## Intro to Encryption 244

An anonymous reader submitted a Techworld story which is a sort of encryption primer. The difference between codes & cyphers, and what all those acronyms like RSA and DES actually mean. This is good primer material for newbs, and a good refresher for fogeys.

## intro to encryption (Score:5, Funny)

## Re:intro to encryption (Score:5, Informative)

a b c d e f g h i j k l m n o p q r s t u v w x y z

n o p q r s t u v w x y z a b c d e f g h i j k l m

first post!

## Re:intro to encryption (Score:2, Funny)

## Re:intro to encryption (Score:4, Funny)

## Re:intro to encryption (Score:2)

## Re:intro to encryption (Score:2)

Given that there are 49! different keys (that's about 6*10^62), it's a rather secure encryption method.You, sir, owe me a keyboard. And perhaps some new sinus passages.

## Re:intro to encryption (Score:4, Funny)

## Re:intro to encryption (Score:4, Insightful)

How's the .sigsperiment going? It's pretty funny.Thanks. Actually it's been good for my karma. Some moderators dutifully comply--even on non-insightful humor bits.

That'spretty funny.## Re:intro to encryption (Score:2)

tr a-zA-Z n-zN-Za-mA-MFirst, don't forget that there are uppercase letters as well (even if you personally don't use them), and second, you don't want to lose those

mletters, do you?## SERVER SLOWING DOWN (Score:2)

http://www.techworld.com.nyud.net:8090/security/f

Coral Cache works!

## Re:intro to encryption (Score:2)

1. Try the obvious. Since this is SLASHDOT and most of its users are USENET geeks, try the famous ROT13. Works. But that's boring.

2. Guess the message. Hmm, it was modded funny, and it's a first post. This is Slashdot, so maybe it's first post? Right number of letters. Since 'st' are common last letter, check the last 2 letters of the words: bingo!

3. Start with the obvious. A cesar cypher seems likely considering all the clues point to it. You'll quickly notice the a=n pattern which

## Inaccuracy in article? (Score:5, Informative)

Current hardware means key lengths should be 1024 bits for complete security. The present generation of web browsers use 128-bit keys so cannot be considered secure against a determined and sufficiently well-resourced attack.Certificates are 1024 or 2048 bit with SSL. On the other hand, once the key is sent and shared, a 128 bit

symmetricform of encryption is used. The only thing RSA is used for is sending / receiving the symmetric encryption key, yes?Correct me if I'm wrong.

## Re:Inaccuracy in article? (Score:5, Interesting)

There are other glaring inaccuracies, e.g.:

An increasingly important use for asymmetric encryption is digital signing. A digital signature is the reverse of public key encryption.This is sort-of true if you're talking about plain-vanilla RSA signatures (though even here, it's only about half-right). But in general, digital signatures have nothing to do with encryption. An encryption scheme does not always yield a useful signature scheme, nor vice-versa.

## Re:Inaccuracy in article? (Score:2, Informative)

I don't understand your point here...

Digital signatures most definately have to do with encryption, otherwise they could be forged, trivially. Absolutely any public-key crypto-system should be able to be used as the main part of a digital signature system.

Perhaps I misunderstand what you are trying to say.

## Re:Encryption != Cryptography (Score:2)

## Re:Inaccuracy in article? (Score:2)

My understanding was this...for the signature portion at least...

Sender/Signer:

Hash message -> encrypt with private key (TO public key implied..)

Recipient:

Unencrypt transmitted encrypted hash with public key -> hash original cleartext message -> compare

in that case the encryption would be a necessary step to the signature. Is my understanding of digital signatures (PGP at least) wrong or did I mis-interpet your post? Could you provide me with a link if so?

## Re:Inaccuracy in article? (Score:3, Informative)

bothencryption and signatures, though it is used in a different way for the two applications.One other standardized signature is DSA, which is based on the hardness of computing discrete logs. The DSA algorithm itself is

notthe inverse of any secure encryption scheme. (It's worth noting that therearesome encryption schemes based on discrete log; they're just not the inverse of DSA.)## Re:Inaccuracy in article? (Score:3, Interesting)

## Re:Inaccuracy in article? (Score:3, Informative)

## Re:Inaccuracy in article? (Score:2)

Or was that supposed to be modded funny? I don't get it.

## Re:Inaccuracy in article? (Score:2)

The reason the symmetric key is added is because raw RSA is just plain too slow with long messages. As long as the symmetric key is secure enough, it makes up for the insignificant loss of security. The biggest hole is probably the potential for finding an easy way to factor those numbers you are using.

## Re:Inaccuracy in article? (Score:2)

The symmetric key cryptosystems used by almost all modern public-key systems to encrypt the bulk of the data stream (where public-key is only used to transfer an initial session key) tend to be far more demonstratably secure than most public key cryptosystems.

The only reason we use public key at all is for the ability to exchange keys over a public channel, otherwise they would not be terribly interesting.

## Re:Inaccuracy in article? (Score:5, Informative)

Kinda yes. The public key is used to encrypt the session key, which is used in turn to encrypt the payload using a symmetric algorithm for speed.

Certificates are a bit bigger than 1024 or 2048 bits. They contain the public key (consisting in the case of RSA, among other things, of the 1024/2048 bit modulus) the owner's identification (e.g. e-mail address, common name, url,

A certificate is just that; it's to certify that a certain public key belongs to a certain entity.

If you pay enough to microsoft/opera/etc., you can certify anybody you want and all internet explorer users will take it for granted, because no one checks certificates.

## Re:Inaccuracy in article? (Score:3, Informative)

Many assymmetric encryption schemes only use public/private key pairs to establish a secure connection. Once a secure connection has been established, most schemes generate a private key that will be used for symmetric encryption.

The reasons for switching to symmetric are many, but primarily it is done for speed. Symetric encryption algorithms are very fast compared to assymetric. Also, symertic algorithms can easily be implemented in hardware, thus, speed boosts are even greater

## Re:Inaccuracy in article? (Score:2)

## Re: Credability = Zero (Score:3, Informative)

About RSA: Current hardware means key lengths should be 1024 bits for complete security. The present generation of web browsers use 128-bit keys so cannot be considered secure against a determined and sufficiently well-resourced attack.Firstly, directly comparing symetric and asymetric key lengths shows that the authour has no knowledge of encryption. They are not directly comparable since they are used in different ways and have different meanings.

Secondly, claiming 128-bit keys are insecure shows tha

## Re:Inaccuracy in article? (Score:2, Informative)

Unfortunately, nothing in life is free, and so it is with asymmetric cryptosystems. Since d can be computed from e given p and q, and p and q are the factors of N, they must be chosen so large that N cannot be factorised in any reasonable time.While this is accurate, it's the first and only mention of d, e, p, q and N. The author also never actually explains that RSA is built on the assumption that prime factorization is mathematically hard. It appears th

## Much better than that article (Score:5, Informative)

## Re:Much better than that article (Score:2)

## Re:Much better than that article (Score:2)

## Difference betwen Codes and Cyphers? (Score:5, Funny)

The Matrix. Duh.## 640 bits should be enough for anybody (Score:3, Insightful)

Usually, the weakest link will be the user using short keys or the user using the same password on a weaker system.

## Re:640 bits should be enough for anybody (Score:2)

the weakest link will be the user using short keys or the user using the same password on a weaker systemThat's why all of my passwords are a complete work of Shakespeare. Root is King Lear, my insecurest password (for aim, etc) is MacBeth, and my porn passwords are Romeo and Juliet! It does take some time to enter them though

## Re:640 bits should be enough for anybody (Score:5, Funny)

Well

myporn passwords are Juliet and Juliet. It's a lesser known work, to be sure, but it's certainly steamier.## Re:640 bits should be enough for anybody (Score:2)

Well my porn passwords are Juliet and Juliet. It's a lesser known work, to be sure, but it's certainly steamier.But much weaker since the dialog is little more than "oooh, yeah, right there baby" over and over.

## Handbook (Score:5, Informative)

## Re:Handbook (Score:2, Informative)

## Re:Handbook (Score:5, Informative)

Not only does it cover the same ground, it also goes into detail a bit more about real tricky business; protocols (where most mistakes are made these days, since nearly everybody uses off-the-shelf algorithms like AES, DSA, RSA and ElGamal). This guy knows how to write, and succeeds in warning you of potential pitfalls in a humorous manner. Also, he knows his stuff; he submitted one of the AES candidates, Blowfish.

Bruce also publishes the

most excellentCrypto-Gram [counterpane.com] newsletter.Beware of not heeding Bruce's stern words of warning. You may end up in the doghouse [google.nl]! The humiliation! The shame upon your house!

## Re:Handbook (Score:2)

(And thanks for the comment about protocols; I work mainly on privacy-preserving protocols that deal with large bodies of data. The notions of what constitute security are rather strict, because very subtle corrolations and bugs can be a real problem.)

Lea

## Re:Handbook (Score:3, Insightful)

I'd recommend applied crptography by Bruce Schneier instead.Seconded.

But keep in mind Schneier's opening statement in his next book, "Secrets and Lies", which says that "Applied Cryptography" has probably led to the creation of more bad security than any other single text. Not because the book is bad (it contains errors, but they're fairly minor) but because the book makes you think you're an expert. After plowing through some 600 pages of dense material, you *have* to be an expert, right? Unfortun

## Re:Handbook (Score:5, Informative)

He wrote it after realizing how poorly people had misunderstood his warnings in Applied Cryptography (as documented in Secrets and Lies.) I thought his warnings were plain enough, but apparently too many people just plopped in some encryption because they "needed" some, and Blowfish was printed right there in the appendix.

## Eric Rescorla has written a fine book... (Score:5, Interesting)

The explanation of stream vs block ciphers is especially good, with nice examples showing how each technique works.

## Comprehensive list of unsolved codes and ciphers (Score:5, Interesting)

http://www.elonka.com/UnsolvedCodes.html [elonka.com]

Enjoy.

- tokengeekgrrl

## Re:Comprehensive list of unsolved codes and cipher (Score:2)

## Re:Comprehensive list of unsolved codes and cipher (Score:5, Informative)

If after reading the intro to encryption you are so inspired to try to crack one, I highly recommend this list...The problem with challenges like "crack this uncracked cipher" is that the challenge is not realistic.

Most of these codes/ciphers give you no idea the process behind how they were generated. That's unrealistic: usually an analyst will have the algorithm that does the encryption (if not the key itself), either via open-source, reverse engineering of a public binary, legitimate purchase, or espionage.

Most of these challenges only give you a tiny piece of ciphertext. That's not realistic: if you're trying to break, say, SSL, you'll be able to get your hands on megabytes of transcripts, and you'll even be able to generate ciphertexts that correspond to plaintexts of your choice.

Most of these "ciphers" don't generalize to arbitrary messages. That's unrealistic. Sure, someone can design some ad-hoc cipher to encrypt the location of his buried treasure using landmarks, clever puns, and weird symbols. That's a far cry from being able to efficiently encrypt an arbitrary TCP/IP stream.

## I realized something while reading the article... (Score:2, Interesting)

## Re:I realized something while reading the article. (Score:5, Insightful)

Unless we have other asymetric ciphers to fall back on, then e-commerce would be wiped out.

Additionally algorithms with very low computational requirements are of particular importance since we need encryption that can run on smart cards, but cant be broken by super computers.

## Re:I realized something while reading the article. (Score:2, Interesting)

I wouldn't worry too much about it though. While I expect new algorithms [probably not even NFS based] to be invented at some point it probably won't be tommorow.

Tom

## Re:I realized something while reading the article. (Score:3, Informative)

"...but that is very unlikely to happen."Actually its not. There is an efficient algorithm out there for factoring numbers into primes. The only problem is that it requires technology (quantum computers) which doesn't exist yet, but which is on the horizon.

"And why is my article modded flamebait?!"Because mods are jackasses.

## A perfect prime-factorizing algorithm (Score:3, Funny)

If it were possible to factor any prime in one monthAny prime's factors are itself and one.

</smartass>

## Re:I realized something while reading the article. (Score:2)

Example 1: Partially homomorphic cryptosystems. Want to be able to add (or multiply, but not both) encrypted numbers? Now you can!

Example 2: What if you need the set of numbers that your cryptosystem encrypts to have some sort of mathematical structure? (a ring or a field or so on) For example, if you have polynomials where each c

## Re:I realized something while reading the article. (Score:3, Informative)

No one has ever broken PGP. No one has ever broken GPG.Correction: No-one has ever admitted to having broken PGP or GPG. Unless you know something those of us outside the NSA don't, you can never be so sure.

Remember, the Nazi's

thoughtno-one had broken Enigma...## Re:I realized something while reading the article. (Score:2, Interesting)

OTP has the significant shortcoming of key exchange. You have to have a method of distributing keys that will not be compromised. This is extremely hard to do.

If the book ever falls into the wrong hands, then you have to throw everyones book out, and start over. You have to have access to your agents that are inside. Are you just going to send them their new book to the Kre

## Re:I realized something while reading the article. (Score:4, Insightful)

This may not be too big of a problem if we just have two people who need to send a few messages to each other as long as both can keep the pad safe, but it fails horribly in other situations. For instance lets say I want to send my credit card number to some online store, but I want to make sure it is encrypted first. Lets say the store writes a random pad for us to use. How do we share it? Somehow they have to get it to me without anyone else seeing it. But if we had a known secure method of communication, we wouldn't need the pad in the first place, now would we?

Public Key encryption solves this problem by allowing the store to develop the code and send me a key that only allows me to encrypt it (it can't decrypt anything). Thus it doesn't matter if the whole world intercepts the key, all that would allow them to do is encrypt more messages. It doesn't help them decrypt anything. Of course all these codes are usually based on problems that are mathematically hard to solve. If an easy solution is found (as with knapsack cryptosystems like Merkle-Hellman [wikipedia.org]), then it becomes easy to crack the codes, and thus we need to have other codes available. In addition, many decryption algorithms are very slow and thus work is done on more efficient algorithms (though slow ones like RSA actually can be sped up by only encrypting a private key with the public key scheme and using the private key to encrypt the actual message).

Hope that helps.

## This is good primer material for newbs (Score:5, Insightful)

Here's part of what the article says about RSA:

"Unfortunately, nothing in life is free, and so it is with asymmetric cryptosystems. Since d can be computed from e given p and q, and p and q are the factors of N, they must be chosen so large that N cannot be factorised in any reasonable time"

THE ARTICLE NEVER STATES WHAT d, p, q, e OR N ARE. Sorry for the shouting but this piece o'crap is worthy of a

John.

## What p, q, e, d, and N mean (Score:4, Informative)

encrypta message.decrypta message. Of course, you can encrypt with d and decrypt with e, too.That's it. Now, put N and e together in a file and call it your "private key", and put N and d together and call it your "public key". To use them:

In practice RSA takes too much time, so you make yourself a random key, encrypt that using RSA, and you and your recipient communicate using a symmetric cipher.

As to why ((n^e mod N)^d mod N) = n, that's where it helps to know some math. Mathweb or Wikipedia can help you, but having a bit of background in abstract algebra will help.

## Safe encryption (Score:5, Funny)

## Applied Cryptography (Score:5, Informative)

It comes with source too! You know you love source....

## Re:Applied Cryptography (Score:2)

## Re:Applied Cryptography (Score:2)

## Re:Applied Cryptography (Score:2)

Really - who's going to want to even _try_ to get those keys? *cringe*

## Re:Applied Cryptography (Score:2)

Think of it as encrypting something such that if you give out one password, you get your top secret data, and if you give out a different password, you get something else; say, fake top secret data. Then, making that encryption scheme work such that you are utterly unable to prove that there's more data than was unencrypted, multiple sets, multiple passwords, or whatever.

Then, when you're being beaten with a rubber hose, you can 'safely' spill your guts.

## Re:Applied Cryptography (Score:2)

## Re:Applied Cryptography (Score:2)

## Smaller signatures? (Score:2)

## Re:Smaller signatures? (Score:2)

## Not really the best intro for crypto (Score:5, Informative)

## Ahhhhh crap, (Score:2)

## Clarification on web-browser security... (Score:4, Informative)

>> so cannot be considered secure against a determined

>> and sufficiently well-resourced attack.

The 128-bit there is the symmetric cipher key length, RSA is

used for signature authentication and not encryption, key

exchanges occur via hand-shake algorithms ie: diffie-hellman

and derivatives there of...

a 128-bit symmetric cipher is actually very strong, for temporary

transit data ie: purchase data, cc numbers etc.

Arash Partow

_________________________________________

Be one who knows what they don't know,

Instead of being one who knows not what they don't know,

Thinking they know everything about all things.

http://www.partow.net

## Re:Clarification on web-browser security... (Score:2)

## Sosumi, McCartney! (Score:5, Funny)

Speaking words of wisdom, 'PGP, PGP.'"

## Good primer? Bah. (Score:2)

## known plaintext attacks? (Score:2)

## Re:known plaintext attacks? (Score:2, Interesting)

The primer seems a little overconfident about random ciphersThat's where I threw up my hands in disgust. I've never heard of a "random cipher" before. Did he mean one time pad? Those are provably unbreakable, assuming you have a good source of random numbers. Did he mean XOR the message from a cheap-ass PRNG? Unnacceptable. And why 4 bytes at a time? If it's just XOR, then 4 bytes at a time buys you nothing.

This article was written by someone who read someone else's articles, and understood about

## Someone has been reading too much Cryptonomicon (Score:3, Insightful)

f you just want to deter prying eyes a substitution cipher using multiple substitutions and several different substitutions schemes offers a reasonable level of encryption for virtually no computational effort. (This is the way Enigma works and after all, it did take Alan Turing to break it).The Poles broke it, they even invented the "computers" (bombes) that automated the further breaking of it. Turing (not to diminish the contributions he made to BP) really just vastly improved on their methods and created a much more sophisticated machine to break it.

Finkployd

## Re:Someone has been reading too much Cryptonomicon (Score:2, Informative)

Won't supply a link here, but Simon Singh's excellent "The Code Book" provides a large level of detail about the Polish contributions to breaking Enigma.

Ahh, what the hell, I _will_ supply a link here [armyradio.com]. Or, just google "Rejewski Enigma".

## Re:Someone has been reading too much Cryptonomicon (Score:2)

## random & pseudorandom pads (Score:5, Informative)

That said, paddign with pseudo-random data is very unsafe. Breaking this type of encryption is typically one of the first homework assignments in cryptography courses. The article is either very fuzzy on this distinction, or plain out wrong, depending on how you read it.

## SETI noise (Score:5, Interesting)

If you want to be absolutely definitely sure that no one can intercept your communication with someone then here's what you do.

1) Get 600MB of random noise data from listening for extra terrestrials from for instance SETI.

2) Burn two CD's, give one to your friend. Keep the other.

3) Encrypt your message by superimposing it on that noise at a given location.

4) send the message as well as the location with the random location that you started copying the noise from (from the CD).

This message can _not_ be deciphered if you make sure that you never reuse the same random noise. Even if you reuse it it is hard.

In addition, if you at some point expect that someone is on to you, just burn the two CD's.

At that point those messages can _never_ be deciphered. Even if you try for a billion years.

Simple.

Unbreakable.

## Re:SETI noise (Score:2)

And the Titanic was unsinkable.

Indeed, this code can be easily broken by just getting one of the CDs and making a copy of it. Yes, this needs physical access to the CD, and is therefore harder (and you can add extra levels of security, like putting that CD in a safe [and hoping that your friend keeps his copy secure as well]). So it's still a very secure code. But unbreakable, no.

## Re:SETI noise (Score:2)

I agree that it isn't completely safe. But you didn't break the encryption. You stole the key.

## Re:SETI noise (Score:2)

## Re:SETI noise (Score:3, Funny)

it's notsafe. What if you take signal from some extraterestial inteligent species? That signal will not be completely random, and someone will be able to break it...## Re:SETI noise (Score:5, Insightful)

Often these systems were broken because the pads were misused: the same pad used multiple times, or the same pad used with some variation.

IIRC, the scheme you are purposing is similar to the way that the red telephone communication between the Soviet Union and the US, as well as embassy communications, was secured. In that case, special vinyl records were distributed that had to be started at the same point. The length of the record determined how long you can talk.

This essay on Bruce Schneier's site [schneier.com] highlights one of the chief weaknesses of the one-time pad: the key distribution problem. You have to figure out how to get your friend's CD to him without being intercepted. You also have to be sure that the computer that generated the CD's wasn't compromised; someone spying on your machine could just log what audio file you used, copy it, and generate their own key CD.

Considering that a CD can only hold around 700MB (for a standard audio CD), I would say the key space is small enough that even if an attacker doesn't know your position choosing scheme (your description of the system states that the position is part of the message, so I'm being generous here), it should be possible to brute force the message if he somehow gets access to the key.

Another problem is: you may suspect that you are being watched or the system is compromised, but your buddy may not. How do you communicate that information to your friend, especially if you aren't supposed to be in contact with them in the first place?

If the attacker has your key CD, he could send an encrypted message stating that you (the legitimate user) are the attacker? Then who would your buddy believe?

The benefit of public-key cryptography is that it limits the amount of data that needs to be shared in order to communicate. The keys used for encryption never leave the possession of the person doing the encryption. It is also relatively simple to generate new keys.

Of course, man-in-the-middle attacks can still happen. But if you can establish the first public keys that you and your friend will use in a secure manner (e.g. face-to-face meeting), subsequent public keys can be encrypted using the last trusted key, or by using other key sharing schemes.

## Re:SETI noise (Score:2, Informative)

## Re:SETI noise (Score:2)

## Re:SETI noise (Score:2)

## Best class in college (Score:2, Insightful)

## Mel & Baker a good crypto book (Score:3, Informative)

Cryptography Decrypted [amazon.com] by H. X. Mel and Doris Baker is a good intro to crypto. I found it entertaining and the topics went from elementary to, uh, more than I cared to know. The appendices explaining the mathematics of crypto were interesting as well.

## some things newbs should learn about encryption (Score:3, Informative)

## Just set up a new system (Score:2)

I've heard that using more than one "encryption algorithm" can open you up to new vulnerabilities...

I need to encrypt certain short string in our database and I'm using 1024-bit RSA with OAEP, but I also need to be able to search for all occurences of a particular sting in the DB, so I'm also storing a (salted) MD5 hash of the same string that was encrypted, since the RSA-encrypted string is different

## Re:Just set up a new system (Score:2)

Someone's using this paper for a class, so there are slides for it: http://www.google.com/search?hl=en&lr=&c2coff=1&q= +site:www1.cs.columbia.edu+private+keyword-based+p ush+and+pull

If you're really interested in search over encrypted data, email me what you need to do, and I'd be happy to take a look at it f

## Re:Just set up a new system (Score:2)

Lea

## A better introduction (Score:3, Informative)

It talks about the origins of crypto a little, and leads into public key encryption, a field I have been trying to learn a little more about. Much better article than the parent!

## And now to toot a small horn (Score:2, Interesting)

## isyay isthay ayay odecay? (Score:4, Funny)

Uggerbay, hatway oday ouyay eanmay "veryeay oneyay owsknay igpay atlinlay?"

## RND number generation and encription cards (Score:4, Interesting)

So if you need random numbers for encryption, try some googling, and you will find many variations on this theme - serial port based equpment; noise from sound card (low cost solution - all you need is software). There are also schemes for do-it-yourself equipment.

Unfortunately, you should be a bit reluctant to accept the idea that all these things work as advertised. Just for beginning, although thermal noise is white noise by default, it get filtered in system during the processing. Its spectrum will not be the same as it was on the origin. (I am not an expert, but I think that spectral characteristics of the signal is not a requrement for randomness, but this is still good example of possible flaw in implementation.)

If I would start using this, I would test this generators with some mathematical tools.

Also, there are encription cards. I was able to see one made by Soekris. It has hardware implementation of DES. DES is designed to be done in hardware - shifting and xoring is easy to implement in hardware. Soekris makes 486 and P5 low-consumption small sized boxes. With this card, you may make good and fast IPSec firewall that runs on 133MHz 486 (!). Unfortunately, I am not in touch with this equipment any more, but problem was that Linux driver was in alpha state (situation from 10 months ago). BSD drivers were in release state.

(One idea came to my dirty mind - how interesting this card might be for crackers?)

## Good For Newbs! (Score:3, Insightful)

- dshaw

## Re:Garbage (Score:2)

## Re:ROT13 (Score:2, Funny)

Sometimes that's not good enough. In such instances, I always rot-13 it two times for twice the security.