“This telegram must be closely paraphrased before being communicated to anyone”

Posted by azeemba 8/31/2025

“This telegram must be closely paraphrased before being communicated to anyone”(history.stackexchange.com)

775 points | 135 commentspage 2

typpilol 8/31/2025|

I was able to find the 2 earlier manuals mentioned:

RadioNerds-TM 11-485 (PDF) (33.22 MB) 4

Internet Archive-US Army Cryptography Manuals Collection (see "TM_11-485.pdf")

https://radionerds.com/index.php/File:TM_11-485.pdf

https://archive.org/details/US-Army-Cryptography-Manuals

bombcar 8/31/2025||

Hasn’t known invariants been used to break modern encryption in TLs, etc? Like a SSH packet will always contain some known info, etc.

drum55 8/31/2025||

In some systems sort of. The esp32 encryption has a bizarre implementation where adjacent blocks in counter mode reuse the same nonce, so knowing the structure of the plaintext can directly reveal the content of some blocks.

tlhunter 8/31/2025||

I'm not sure why drum55's answer is buried but they're correct that the Nonce concept in modern crypto addresses this issue.

conradludgate 8/31/2025|||

It's not only the nonce. The nonce helps to ensure that the message re-encrypted doesn't have the same ciphertext, but the known plaintext can still be used to forge messages. What stops message forgery is the message tag that TLS has (using the AEADs like AES-GCM or ChaCha20Poly1305).

That said, the nonce is still very important to avoid most key recovery attacks

Jweb_Guru 8/31/2025||

Yeah the real answer here is that this is what AEADs are for.

macintux 8/31/2025|||

Probably because that's the user's only comment. I've vouched for it.

electric_mayhem 8/31/2025||

Knowing the original plaintext is a big leg up in cracking encryption.

VoidWhisperer 8/31/2025||

Does this also apply if someone were to do the following: Receive encrypted transmission -> unencrypt it -> need to pass it on, so re-encrypt it and pass it on?

I would imagine that the paraphrasing wouldn't be necessary in this case because it isn't quite as useful to compare two encrypted versions of the text versus an encrypted version and an unencrypted version (also I feel like there is some risk of a game of 'telephone' in that the meaning would change bit by bit to the point of having a different meaning over time, even if not intentionally)

eszed 8/31/2025|

No. As explained in the SO answer, the worry is that the enemy will have been able to decrypt one or the other of your messages, at which point the identical underlying plaintext will help them crack the second cypher.

jameshart 8/31/2025||

‘Crack the cipher’ in this case most likely meaning: figure out the daily code word key you are using for that cipher.

If they have already gained the ability to decrypt today’s messages from station A in cipher A, and can therefore recover the plaintext of those messages; if they then find a message of the same length sent from station B in cipher B they can guess that that might be the same message, reverse engineer the key and maybe then decrypt all the messages being sent from station B in cipher B today.

maxbond 8/31/2025||

Bletchley Park employed linguists alongside cryptographers, and the linguists would help permute the messages (substituting German words for common abbreviations, for example) to mount these sorts of attacks.

hiccuphippo 8/31/2025||

So it would make sense for the first message in a chain to be very verbose and repetitive to make it easier to modify down the chain. Bureaucrats must've had fun writting those.

bee_rider 8/31/2025|

Repetitive and verbose but make sure you don’t use up all the synonyms for a concept, right? Everything you use is taken from your paraphraser.

lunatuna 9/1/2025||

I was trained with regards to realtime control systems to put salt in the messages to reduce repetition. Many systems just repeat a status or number from which you could more easily get the keys. Never knew if it was a real concern or not. Interesting to see from the post and comments how old a concept this is. With today’s encryption is this still a concern?

beerws 8/31/2025||

Ironically, stating this at the beginning of telegram would precisely cause what it seeks to prevent (vulnerability to known plaintext attacks).

Which makes me wonder: how many permutations of this rule could be conceived (and needed) that on the one hand would keep the point clear to the receiver, but on the other hand prevent such attacks?

In any case the best option is to not have (to repeat) this rule inside messages.

manwe150 8/31/2025|

It could be sent in the clear, although since the point was to apply it to every encrypted message, that would likely already have been redundant with having originally been encrypted. Just consider it part of the decryption algorithm itself instead: step 1, attach warning text, step 2, initialize decryption state and decrypt.

p0w3n3d 9/1/2025||

First thought that came into my mind, when I read this article header, was regarding the Chat Control and the Telegram IM. Then I saw the history.stackexchange...

And the revolution is: It's really nice that nowadays we have telegrams that are more safe that they were during WW2 for example even with the military infrastructure available back then...

Or maybe we did have?

alanfalcon 9/1/2025|

What an interesting find!

Not that this specific quirk is covered in the novel, but a reading of Neal Stephenson's Cryptonomicon would certainly help make one understand the kind of necessary paranoia that would lead to this kind of (important!) protective measure.

More comments...