Cryptography's running gag: ROT13

If your cryptographer buddies are cracking cryptic jokes, you should check out Chad Perrin's explanation of the ROT13 cipher.

In pretty much every subculture, jokes that get repeated and gain an aura of mystique arise. A common one for the cryptology subculture focuses on the ROT13 cipher.

Probably the most prevalent running gag in cryptology circles revolves around the ROT13 cipher (pun intended).

If you think the XOR stream cipher is easy to implement, you haven't seen anything yet. The ROT13 cipher is much easier to implement, and there are probably an order of magnitude more ways to implement it than the XOR stream cipher. One of the simplest approaches to implementing it leverages the easy text processing capabilities of languages like Perl and Ruby. The following is a Ruby example that can be executed directly from the shell prompt:

> ruby -p -e '$! "A-Za-z", "N-ZA-Mn-za-m"' filename.txt

This will read in everything in the file whose name is provided as an argument, encrypt it, and print the ciphertext. Like the XOR stream cipher, ROT13 produces output that is the same length as its input. The way it does so, however, is somewhat different. In the case of the ROT13 cipher, you get the same result as what you get if you follow the instructions described here:

  1. Write all the letters of the alphabet in a circle on a piece of paper.
  2. Pick a letter you want to encrypt using ROT13.
  3. Place a token (perhaps a dime) on that letter.
  4. Move the token thirteen spaces clockwise (or counterclockwise — it works the same either way, because 13 is half of 26, which is the number of letters in the alphabet).
  5. The letter on which the dime now rests is the ciphertext output of a ROT13 algorithm performed on the letter with which you started.

Decrypting ROT13 is just as easy; start with the encrypted letter, and do exactly the same thing. Thus, the above Ruby one-liner works for both encryption and decryption.

Of course, ROT13 is a laughably bad cipher. It is the sort of thing invented by toddlers to pass secret messages. One could conceivably change the "key", and thus change the number 13 to something else, and have some system for deciding which way to rotate the token for each character translation. One could also include more characters in a known order. Ultimately, however, these are all just variations on the same theme, which is not a strong algorithm.

In fact, it is so weak that it has been called "the Usenet equivalent of a magazine printing the answer to a quiz upside down." It has actually been used many times for that purpose to "protect" spoilers from accidental reading, since most people don't read ROT13 ciphertext as easily as plain ol' English.

Often, ROT13 is used to make light of very bad cryptography, as in cases where people try to improve the security of encryption by encrypting something with AES first and Blowfish next, thus "doubling up" on the encryption. Common jokes in that vein involve statements like "I'll double the strength of my leet rot13 cipher by doubling the rotation to rot26!" A moment's consideration should be sufficient to realize that ROT26 would result in "ciphertext" identical to the plaintext. Even more relevant to the problem of people doubling up on their encryption is using ROT13 twice which — if you've been paying attention — you know means you have just encrypted then immediately decrypted the text, and is functionally the same as ROT26.

The lesson to take from such things, of course, is that there is more to encryption than many people realize. For instance, doing something once does not mean that doing it twice is better. In addition to that, ROT13 provides an easily recognizable bit of lighthearted cultural reference that anyone with an interest in subjects of cryptology can recognize, including beginners.


Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

Editor's Picks