More Crypto...
C. Words you get to throw around!
Awright all you showoffs! You should be able to use
all the words down there in quotes even if you can't necessarily
give a total definition for some of them. Throw them around,
get used to them. Better yet, use them in sentences - around
your friends who don't know what they mean :) Yack away!
You know that:
"Cryptology"
is made up of
"Cryptography"
(or "crypto")
and
"Cryptanalysis"
and the guys that do that are
"Cryptographers"
and
"Cryptanalysts."
You know that the
"Ceasar cipher"
was an old way to
"encipher"
(or "encrypt")
something and also to
"decipher"
(or "decrypt")
something.
Before you encrypt, the message is still
"plaintext,"
and
"ciphertext"
is what it is when it's encrypted.
A
"substitution cipher"
ain't the best
"cryptosystem"
anymore.
"Algorithms"
are step by step math processes,
here's some:
"RSA"
"IDEA"
"DES"
"Blowfish"
"CAST"
"El Gamal"
"RC-4"
and they all HAVE to use a
"key."
"Binary"
means made up of ones and zeros.
A
"passphrase"
is a series of passwords.
"Blocks"
are chunks of text,
"iterations"
are separate encryption steps
that your algorithm takes on the blocks.
A
"random number generator (RNG)"
gives you good random numbers
and nobody will
"brute force"
your key if it's big enough.
"Protocol"
means behavior.
A
"symmetrical cipher"
is the same as
"private key"
crypto which is also called
"secret key" crypto.
These are the opposite of
"asymmetrical ciphers"
which are also known as
"public key" crypto which you use a
"key pair" for like
"Diffie-Hellman" keys
which are based on the
"discrete logarithm problem"
or "RSA keys"
which are based on the
"Integer Factorization Problem."
If it's an asymmetrical cipher
the "encryption algorithm"
that turns plaintext into ciphertext
is different from
the "decryption algorithm"
that turns ciphertext back into plaintext.
"PGP" can use all these.
"Secure Sockets Layer"
is how your browser tries to use crypto
but it's hampered by annoying
"export law" that limits you to
downloading "export-grade"
encryption, which is weak.
"Fortify" fixes that right up,
and it ain't no
"kindergarten cryptography."
And - look way down at the last book suggestion -
"steganography"
is the art of hiding messages -
usually encrypted ones -
someplace where you wouldn't expect.
V. WANNA LEARN MORE?
A. Quick web stuff
Real quick ways to get some more entry-level info, most are
stuff in Acrobat format!
1. Go to the PGP user's manual that you downloaded with the
software and thumb through to about page 81 in the manual for
version 5.0, page 77 in version 5.5's manual. That has
a great section on crypto stuff. If you're not sure where
on your computer it is, go to the directory you put PGP in. Open
the folders till you come to one with a bunch of files in it,
and there should be a document there with a .pdf extension.
That's it.
2. Hit RSA's website at http://www.rsa.com/rsalabs/newfaq/ and
download their world famous cryptography FAQ. It's stellar.
3. Let's keep our learning well-rounded, go to Bruce Schneier's
Counterpane website for two VERY important essays on understanding
what cryptography, privacy and security are all about.
They're both downloadable:
"Why Cryptography Is Harder Than It Looks"
http://www.counterpane.com/whycrypto.pdf.zip
"Security Pitfalls in Cryptography"
http://www.counterpane.com/pitfalls.pdf.zip
A. Books to look for
"Applied Cryptography" Second Edition by Bruce Schneier,
John Wiley & Sons, 1996 This is hands-down the best place
for you newer crypto people to start really digging in.
Bruce wrote this book in plain English (but it has been translated
into others too!), explaining everything really clearly.
It's sometimes really funny and always easy to read. The
book just covers everything. Absolutely everything.
The price is a little hefty, but it's a big book and has the
source code in C in the back for all you programmers who wanna
start tinkering with programming crypto. Check out some
more reviews, alternate language versions and other info at Bruce's
site http://www.counterpane.com/applied.html
"Handbook of Applied Cryptography" by Alfred Menezes,
CRC Press, 1996 This one is a little tougher to find, but it's
a really sweet layout of the math and algebra stuff underneath
a lot of the secrets that make crypto strong. There's a
big treat here, too. It talks about using crypto in places
like the banking industry and in alarm systems and all manner
of neato environments. It also has a lot of newer information
about things happening in the crypto world lately. Look
at the info and also a couple of chapters in Acrobat format at:
http://www.dms.auburn.edu/hac/
"Decrypted Secrets" by F. L. Bauer, Springer Verlag,
1997 This one is a doozy. This was written from a really
technical, but also historical perspective. Just don't
let the columns of numbers and figures freak you out too bad
at first. Some people might have trouble wading through
all the math and number theory stuff, but you will be rewarded
when you do. There are a ton of stories from history, like
spies and wars and stuff since way back when. All of these
stories are fascinating to read and are used to make you better
understand why the basic rules of using crypto are the way they
are. They show this by telling you all the funny ways that
crypto people have screwed up in the past, and also by highlighting
some of the smarter minds that made the really huge breakthroughs
and discoveries.
"Disappearing Cryptography" by Peter Wayner, Ap
Professional, April 1996 This book is a little trippy.
It deals more with some of the high-level privacy philosophy
involved, and lays it out in a very interesting, if strange,
way. Each section has a real simple description of what
it talks about, followed by more technical math descriptions
and then a programming example. Good to have, even though
it deals more with hiding cryptography (a practice called "steganography")
than it does with actual cryptography.
______________________________________________________
Where are those back issues of GTMHHs and Happy Hacker Digests?
Check out the official Happy Hacker Web page at http://www.happyhacker.org.
We are against computer crime. We support good, old-fashioned
hacking of the kind that led to the creation of the Internet
and a new era of freedom of information. So don't email us about
any crimes you have committed! And don't expect us to come
to your rescue if you crash 100 million omputers
with some new Java virus you just unleashed.
© 1998 Tim "No Sinister Nickname" Skorick <tskorick@hotmail.com>.
You may forward, print out or post this GUIDE TO (mostly) HARMLESS
HACKING on your Web site as long as you leave this notice at
the end.
_________________________________________________________
