Introduction | The Algorithm | History | CMEA | PGP | Decrypting | Wrap up | Words

C. Words you get to throw around!

Awright all you showoffs!  You should be able to use all the words down there in quotes even if you can't necessarily give a total definition for some of them.  Throw them around, get used to them.  Better yet, use them in sentences - around your friends who don't know what they mean :)  Yack away!

You know that:

"Cryptology"
is made up of
"Cryptography"
(or "crypto")
and
"Cryptanalysis"
 and the guys that do that are
"Cryptographers"
and
"Cryptanalysts."

You know that the
"Ceasar cipher"
was an old way to
"encipher"
(or "encrypt")
something and also to
"decipher"
(or "decrypt")
something.

Before you encrypt, the message is still
"plaintext,"
and
"ciphertext"
is what it is when it's encrypted.

A
"substitution cipher"
ain't the best
"cryptosystem"
anymore.

"Algorithms"
are step by step math processes,
here's some:
"RSA"
"IDEA"
"DES"
"Blowfish"
"CAST"
"El Gamal"
"RC-4"
and they all HAVE to use a
"key."

"Binary"
means made up of ones and zeros.

A
"passphrase"
is a series of passwords.

"Blocks"
are chunks of text,
"iterations"
are separate encryption steps
that your algorithm takes on the blocks.

A
"random number generator (RNG)"
gives you good random numbers
and nobody will
"brute force"
your key if it's big enough.

"Protocol"
means behavior.

A
"symmetrical cipher"
is the same as
"private key"
crypto which is also called
"secret key" crypto.
These are the opposite of
"asymmetrical ciphers"
which are also known as
"public key" crypto which you use a
"key pair" for like
"Diffie-Hellman" keys
which are based on the
"discrete logarithm problem"
or "RSA keys"
which are based on the
"Integer Factorization Problem."

If it's an asymmetrical cipher
the "encryption algorithm"
that turns plaintext into ciphertext
is different from
the "decryption algorithm"
that turns ciphertext back into plaintext.

"PGP" can use all these.

"Secure Sockets Layer"
is how your browser tries to use crypto
but it's hampered by annoying
"export law" that limits you to
downloading "export-grade"
encryption, which is weak.
"Fortify" fixes that right up,
and it ain't no
"kindergarten cryptography."

And - look way down at the last book suggestion -
"steganography"
is the art of hiding messages -
usually encrypted ones -
someplace where you wouldn't expect.  

V. WANNA LEARN MORE?  

A. Quick web stuff

Real quick ways to get some more entry-level info, most are stuff in Acrobat format!

1. Go to the PGP user's manual that you downloaded with the software and thumb through to about page 81 in the manual for version 5.0, page 77 in version 5.5's manual.  That has a great section on crypto stuff.  If you're not sure where on your computer it is, go to the directory you put PGP in. Open the folders till you come to one with a bunch of files in it, and there should be a document there with a .pdf extension.  That's it.
 
2. Hit RSA's website at http://www.rsa.com/rsalabs/newfaq/ and download their world famous cryptography FAQ.  It's stellar.
 
3. Let's keep our learning well-rounded, go to Bruce Schneier's Counterpane website for two VERY important essays on understanding what cryptography, privacy and security are all about.  They're both downloadable:

"Why Cryptography Is Harder Than It Looks"
 http://www.counterpane.com/whycrypto.pdf.zip

"Security Pitfalls in Cryptography"
http://www.counterpane.com/pitfalls.pdf.zip  

A. Books to look for

"Applied Cryptography" Second Edition by Bruce Schneier, John Wiley & Sons, 1996 This is hands-down the best place for you newer crypto people to start really digging in.  Bruce wrote this book in plain English (but it has been translated into others too!), explaining everything really clearly.  It's sometimes really funny and always easy to read.  The book just covers everything.  Absolutely everything.  The price is a little hefty, but it's a big book and has the source code in C in the back for all you programmers who wanna start tinkering with programming crypto.  Check out some more reviews, alternate language versions and other info at Bruce's site http://www.counterpane.com/applied.html

"Handbook of Applied Cryptography" by Alfred Menezes, CRC Press, 1996 This one is a little tougher to find, but it's a really sweet layout of the math and algebra stuff underneath a lot of the secrets that make crypto strong.  There's a big treat here, too.  It talks about using crypto in places like the banking industry and in alarm systems and all manner of neato environments.  It also has a lot of newer information about things happening in the crypto world lately.  Look at the info and also a couple of chapters in Acrobat format at: http://www.dms.auburn.edu/hac/

"Decrypted Secrets" by F. L. Bauer, Springer Verlag, 1997 This one is a doozy.  This was written from a really technical, but also historical perspective.  Just don't let the columns of numbers and figures freak you out too bad at first.  Some people might have trouble wading through all the math and number theory stuff, but you will be rewarded when you do.  There are a ton of stories from history, like spies and wars and stuff since way back when.  All of these stories are fascinating to read and are used to make you better understand why the basic rules of using crypto are the way they are.  They show this by telling you all the funny ways that crypto people have screwed up in the past, and also by highlighting some of the smarter minds that made the really huge breakthroughs and discoveries.

"Disappearing Cryptography" by Peter Wayner, Ap Professional, April 1996 This book is a little trippy.  It deals more with some of the high-level privacy philosophy involved, and lays it out in a very interesting, if strange, way.  Each section has a real simple description of what it talks about, followed by more technical math descriptions and then a programming example.  Good to have, even though it deals more with hiding cryptography (a practice called "steganography") than it does with actual cryptography.

______________________________________________________
Where are those back issues of GTMHHs and Happy Hacker Digests? Check out the official Happy Hacker Web page at http://www.happyhacker.org. We are against computer crime. We support good, old-fashioned hacking of the kind that led to the creation of the Internet and a new era of freedom of information. So don't email us about any crimes you have committed!  And don't expect us to come to your rescue if you crash 100 million omputers
with some new Java virus you just unleashed.
Copyright 1998 Tim "No Sinister Nickname" Skorick <tskorick@hotmail.com>. You may forward, print out or post this GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as you leave this notice at the end.