I forget who told me this story, but at some point the British tried a crazy known-plaintext attack by planting handwritten notes in dead German soldiers’ pockets that contained an “important message” to be sent, and then in the following days they would attempt to decrypt enigma communications against the known plaintext.
ETA: Note that I appear to have been mistaken about the connection to ENIAC.
Note that it is equally dangerous to send paraphrased messages using the same key (which is called sending messages "in depth"). This was used to crack the Lorenz ("Tunny") cipher. Interestingly Bletchley Park hadn't gotten their hands on a Lorenz machine, they cracked it based on speculation. And it lead to the development of the first tube computer, Collosus (which influenced the ENIAC).
Nowadays we use nonces to avoid sending messages in depth, but nonce reuse can be similarly disastrous for systems like AES-GCM. For example there have been Bitcoin hardware wallets that reused nonces, allowing the private key to be extracted & the Bitcoin stolen. (To be clear, cryptocurrencies and AES-GCM are completely different systems that have this one property in common.)
As an aside does anyone know why it's called "in depth?" I'm guessing that it's related to Bletchley Park's penchant for naming things after fish? But possibly also their techniques that involved arranging messages together and sliding a stencil over them to visually spot patterns (so they're sort of overlayed)? I tried some casual searching but it's a very generic phrase and so difficult to search. It's defined in the The 1944 Bletchley Park Cryptographic Dictionary but it doesn't give an etymology.
As I point out now and then, Colossus was not a computer. It was a key-tester, like a Bitcoin miner. Here's the block diagram of Colossus.[1]
Before there were general-purpose stored program digital computers, there were many special-purpose computing devices. They checked some, but not all, of those boxes.
- IBM had electronic arithmetic in test before WWII, but that went on hold during the war. Mechanical arithmetic worked fine, although slowly, and by 1939, Columbia University and IBM had something that looked vaguely like a programmable computer, built from IBM tabulator parts.
- The G.P.O. (the UK's post office and telephony provider) had been fooling around with electronic switching since 1934. That's where Tommy Flowers, who designed the electronics of Colossus, came from.[2]
He had a tough life. After the war, he wanted to get into computers, but couldn't get funding because
he couldn't talk about what he'd done for security reasons.
- Memory was the big problem. Colossus just had some registers, built from tubes. And plugboards, the ROM technology of the 1930s and 1940s. Useful memory devices were all post-war. Needed storage to get to stored program computers.
I visited Bletchley Park museum this summer when in London. Can recommend and it's also really easy to get there; just a 50 minute train ride from London Euston station, and 5 minute walk to the museum. Entire family enjoyed the museum (have two teenage kids). There is also the "National Museum of Computing" located next to it which contains the Bombe, Collosus and related equipment. As I understand it most (or all?) of the original hardware was destroyed after the war to avoid leaking any information about the British code breaking skills. Thus, the machines on display are replicas, but should be fully working.
The computer museum also exhibits post-war computers all the way to modern machines. I'd say that museum is more for the geeks while the Bletchley Park museum is definitely worth a visit even if you're not into computers.
robotresearcher · 1h ago
A personal Bletchley Park anecdote: my grandfather, an electrical engineer, staffed a radio listening station during the war, and every evening a motorcycle dispatch rider would take the day’s intercepts away to a secret location. It was more than 20 years before my grandfather figured out they went to Bletchley.
In the 1980s the Bletchley museum project put out a call for wartime electrical components so they could build their Colossus replica. My grandfather in the 1950s had made a chain of Christmas tree lights from govt issue tiny light lightbulbs he pinched from work. He painstakingly removed the nail polish he had painted them with 30 years earlier, and sent them to Bletchley. They used his family Christmas lightbulbs in the replica that is still there today.
I had the privilege of touring the museum with him in the 1990s. Also on that day I heard my grandmother’s stories of her time in the British Army during the war. That day was incredibly interesting and moving, and is an important memory for me.
hangsi · 24m ago
I recall from my own visit that the electrical transformers are supposedly original. So, the National Museum of Computing justifies calling its Colossus a rebuild rather than a replica, since it is made with some original parts.
trenchpilgrim · 5h ago
If you model the distribution of messages as a tree from sender to recipients, the key's reuse across messages could be measured as "depth" in a structural sense.
Stevvo · 5h ago
An interesting quirk in Ethereum is that a contract address is determined by deployer address + nonce. So, you can send ETH to a contract that does not exist, then later deploy a contract there and recover it.
tripplyons · 4h ago
It is also the same address on many forks of Ethereum, which has led to some strange circumstances when Optimism sent tens of millions of dollars to a smart contract address on the wrong blockchain, and a hacker was able to create a smart contract they controlled using the same address on the blockchain it was accidentally sent to and steal the funds.
onionisafruit · 6h ago
My assumption about “in depth” is that it comes from the idea of giving the adversary a greater depth of material to work with. I don’t have anything to back this up.
philwelch · 5h ago
This is the first I’ve heard of Colossus influencing the ENIAC. I was under the impression that Colossus was so secret that ENIAC was designed independently and (falsely) touted as the first tube computer prior to Colossus’ existence being declassified. I’m not sure if I’m misremembering that though.
maxbond · 4h ago
I think you're right, my mistake. I didn't find anything definitive but given they were developed around the same time by (on cursory inspection) different people and that Colossus was as secret as you say (it wasn't declassified until the 70s), it does seem unlikely. I thought that had been mentioned in a Computerphile/Numberphile video on the topic but I must be mistaken.
xtiansimon · 7h ago
Interesting. I liked the explanations in the accepted answer. This rule especially,“Never repeat in the clear the identical text of a message once sent in cryptographic form, or repeat in cryptographic form the text of a message once sent in the clear.”
As a child I learned about codes from a library book. Fascinated with one-time pads, I convinced a friend to try a correspondence. We exchanged a few messages, and then got bored, because the juice wasn’t worth the squeeze.
Which makes me wonder about people who work in secrets. Encrypted communications seem opposite of scientific communications. Secrets peeps seem prolly aligned to politics.
myself248 · 1h ago
Do you remember the book? I remember loving Alvin's Secret Code, which was on the bookshelf in my fourth-grade classroom where I sat in the back to be near the bookshelf...
ludicrousdispla · 7h ago
>> the juice wasn’t worth the squeeze
I recall that Ovaltine goes better with decoded messages.
cbdevidal · 7h ago
A crummy commercial!?
wpm · 4h ago
Son of a bitch!
arccy · 6h ago
i recall squeezing lemons to write invisible messages...
> Never repeat in the clear the identical text of a message once sent in cryptographic form, or repeat in cryptographic form the text of a message once sent in the clear
And (more or less) that’s how the Enigma was cracked. Turns out starting weather report with ‘weather’ every single time is not a good idea.
Zeebrommer · 7h ago
Or ending it with the same salute involving the name of the leader, for that matter.
manwe150 · 3h ago
Seems like an interesting conundrum. If you encrypt all transmissions, you end up having a lot of boring repetition, like weather and sign offs to just fill space. But if you don't encrypt the boring stuff, then the transmission itself is a nice signal of something interesting about to happen. But if you try to just pad with completely random noise, the other end might worry they've decoded something wrong and ask for a new cipher pad increasing the chance of interception. So maybe they should have tried to find something almost random but with known structure instead of sending the weather? Seems similar to how we now know that choosing a random password from the dictionary adds encoding redundancy without reducing security. Or similar to the goal of getting ordinary people to use Tor for ordinary things?
vl · 2h ago
In modern crypto it’s solved by using random nonce to star with and by using (encrypted) hash of data at the end. Random nonce gives you different cypher text for same inputs, hash tells you if you actually decrypted what was intended.
nradov · 2h ago
Standard US cryptographic protocol during the same time period was to begin and end every message with a few random words specifically to thwart such attacks.
zenmac · 7h ago
Isn't that why we have PFS now?
gruez · 7h ago
No, PFS is to ensure communications aren't compromised even if the server's private keys are compromised afterwards. It has nothing to do with mitigating known plaintext attacks. That's already mitigated with techniques like randomized IVs.
numpad0 · 6h ago
So-called perfect forward secrecy uses temporary keys so that eavesdropped logs can't be decrypted after those keys are discarded. To prevent known-plaintext attacks and/or statistical analysis, data entropy must be equalized so that patterns won't be apparent even before encryption.
cwmma · 8h ago
For people interested in these kinds of things, there is a very interesting military manual on the internet archives which goes though all the various pre computer pen and paper ciphers and how to crack them.
Good find; a great companion to the GCHQ Puzzle Book indeed!
RachelF · 2h ago
The repeating of the message is how the Allies initially broke the Geheimskreiber a much more secure encryption machine to Enigma that used XOR and rotors:
The term to google for more information about this would be Known plaintext attack.
geor9e · 6h ago
Oh that makes sense. I assumed wrong that it was going to be about prisoners sending secret messages in their letters home, and the guards wanting to scramble those out.
onionisafruit · 6h ago
I clicked thinking it was about avoiding watermarks when exfiltrating data. I enjoyed the cryptography lesson I got instead.
01HNNWZ0MV43FF · 6h ago
And the term for _that_ is steganography
vertnerd · 8h ago
This is a familiar concept from reading about WW2 spy stuff (Between Silk and Cyanide, for example, which I highly recommend). But what REALLY intrigues me is the typeface of the letter with its upper-case 'E' used in place of 'e'. What's up with that?
The suggestion that it may have been a striker from a bilingual - cyrillic typewriter that was mixed in is an interesting possibility; someone transcribing diplomatic telegrams in WWII may indeed have need of access to Cyrillic typewriters…
andix · 2h ago
Interesting idea, but both the Cyrillic and Greek capital E would be a similar size to the Latin capital E. And in both alphabets the lower case e doesn't look like a smaller capital E. It's е/ε.
anon_cow1111 · 7h ago
Might be unrelated in this example, but when a message is written in a lazy ROT13-like cypher, the letter e becomes a notorious rat that allows anyone to break the entire thing in very little time.
Randomizing/obfuscating the letter case might buy you a little time, though I think it's something else entirely here.
justsomehnguy · 5h ago
Zvtug oR haeRyngRq va guvf RknzcyR, ohg juRa n zRffntR vf jevggRa va n ynml EBG13-yvxR plcuRe, guR yRggRe R oRpbzRf n abgbevbhf eng gung nyybjf nalbaR gb oeRnx guR RagveR guvat va iRel yvggyR gvzR.
Enaqbzvmvat/boshfpngvat guR yRggRe pnfR zvtug ohl lbh n yvggyR gvzR, gubhtu V guvax vg'f fbzRguvat RyfR RagveRyl uReR.
notherhack · 4h ago
V guvax gur vqRn jnf gb fcyvg guR uvtu seRdhrapl "r" gb gjb qvssReRag flzobyf r naq R ng yRffRe serdhrapvRf. Fvzcyl ercynpvat nyy r'f jvgu R qbrfa'g qb gung.
ants_everywhere · 6h ago
I had the same question about the upper case E.
Some of the E's look a little curly like epsilons but I'm guessing that may be an optical illusion.
But check out the 3 in "chancE3"
Avshalom · 6h ago
Legibility would be my guess. Can't confuse ᴇ for c.
pbhjpbhj · 5h ago
If we're guessing I have ideas:
1) it's just the typeface,
2) the teletype machine has unique letter so the machine it was received in is known (and hence which staff received it), reducing the ability to forge messages. Different machines could have had special letters, or all machines handling secrets had that particular "e"??
3) the machine broke and the repair shop only had a small-caps "E" handy.
andix · 2h ago
The document on the picture was for sure typed on a typewriter. Teletype machines would either be all caps or all lower case. Also they wouldn't be able to print a multi column header like on top of the document.
jameshart · 5h ago
I assume this is a typed up decrypt - not raw teletype output. Teletype would be all caps; this has been typed, capitalized, and laid out by a typist.
BigJono · 4h ago
> In this process, deletion rather than expansion of the wording of the message is preferable, because if an ordinary message is paraphrased simply by expanding it along its original lines, an expert can easily reduce the paraphrased message to its lowest terms, and the resultant wording will be practically the original message.
This bit has me perplexed. If you had a single message that you wanted to send multiple times in different forms, wouldn't compressing the message exponentially limit possible variation whereas expanding it would exponentially increase it? If you had to send the same message more than a couple of times I'd expect to see accidental duplicates pretty quickly if everyone had been instructed to reduce the message size.
I guess the idea is that if the message has been reduced in two different ways then you have to have removed some information about the original, whereas that's not a guarantee with two different expansions. But what I don't understand is that even if you have a pair of messages, decrypt one, and manage to reconstruct the original message, isn't the other still encrypted expansion still different to the original message? How does that help you decrypt the second one if you don't know which parts of the encrypted message represent the differences?
Khoth · 3h ago
It's mostly talking about the case where someone receives an encrypted message which is intended to later be published openly. If it was padded by adding stuff, an attacker can try to reconstruct the original plaintext by removing the flowery adjectives, whereas if things were deleted the attacker doesn't know what to add.
manwe150 · 3h ago
In particular, the length of a message is not encrypted when encrypting the text. So if the encrypted message is shorter, you know exactly how much to remove to get back the original, and then just need to guess what to delete. If the message is longer, it is much harder to guess whether to add flowery adjectives, a new sentence, change a pronoun for a name, or some other change.
beerws · 4h ago
Ironically, stating this at the beginning of telegram would precisely cause what it seeks to prevent (vulnerability to known plaintext attacks).
Which makes me wonder: how many permutations of this rule could be conceived (and needed) that on the one hand would keep the point clear to the receiver, but on the other hand prevent such attacks?
In any case the best option is to not have (to repeat) this rule inside messages.
manwe150 · 3h ago
It could be sent in the clear, although since the point was to apply it to every encrypted message, that would likely already have been redundant with having originally been encrypted. Just consider it part of the decryption algorithm itself instead: step 1, attach warning text, step 2, initialize decryption state and decrypt.
dehrmann · 1h ago
I guess CBC and IVs (or similar) weren't invented yet?
VoidWhisperer · 7h ago
Does this also apply if someone were to do the following:
Receive encrypted transmission -> unencrypt it -> need to pass it on, so re-encrypt it and pass it on?
I would imagine that the paraphrasing wouldn't be necessary in this case because it isn't quite as useful to compare two encrypted versions of the text versus an encrypted version and an unencrypted version (also I feel like there is some risk of a game of 'telephone' in that the meaning would change bit by bit to the point of having a different meaning over time, even if not intentionally)
eszed · 7h ago
No. As explained in the SO answer, the worry is that the enemy will have been able to decrypt one or the other of your messages, at which point the identical underlying plaintext will help them crack the second cypher.
jameshart · 7h ago
‘Crack the cipher’ in this case most likely meaning: figure out the daily code word key you are using for that cipher.
If they have already gained the ability to decrypt today’s messages from station A in cipher A, and can therefore recover the plaintext of those messages; if they then find a message of the same length sent from station B in cipher B they can guess that that might be the same message, reverse engineer the key and maybe then decrypt all the messages being sent from station B in cipher B today.
maxbond · 6h ago
Bletchley Park employed linguists alongside cryptographers, and the linguists would help permute the messages (substituting German words for common abbreviations, for example) to mount these sorts of attacks.
hiccuphippo · 7h ago
So it would make sense for the first message in a chain to be very verbose and repetitive to make it easier to modify down the chain. Bureaucrats must've had fun writting those.
bee_rider · 3h ago
Repetitive and verbose but make sure you don’t use up all the synonyms for a concept, right? Everything you use is taken from your paraphraser.
bombcar · 8h ago
Hasn’t known invariants been used to break modern encryption in TLs, etc? Like a SSH packet will always contain some known info, etc.
drum55 · 7h ago
In some systems sort of. The esp32 encryption has a bizarre implementation where adjacent blocks in counter mode reuse the same nonce, so knowing the structure of the plaintext can directly reveal the content of some blocks.
tlhunter · 6h ago
I'm not sure why drum55's answer is buried but they're correct that the Nonce concept in modern crypto addresses this issue.
conradludgate · 6h ago
It's not only the nonce. The nonce helps to ensure that the message re-encrypted doesn't have the same ciphertext, but the known plaintext can still be used to forge messages. What stops message forgery is the message tag that TLS has (using the AEADs like AES-GCM or ChaCha20Poly1305).
That said, the nonce is still very important to avoid most key recovery attacks
Jweb_Guru · 3h ago
Yeah the real answer here is that this is what AEADs are for.
macintux · 6h ago
Probably because that's the user's only comment. I've vouched for it.
pyuser583 · 4h ago
Known-plaintext attacks aside, if you're going to compress text, it must be done before encryption.
I don't know if compression offers much protection against plaintext attacks.
This also makes me wonder how helpful AI is in such situations. AI is essential an extremely effective, lossy, compression algorithm.
hcs · 3h ago
Compression + encryption can be dangerous if the compression rate is exposed somehow (between messages or within packets of a message).
> we show that it is possible to identify the phrases spoken within
encrypted VoIP calls when the audio is encoded using variable bit rate codecs
If nothing else it would make a great twist in a fiction setting.
These paraphrasing instructions could be followed. But the paraphrasing could be done using some LLM. A sufficiently advanced adversary manages to invert the model somehow, and as a result can get the original plain text out of the paraphrased message, which lets them do a known-plaintext attack, get the key, and use it on other messages.
Sort of technobabble (is the idea of inverting an LLM nonsense?) but fun.
electric_mayhem · 8h ago
Knowing the original plaintext is a big leg up in cracking encryption.
gametorch · 7h ago
Tangentially related — sending everyone in a company a slightly different document can help catch the person leaking confidential documents to the press.
How come this isnt a problem with modern cryptography? What did we invent?
ars · 1h ago
You add a random number to the encryption key, and also send that random number (seed) as part of the message.
Boiled down to the very essence modern cryptography is: Using a secret seed plus a public seed, generate a long random number (of the same length as the message), then XOR that number with the message.
The hard part is generating that random number in such a way that you can not reverse the process and reclaim the secret seed.
Note that it is equally dangerous to send paraphrased messages using the same key (which is called sending messages "in depth"). This was used to crack the Lorenz ("Tunny") cipher. Interestingly Bletchley Park hadn't gotten their hands on a Lorenz machine, they cracked it based on speculation. And it lead to the development of the first tube computer, Collosus (which influenced the ENIAC). Nowadays we use nonces to avoid sending messages in depth, but nonce reuse can be similarly disastrous for systems like AES-GCM. For example there have been Bitcoin hardware wallets that reused nonces, allowing the private key to be extracted & the Bitcoin stolen. (To be clear, cryptocurrencies and AES-GCM are completely different systems that have this one property in common.)
https://en.wikipedia.org/wiki/Cryptanalysis_of_the_Lorenz_ci...
https://www.youtube.com/watch?v=Ou_9ntYRzzw [Computerphile, 16m]
As an aside does anyone know why it's called "in depth?" I'm guessing that it's related to Bletchley Park's penchant for naming things after fish? But possibly also their techniques that involved arranging messages together and sliding a stencil over them to visually spot patterns (so they're sort of overlayed)? I tried some casual searching but it's a very generic phrase and so difficult to search. It's defined in the The 1944 Bletchley Park Cryptographic Dictionary but it doesn't give an etymology.
https://www.codesandciphers.org.uk/documents/cryptdict/crypt... [Page 28]
Before there were general-purpose stored program digital computers, there were many special-purpose computing devices. They checked some, but not all, of those boxes.
- IBM had electronic arithmetic in test before WWII, but that went on hold during the war. Mechanical arithmetic worked fine, although slowly, and by 1939, Columbia University and IBM had something that looked vaguely like a programmable computer, built from IBM tabulator parts.
- The G.P.O. (the UK's post office and telephony provider) had been fooling around with electronic switching since 1934. That's where Tommy Flowers, who designed the electronics of Colossus, came from.[2] He had a tough life. After the war, he wanted to get into computers, but couldn't get funding because he couldn't talk about what he'd done for security reasons.
- Memory was the big problem. Colossus just had some registers, built from tubes. And plugboards, the ROM technology of the 1930s and 1940s. Useful memory devices were all post-war. Needed storage to get to stored program computers.
[1] https://www.researchgate.net/figure/Logical-architecture-of-...
[2] https://en.wikipedia.org/wiki/Tommy_Flowers
The computer museum also exhibits post-war computers all the way to modern machines. I'd say that museum is more for the geeks while the Bletchley Park museum is definitely worth a visit even if you're not into computers.
In the 1980s the Bletchley museum project put out a call for wartime electrical components so they could build their Colossus replica. My grandfather in the 1950s had made a chain of Christmas tree lights from govt issue tiny light lightbulbs he pinched from work. He painstakingly removed the nail polish he had painted them with 30 years earlier, and sent them to Bletchley. They used his family Christmas lightbulbs in the replica that is still there today.
I had the privilege of touring the museum with him in the 1990s. Also on that day I heard my grandmother’s stories of her time in the British Army during the war. That day was incredibly interesting and moving, and is an important memory for me.
As a child I learned about codes from a library book. Fascinated with one-time pads, I convinced a friend to try a correspondence. We exchanged a few messages, and then got bored, because the juice wasn’t worth the squeeze.
Which makes me wonder about people who work in secrets. Encrypted communications seem opposite of scientific communications. Secrets peeps seem prolly aligned to politics.
I recall that Ovaltine goes better with decoded messages.
https://arstechnica.com/information-technology/2017/04/this-...
And (more or less) that’s how the Enigma was cracked. Turns out starting weather report with ‘weather’ every single time is not a good idea.
1. https://archive.org/details/Fm3440.2BasicCryptAnalysis/mode/...
https://en.wikipedia.org/wiki/Siemens_and_Halske_T52
The suggestion that it may have been a striker from a bilingual - cyrillic typewriter that was mixed in is an interesting possibility; someone transcribing diplomatic telegrams in WWII may indeed have need of access to Cyrillic typewriters…
Randomizing/obfuscating the letter case might buy you a little time, though I think it's something else entirely here.
Enaqbzvmvat/boshfpngvat guR yRggRe pnfR zvtug ohl lbh n yvggyR gvzR, gubhtu V guvax vg'f fbzRguvat RyfR RagveRyl uReR.
Some of the E's look a little curly like epsilons but I'm guessing that may be an optical illusion.
But check out the 3 in "chancE3"
1) it's just the typeface,
2) the teletype machine has unique letter so the machine it was received in is known (and hence which staff received it), reducing the ability to forge messages. Different machines could have had special letters, or all machines handling secrets had that particular "e"??
3) the machine broke and the repair shop only had a small-caps "E" handy.
This bit has me perplexed. If you had a single message that you wanted to send multiple times in different forms, wouldn't compressing the message exponentially limit possible variation whereas expanding it would exponentially increase it? If you had to send the same message more than a couple of times I'd expect to see accidental duplicates pretty quickly if everyone had been instructed to reduce the message size.
I guess the idea is that if the message has been reduced in two different ways then you have to have removed some information about the original, whereas that's not a guarantee with two different expansions. But what I don't understand is that even if you have a pair of messages, decrypt one, and manage to reconstruct the original message, isn't the other still encrypted expansion still different to the original message? How does that help you decrypt the second one if you don't know which parts of the encrypted message represent the differences?
Which makes me wonder: how many permutations of this rule could be conceived (and needed) that on the one hand would keep the point clear to the receiver, but on the other hand prevent such attacks?
In any case the best option is to not have (to repeat) this rule inside messages.
I would imagine that the paraphrasing wouldn't be necessary in this case because it isn't quite as useful to compare two encrypted versions of the text versus an encrypted version and an unencrypted version (also I feel like there is some risk of a game of 'telephone' in that the meaning would change bit by bit to the point of having a different meaning over time, even if not intentionally)
If they have already gained the ability to decrypt today’s messages from station A in cipher A, and can therefore recover the plaintext of those messages; if they then find a message of the same length sent from station B in cipher B they can guess that that might be the same message, reverse engineer the key and maybe then decrypt all the messages being sent from station B in cipher B today.
That said, the nonce is still very important to avoid most key recovery attacks
I don't know if compression offers much protection against plaintext attacks.
This also makes me wonder how helpful AI is in such situations. AI is essential an extremely effective, lossy, compression algorithm.
> we show that it is possible to identify the phrases spoken within encrypted VoIP calls when the audio is encoded using variable bit rate codecs
https://crypto.stackexchange.com/a/2188
See also https://breachattack.com/ when the plaintext is partially attacker-controlled.
These paraphrasing instructions could be followed. But the paraphrasing could be done using some LLM. A sufficiently advanced adversary manages to invert the model somehow, and as a result can get the original plain text out of the paraphrased message, which lets them do a known-plaintext attack, get the key, and use it on other messages.
Sort of technobabble (is the idea of inverting an LLM nonsense?) but fun.
Boiled down to the very essence modern cryptography is: Using a secret seed plus a public seed, generate a long random number (of the same length as the message), then XOR that number with the message.
The hard part is generating that random number in such a way that you can not reverse the process and reclaim the secret seed.
Lookup "initialization vector" for more.