I recently learned about an encryption protocol called CipherSaber, which was developed in 2001 by author, consultant and Star Wars fan Arnold G. Reinhold in retaliation against government plans to restrict access to strong cryptographic techniques.

CipherSaber is based on a stream cipher called RC4 (a.k.a. “Arcfour”) that was developed by Ron Rivest. Since the RC4 algorithm is simple enough for a programmer to implement from memory, it is effectively immune to any sort of software embargo.

Although CipherSaber lacks important features like a key exchange mechanism and cryptographic techniques have moved on since 2001 (RC4 is no longer considered entirely safe), CipherSaber is still a useful cipher of last resort. I’d encourage anyone with an interest in cryptography or programming to try their hand at creating their own implementation. Reinhold’s pages are starting to show their age (broken links everywhere!), so I’ll summarize the algorithm below:

CipherSaber Algorithm


You will need:

  • A secret key (up to 246 bytes)
  • Binary data to be encrypted or decrypted (as many bytes as you like)
  • A number num_rounds which should equal 1 for the original CipherSaber algorithm, or 20 for CipherSaber-2 (recommended). Or you can choose some other value if you like.


  1. Create two 256-byte arrays called S and S2.
  2. Initialize S by filling it with all the values from 0 to 255 (i.e., S[0]=0, S[1]=1, S[2]=2, and so on.)
  3.  Copy the secret key to the bytes at the start of S2.
  4. If you’re encrypting, you should then generate ten bytes of random data (called the initialization vector). Write a copy of these ten bytes to your output file. If you’re decrypting, read these ten bytes back in from the start of the binary data.
  5. Append the initialization vector to S2, directly after the secret key. Then fill up the remainder of S2 by repeating the secret key and initialization vector until you have set all 256 positions in S2.
  6. Now we have to randomize the contents of S based on the contents of S2. This is done by swapping bytes in S according to the following method, using the value of num_rounds you chose earlier:
    j = 0
    for n in (1 .. num_rounds)
        for i in (0 .. 255)
            j = (j + S[i] + S2[i]) mod 256
            swap S[i], S[j]

    You can now discard S2; it won’t be used any more.

  7. Use S to generate a pseudo-random stream of bytes to combine with the input data (using exclusive-or (XOR) operations). Since this is a symmetric cipher, the procedure is exactly the same for encryption and decryption:
    i = 0; j = 0
    for each byte b of binary data:
        i = (i + 1) mod 256
        j = (j + S[i]) mod 256
        swap S[i], S[j]
        k = (S[i] + S[j]) mod 256
        output (b xor S[k])

Well I hope that isn’t too complicated. Frankly it’s about at the limit of what I’d be able to reproduce from memory, and I’m not sure I’d be able to get it right first time either. But do have a go at writing your own. You’ll probably want somewhere to test your code, and for that purpose I’ve set up an online encryption/decryption tool that you’re welcome to use.

And finally, don’t forget to use a strong password with CipherSaber. Here’s a text encrypted with CipherSaber-2 using one of the 25 most common passwords of 2013. See if you can figure out what it was:

f8 a2 76 5d d2 3a 75 67 0f 15 ea 1e 8d 55 9f 39 69 cd 3f d6 61 48 06 85
65 1e a3 1a eb d7 88 dd d8 cd 46 e8 0c d6 cd 2d b1 bf 7b 34 aa fc aa ed
39 a9 14 6f e7 5c 57 f6 23 f8 69 d3 17 f7 0a f8 a8 7d 29 f3 9c e7 45 51
0d 6c 92 b8 9f 3d 6c 5a c8 8c 7d 71 e0 60 75 fb 00 61 c6 f2 02 60 e3 38
ab c0 48 f7 ed bd 05 67 c0 25 99 cc 85 67 23 ae 67 61 e2 0c ce 90 95 c8
8a 9f 19 ca 2e 35 0b a8 c3 31 6a 39 3a 24 52 31 e4 81 ae 35 f6 d9 c7 5f
31 3e 6f 2f 2f 96 87 95 0c 2f 90 87 1f a2 94 68 e3 ac 93 29 4d a7 53 24
a1 ca 51 35 10 84 50 58 01 12 42 6a 6a 0b f4 1d a6 33
Tagged with: ,
4 comments on “CipherSaber
  1. Alan Pittman says:

    Thank you very sincerely for your CipherSaber webpage. It’s been extremely useful. Especially the online encryption test harness. You even included CS2. That’s good, because even that is easy to get wrong! Have a great day and once again, thanks.

  2. Eddie Pepper says:

    27 07 D6 1B 94 3F 26 FC CE 44 52 97 B8 32 1D 23 C7 34 C6 69 7A BE FE BB 76 E6 30 56 55 0E CD EE 61 51 69 46 90 55 1C AC D1 88 8B 77 40 1D EB 35 05 7D 34 C3 C2 D8

Leave a Reply

Your email address will not be published. Required fields are marked *


Please enter the missing number: *