Crack the Code In US Cyber Command's Logo

Dan writes "According to Wired: 'The US military's new Cyber Command is headquartered at Ft. Meade, Maryland, one of the military's most secretive and secure facilities. Its mission is largely opaque, even inside the armed forces. But the there's another mystery surrounding the emerging unit. It's embedded in the Cyber Command logo. On the logo's inner gold ring is a code: 9ec4c12949a4f31474f299058ce2b22a.'"

md5?

[betterunixthanunix]

Looks like it is the same length as an MD5 sum...

Re:md5?

[Anonymous Coward]

It is a dumb md5 hash and nothing more.

"USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."

Re:md5?

[simcop2387]

whoever you are, you deserve a cookie.

echo -n "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries." | md5sum
9ec4c12949a4f31474f299058ce2b22a -

Re:

[account_deleted]

Comment removed based on user account deletion

Re:md5?

[DIplomatic]

Keep digging, I'm pretty sure this will end up as promotion for a new Halo game. :P

Re:

[ILuvRamen]

or a trip to another planet to try an experimental stargate dialing system lol

Re:

[geekoid]

No they don't. It was trivial. Perhaps I should say: The First part was trivial.

Don't tell me I am the only one that noticed how oddly worded that is? I mean, if you are just going to md5 something, why word it so poorly? Why the double meaning of 'domains'?

Maybe I am reading too much into it, but my experience show that this would be typical double meaning often used by covert operations.

Re:

[jandrese]

That's one of those classic "design by committee" mission statements that end up bogged down with every single little thing the company does because everybody has their own little fiefdom that they want represented.

Re:

[Americano]

You've never worked for a division/company/department that has a "mission statement" or "vision statement" before?

This is typical bureaucratic jargon, I read it and thought for a second - "Hey I worked at that place before!" And then I realized that they didn't also claim they were going to "synergize... [their] product offerings while remaining the provider of choice for world-class enterprise solutions."

Re:

[synthparadox]

The answer was posted yesterday at 2pm Eastern in the comments:
http://uscybercom-watch.blogspot.com/2010/06/uscybercom-logo.html [blogspot.com]

Re:md5?

[hoggoth]

The person who figured this out got a visit from a mysterious man named 'Centauri' who invited him to join the US Cyber Command's fight against the Ko-Dan Empire.

Re:md5?

[geminidomino]

against the Ko-Dan Armada.

FTFY...

Geez, getting that reference makes me feel very "Get off my lawn"-y

Re:

[Qzukk]

So if we watch the logo carefully, we'll know when someone tries to change the mission statement?

Re:

[societyofrobots]

Its just a hash of their mission statement:
http://en.wikipedia.org/wiki/United_States_Cyber_Command [wikipedia.org]

"The text '9ec4c12949a4f31474f299058ce2b22a', which is located in the command's emblem, is the MD5 hash of their mission statement."

Re:md5?

[severn2j]

Doesn't pretty much every government department make a hash of their mission statement?

Re:md5?

[radtea]

It's pretty sad that someone had to write a whole story surrounding the mystery behind this md5 hash sum, when it is plainly written in black and white on wiki, hence your link.

There's a whole school of modern journalism built around ignoring easily accessible answers to relatively trivial questions. If you've followed any of the recent economic debates you'll find that it's full of "but they never say anything about what they mean by XYZ" claims regarding their opposition, only to have the opposition respond with links to where they explain clearly what they mean by XYZ.

I used to think that the Web would make it harder for people to play this sort of stupid Straw Person type of argument, either postively--by imputing to your opponent an argument they are not making--or negatively--by ignoring explanations and justifications your opponent has clearly made. I thought the Web would improve human communication and engagement in argument. But what it has done is simply reveal the depths to which stupid people will dive to preserve their faith-based beliefs against any and all opposition.

I'm pretty sure that almost all the argument on the Web is one big game of "let's pretend we don't know anything because the world is more 'provocative' and 'exciting' that way."

It is increasingly clear that the average person lives their life entirely within the epistemological limits of Humpty Dumpty, to whom words meant what he wanted them to, and nothing else. In the present case, "mystery" apparently means "something that I can't be bothered to google."

Re:md5?

[commodore64_love]

So what's the maximum length message that an MD5 number can hold?

Re:md5?

[sepelester]

So what's the maximum length message that an MD5 number can hold?

Infinite - 1

Re:

[ailnlv]

its just a hash; in theory you shouldn't be able to recover the original message from an md5sum, since several messages can have the same sum. There is no maximum length to what you can hash using md5.

MD5 - supposed to be pretty basic

[Firethorn]

I almost replied before I saw the GP's post explaining it, but was hesitant because I was wondering if you were trolling.

'googling it', in this instance, or looking it up on wiki is fairly logical because it will give you a well written description without us going through the effort of writing it ourselves.

I didn't realize it was essentially a random, unrecoverable number.

It's deliberate that you're not able to recover the original message from the MD5 sum, but 'random' is very much NOT true. It's used as data verification - a small change, even just a bit, in the message stream will result in a vastly different number. But feed it the same data, and you'll get the same number back, every time.

This allows you to verify things like messages and binaries haven't been altered from their original verified state.

Re:

[icebraining]

Actually, writing "go google it" takes 16 times less the effort to write (measured in characters typed) than GP's post.

Re:md5?

[Aphoxema]

MD5s don't hold information, they're a trap-door. It's perfectly possible that another combination of characters would lead to the same MD5, but it's incredibly unlikely that those characters would be lingually meaningful.

Passwords are often "stored" server-side as a hash. Why I quote "stored" is because the password isn't stored at all! The server doesn't know the actual password, you would have to digest every possible combination of characters to find a hash that exactly matches the one stored on the server, but by knowing a string that already does (your password) you're already there.

MD5 alone is a poor choice for trapping important strings because it is possible to "plan" a collision... for example, if a web-site offered you a file and an MD5 hash to test the source of that file, with enough cleverness and computing power another party could give you a different file with the same MD5 hash.

Re:md5?

[CrimsonAvenger]

So what's the maximum length message that an MD5 number can hold?

Holy crap you're stupid.

No, he's ignorant.

It's arguably stupid to not google it first to find out what it is, but that's a common failing on /. (and everywhere else in human space).

Re:

[baryluk]

rfc1321
"The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input."

So it basically means that there is no limit.

(newer hashes, for safety or becuase they use ctr-like modes, define maximal lengths, for example SHA-1 and SHA-256 have limit of 2^64-1 bits. SHA-384 and SHA-512 have limit of 2^128-1. Still 2^64-1 bits is bilions of gigabytes.)

Re:md5?

[commodore64_love]

>>>So it basically means that there is no limit.

C'mon. You mean to tell me I can take the collected works of Harry Potter and boil them down to a 128 bit MD5 number? Wow that's some amazing test compression. Even ZIP isn't that good!

Okay no, I really don't believe either you or wikipedia. Given the number carved on the Cyber Command's logo, there has to be a set maximum length the decoded text message could be.

Re:md5?

[idontgno]

Sheesh.

Either you're trolling or you don't comprehend the difference between hashing, encryption, and compression.

You display a practical understanding of compression: output size is proportionate to input size. But again, since compression algorithms work in blocks or streams of data, there's no theoretical limit to input size. Things like filesystem file size limits may apply, but again, if it's a stream compression with a stream input (e.g., network socket) and a stream output (ditto), there's no limit (other than externals like the finite lifespan of the Universe).

Encryption's affect on size is different than compression. Without padding, encryption output size should be the same as input size. Many algorithms do pad short inputs, so there may be a small increase in output size. Again, since ciphers can operate in stream modes, there are no inherent limits (other than, for instance, available one-time-pad data for OTP ciphers.)

Hashing, on the other hand, is in essence an extremely fancy checksum, specifically designed to use cryptographic functions in order to radically increase the likelihood that the hash value derived from any particular input is relatively unique (i.e., the hash of a particular input is radically different from the hash of another particular input which is almost identical to the first--small differences in input yield obvious differences in output.)

Checksums are, by practical definition, fixed-size, and that size is much smaller than the majority of the potential inputs. The classic checksum is a single check digit: (running total of input) mod 10. Cryptographic hashes (such as MD5--which stands for Message Digest Algorithm 5, btw) are defined to be 128 bits. No matter how long the input is, the MD5 algorithm always produces a 128-bit output, because it iteratively processes bytes of the input 128 bits at a time.

C'mon. You mean to tell me I can take the collected works of Harry Potter and boil them down to a 128 bit MD5 number? Wow that's some amazing test compression. Even ZIP isn't that good!

It's not compression. Compression requires reversibility. Hashes are, by definition, not reversible: a "trap door function". The idea is that you can take an input and digest it into a 128-bit number which relatively uniquely represents it, but you can't reverse the 128-bit number and recover the original input. That would be foolish: "I'll reverse the hash, edit the text, re-hash it, and send it on its way; no one will be the wiser."

Re:

[deuterium]

You're right in that no one has explicitly stated how they "naturally" got to the mission statement, you're just supposed to know that it's an obvious bit of text to check against this hashing algorithm, and then shout "stupid" at people like you.

Re:

[networkBoy]

strictly speaking an MD5 holds 128 bits. The minimum/maximum length message is the MD5sum its self.

But yeah....

Re:

[Anonymous Coward]

I think you mean "my cat is now servant-less".

Re:

[TheCarp]

When they said in the article that it had to do with their mission, I figured it must be a hash of "Use Fear Uncertainty, Doubt, and Lies to bilk the taxpayers out of as much money as possible while providing absolutely no tangible benefit to anyone."

Apparently, they chose to just use their "cover mission".

-Steve

Unwise

[andyh-rayleigh]

Is it wise to put the md5 hash of a mission statement that is likely to be subject to frequent change on a logo which should not?

Re:

[networkBoy]

hey, on the bright side if they try to change it and say it's always been that way, we can point at their logo (especially any that are engraved) and say: nuh-uh you changed it!
-nB

Re:

[An ominous Cow art]

I misread the final word as "advertisers" and for a minute was getting pretty enthusiastic about signing up...

Re:

[Yvanhoe]

Actually the real message meta-coded there is : "We are not serious people, we just are here to take some taxpayers money and give a false sense of security by sitting in front of shiny computers.".

Re:md5?

[WrongSizeGlass]

Looks like it is the same length as an MD5 sum...

The MD5 sum of the secret Cyber Command PR effort to get geeks to talk about it without delving too deep into the actual workings and mission of the Cyber Command. Hmm, I wonder if it will work?

Silly government!

[scorp1us]

Don't they know MD5 is deprecated. They should be using SHA-1 [wikimedia.org]. Off to a disappointing start already...

Re:Silly government!

[debrain]

Don't they know MD5 is deprecated. They should be using SHA-1. Off to a disappointing start already...

SHA-1 is deprecated, too. They should be using SHA-2 [wikipedia.org], or if they really want to show off SHA-3 [nist.gov].

Re:

[scorp1us]

Absolutely true, but implementations of SHA > 1 are harder to find. MD5 and SHA-1 are everywhere, and there's just no excuse for not using SHA-1 these days.

Re:Silly government!

[mackil]

I find your lack of Salt disturbing...

Re:

[Ungrounded Lightning]

Don't they know MD5 is deprecated. They should be using SHA-1. Off to a disappointing start already...

Military group logos are not intended to be secure. They are intended to be easy to recognize quickly and to inspire group pride. So they are symbolic, transparent, sometimes ironic and/or making an in-joke (such as three spur gears meshed, an arrangement which could not possibly turn), and often using archaic elements as historical references.

MD5 is a cryptographic hash that, though now dated, was strong

Re:md5?

[jimmyswimmy]

$ echo -n "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries." | md5sum
9ec4c12949a4f31474f299058ce2b22a  -

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Chris Mattern]

Confirmed. We have a winner.

Re:

[bezenek]

Apparently they came up with the idea for the logo "code" before they hired the talent.

-Todd

Re:

[TJamieson]

Now, how about a collision? Let's see what other "sentences" can end up at the same md5sum :)

Re:

[betterunixthanunix]

MD5 is "broken" in the sense that collisions can be found in certain situations. This makes MD5 bad for cryptographic purposes, yes, but it is not exactly useless. Also, considering that cyber command has limited space on its logo, a stronger hash function which generates longer hashes might have been difficult to use.

Re:

[geekoid]

I can't wit for the second portion to become public so I can point at you and laugh.

However, if this group is any indication people will be too busy talking about how stupid it is before they realize it's multipart.
At which time they will conveniently forget THEY where the ones being stupid. I wan't to be sure the world know they're stupid.

This is because I suffer from the irrationality that when people are shown how irrational they are they will become rational.

Re:

[v1]

and just how are we supposed to find anything "meaningful" in the result of a one way hash? To say that a one way hash (with an arbitrary sized input)"encodes" anything is just plain stupid.

Oh I know! It's the original draft of the Constitution of the United States! Imagine that, all in 16 bytes! What amazing compression! Really, you're not going to fit much "meaningful" beyond a telephone number in a ciphertext THAT small. It's a hash.

Re:

[b4dc0d3r]

You're looking at it the wrong way. The search for a meaningful match makes you use different tactics from simple codebreaking. You have to actually understand the subject, what's relevant, and what isn't. Recognizing it as an md5 is the first part, then assume it's not any more obfuscated than that is the second.

Going to an md5 dictionary to find the content might give interesting results, but I think this was found quite easily using likely data to calculate an md5 match. Probably took less than 5 trie

Re:md5?

[Doomstalk]

That's because it is an MD5 sum [theregister.co.uk]

Re:md5?

[the_one_wesp]

And my misplaced hopes that a government agency would actually do something creative come crashing to the ground and a violent speed....

Re:md5?

[StikyPad]

There's always kryptos [google.com]; part 4 has yet to be decoded. Have fun.

I got it!

[bsDaemon]

Don't ... forget to... drink... your ovaltine?!?! a lousy commercial!?

Re:I got it!

[PrescriptionWarning]

funny, I decoded it and it came out "Ph4rma increase your p33nas size today for less $$$$"

Re:I got it!

[spong]

It's really reads "All your base are belong to U.S.".

Re:

[dkleinsc]

Drat, I thought it said "Azh nazg durbataluk, azh nazg gimbatul"

Re:

[Verteiron]

Geez, warn a guy before you start flinging that stuff around, will you? My monitor went dark for a second there!

Duh, it's "Hello World"

[elrous0]

Obviously.

Already Solved

[Anonymous Coward]

The first reply in the Reddit thread already has the answer: http://www.reddit.com/r/programming/comments/cmxm0/proggit_if_you_decode_this_i_will_love_you/

Obviously...

[buddyglass]

...its their public key. :)

Re:

[Tom]

it's not, but the idea is great. For a whistleblowing service, Wikileaks like thing or something similar, incorporating your public key into the logo would be a great way to spread it.

Re:

[beef3k]

slightly painful if you have to revoke it...

Re:

[bonkeydcow]

I was thinking the same, only I was going to say it's their private key.

Next Up

[PixieDust]

Sony sues US Cyber Command for posting an AACS key (yes I know it's not).

And...

[stressclq]

It was quite swiftly found out to be the MD5 hash of (remove quotes): "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."

News at 11..

Re:

[vossman77]

echo -n "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries." | md5sum

Gives:

9ec4c12949a4f31474f299058ce2b22a -

Re:

[L4t3r4lu5]

There's a spurious hyphen in the blurb. "... full-spectrum..." is how it is now. This is what other stories I've seen regarding this are about.

Re:And...

[epiphani]

Err, I take it back. It's a hash of the string itself, not a file containing the string.

Sigh.

Re:

[Anonymous Coward]

Fail.

Re:

[GigsVT]

The file or lack thereof is irrelevant, it's that you added an extra newline at the end. echo -n suppresses the newline.

Re:

[Monkeedude1212]

This made my day. And its not even 9am yet.

Re:

[tuffy]

There's no newline at the end of the text. Try using "echo -n" over it.

MD5

[FalconZero]

It's (obviously) MD5 length. The results of a quick reverese MD5 lookup are as follows :

USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

However, as we all know, MD5 isn't 1-1. It could well just be a conincidence, or something completely different.

Re:

[FalconZero]

(The US Cyber Command mission statement.)
....as stated by everyone else here, replies to the original article, wikipedia etc....

Yet another reminder to me to use Google first, then do things like reverse MD5 lookups.....

Re:MD5

[betterunixthanunix]

Actually, it turns out that every paragraph USCYBERCOM publishes will have the same MD5 hash; they are showing off their ability to find collisions.

What you say?

[oodaloop]

It's "All Your Base Are Belong To Us!"

Wait, too soon?

Re:

[Joe U]

It could be worse, like "Where do you want to go today?"

Wait!

[multipartmixed]

9ec4c12949a4f31474f299058ce2b22a?!!

That's the combination to my luggage!

I reckon

[Hognoxious]

"Help, I'm being held prisoner in a logo factory"

Re:I reckon

[StikyPad]

REPEAT 360 [FD 3 RT 1]
RT 90
PU
FD 100
PD
REPEAT 360 [FD 1 RT 1]
HIDE TURTLE

That's no LOGO factory -- it's a Death Star!

Nothing to see here, move along.

[Anonymous Coward]

It's no secret. Somebody called their office and asked what it was. It's the mission statement.

I'm sure the conspiracy nuts will just say that's a convenient hash collision and that the real message is the date and time the Loch Ness Bigfoot Anti-Christ from Betelgeuse heads up the New World Order.

easy

[circletimessquare]

that's the US government's Windows Product Key

and the purpose of Cyber Command is to keep track of all software activation and licenses, and make sure no bonehead buys a region 2 dvd disk

the only reason Cyber Command's mission is opaque is that the government fears being sued by the BSA and MPAA because they installed windows xp on every government computer from a cd they bought in hong kong for $12, and they put an avi of "The Hangover" they got off of pirate bay on a network drive

Windows

[DrugCheese]

It's a Windows 95 key!

UP UP Down Down Left Right Left Right B A

[ZirbMonkey]

It seems pretty obvious.

Daddy, drive slower!

[magusxxx]

If you don't know : whose data not to touch : you must not value : your freedom very much : Burma Shave

Its the..

[BigJClark]

It's the rosetta stone, literally, it's the key. That number is the hash for 42.

wasn't meant to be a code

[v1]

Think about it. What organization wouldn't be at least somewhat interested in trying to put their entire mission statement in their logo? Success. And appropriate for them to use a hash for it. Although their choice of hash was poor. You'd think they would have used a more modern hash that's considered more secure? But maybe they wanted to go with that because they weren't intending for it to be secure, just fit, and be appropriate.

Re:

[betterunixthanunix]

I think a SHA256 sum would have been too long to fit on the logo:

7521ea74913335fc0fb3a47dfa0ca32636ff59bceabadee0dcfbf25ad85a03eb

That is twice as long as the MD5 hash; the logo has limited space, and I am guessing they did not want to force people to use a magnifying glass to see the numbers.

Wait a minute...

[natehoy]

It's written in an obscure script on the inside of a golden ring?

Well, duh. Isn't it obvious?

"Three Rings for the Elven-kings under the sky,
Seven for the Dwarf-lords in their halls of stone,
Nine for Mortal Men doomed to die,
One for the Dark Lord on his dark throne
In the Land of Mordor where the Shadows lie.
One Ring to rule them all, One Ring to find them,
One Ring to bring them all and in the darkness bind them
In the Land of Mordor where the Shadows lie."

Quick! We need some midgets and an active volcano!

Bluray

[CODiNE]

It's the key for the Eagle Eye bluray release.

I don't know why they would have that in their logo, seems kind of random to me.

Wait... is that a... a construction crane?? Whoah... looks like it's coming in this dir$@HHXxXXXX____

NO CARRIER

Re:

[TheHawke]

No Spot! Don't chew on that... *FZZZTT!*

NO TERRIER

Beware the word "cyber"

[SlappyBastard]

Where you see the word cyber, there is an idiot nearby waiting to waste your money.

Obviously....

[lattyware]

It's the WEP key for their WiFi. Handy for all staff who forget easily.

It says...

[alfredo]

Kryptos is gibberish. http://en.wikipedia.org/wiki/Kryptos [wikipedia.org]

It says

[Dunbal]

"United States Cyber Command"

What do I win?

A better logo

[Ukab the Great]

The proper logo for a Cybercommand that could do its job well would be a PHB skull wearing a military cap with the motto "Defending against all enemies foreign, domestic, and corporate."

Another level of coding?

[SloWave]

What's more interesting is if you take the first letters of each word in their mission statement and parse them correctly, you get 'UPC is a cat' followed by a list of acronyms for all sorts of shadowy secret organizations and technologies...

upc is a cat dto ados dod in a pta wd cfs mco io tea ia de UA foa i cad tst oa

Mysteries within mysteries...

[Tetsujin]

When you run the numerical code in the US Cyber Command's logo through a standard two-pass RSA decryption, match it against known quantum fractal ciphers, look at it in a mirror while standing on your head, and de-converge your eyeballs to get the stereo effect, it reads as follows:

"A/S/L?"

But what could it possibly mean?

Re:

[WrongSizeGlass]

The code is the md5 of their mission statement. Nothing too crazy.

Are you claiming their mission statement isn't crazy? Hmm, I wonder if you're part of the propaganda machine or a read herring? Let me see if I can find the answer encoded in their mission statement ...

Re:

[s0litaire]

It's a continuation of the US's "Security by obscurity" policy.