(we would really want to use a more complicated permutation) and we use the same plaintext as in the previous two examples, we obtain:

TTRNRT UHOMO SFECE HYSGEH REDEN E NHS E A LE I I CTCE O SI |

FN ET AHBCT DNDO AOBTRA TALOO TY IW CBEO K SEV H AS TOE HE |

C HNO OWOA S UMOGR TIWC RNK BOU S STIT O NF EDTN |

One method of decoding looks at a column of the ciphertext and
asks what other column could immediately follow it. For example,
it is possible that the column following `OBO` (the tenth
ciphertext column) is `UAO` (the 8th), but the column `TFC` would
yield the improbable two-letter combination `BF`.

As always, a longer message is easier to decode. Unlike simple
substitution, it seems that blanks make the decoding process more
difficult.

What about a known-plaintext attack? Since there is only one
Y in the first line of the plaintext, we can tell that column 12
of the plaintext is column 21 of the ciphertext, but there are
other things we can't tell. In this example, there are 8 columns
of three blanks at the end of the plaintext, and we can't be sure
which of these corresponds to which of the all-blank ciphertext
columns. (it doesn't matter for this message, but we would like to
know the entire key to deal with longer plaintexts in the future)
A carefully chosen plaintext can give us the entire key at once.

2002-12-14