Home Securitate Services Resources Security Links Feedback Search T Network
Cryptography
News | Unix security | Self-Defense | Anti Hackers | Cryptography | Articles

EN RO

Home
Up
Introduction
The Algorithm
History
CMEA
PGP
Decrypting
Wrap up
Words

GUIDE TO (mostly) HARMLESS HACKING
Vol. 3 No. 8, Part 1

The Magical Mystical Crypto-Primer

Cryptography as a security tool

By Tim "No Sinister Nickname" Skorick
Thanks for the suggestions and comments: Carolyn Meinel (naturally!), Bruce Schneier, John Young (for his internet Crypto vigilance), Mark Skorick, Eric Brisnehan, Mom, Dad, kenspiraC, Rahul Bheemidi, venMus, Everett Gidlund, Gomez, Skip Stavis, Jon Tempest and Prabaker Balasubramanium. Last, but not least, an emotional, teary-eyed "thank-you" to Juan Valdez for bringing the world 100% Columbian coffee, the richest coffee in the world.

Part One: the Crypto-bottom
What I'm going to tell you
The bottom
How they used to do it
The Ceasar cipher
What exactly is an algorithm?
The key to it all
How do you make a key?
More crypto-history
How they do it today
Keys are important still, but not the only thing.
What's "brute forcing?"
What is "public key" supposed to mean?
What's a Diffie-Hellman and who's RSA?
What's the easiest way to get into all this?
PGP and where to get it
Playing with PGP
Getting someone else's public key
What PGP really does
Other ways to start using crypto
Secure your Netscape connection
Wrap up stuff
All that confuses is not crypto
Beware "kindergarten cryptography"
Words you get to throw around
Wanna learn more?
Quick web stuff
Books to look for
Tim what's up with you and all this?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I. WHAT I'M GOING TO TELL YOU
Okay, some of you out there know generally what cryptography is supposed to do, how it is used, and what its limitations are. A lot of you probably even have a really good grasp of the mathematics involved. This primer won't tell you people anything you don't already know. Basically, I'm writing this for the cipher-newbies out there that have never used cryptography, or "crypto," and have no idea how it works, and like the idea of starting at the bottom. And it isn't going to be a quick thing. There is too much science, history, theory, and other stuff involved for a person to learn all the basics of cryptography quickly. BUT - as with most computer stuff, it is still way simpler than most people make it sound.

When you're done reading this you will have a whole metric ton of cool crypto-words you can throw around to impress your buds, and you should be just enough of a knowledgeable cryptodude to be able to find the real cryptography and avoid the "kindergarten cryptography."

II. THE BOTTOM (or "What the?")
Okay. "What the heck is cryptography?" you ask. Well, dang it I'll tell ya (This is the crypto-bottom, chitlins.)

Everybody at some time or another sends someone message that they would rather be kept secret. Whether you are sending an e-mail to a friend, your doctor is faxing your medical records to the insurance company, you are ordering a take-out dinner over your wireless phone (and using your debit card number to pay in advance), or saving the plans for your latest development tool to your business partner's network drive, privacy these days is super important. Cryptography is the art of taking a perfectly good
message and scrambling the living snot out of it so as to make it completely 100% unreadable to everyone except for the party who is supposed to be reading it.

Now the whole crypto thing is rolled up into the subject of "cryptology." There are a few different disciplines within cryptology. "Cryptography" is the art of creating the schemes used in the whole process. "Cryptanalysis" is the discipline of cracking what the cryptographers come up with. Most really hard core cryptographers were people who spent a LOT of time and
effort being cryptanalysts, so they know enough to keep from making all those idiotic mistakes cryptographers usually make.
People have actually been doing this for a long time

III. HOW THEY USED TO DO IT (or "Beware the Ides of March")
A. The Caesar cipher
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Not Exact But Not Boring Either History Lesson" #743: The World's Most Famous Ancient Cryptogram

Remember Ceasar? Back when he was conquering the world, he had to send messages back and forth across enemy territory. He sometimes would have to send his troops really important information, and his generals had to come up with a way of screwing the message up to keep the enemy gauls or whoever from reading it if the messenger got captured. This screwing up of the message is called "enciphering" a text. But here's the catch: It would be really stupid to do this unless you could do it in such a way that the people who were SUPPOSED to read it would have no trouble "deciphering" it. Deciphering is just the "un-screwing-up" of a text that was enciphered. So here's what they did. They wrote the text of the message: "Hey Brutus, here's my salad dressing recipe, give it to Mark Antony on March 15, and do me a favor, sharpen my knives for me."

They then took each letter in the message and replaced it with the letter four spaces down in the alphabet. That made the message look like this:
"Lic Fyxyw liviw qc wepeh hviwwmrk vigmti
kmzi mx xs Qevo Erxsrc sr Qevgl 15 erh hs
qi e jersv wlevtir qc ormriw jsv qi."

Now when the person the message is for got the message, he would only have to look at each letter, replace it with the letter four letters UP the alphabet. Then he would have the "plaintext" back again and could run out and buy romaine lettuce and croutons.

Neat huh? So if the poor slob delivering the letter was captured by a motley horde of gauls, the enemy would have no idea what the message said.

Of course Ceasar would have really been writing in Latin, and who can read that stuff anyway? But the crux of the matter is this: They used what is called a "substitution cipher" with a "key" that was pretty much just "count four letters down the alphabet." Geddit?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A "substitution cipher" just creates the cipher by substituting each piece of text with a different piece of text. It's old, insecure, and unused today outside of elementary school playgrounds, but nevertheless has one thing in common with all cryptosystems: Like any cipher, it's pretty much useless unless there's a key that the receiving party can use to turn the ciphertext back into plaintext.

B. What exactly is an algorithm?
We use these really complex algorithm things today, but there was an algorithm involved even then. You're gonna love this: An "algorithm" is just a step-by-step set of things you would have to do to solve a problem. You keep doing the steps over and over until the process is finished and the problem is solved.

Now, don't go batty on me with the "what problem? Is this math again?" In a way, yeah it is, but in the case of an algorithm, the problem it's solving is that the message is in plain English and has to get encrypted somehow. See? No big deal.

Google

 

Tip-Top-Hot Web Sites

 

Introduction | The Algorithm | History | CMEA | PGP | Decrypting | Wrap up | Words
Back Home Up Next

 

Privacy Policy | Terms of Service
© 1999 - 2008, MultiMedia SRL
Send articles and materials to be published on this website to: Publishing
If you see unauthorized or illegal materials on this website, please send an e-mail to: Abuse