Cryptography

Cryptography has been here since we are, we have to remember that to break a cryptography system was the objective of the first computers but also that cryptography and security are always related on iT or other for example:
Every poker player should learn a bit about cryptography. Because, in a way, playing poker is actually a form of cryptography. Let me explain.
Cryptography is the science of encoding information. Typically encryption is used to encode communications between two parties so that a third party is unable to understand it. For millennia, people have been trying to encrypt their communications—and the field of cryptography has become increasingly important over the years.
All of the innovation in cryptography is designed to address one problem. There is an inherent tradeoff between ease-of-use of a cryptographic method and its security.
Interestingly, if you are interested only in security—making sure that no one can possibly break your code—and not at all in ease-of-use, then the solution to perfect encryption is trivially simple. You can use a method called a one time pad.
Let’s say we have a message written in English that is 140 characters long. We want to encode this message so that only its intended recipient can read it. Before we send the message, we generate a list of 140 random numbers from 0 to 26. Maybe we have a computer generate this list. We write the random numbers down on a piece of paper and hand it to our intended recipient.
Then we compose the message. And for every character in our message, we add the corresponding number to it—adding meaning that we go that many letters forward in the alphabet to get the new letter. So if our letter is E, and the random number is 3, then in our encrypted message we use H, because H is three letters after E.
As a matter of details, let’s say the space character comes after Z, and if our number requires us to go beyond space, we wrap around to A and start from there.
So here’s how it works in practice. I generate a random list of 140 numbers, write them on a piece of paper, and give them to my friend. He then flies anywhere in the world. At some later time, I compose a 140 character message I’d like him to read. I transform each character in my message according to the numbers in our agreed upon code. Then I send my encoded message in any format I like—perhaps a publicly-readable place like Twitter. My friend then receives the garbled message, subtracts the appropriate number from each character, and reads what I have to say.
This, believe it or not, is perfect encryption. There is no way for a third party to make heads or tails of this message. This is because every single piece of the message is randomized independently. There is no pattern between any of the 140 characters in my message, because each is transformed by an independently generated random number.
Now let’s say I have another message to send to my friend, but he is still halfway across the world. I have no way to get him a new piece of paper with new random numbers, so I just use the ones we already have agreed upon to encode the new message.
Uh oh. The encryption is no longer perfect. Why? Because now there is a pattern. Anyone watching the garbled messages on Twitter could assume that the same transformation applied to message A was also applied to message B. And from this assumption, the person might be able to discern a bit of a pattern and figure things out from there.
To understand this, assume we got really lazy, and started sending hundreds of messages to each other on Twitter, all encoded with this same 140 random numbers. Now the sorts of patterns you might see are fairly obvious. Maybe the first letter is Q in a lot of the message. Perhaps you could assume this Q is a substitute for the letter A—so maybe that first random number is 16. Does this guess of 16 make sense for other messages where the first letter isn’t Q? Is the letter I also common, which would correspond to T? And so forth.
This is the tradeoff. If you use the random numbers once, it’s perfect security. But if you get lazy—that is you want ease-of-use—then it becomes possible to find patterns in the information and crack the code entirely.
There is history of militaries using one time pads to encode communications. They would distribute paper books of randomly generated codes, and every time a message was sent, the recipient would tear out a sheet of code from the book, use it to decrypt the communique, and then use that code sheet later as toilet paper.
In any case, the entire field of cryptography is devoted to devising algorithms that allow you to reuse codes (ease-of-use) while also making the encoded messages contain as little decipherable information as possible (security).

Comentarios

Entradas más populares de este blog

Ethical issues security professionals

Best Practices for DDoS