[amptorn]

This is a very bad idea because it's going to rotate ordinary characters to code points where Unicode normalization has an effect, including combining characters, whitespace, control characters... After normalization, rotating back will produce garbage.

[shakna]

> including combining characters, whitespace, control characters...

It actually skips whitespace, control characters and surrogate pairs [0].

[0] https://github.com/rottytooth/rot8000/blob/main/Rottytooth.R...

[GekkePrutser]

Oops I was just writing the same, I didn't realise someone had already mentioned this.

But anyway ROT in itself is a pretty stupid idea anyway, usually just done for show.

[woodruffw]

The website explains the primary actual use case for ROT-style transforms:

> It is used to enclose the text in a sealed wrapper that the reader must choose to open - e.g. for posting things that might offend some readers, or spoilers.

AFAIK, this has been a common use of ROT13 since the 1980s. It also preserves substring search and message length (unlike BaseN encodings), which are occasionally useful properties.

[GekkePrutser]

Ah ok, I was aware of that usage back in those days (fidonet), but I didn't realise it was still used as such. I haven't seen that function in any modern app, and most have their own spoiler tag implementation (like black on black so you only see the content after highlighting)

In cryptography circles it seems to be kind of a running joke ("just use ROT13 encryption and you'll be set!" is something I've seen several times) ;) I know it was never intended to be secure.

But it makes sense then.

Of course if you work with ROT13 a lot, you will probably gain the ability to read it just by viewing the ROT'd code, defeating its purpose :) The structure of words also gives away a lot, since it doesn't affect spaces, capitalisation or punctuation. I still don't think it's very good at this usecase either.

[hermitdev]

Yeah, in other words: it's not intended to hold up to scrutiny, just hold up to a glance.

[Phrodo_00]

I don't get this line of thinking. Nowhere does it says it's supposed to have any security uses.

[DonHopkins]

It's quintessential security theater.

[dhosek]

Rot13 hasn't been a serious encoding scheme for security since the Roman Empire. It's all about making an easy to encode/decode wrapper for hiding spoilers and the like. Back in the olden days, newsreaders had a shortcut key to run rot13 on the text of a post so you could unveil the spoiler or puzzle solution.

[wutbrodo]

> But anyway ROT in itself is a pretty stupid idea anyway, usually just done for show.

How do you figure? It feels like the simplest way to handle eg spoilers in a universally portable and widely-recognizable way.

[Spooky23]

Depends on what you’re trying to do. Might be a viable strategy for avoiding filters that are aware of thing like base64