Get Your Geek On: Introduction to Encryption
First of all: I have been working on this post for over a week and it turned out to be rather extensive. For that I’m sorry. The reason I’m writing this post is that I was amazed about the misinformed assumptions fellow classmates have and their curiosity on this topic.
In its earliest form, people have been attempting to conceal certain information that they wanted to keep to their own possession by substituting parts of the information with symbols, numbers and pictures. Stenographic techniques have been used for centuries. The first known application dates back to the ancient Greek times, when messengers tattooed messages on their shaved heads and then let their hair grow so the message remained unseen. A different method from that time used wax tables as a cover source. Text was written on the underlying wood and the message was covered with a new wax layer. The tablets appeared to be blank so they passed inspection without question. In the 20th century, invisible inks were a widely used technique. In the Second World War, people used milk, vinegar, fruit juices and urine to write secret messages. When heated, these fluids become darker and the message could be read. This technique is still used among inmates in U.S. prisons that belong to gangs.
Even later, the Germans developed a technique called the microdot. Microdots are photographs with the size of a printed period but have the clarity of a standard typewritten page. The microdots where then printed in a letter or on an envelope and being so small, they could be sent unnoticed.
Recently, the United States government claimed that Osama Bin Laden and the al-Qaeda organization use steganography to send messages through websites and newsgroups. However, until now, no substantial evidence supporting this claim has been found, so either al-Qaeda has used or created real good stenographic algorithms, or the claim is probably false. [Tel, 2004]
So why might someone want to use encryption?
Actually, there are numerous reasons why people might want to use encryption. Of course there are military reasons, the need to protect business or financial information, protecting communication from unauthorized access, the protection of stored data, authenticating payments and the prevention of espionage. However, due to a lack of knowledge unnecessary security issues still arise.
In order to understand the following sections allow me to introduce some terminology. Code is a technique to replace words or semantic structures by a corresponding code word. The simplest example of this principle is a shift in the alphabet by a fixed amount (e.g. 2 positions make a=c, b=d etc.) Cypher means a replacement based on symbols, where each symbol is mapped to another letter. Cryptography is the science of encrypting or hiding secrets. Cryptanalysis is thescience of decrypting messages (cyphertext) or breaking codes and ciphers in order to obtain the unencrypted message (plaintext). Cryptology is the combination of both Cryptography and Cryptanalysis.
Due to space constraints I am not digging into the algorithms. Moreover, I am afraid that I have already lost a lot of readers by now, and throwing in numbers might turn off the last readers. If you are really enthusiastic and think I’m leaving out the good parts, just leave me a message or come see me after class. (If it’s before noon, coffee would be appreciated.)
My experience tells me that basically, a good encryption algorithm is as strong as its randomness. In short, there are two algorithm categories; symmetric-key encryption and asymmetric key encryption. Symmetric key encryption uses one key for both encrypting and decrypting messages. Asymmetric key encryption uses complementary keys in order to encrypt and decrypt. Symmetric key encryption is often used repeated communication where asymmetric key encryption is used for one-shot communication like signatures (e.g. DigID). Do keep in mind that the latter is more computationally expensive.
Encryption and its use have been a controversial topic for years. Until the late ‘90s encryption algorithms were seen as munitions in some countries, including the U.S. and Germany. All kinds of issues arose from this form of governmental control. Companies were forced to release separate versions of their software (one for export, one for domestic use). Even T-shirts were printed stating (in cyper) “This T-Shirt is a munition.”
To prevent governments in creating backdoors, some developers started collaborating in the cloud. In 1991 PGP was the result of their effort. Since it was given away on the internet the U.S. felt this was export. Zimmerman and other developers saw it as a form of free speech. In 1996 court order ruled computer code to be speech leading to U.S. government dropping most export restrictions in 2000. Nowadays, many advanced encryption algorithms are open source, including AES which may even be used by U.S. Top Secret Agents. And did you know AES was originated by Joan Daemen and Vincent Rijmen in 1971? That sounds pretty Dutch right?
Next-Gen Encryption Algorithms
AsI stated before, cryptographers are continuously seeking for the algorithm that generates the most random cipher. Quantum Cryptology looks promising, although it contains flaws and researchers are worrying about its practicality. MIFARE, (PDF alert) an encryption algorithm used for securing data packets between satellite and RFID-chip. (Yes, it’s used for the OV-chipcard. No, it’s not cracked) is pretty advanced. It’s a well-kept secret that it uses swipe time and distance to satellite amongst other variables to generate random cipher. Hi Brenno!
I am amazed that you are still reading. In a discussion with fellow classmates I stated that longer passwords are not always more secure. In short, very long encrypted passwords generate simply less random cipher. Below you find an illustration of common misunderstandings about password strengths.