Hollywood Encryption

Modern cryptography is a very, very, very serious business. It can be what protects the citizens against The Man. It can be the difference between losing a war or winning it. It can be the difference between making millions of dollars off a new invention, or letting the competition find out, overtake you and run away with all the money you could have made. It can be what keeps your Porn Stash safe from Mom's prying eyes. It's the only barrier that separates data crackers from your bank account's details. It is also the base of communication within Ancient Conspiracies, shadowy criminal organizations, perfectly legitimate corporations and freedom fighters.

Unfortunately for those who studied literature hoping to never, ever see a single number ever again, crypto is also one of the hardest sciences in the world, drawing from fields as abstract and diverse as number theory, mathematical logic, information theory and data structures. And ciphers are just the tip of the iceberg — there are also associated algorithms such as cryptographic hashes, pseudorandom number generators, public key algorithms, and cryptosystems like SSL, PGP, NaCl, SSH, IPsec or dm-crypt that tie them all together into something useful. Needless to say, this means any research in the subject done for pretty much any purpose needs to be very accurate, or else the fictional cryptosystem will be a total and utter piece of garbage and the cryptanalysis process will be basically black magic.

Unfortunately, executives will sometimes ask a writer to deliver a manuscript in record time about a story that delves into such a hard topic, and failure to deliver in time is not a choice. When this happens, the only thing the writer can do is reducing crypto to some kind of obscure character shifting and scrambling, describing it through some kind of Techno Babble, or spewing some vague stuff about "hacking" the "cipher" or something like that.

Can be an acceptable break from reality, because there would be no plot at all if an encryption really was unbreakable or took years to be broken.


Anime and Manga
  • Angel Beats! has a borderline example of this. Angel's personal computer is secured with "128-bit DES" which is hacked through without any trouble. While DES is an encryption standard infamous for being insecure, that's because its 56 bit key was very short for today's standards; the actual algorithm itself is very solid even by modern standards. To alleviate this problem while the current AES algorithm was developed, an extended version of DES was published in 1998 that simply used three DES keys with three full rounds of DES to achieve a total key length of 168 bits — meaning that Angel's 128-bit DES encryption is basically a non-standard DES that could possibly have unforeseen security holes that could have been exploited by the attackers.
  • Done in Ghost in the Shell, with the Hand Wave that the Major and the more techie members of Section 9 are just that good. However, sometimes they run across security that actually counterattacks their hacking, which might be something of an aversion (encryption that can scramble your brain? AWESOME).

Fan Works
  • Justified in Heroes Of The Desk: Repercussions since the tech doing the cracking is hundreds of years more advanced (2500s versus 2015) and specifically issued to people whose job it is to break into places (Ghosts like Nova Terra).
  • In Origins, a Mass Effect/Star Wars/Borderlands/Halo Massive Multiplayer Crossover, there's a subversion. As opposed to most Insecurity Systems (lampshaded by Samantha Shepard), the super-dreadnaught Farsight has encryption that relies on data being accessed from within its network because only there can a file be decrypted with multi-part hardware keys that are built into the starship's computers. Even Cortana can't break it despite cracking everything previously with ease, so the heroes end up accessing the system by getting someone who has authorization to unlock the data they need.

  • In The Avengers, the World Security Council comm panels each have a rotating cipher key in the lower right corner, constantly updating and matching to keep the connection secure.
  • Swordfish: Stanley is shown a "Restricted Access Only" password screen. The screen conveniently says that it is using DES (Data Encryption Standard) 128-bit encryption. Then Gabriel says it is actually 512-bit encryption, and asks Stanley to use a worm, that acts as multiple worms, to find "digital footprints" throughout an encrypted network. Stanley is told to do this in sixty seconds, and already wastes the first fourteen seconds. In terms of cracking, 128-bit and 512-bit encryption bring to mind multiple dozens of computers simultaneously attempting to brute force a password over a period of days or months. Over the next minute, Stanley does not appear to be manually entering passwords, or automating the process of entering passwords by running a program, or setting up something like a botnet or server cluster, which would take too long to accomplish in under a minute. It is likely Stanley is not actually cracking, but is actually hacking, and Hollywood Hacking is pretty close to magic, which in this case, means Stanley is doing whatever it is that will bring about the result that will happen to be successful. This could be as simple as opening and running the program, and letting it do what it does, while navigating the interface of the operating system. On screen, this appears as some jumbled C code, hopefully written beforehand, which may take a couple seconds to compile, if needed, and though it appears incorrect, it makes perfect sense to the program meant to interpret the code. The incomprehensible geometric interface is doing what it's supposed to, the impossible IP addresses work just fine because they refer to super duper secret computers that use those addresses, and the PERL script is also doing whatever it's supposed to do. Because, this is more about file transfer than it is about hacking. You see, a Vernam cipher, or One-Time Pad, is not going to be cracked. It will require the actual key. Now, both the computer and the network are encrypted. So, before this fancy worm gets on the network and searches for the key, unsecured, on someone's computer, let's say it already knows the key, and Stanley already knows the password and isn't telling anyone, because this movie is full of double-crossing and by the end you don't have information about what the hell's going on, giving Stanley all the time he needs to enter the correct password.

  • In A Brother's Price, Jerin finds a book written in some simplistic fake thieves' cant. Justified, as the man who needed to be able to read it was Too Dumb to Live (yes, really, literally), and it had to be that simple. Of course, Jerin and his sisters, expert codebreakers, figure it out quickly.
  • The Radix: Coded messages play a significant part in the story, depicted verbosely, but not very realistically.
  • In Digital Fortress the NSA has a computer which is powerful enough to brute force (i.e. keep trying different passkeys until it gets the right answer) encryption. The plot is based around a new encryption algorithm which is resistant to brute force methods. This is a clear case of research failure, since a brute force search for a solution would try every possible key until the right one was found.
    • There does, however, exist an encryption method, the one-time pad, that is immune to brute force, and unbreakable if carried out correctly (doing so, however, is often logistically prohibitive, for one thing, the key must be at least as large as the message). It's immune to brute force because with different keys you can get every possible message that has the same length as the one being sent, with no indication whatsoever of which possible decryption is the right one.
    • Actually most modern digital encryption is resistant to brute forcing, in that it's theoretically possible to do it, but would likely take an impossibly long time, possibly billions of years, assuming you dedicate all of the world's computing power to brute forcing that one key. (Estimates of those "billions of years", though, usually don't adjust for future hardware upgrades.)
  • In Desmond Bagley's The Tightrope Men, the hero is captured and being questioned by enemy agents, who want to know about the high-tech whatsit he's believed to be working on. However, he's only impersonating the scientist they think he is, and he didn't get a proper briefing, so he's at a loss. Then, abruptly, he comes out with a spray of technobabble about a computer which can brute-force encryption like the one in the Dan Brown example above. This scares the life out of him, because he doesn't even understand what he's saying, but it does make sense to people who know computers, so he wonders where the hell this sudden burst of information came from. Incidentally, the scientist he's posing as was actually looking into a possible design for an X-ray laser, nothing to do with computers at all.

Live-Action TV
  • Stargate Atlantis: Multiple times. Janus' lab pops up. He is meant to have his research encrypted with highly advanced encryption. It doesn't last long against the mind of The Smart Guy.
  • Terminator: The Sarah Connor Chronicles: Of course John can break the encryption of Sarkissian's hdd.
  • Buffy the Vampire Slayer:
    • Willow can decrypt anything, seriously, though admittedly the Initiative's most secretest files took her a few days.
    • Actually, she didn't manage to decrypt them; they eventually decrypted themselves, which was a less-than-subtle clue that the season's Big Bad had slipped those files to the good guys intentionally.
  • In one episode of Agent Carter, Carter manages to decrypt a one-time pad in her head. This was at the tail end of a period where the Russians were using breakable one-time pads - during WWII, the Russians were forced to reuse some of their pads, which rendered them vulnerable to cryptanalysis - it seems highly unlikely that she would have memorized 35,000 pages of sheer gibberish on the off chance that she might encounter a message encrypted by one of them, especially since the Russians had long since figured out that the VENONA pads were vulnerable and were replacing them with newer and more secure pads as quickly as they could.
  • The season 4 premiere of Mission: Impossible had the team using an actual cryptanalysis attack - they tricked the villains into using their secret encryption algorithm to send a message of their choosing, which allowed their codebreaking computer to figure out how their algorithm worked, enabling them to intercept and decrypt battle plans sent by that algorithm later on. No details of how the algorithm worked were mentioned beyond a decryption key being hidden in a photograph the message was embedded in. In the episode "The Photographer", they actually did show how the encryption algorithm the episode centered around worked (It involved a fixed substitution cypher, the date of transmission, and a phone book). The team figured this out by sending the titular photographer a message that appeared to be encrypted using the algorithm, and arranged for him to decrypt it while Rollin was in a position to watch the process.
  • The "Midnight Ride" episode of Sleepy Hollow featured a Vigenère cipher in an old document by John Adams, containing instructions on how to defeat the Headless Horseman. The document had been preserved and was available online, but nobody had been able to decipher it, before the protagonists found the keyword. The Vigenère cipher is a real cipher, and it was believed to be unbreakable for a long time, but nowadays it can be broken in hours by a human or seconds by a computer.

  • Coalition Of Ponyist States:
    • Most "encrypted" communiques are merely specified to be encrypted, instead of actual details on the encryption method used. This is mostly to Hand Wave very-hard-to-decrypt messages, since providing a real-life encryption method/algorithm would allow more tech-saavy players an advantage in explaining how they'd decrypt the message.
    • Crystal Spires averts this trope by actually encrypting messages.


Anime & Manga
  • Played with, and ultimately averted in Cowboy Bebop. In one episode a computer program is mentioned that can be used to break any encryption, but the catch is the program itself is encrypted. The focus of the episode is over a poker chip that has the decryption key for the program, the "key to the key" as Jet put it. Since the crypto on the original has proven to be unbreakable so far, the value of the key is immeasurable.

  • Averted thoroughly in Sneakers. While the MacGuffin is entirely fictional, if something did what it could do, it would be able to slice through virtually any modern encryption. The description of how cryptology works is dead-on accurate — Len Adelman, cocreator of RSA (public-key) encryption, consulted on the movie. The visual representation, on the other hand, is baloney.

  • Averting it is pretty much the entire point of Neal Stephenson's Cryptonomicon, where Lawrence Waterhouse shows us how the German Enigma machines worked and how Bletchley Park worked day after day cracking their codes, whereas Randy Waterhouse shows us in the first few pages how proper encryption is done, all of that while rattling scientifically accurate lectures about information theory. Need anything more? Well, Neal Stephenson asked Bruce Schneier to create a 100% functional encryption algorithm, called Solitaire, which can be implemented on the field with playing cards, and the books include a working Perl script that implements the algorithm.
  • Safely averted in Reamde. The encrypted file on Wallace's hard drive has a ".gpg" file extension. GPG is a real-world program, the GNU Privacy Guard, that implements an encryption alogrithm (OpenPGP) that would work exactly as described. That said, there's nothing about GPG that requires a three-letter ".gpg" file extension as it instead embeds GPG/PGP header information in the file itself. GPG'd files can have any extension the user wants and GPG will still be able to identify and decrypt them by checking for the PGP header block in the file. Stephenson likely used a .gpg file extension because it was quicker and less awkward than explaining the details of GPG's functionality, and worked just as well as a shout-out for cryptogeek readers and wouldn't have made much difference anyway for those who didn't know what he was talking about in the first place.

  • Averted on Blackhat: The good guys manage to intercept an electronic message sent by the bad guys, but Hathaway (the Playful Hacker Boxed Crook hero) points out once one of the agents asks him to decrypt the message that the message utilizes a 512-bit GPG code-theoretically, he would be able to crack it given enough time, but the "enough time" he's talking about is of a few months and they have at least hours remaining before the bad guys strike. They nearly give up on the lead as a result.

Video Games
  • Averted in Iji. The eponymous Nanotech cyborg can hack her way through a lot of low-security doors, but some doors are just too securely encrypted for her to ever hope to open.
  • Averted realistically in Mega Man Battle Network. MegaMan.EXE cannot crack open the heavily-encrypted Purple Mystery Data item containers he can find while traveling the Internet with his own abilities, and has to resort to purpose-built Unlocker sub-programs to unpack them. He also cannot spoof security certificates to enter heavy-security zones and has to retrieve passwords, ID data, and security certificates to get past these barriers.