Intro to Encryption

An anonymous reader submitted a Techworld story which is a sort of encryption primer. The difference between codes & cyphers, and what all those acronyms like RSA and DES actually mean. This is good primer material for newbs, and a good refresher for fogeys.

Inaccuracy in article?

[DarkHelmet]

About RSA: Current hardware means key lengths should be 1024 bits for complete security. The present generation of web browsers use 128-bit keys so cannot be considered secure against a determined and sufficiently well-resourced attack.

Certificates are 1024 or 2048 bit with SSL. On the other hand, once the key is sent and shared, a 128 bit symmetric form of encryption is used. The only thing RSA is used for is sending / receiving the symmetric encryption key, yes?

Correct me if I'm wrong.

Much better than that article

[yahyamf]

I would strongly recommend the Code Book by Simon Singh [amazon.com] over that short article. It takes the reader from the Ceaser cipher all the way to quantum codes and is a very enjoyable read. The Codebreakers by David Kahn [amazon.com] is also an excellent though somewhat lengthier volume

Intro to Colour Contrast

[Anonymous Coward]

http://shit.slashdot.org/article.pl?sid=04/11/15/1 935233 [slashdot.org]

Handbook

[Ann Coulter]

The Handbook of Applied Cryptography: http://www.cacr.math.uwaterloo.ca/hac/ [uwaterloo.ca] is a very detailed guide to some cryptographic algorithms and theories. This is not for newbies at all. For those wanting to implement a particular cipher, this book is the place to refer to. On top of everything, it is free.

Re:intro to encryption

[Anonymous Coward]

a b c d e f g h i j k l m n o p q r s t u v w x y z
n o p q r s t u v w x y z a b c d e f g h i j k l m

first post!

Applied Cryptography

[Meostro]

Bruce Schneier's Applied Cryptography [schneier.com] is another excellent resource for all you crypto-geeks out there. It goes from the basics (including the substitution cipher presented in the article) through basic crypto (ENIGMA, DES) all the way up through state-of-the-art (don't think AES was in my 1st ed., but I believe it's in there now). He talks about everything from the theoretical to the practical, hash collisions to rubber-hose cryptography.

It comes with source too! You know you love source....

Not really the best intro for crypto

[Gentoo Fan]

I'd point people here first [cryptography.com], then to a few other links that other people have pointed out. The article linked is a bit terse for a newbie.

Clarification on web-browser security...

[xquark]

>>The present generation of web browsers use 128-bit keys
>> so cannot be considered secure against a determined
>> and sufficiently well-resourced attack.

The 128-bit there is the symmetric cipher key length, RSA is
used for signature authentication and not encryption, key
exchanges occur via hand-shake algorithms ie: diffie-hellman
and derivatives there of...

a 128-bit symmetric cipher is actually very strong, for temporary
transit data ie: purchase data, cc numbers etc.

Arash Partow
__________________________________________ ________
Be one who knows what they don't know,
Instead of being one who knows not what they don't know,
Thinking they know everything about all things.
http://www.partow.net

Re:Handbook

[melandy]

Cryptography - A Very Short Introduction [amazon.com] is an good book to introduce concepts of crypto. It's not a detailed manual about how any specific ciphers work, just an introduction to concepts.

Re:Inaccuracy in article?

[Asgard]

I don't think the use of a symmetric system is considered a hole; the idea is that symmetric systems are strong keybit-for-keybit. As long as the symmetric and public key stregths are similiar there isn't a weakness one way or the other.

Re:Inaccuracy in article?

[wfberg]

About RSA: Current hardware means key lengths should be 1024 bits for complete security. The present generation of web browsers use 128-bit keys so cannot be considered secure against a determined and sufficiently well-resourced attack.

Certificates are 1024 or 2048 bit with SSL. On the other hand, once the key is sent and shared, a 128 bit symmetric form of encryption is used. The only thing RSA is used for is sending / receiving the symmetric encryption key, yes?

Kinda yes. The public key is used to encrypt the session key, which is used in turn to encrypt the payload using a symmetric algorithm for speed.

Certificates are a bit bigger than 1024 or 2048 bits. They contain the public key (consisting in the case of RSA, among other things, of the 1024/2048 bit modulus) the owner's identification (e.g. e-mail address, common name, url, ..), validity dates, and a digital signature from a certificate authority (in some cases they're only self-signed, in other cases, dosens of people may contribute to authenticating a public key's ownership information, as in PGP).

A certificate is just that; it's to certify that a certain public key belongs to a certain entity.

If you pay enough to microsoft/opera/etc., you can certify anybody you want and all internet explorer users will take it for granted, because no one checks certificates.

Re:Inaccuracy in article?

[evilviper]

But in general, digital signatures have nothing to do with encryption. An encryption scheme does not always yield a useful signature scheme, nor vice-versa.

I don't understand your point here...

Digital signatures most definately have to do with encryption, otherwise they could be forged, trivially. Absolutely any public-key crypto-system should be able to be used as the main part of a digital signature system.

Perhaps I misunderstand what you are trying to say.

random & pseudorandom pads

[cant_get_a_good_nick]

Random pads with truly random data is unbreakable. The few times it has been broken has been due to human error (reusing the same random data stream). The US tracked some russian spies with this, they reused pads, and we found out there was a mole in the atomic bomb program.

That said, paddign with pseudo-random data is very unsafe. Breaking this type of encryption is typically one of the first homework assignments in cryptography courses. The article is either very fuzzy on this distinction, or plain out wrong, depending on how you read it.

Re:Handbook

[wfberg]

I'd recommend applied crptography [schneier.com] by Bruce Schneier [schneier.com] instead.

Not only does it cover the same ground, it also goes into detail a bit more about real tricky business; protocols (where most mistakes are made these days, since nearly everybody uses off-the-shelf algorithms like AES, DSA, RSA and ElGamal). This guy knows how to write, and succeeds in warning you of potential pitfalls in a humorous manner. Also, he knows his stuff; he submitted one of the AES candidates, Blowfish.

Bruce also publishes the most excellent Crypto-Gram [counterpane.com] newsletter.

Beware of not heeding Bruce's stern words of warning. You may end up in the doghouse [google.nl]! The humiliation! The shame upon your house!

Re:Comprehensive list of unsolved codes and cipher

[cpeikert]

If after reading the intro to encryption you are so inspired to try to crack one, I highly recommend this list...

The problem with challenges like "crack this uncracked cipher" is that the challenge is not realistic.

Most of these codes/ciphers give you no idea the process behind how they were generated. That's unrealistic: usually an analyst will have the algorithm that does the encryption (if not the key itself), either via open-source, reverse engineering of a public binary, legitimate purchase, or espionage.

Most of these challenges only give you a tiny piece of ciphertext. That's not realistic: if you're trying to break, say, SSL, you'll be able to get your hands on megabytes of transcripts, and you'll even be able to generate ciphertexts that correspond to plaintexts of your choice.

Most of these "ciphers" don't generalize to arbitrary messages. That's unrealistic. Sure, someone can design some ad-hoc cipher to encrypt the location of his buried treasure using landmarks, clever puns, and weird symbols. That's a far cry from being able to efficiently encrypt an arbitrary TCP/IP stream.

Re:Inaccuracy in article?

[mr. mulder]

You're correct - somewhat.

Many assymmetric encryption schemes only use public/private key pairs to establish a secure connection. Once a secure connection has been established, most schemes generate a private key that will be used for symmetric encryption.

The reasons for switching to symmetric are many, but primarily it is done for speed. Symetric encryption algorithms are very fast compared to assymetric. Also, symertic algorithms can easily be implemented in hardware, thus, speed boosts are even greater when switched to symetric algorithms.

This kind of answers your question, but there are still a few crazy zealots out there that insist upon the sole use of assymetric algorithms - it is more secure, but worlds slower.

Mel & Baker a good crypto book

[Coop]

Cryptography Decrypted [amazon.com] by H. X. Mel and Doris Baker is a good intro to crypto. I found it entertaining and the topics went from elementary to, uh, more than I cared to know. The appendices explaining the mathematics of crypto were interesting as well.

Re:Inaccuracy in article?

[cpeikert]

The confusion stems from the fact that the RSA family is pretty good for both encryption and signatures, though it is used in a different way for the two applications.

One other standardized signature is DSA, which is based on the hardness of computing discrete logs. The DSA algorithm itself is not the inverse of any secure encryption scheme. (It's worth noting that there are some encryption schemes based on discrete log; they're just not the inverse of DSA.)

some things newbs should learn about encryption

[brlewis]

If you're going to give a cursory intro to encryption for the masses, I think a less mathematical approach would be warranted. This is not an exhaustive list, but here are some practical questions:

1. Who can intercept my interaction with web sites if it's unencrypted?
2. Who can intercept my email if it's unencrypted?
3. How can I tell if my web browser is using encryption?
4. What do those warnings about SSL certificates mean?
5. Why does Internet Explorer warn me about a page with "both secure and nonsecure items"? What can I do about it?

A better introduction

[aaronvegh]

From PGP's site: How PGP Works [pgpi.org].

It talks about the origins of crypto a little, and leads into public key encryption, a field I have been trying to learn a little more about. Much better article than the parent!

Re:I realized something while reading the article.

[nwbvt]

"...but that is very unlikely to happen."

Actually its not. There is an efficient algorithm out there for factoring numbers into primes. The only problem is that it requires technology (quantum computers) which doesn't exist yet, but which is on the horizon.

"And why is my article modded flamebait?!"

Because mods are jackasses.

Re:SETI noise

[Monf]

Didn't they use to do the same thing with vinyl records? (except for the seti part...)

Re:Someone has been reading too much Cryptonomicon

[freaks_and_geeks]

Won't supply a link here, but Simon Singh's excellent "The Code Book" provides a large level of detail about the Polish contributions to breaking Enigma.

Ahh, what the hell, I _will_ supply a link here [armyradio.com]. Or, just google "Rejewski Enigma".

Re: Credability = Zero

[KillerCow]

About RSA: Current hardware means key lengths should be 1024 bits for complete security. The present generation of web browsers use 128-bit keys so cannot be considered secure against a determined and sufficiently well-resourced attack.

Firstly, directly comparing symetric and asymetric key lengths shows that the authour has no knowledge of encryption. They are not directly comparable since they are used in different ways and have different meanings.

Secondly, claiming 128-bit keys are insecure shows that the authour has no knowledge of encryption. 80-bit keys are widely considered infeasible to break.

Encryption Primer

[Anonymous Coward]

I like the primer PKE here [mycrypto.net].

Re:I realized something while reading the article.

[radish]

No one has ever broken PGP. No one has ever broken GPG.
Correction: No-one has ever admitted to having broken PGP or GPG. Unless you know something those of us outside the NSA don't, you can never be so sure.

Remember, the Nazi's thought no-one had broken Enigma...

Re:Inaccuracy in article?

[Lord Dimwit Flathead]

The first part of that paragraph bugs me too:

Unfortunately, nothing in life is free, and so it is with asymmetric cryptosystems. Since d can be computed from e given p and q, and p and q are the factors of N, they must be chosen so large that N cannot be factorised in any reasonable time.

While this is accurate, it's the first and only mention of d, e, p, q and N. The author also never actually explains that RSA is built on the assumption that prime factorization is mathematically hard. It appears that he simply cut-and-pasted from another text without bothering to make sure that it fit with the article. I can only imagine the confusion of the poor newbies trying to make sense of this.

Re:SETI noise

[capilot]

Even if you reuse it it is hard

No. If you reuse it, it's easy to break. The Rosenberges went to the electric chair because some Russian spy reused a pad.

Re:Handbook

[plover]

Actually, Practical Cryptography [amazon.com] is probably more useful to most people. In that book, Bruce provides real-world examples of security needs and then details how the protocols should be implemented so as to preserve that security. He leaves the math alone, and discusses the protocols and data instead.

He wrote it after realizing how poorly people had misunderstood his warnings in Applied Cryptography (as documented in Secrets and Lies.) I thought his warnings were plain enough, but apparently too many people just plopped in some encryption because they "needed" some, and Blowfish was printed right there in the appendix.

What p, q, e, d, and N mean

[shostiru]

No. They're from the RSA algorithm. In a nutshell ("number" means integer):

• Generate two large prime numbers, call them p and q.
• Calculate N = p*q. This is a much larger, but not prime, number.
• Choose some number e coprime (i.e., relatively prime) to (p-1)*(q-1), greater than 1 and less than N. Two numbers are relatively prime if they have no common factors (e.g., 32 and 49 are relatively prime, but 32 and 48 aren't). e is, by convention, the number used to encrypt a message.
• Find some number d such that d*e modulo (p-1)*(q-1) is 1. d is, by convention, the number used to decrypt a message. Of course, you can encrypt with d and decrypt with e, too.

That's it. Now, put N and e together in a file and call it your "private key", and put N and d together and call it your "public key". To use them:

• Convert the message into a number n less than N. For example, if N is 40 bits long (worthless, but for the sake of argument...) you could take four bytes at a time from your message as an unsigned 32-bit integer.
• Encrypt n to generate the ciphertext, c, by raising n to the power of e, and then taking the result modulo N (i.e., c = n^e mod N). Send your encrypted number c to the recipient.
• The recipient then takes c and raises that to the power of d, modulo N, to get the original n (i.e., n = c^d mod N). Neat, huh?

In practice RSA takes too much time, so you make yourself a random key, encrypt that using RSA, and you and your recipient communicate using a symmetric cipher.

As to why ((n^e mod N)^d mod N) = n, that's where it helps to know some math. Mathweb or Wikipedia can help you, but having a bit of background in abstract algebra will help.