Frequently asked questions

No. We only keep a SHA-256 hash of your solution, computed client-side. Nobody — not even us — can recover the cleartext from that hash.

Yes — the “Encrypt” page walks you through it. Pick a method, a source text, a difficulty, then publish.

Image-cipher puzzles render the glyphs immediately on opening, even before you’ve added any method to the chain — so you can visually recognize the symbol system in use. To reveal the plaintext, add the matching image cipher at the top of your chain (e.g. "Dancing Men" if you see silhouettes). As long as the first active method in your chain doesn’t match what’s stored in the puzzle, the plaintext stays empty (to avoid misleading you), and the wrong method is flagged with a ⚠ icon and an explanatory tooltip.

In English both « encrypt » and « encipher » are accepted, but the distinction matters: strictly, you encipher with a key and decipher with the key, while « decrypt » means recovering the plaintext WITHOUT the key — breaking a cipher. French draws an even stricter line: « chiffrer » (to cipher) is correct, « crypter » is flagged as incorrect by the French national security agency (ANSSI) and isn’t recognized by the Académie française. Throughout the site we use the precise terminology.

Encoding (base64, hexadecimal, Morse…) writes the same data in a different form, without a key and without aiming for confidentiality — anyone who knows the table can reverse it. Ciphering applies a cryptographic process WITH a key, so the message is unreadable without that key. Morse, A1Z26 and the NATO alphabet are codes, not ciphers. Caesar, Vigenère and AES are ciphers.

Cryptology is the science of secrets. It covers cryptography (designing ciphers to protect a message — confidentiality, authenticity, integrity), cryptanalysis (attacking and breaking those ciphers) and steganography (hiding the very existence of the message). CipherChronicle lives mostly at the boundary of cryptography and cryptanalysis: you learn ciphers by breaking them.

Encrypting transforms a message using a key, REVERSIBLY: with the right key, you recover the plaintext. Hashing computes a fixed-length fingerprint (e.g. 64 hex chars for SHA-256) that depends on every bit of the input — but the operation is ONE-WAY: from the fingerprint, recovering the original is computationally infeasible (no human-scale path back). The same input always yields the same fingerprint, and changing a single bit of the input scrambles the entire fingerprint (avalanche effect). Practical impact at CipherChronicle: we only store the HASH of the solution, not the solution itself. Even if someone stole our database, they’d find only fingerprints — uncrackable as long as the plaintext isn’t guessable. The player’s browser compares its own hash against the stored one; no plaintext ever travels.

A dedicated "Identify a cipher from its symbols" gallery lists the 19 symbol alphabets baked into CipherChronicle (Pigpen, Templar, Theban, Dancing Men, Klingon, Aurebesh, Hieroglyphs, Minecraft's Standard Galactic, Cistercian, Babylonian, etc.) with their glyphs side by side for visual comparison. Each card has two shortcuts: "View the method" for the full method page and "Decrypt" to open the workshop pre-filled with that cipher. You can reach it from the banner above the filter on the Methods page, or from the "Identify my symbols" button above the chain in the decrypt workshop (the latter opens the gallery in a new tab so your in-progress message stays put).

Not for public grids. An account is only required to create your own puzzles and to track your progress.

The included puzzle quota depends on your plan: 20 on Cipher Publisher, 50 on Cipher Architect. The Free plan doesn’t allow publishing — it only grants access to solve public puzzles.

You can buy extra credit packs (10 puzzles for €1.99) from the Subscription page. These credits stay yours until consumed and don’t reset each month, unlike your plan’s included quota.

No. Puzzles you publish stay live indefinitely. The monthly quota only caps the number of NEW publications per billing cycle, not puzzles already online.

Never in cleartext. On publish, we compute the SHA-256 fingerprint of your solution (prefixed with the puzzle’s unique id) and store only that fingerprint. The plaintext never reaches our servers, is never stored, and can’t be recovered from the fingerprint. On solve, the player’s browser rehashes their attempt with the same rule and compares both fingerprints. Consequence: even we can’t answer "what’s the solution to this puzzle?" — by construction.

Because it helps the player (a single Caesar vs. a five-cipher chain are wildly different difficulty), and because the creator can choose to hide it and turn it into the first hint to unlock. We never store the list of ciphers or their keys though — those are purely local to the workshop and never leave your browser. A published puzzle is just the ciphertext + the solution hash + (optionally) the cipher count.

You can attach up to 10 hints to your puzzle, in any order (drag & drop to reorder). The player unlocks them one after another, in that order — each unlocked hint can carry a small score penalty or a signal (depending on the puzzle’s rules). At least one hint is required to publish: it’s the safety net guaranteeing a stuck puzzle stays solvable.

A public puzzle shows up in the site catalog and is discoverable by any visitor — that’s the default. A private puzzle appears in no listing: only players with the direct link or explicitly granted access can open it. Private publishing is reserved for the Cipher Architect plan; other plans always publish as public.

The language field tells players which language the plaintext and hints are written in — so they don’t stumble onto a German grid while browsing English ones. The public catalog has a language filter that uses it directly. The choice is limited to ten Latin-alphabet languages (English, French, Spanish, German, Italian, Portuguese, Dutch, Polish, Swedish, Czech) because the platform’s classical ciphers (Caesar, Vigenère, Atbash…) operate on the A-Z alphabet — they can’t encipher Cyrillic, Japanese or Arabic. You can preselect a default language in My account; the publish drawer will pick it up for every new puzzle.

When you create (or edit) a private puzzle or collection, it gets a unique access token embedded in its share URL (`?token=…`). Anyone with the link can open the content without signing up — but the URL is invisible from the public catalog, search engines, and your profile. If a link leaks, you can regenerate the token from the detail page: the old URL dies instantly, the new one keeps working for the recipients you re-share with. Perfect for a wedding treasure hunt, a fellowship, or a brand campaign limited to a circle.

On a puzzle page where you are the owner (or admin), three icons appear next to the "Copy link" button in the header: ✎ to reopen the publish drawer in edit mode (title, hints, language, collection…), ⇄ to move the puzzle to another collection (or detach it), 🗑 to permanently delete it (with confirmation). Same logic on a collection page: edit / reorder puzzles (drag & drop) / delete. The ciphertext itself is never editable once published — you’d have to recreate the puzzle to change the chain, otherwise solvers already engaged would lose their progress.

A collection groups several of your puzzles around a theme (for example “My Vigenères”, “Classical cryptography”). It can be public to share your universe, or private to keep for yourself.

Collections are exclusive to the Cipher Architect plan, which includes 1 collection by default. You can buy extra slots from the Subscription page (€0.99 per collection).

Yes, the Architect plan includes private collections: only users with the shared link can see them. Public collections appear in the site’s catalog.

No. The PDF you drop in to use the book cipher is read in memory by your browser, indexed locally, and never sent to a server — nor stored persistently. If you reload the page, the index is gone and you need to drop the file again. This is intentional: the contents of your book stay on your device.

No. The whole encryption and decryption workshop runs in your browser — no plaintext, no ciphertext, no key is ever transmitted to our servers. CipherChronicle is a 100% client-side app: we never see what you type.

The "copy share link" button and the PDF QR code embed your text (cleartext or ciphertext) directly into the URL through a `value=` parameter, along with the cipher chain you used. As a result, anyone who receives the link can see the text. Use your judgement before sharing — especially for plaintext. If the URL gets too long, the button is disabled and the QR code drops the text (it then points to a neutral workshop link).

No cookies are set until you consent via the GDPR banner. If you accept, we load Google Analytics 4 to measure aggregate usage (page views, workshop clicks, PDF exports) — without collecting personal information. You can change your mind any time from the Cookies page, linked in the footer. No advertising, no third-party pixels, no data sharing.

Email us at [email protected] — full details on the "Contact us" page, linked in the footer. We read every email and usually answer within a few days, in English or French.

The platform’s classical ciphers (Caesar, Vigenère, Playfair…) only handle the 26 ASCII letters A-Z: they silently ignore or corrupt accented characters (é, à, ç…), mixed casing or diacritics. To prevent a "Lightning" grid from becoming unreadable once decoded — or worse, validating a different hash than what the solver recomputes — the workshop systematically normalizes input: letters go to UPPERCASE, accents are stripped ("éclair" → "ECLAIR"). The same rule applies to text keys for cipher methods (Vigenère key, Playfair word, etc.). Spaces and punctuation are preserved as-is.