Solution to CIA’s Kryptos sculpture is found in Smithsonian vault
(nytimes.com)84 points by elahieh 2 days ago
84 points by elahieh 2 days ago
So the central controversy in the story is whether the journalist fans should share the solution with the world or keep quiet for the auction.
Sanborn wants the money for medical reasons so he needs to maintain a high sale price.
The two fans want to share the solution with the world.
Presumably the winner of the auction will be buying a severely depreciating asset: the right to know but not disclose the solution. There are at least four people who have the solution and as soon as one of them shares it, its value goes to zero.
Maybe the “solution” to this meta problem is simple: auction it off to the public with a go fund me. As soon as it reaches $500k, publish the solution. That way everyone wins.
The whole thing got more complicated with the addition of lawyers, not less. I don’t see how the two fans violated any contracts with the artist or auction house since they never signed one. But of course lawyers will charge a ton for you to find out.
Do I understand part of the complexity of the situation is that Kryptos is in some sense "crackable" (unlike real cryptography), and these two people sleuthed their way to the answer book without solving it? Which is not quite exactly the same thing as them independently working out a solution; it's more like a nicer and more legal version of breaking into the guy's house and stealing it out of his desk drawer?
There would need to be (1) an existing valid contract, (2) knowledge by the defendants of it, (3) intentional and unjustified inducements by the defendants to break it, followed by (4) an actual breach that (5) caused damages.
Doesn't seem like that would fit here.
This seems like more of an ethical dilemma than a legal one.
> There would need to be (1) an existing valid contract,
Your (1) is false. You can damage a business relationship that doesn’t involve a signed contract.
“Tortious interference with business relationships occurs where the tortfeasor intentionally acts to prevent someone from successfully establishing or maintaining business relationships with others.” https://en.wikipedia.org/wiki/Tortious_interference
I thought that, in light of this comment https://news.ycombinator.com/item?id=45621067, we're only a few days from seeing the solution. However, the auction now reads
> Upon being notified, the Smithsonian immediately sealed Sanborn's archives for 50 years to protect Sanborn's intellectual property rights.
Sanborn actually showed off some of his worksheets during a PBS interview years ago, which I assume are the same documents later given to the Smithsonian. At one point I looked into buying the B-roll footage to take a closer look at them, but I discovered enterprising Kryptos sleuths had already done so years before.
>Jim Sanborn planned to auction off the solution to Kryptos, the puzzle he sculpted for the intelligence agency’s headquarters. Two fans of the work then discovered the solution.
Gift link https://www.nytimes.com/2025/10/16/science/kryptos-cia-solut...
I like this comment:
Victor Wong writes,
“If they don’t have the method,” she said, “it’s not solved,” she said.
That does raise a philosophical point to the craft of intelligence gathering. Speaking as a professional librarian, I do applaud the use of ATI (access to information) to find the appropriate data -- it's akin to a WW2 unit capturing an Enigma codebook.
As I see it it's a lesson about finding out things in the real world. It's even a little poetic that the people finding the solution are a pair of investigative journalists, digging up information that was technically already out there, rather than a puzzle solving cryptologist "breaking down the front door of the problem" so to say.
Kobek may actually have pulled that off once before, by the way. I'm pretty sure that his Zodiac killer candidate, Paul A. Doerr, will turn out to have been correct.
> “This is a problem everybody has been attacking as a STEM problem,” Mr. Kobek said in an interview, referring to the fields of science, technology, engineering and mathematics that underlie cryptography. Cryptographic science, he argued, could not solve Kryptos — “but library science could.”
Recent and related:
The secret code behind the CIA's Kryptos puzzle is up for sale - https://news.ycombinator.com/item?id=44907366 - Aug 2025 (53 comments)
"side-channel attack" and it was super effective!
> truly an American artist of the time.
Indeed. Quote from the article (emphasis mine):
"Mr. Sanborn acknowledged that keeping the secret could be a strain: His computer has been hacked repeatedly over the years, he said, and obsessive fans of the work have threatened him. “I sleep with a shotgun,” he said."
There was a Standford professor that was wondering why he had void of cancer patients around 63 and 64. Turns out people wait to get on Medicare for treatment because they cannot afford it with their standard health insurance.
USA would save money in the long run with Universal health care. Since people in the US wait until it gets bad before seeking treatment. This means fights cancer at stage 3 and 4 instead of 1 and 2. Latter the stage the more it costs and less likely for success.
This is one reason foreign doctors come to the US to study and train. Modern countries with Universal Health Care treat at stage 1 and 2 with 3 and 4 being rare ... except for the USA. Need to study advance cancer and aggressive, this USA is a great place.
[0] https://med.stanford.edu/news/all-news/2021/03/Cancer-diagno...
Where is the rule that comments must stay on topic and avoid diversion? It was a more interesting and informative comment than yours that you've restated here (particularly given that being "very covered by Medicare" does not even counter what you originally replied to, as it will not cover all or perhaps even most costs)
Alt title from NYT header: Solution to CIA’s Kryptos Sculpture Is Found in Smithsonian Vault
They are guidelines, not rules, but the site guidelines here advise submitters to use the original title for linked articles: https://news.ycombinator.com/newsguidelines.html
"Eschew flamebait. Avoid generic tangents."
relevant to this discussion is an essay from James Mickens : https://www.usenix.org/system/files/1401_08-12_mickens.pdf
This essay is relevant to this situation because the threat model in James’ essay is almost the same way this cipher was decrypted.