A field guide to crypto

Written by Brett Thomas

March 16, 2007 | 11:27

Tags: #aes #cipher #cryptography #encryption #guide #hash

The Basics

As mentioned before, the focus of cryptography is about controlling access to data. The concept is to take that communication and mathematically alter it in some way so that the original message is impossible to understand by someone who doesn't know exactly how I wrote it. For computers, this is incredibly easy because the communication is already mathematical in nature - all the words are nothing but 1s and 0s.

If we take a simple sentence, say:
  • I LIKE PIE
And then we convert that to numbers - we'll start with every letter being represented by its number in the alphabet:
  • 09 12-09-11-05 16-09-05
We have the most basic example of cryptography - translation. We have taken a letter-based medium and turned it into numbers. Now, we need a name for this style - we'll call it "ANT" for alpha-numeric translation. But that's still way too easy to crack - you might know I like pie after just a few minutes. So let's have another go...

And add two to every other letter:
  • 11 12-11-11-07 16-11-05
Getting better, but we can do more, like subtracting two from the other letters:
  • 11 10-11-09-07 14-11-03

There we go. Now, in order to ever figure out what this said again, I'll write that down somewhere safe - just +2/-2. There's our key.

Were someone to attempt to intercept this with no clue, they'd probably think I scrawled down a locker combination. If they knew it was ANT encryption, they'd at least know it was a message - but if they tried to decode it, they'd get: K JKIG NKC. It's useless without knowing the +2/-2, which I can handily send in a separate message to you without anyone really knowing what it means.

This is the (very) simple rendition of symmetric-key cipher, where both you and I use the same key to encode and decrypt the message. These are used commonly when two people (or just one, protecting his data) are involved, where people don't usually have any chance to obtain the key. You know the sender because he or she wrote it in the code, and you can read it as the recipient because you have the key.

The alternative to a symmetric key cipher is the public-key or asymmetric cipher. This cipher relies on everyone having two related keys, a public key and a private key. The public key is meant for the world to see, and in fact a sender needs to know it in order to encrypt anything. If I want to send you a message, I would encrypt it by using your public key and portions of my private key. When you receive it, you would decrypt it with your private key (they're related, remember) and check its authenticity against my public key.

This system is incredibly useful when you have many people all using the same basic encryption, like e-mail. Were you to use just symmetric-key methods, everyone you emailed would have to know your key - that means that they could read your mail that you write to others if they obtain it...or, even worse, impersonate you. With asymmetric means, though, you are authenticated as the sender by pieces of your private key getting built into the algorithm. And though the public key and the private key are related, one of the principal hallmarks of asymmetric keys is that one can't be determined from the other.

Each of these methods of encryption will often have the key itself encrypted under another (usually simpler) method. This way, it's not blatantly obvious that the information is a decrypting key to anyone who might see it. These will either go through little more than basic translation, or a random key info will be encoded on the head or tail of the encrypted message, thus making the key and the lock inseparable - one is useless without the other.

A field guide to crypto The Techniques A field guide to crypto The Techniques
Steganography can be used to hide data inside other things. These images contain parts of the source code for DeCSS, and are part of the Gallery of CSS Descramblers.
There are two branch applications that require of one or both of these basic crypto types, but engage in some manner of destruction or subterfuge:
  • The "hash" - known by 'Nix lovers everywhere. Hashes take one string and smash it with another string to create one of fixed length - no matter what size the original data was. Hashed data is incredibly hard to crack, but since it destroys the original data there is no real "conversion method" back. This concept is what makes UNIX password hashes so secure in comparison to Windows, which simply encrypts its user data in a basic, readily known method.

  • Steganography - a field of study unto itself, stenography is where cryptography meets flat-out lying. Each piece of data is encrypted with two keys - one gives you the right information, the other gives you Mom's buttermilk biscuit recipe. The idea is that if you are forced to give up your key, you can instead choose to reveal non-harmful information. It's stuff like this that give the RIAA snoops and law enforcement everywhere a real headache.

Discuss this in the forums
YouTube logo
MSI MPG Velox 100R Chassis Review

October 14 2021 | 15:04