ROT13, ROT47 & Caesar — auto-detect in one tab

What does the ROT13/ROT47 converter do?

ROT13 rotates letters by 13 positions. ROT47 rotates the entire printable ASCII range by 47. The Caesar cipher allows a free shift from 1 to 25. All three are special cases of the same idea — a rotation through an alphabet, mathematically an addition modulo alphabet size. This tool brings them together — without tab jumping, without server calls, without tracking.

The auto-detect mode is the real differentiator. Instead of clicking through 26 candidates yourself, the tool runs every Caesar shift plus ROT47 and scores each statistically. The most likely plaintext sits on top; you can inspect the rest in order. Click ‘Use’ on any row and the result flows back into the ROT13 or Caesar tab for further editing.

How does the frequency analysis work?

Every language has a characteristic letter histogram. In German, E is the most frequent letter at 17.4%, followed by N at 9.78%, I at 7.55%, and S at 7.27%. In English, E also leads at 12.7%, but T comes second at 9.06%, then A at 8.17%, then O at 7.51%. These profiles have been known for over a century — Friedrich Kasiski used them in the 19th century to break Vigenère ciphers.

For each of the 26 candidate decryptions the tool builds a histogram and compares it via chi-square test to both language profiles:

χ² = Σ (observed - expected)² / expected

The sum runs over all 26 letters. The lower the value, the better the histogram fits the language. The tool takes the smaller of the German and English scores and tags the candidate with the better-matching language. Auto-detect therefore works on both German and English text without you having to pick a language first.

For very short inputs (under about 30 characters) detection becomes unreliable because the histogram has too little data. From 50 to 100 characters upward detection is usually unambiguous — the correct candidate sticks out with a much lower score.

What is the history of ROT13?

ROT13 emerged on Usenet in the early 1980s, when asynchronous discussion forums dominated the internet. Users needed a way to hide spoilers — answers to puzzles, punchlines of jokes, solutions to quiz questions. Real encryption was overkill; a simple text scramble was enough.

ROT13 fit the requirement perfectly: trivial to implement (any editor with find-and-replace could do it), reversible without key management (apply twice = original), and unreadable to humans without help. The convention became so canonical that mail clients and newsreaders shipped dedicated ‘decode ROT13’ buttons. GNU Emacs still has an M-x rot13-region command today.

ROT47 came later as the ASCII extension. The original ROT13 only works on the 26 letters — digits, punctuation, and special characters remain visible, which is a problem for structured data like code, tables, or URLs. ROT47 covers the entire printable ASCII range and produces a more complete scramble. The price: the result is even more visually jarring than ROT13.

How is ROT13 used in geocaching?

Geocaching is a GPS-based treasure hunt where caches are placed at real-world locations and described with coordinates and hints. For Mystery Caches the final coordinates hide inside a puzzle — and cache owners traditionally ROT13-encode the hint so searchers don’t accidentally see it while reading the description.

The typical workflow: you read the cache page, get stuck, copy the ROT13 hint into a tool, decode it, walk to the cache. The geocaching.com site has shipped a built-in ‘Decrypt’ button for hints since launch in 2000 — ROT13 is so embedded in the hobby that the platform treats it as the default obfuscation.

For trickier caches some owners use ROT47 or Caesar with unusual shifts (say ROT8 or ROT19). In auto-detect mode this tool finds the correct shift in milliseconds — even when the cache owner picked Caesar shift 17, which you have never used before.

Where does ROT13 stop being a security tool?

ROT13 is explicitly not a security mechanism. It is a marker. If you want to protect sensitive data — passwords, home addresses, account information — from determined access, you need real encryption: AES, modern in GCM mode with a 256-bit key, or an asymmetric counterpart. ROT13 loses every brute-force attack in a microsecond because only 26 shifts exist (and 25 of them differ from the identity).

ROT47 is not meaningfully more secure — its key space is 94 instead of 26, still trivial to brute-force. Both ciphers share the weakness of every monoalphabetic substitution cipher: the letter histogram does not change, it merely shifts. That makes statistical analysis — exactly what this tool performs — the direct path to the plaintext.

Use ROT13/ROT47 for: spoilers in forums, geocaching hints, cryptography teaching material, quiz answers, easter eggs in software, harmless scrambling for screenshots or examples. Do not use them for: data whose secrecy must extend beyond ‘not seen by accident.’

What other classical ciphers exist?

The Vigenère cipher extends Caesar with a key text: instead of shifting every letter by the same amount, the shift varies along the input according to a keyword. Until the 19th century it was considered the ‘chiffre indéchiffrable’ — until Charles Babbage and Friedrich Kasiski independently broke it in 1854 and 1863.

The Atbash cipher is a fixed permutation: A → Z, B → Y, … Z → A. It appears in the Hebrew Bible (mainly in the Book of Jeremiah) and is mostly of historical interest today.

The affine cipher combines multiplication and addition modulo alphabet size: E(x) = (a·x + b) mod 26 with gcd(a, 26) = 1. The Caesar cipher is the special case a = 1. The affine cipher has 312 possible keys (12 valid values of a × 26 of b), still trivial to brute-force.

All of these ciphers are monoalphabetic or polyalphabetic with a short period. They are teaching material and curiosities, not practical encryption. For real security only the modern family applies — AES for symmetric, RSA and ECDH for asymmetric, ChaCha20-Poly1305 as an alternative stream cipher.