Alphabet Cypher

Another simple enciphering system that Kryptos-Maker can help with is Alphabet-Altered ciphers.
Re-run the program again. Enter blanks for everything except for "Alpha-Embed?": type in any words or phrases of your choice.

EXAMPLES: The quick brown fox jumps over the lazy dog , or even the word "KRYPTOS".

The program (top line result) strips the spaces, punctuation, duplicate letters (each used once), converts to all-caps, and leaves you with a re-arranged alphabet. Put the regular alphabet under the new alphabet and you have simple alpha-shifted coding tables:

 T H E Q U I C K B R O W N F X J M P S V L A Z Y D G  
 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
 K R Y P T O S A B C D E F G H I J L M N Q U V W X Z 
 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
Substitute any bottom letter with the letter above it for a quick & dirty, little cipher-text. Breaking your children's coding with this system will be tougher than the the Caesar Cypher was. If you should find an isolated "a", all you'll know is where the "a's" are. You can then move on to the "the" 's and hope for more. You might get lucky with "W, X, Y, & Z", being the last letters, if not used in the Alpha-Embed word, will not change.

What makes these two (Caesar & Alpha) substitution cyphers weak, is that once you know what a letter is substituted with, it never changes. All "A's" = "T's", "B's" will always be "H's", etc... Vigenere (and a few others) changed all that.

Pencil & Paper Version

A perfect way to understand an incryption system is to pick up a pencil and paper and duplicate it's workings manually. The Enigma Machine has been reproduced as a paper model. It's a cumbersome way to decrypt/encrypt large messages, but it functions exactly like the real thing.

A simple Vigenere de-coder like below can be hand written or typed out (use courier font for block line up):


The top (2) sets are the anchor row; stationary, and the bottom (1) set-row is the "slider".
Slide the bottom set under the two joined top sets. Align the top, central "A" with each pass-phrase letter below, read up or down. There is no space or punctuation. Compare it to the vigenere.html electronic output.

An easier option might be to go to the Kryptos Maker and print out micro copies of your own custom table. But, that is plain, all-caps, no puncuation. I could write a super-Kryptos, full-keyboard version, if there comes a demand for it.


Now for the full-blown Xcryption paper-version, using the whole keyboard character set.

Xcryption uses the standard ASCII character set from the space bar (#32) to the tilde: "~", (#126) in that order. In a pinch you could make a suitable "decoder" by tearing the ASCII Tables from the Appendixes of old, outdated computer text books, and lining up a pair of those. Or just print out a couple from character set tables found online. Best yet, print out the one provided below. You'll find it's easier to double-up the "stationary" set and work from the central, ZERO-Point, the "space". Mark it for easy locating.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

The example above has the slider (password letter) set to capital "X", under the SPACE, between "~" and "!"
If your password was "X" you would use this setting to decrypt your whole message. Try it.
A full password and you have to shift for each new letter. That is what makes the Vigenere better than the simple Ceasar.

Print out the image below. Cut out each line and tape sets I & II overlapping the pink "space". Do not neglect the space character between the "!" & "~". The third set is the slider. To use, Align the individual pass-phrase letters (slider) with the central (pink) SPACE character above. Test your results against Xcryption.

Pencil & Paper Xcryption, like the paper Enigma, will take a lot more time, but you can decode xcryption-produced messages far from any devices or electronic surveillance.

Vigenere Views

further discussion to follow...




The first transposition tool merely reverses the order of characters in units of a given length.

example: 123456789012345678901234567890
transposed in groups of 5
becomes: 543210987654321098765432109876

example: this is a long message
transposed as a group of 22 ( it's length )
becomes: egassem gnol a si siht not very cryptic!

As you will see, shorter groups of 3 to 5 may be the optimal "confuser" for hiding "English". You want to break up the vowel groups.

Restoration? Re-run the encrypted code with the same number. It'll come back in original order.







a Delima

When I first started this website I wrestled with the question of whether it's use would be for good or evil. I'm an American patriot, a Tea Partisan. The founders of my country formed "Committees of Correspondence" to, among other thing, to facilitate and coordinate communications between our diverse, and ununified states. Free communication between free citizens is always a good thing. Throughout the world there are too many places where this principle is stifled.

In my own country, the United States there is ample evidence of the government surveiling ordinary citizens. While this is understandable in this age of terrorism, when the Obama administration was asked who they considered the greatest threat, they answered "Conservative, Right-Wing hate groups"! When pressed, they admitted they considered the TEA PARTY to be a "right-wing hate group" and it's members needed watching. The scandal of the IRS targeting Tea Party organizations exclusively demonstrated who they think the real enemy is. US!

Someday we patriots may need again "Committees of Correspondence", and Xcryption may prove useful to the people's free communication. The Obama/Clinton regime has expressed a will to deprive us of our Second Ammendment Rights. I have no doubt the First Ammendment is not far behind. Xcryption may become a tool as necessary to secure our freedoms as our firearms.

"But what about ISIS?", I wondered, would I be helping them? The problem with monitoring ISIS activity goes far beyond encryption. Upon studying their methods their first defence is ARABIC, and our intelligence services have far too few Arabic speakers to do the job. For the most part the terrorists don't need encryption because they use a simple CODING system; word substitution, little different than our Navajo Talkers. The shear volume is overwhelming, and importing even more Arabic-speaking immigrants is going to make monitoring international communications even more of a nightmare -THANK YOU HILLARY!

Bearing all that in mind I chose not to produce an Arabic (or even a universal) version of Xcryption, at least until foreign threats to my country subside. I don't want to help the bad guys.

Also, I'm holding off instructions of simple Steganography until the time comes when even I may have to start using it (If Hillary gets elected).

Noticing however, that most of my traffic is in Russia & Ukraine, I decided to produce a cyrilic version for them, as any government that is trying to supress it's citizen's communication is a government that Xcryption was written to oppose. The super-simple, open-source, stand-alone nature of Xcryption protects it from the most adept hackers, Government sponsored or not. IT'S A TEXT FILE ! Look at it! Nothing can hide in it's code. It runs independently, without any internet connections, under any and all java-script enabled browsers.







They will fire every word in the English dictionary over your cypher to uncover readable patterns.

... Uh, no.. I lost BREAKER. But try this:

Plug in a paragraph into my simple vingenere.htm and a 4 or 5 character password.

Then take the result to THIS GUY'S WEBSITE and plug it in. He broke mine on the first try! (but only when I gave him the key-size and CODED UP. Coding DOWN stumps him.) A long message, with a short, English, password, is peanuts to these guys, -and that is just a dude's website! Imagine what the serious guys can do. to be continued...







Copyright 2015 Jimmy Hooker - Atlanta