GUIDE TO (mostly) HARMLESS HACKING
Vol. 3 No. 8, Part 1
The Magical Mystical Crypto-Primer
By Tim "No Sinister Nickname" Skorick
Thanks for the suggestions and comments: Carolyn Meinel (naturally!),
Bruce Schneier, John Young (for his internet Crypto vigilance),
Mark Skorick, Eric Brisnehan, Mom, Dad, kenspiraC, Rahul Bheemidi,
venMus, Everett Gidlund, Gomez, Skip Stavis, Jon Tempest and
Prabaker Balasubramanium. Last, but not least, an emotional,
teary-eyed "thank-you" to Juan Valdez for bringing
the world 100% Columbian coffee, the richest coffee in the world.
Part One: the Crypto-bottom
What I'm going to tell you
How they used to do it
The Ceasar cipher
What exactly is an algorithm?
The key to it all
How do you make a key?
How they do it today
Keys are important still, but not the only thing.
What's "brute forcing?"
What is "public key" supposed to mean?
What's a Diffie-Hellman and who's RSA?
What's the easiest way to get into all this?
PGP and where to get it
Playing with PGP
Getting someone else's public key
What PGP really does
Other ways to start using crypto
Secure your Netscape connection
Wrap up stuff
All that confuses is not crypto
Beware "kindergarten cryptography"
Words you get to throw around
Wanna learn more?
Quick web stuff
Books to look for
Tim what's up with you and all this?
I. WHAT I'M GOING TO TELL YOU
Okay, some of you out there know generally what cryptography
is supposed to do, how it is used, and what its limitations are.
A lot of you probably even have a really good grasp of the mathematics
involved. This primer won't tell you people anything you don't
already know. Basically, I'm writing this for the cipher-newbies
out there that have never used cryptography, or "crypto,"
and have no idea how it works, and like the idea of starting
at the bottom. And it isn't going to be a quick thing. There
is too much science, history, theory, and other stuff involved
for a person to learn all the basics of cryptography quickly.
BUT - as with most computer stuff, it is still way simpler than
most people make it sound.
When you're done reading this you will have a whole metric
ton of cool crypto-words you can throw around to impress your
buds, and you should be just enough of a knowledgeable cryptodude
to be able to find the real cryptography and avoid the "kindergarten
II. THE BOTTOM (or "What the?")
Okay. "What the heck is cryptography?" you ask. Well,
dang it I'll tell ya (This is the crypto-bottom, chitlins.)
Everybody at some time or another sends someone message that
they would rather be kept secret. Whether you are sending an
e-mail to a friend, your doctor is faxing your medical records
to the insurance company, you are ordering a take-out dinner
over your wireless phone (and using your debit card number to
pay in advance), or saving the plans for your latest development
tool to your business partner's network drive, privacy these
days is super important. Cryptography is the art of taking a
message and scrambling the living snot out of it so as to make
it completely 100% unreadable to everyone except for the party
who is supposed to be reading it.
Now the whole crypto thing is rolled up into the subject of
"cryptology." There are a few different disciplines
within cryptology. "Cryptography" is the art of creating
the schemes used in the whole process. "Cryptanalysis"
is the discipline of cracking what the cryptographers come up
with. Most really hard core cryptographers were people who spent
a LOT of time and
effort being cryptanalysts, so they know enough to keep from
making all those idiotic mistakes cryptographers usually make.
People have actually been doing this for a long time
III. HOW THEY USED TO DO IT (or "Beware the Ides of March")
A. The Caesar cipher
"Not Exact But Not Boring Either History Lesson" #743:
The World's Most Famous Ancient Cryptogram
Remember Ceasar? Back when he was conquering the world, he
had to send messages back and forth across enemy territory. He
sometimes would have to send his troops really important information,
and his generals had to come up with a way of screwing the message
up to keep the enemy gauls or whoever from reading it if the
messenger got captured. This screwing up of the message is called
"enciphering" a text. But here's the catch: It would
be really stupid to do this unless you could do it in such a
way that the people who were SUPPOSED to read it would have no
trouble "deciphering" it. Deciphering is just the "un-screwing-up"
of a text that was enciphered. So here's what they did. They
wrote the text of the message: "Hey Brutus, here's my salad
dressing recipe, give it to Mark Antony on March 15, and do me
a favor, sharpen my knives for me."
They then took each letter in the message and replaced it
with the letter four spaces down in the alphabet. That made the
message look like this:
"Lic Fyxyw liviw qc wepeh hviwwmrk vigmti
kmzi mx xs Qevo Erxsrc sr Qevgl 15 erh hs
qi e jersv wlevtir qc ormriw jsv qi."
Now when the person the message is for got the message, he
would only have to look at each letter, replace it with the letter
four letters UP the alphabet. Then he would have the "plaintext"
back again and could run out and buy romaine lettuce and croutons.
Neat huh? So if the poor slob delivering the letter was captured
by a motley horde of gauls, the enemy would have no idea what
the message said.
Of course Ceasar would have really been writing in Latin,
and who can read that stuff anyway? But the crux of the matter
is this: They used what is called a "substitution cipher"
with a "key" that was pretty much just "count
four letters down the alphabet." Geddit?
A "substitution cipher" just creates the cipher by
substituting each piece of text with a different piece of text.
It's old, insecure, and unused today outside of elementary school
playgrounds, but nevertheless has one thing in common with all
cryptosystems: Like any cipher, it's pretty much useless unless
there's a key that the receiving party can use to turn the ciphertext
back into plaintext.
B. What exactly is an algorithm?
We use these really complex algorithm things today, but there
was an algorithm involved even then. You're gonna love this:
An "algorithm" is just a step-by-step set of things
you would have to do to solve a problem. You keep doing the steps
over and over until the process is finished and the problem is
Now, don't go batty on me with the "what problem? Is
this math again?" In a way, yeah it is, but in the case
of an algorithm, the problem it's solving is that the message
is in plain English and has to get encrypted somehow. See? No