Byte of Prevention Blog

by Patrick Brown |

Everything I need to know about encryption I learned from Cracker Jacks

Do you remember when you actually received a toy prize in a box of cereal or snacks such as Cracker Jacks?  Those little plastic or metal choking hazards made eating an adventure in and of itself.  And the thrill of discovering one (without swallowing it) – priceless!  Now you get a code or a QR image to scan and receive an online game or collect points or some much less life-threatening activity. But where is the fun?

I digress, so back to the Cracker Jacks…

Don’t you miss decoder rings?  Those paper/plastic (or metal if you got the fancy Ovaltine ones!) toys you could wear on your finger, and spinning the two concentric rings you could draft secret letters to your friends that no one else could possibly decode without the ring.

Congratulations, you are an early cryptographer!  We can stop here now, right?  Well…

While this is a very basic form of encryption, it is not that hard to crack – but don’t tell our 9-year-old self that.  You only have to figure out which of the 25 other letters to start from, match that letter to the “A,” and you can quickly “decrypt” the message.

A more advanced form would use a starting codeword.  Say for example you received a message and knew in advance the codeword was “blue.”  You would set the “A” to the “B” on that same ring, then match the first letter of the message. Next set the “A” to the “L” on the ring, then match the second letter of the message.  Do this with “U” and “E” and then start over at the “B.”  It takes longer to decode and it is more difficult to determine the pattern if you don’t have the starting codeword.  Also, the longer the codeword, the more difficult it is to find the pattern.

Computers take this concept to a higher level of complexity.  Computers think in binary (0’s and 1’s) and so the “decoder ring” only has those two options.  Seems more simple to us until you consider how a simple concept to us looks like to a computer. For instance an “A” is 01000001 whereas an “a” is 01100001 – not quite so simple.

Modern encryption uses either 128-bit or more commonly now 256-bit – meaning a string of 1’s and 0’s 128 or 256 digits long.  (Even better is 512-bit.)  This takes the concept of that codeword “blue” to another level, but the underlying method is similar: you line the encryption key to the original data and apply a rule to obtain the encrypted data.

Yes, it gets significantly more complex – but the basic concept applies.  And computers do not have fingers and cannot wear decoder rings…they do the best they can with how they think.  Computers also cannot enjoy Cracker Jacks, it only makes sense to eat a box in their honor.

So the next time you hear about encryption, don’t roll your eyes – instead just dig out your decoder ring and have fun with your next letter!

Next week we’ll take a look at common external threats and tips to reduce your risk.

About the Author

Patrick Brown

Patrick is the Vice President of Enterprise and Operational Risk Management at Lawyers Mutual as well as filling the roles of Corporate Secretary and Director of Information Security. He is an NCSB board certified specialist in Privacy & Information Security Law and has been designated a Fellow of Information Privacy and a Privacy Law Specialist by the IAPP.  He is always happy to talk about his collection of tinfoil hats or to discuss risk management advice and resources that you may find helpful - you may reach him at 800.662.8843 or

Read More by Patrick >

Related Posts