Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Null Cipher

Training Camp • Cybersecurity Glossary

What is Null Cipher?

A steganographic technique that hides a secret message inside ordinary text using a rule (e.g. every third letter) rather than encrypting the content.

Glossary > Cryptography & PKI > Null Cipher

Null Cipher — A steganographic technique that hides a secret message inside ordinary text using a rule (e.g

Understanding Null Cipher

A null cipher is a steganographic technique that conceals a secret message within ordinary, innocent-looking text rather than transforming the content as encryption does. The hidden message is recovered by applying a predetermined rule, such as reading the first letter of each word or every nth character, while the rest of the text acts as meaningless filler (the nulls) to disguise it.

The mechanism relies on concealment rather than mathematical secrecy. The sender embeds plaintext into a cover message according to an agreed extraction rule, so the carrier text reads naturally to anyone unaware of the scheme. Because nothing is scrambled, there is no key in the cryptographic sense and no ciphertext to analyze; security depends entirely on the rule and the cover staying secret. This makes null ciphers a form of security through obscurity, not true cryptography.

This matters for security understanding because null ciphers illustrate the difference between hiding the existence of a message (steganography) and hiding its meaning (cryptography). They are weak on their own: once the extraction rule is discovered or guessed, the message is fully exposed, with no cryptographic strength behind it. In practice, defenders care about the concept because covert-channel and data-exfiltration techniques use similar hiding strategies, and modern detection looks for anomalous patterns in text or media.

For example, a spy sends a chatty letter where the first letter of each sentence spells out a target's name, an old espionage trick using a null cipher. In a modern analogy, a data-loss-prevention team might find an employee exfiltrating secrets by encoding them in the capitalization or spacing of otherwise benign emails. Organizations generally rely on strong encryption for confidentiality and reserve steganographic methods for niche uses such as digital watermarking, where invisible owner identifiers are embedded in media while encryption still protects the content.

Learn More About Null Cipher:

Ready to Get Certified?

Null Cipher is one of the topics you'll master in the Security+ Boot Camp.

Security+ Boot Camp →