o 4 - What Makes a Strong Cryptographic Algorithm?
o 5 - Overview of modern cryptographic systems
Introduction
~~~~~~~~~~~~
I just finished reading a book the other night. The author, Dr. David Brin raised the question that, if the future society truly wants freedom, privacy can only be counter-productive. Brin suggests that regardless of how much society gravitates toward encryption and secrecy, there will always be a class of people who will be able to manipulate and overcome the common citizen’s attempts at privacy. This class of people include governments, terrorists, and the technologically elite class, otherwise called hackers. The author suggests that that society should move toward openness rather than secrecy. It is the only way that people can be held accountable for their actions. The only problem with Brin’s proposal is that people will never agree that an open society is the answer. Americans hold their right to keep secrets and protect themselves with encryption and concealment to be fundamental, they will not likely allow it to be taken away from them. While I agree that Brin’s ideas are very well founded and were conceived with the best of intentions, I don’t think that they will become reality within my lifetime or the following few generations.
As a result of my opinion I’ve taken a fair amount of interest in the field of cryptography. My reasoning is that I may as well familiarize myself with something that will be in use all over the world by the time I’m thirty years old. I’ve spent quite a few hours sifting through the net in search of information on cryptography, and, while I’ve found much that’s been of use to me, there is a majority of information on the net and in books that is completely useless. The same is true for encryption/decryption applications. There are some programs that will give your information a great deal of security, while other applications, which may seem secure, in fact provide little to no protection at all against anyone familiar with modern cryptography. The goal of this paper is to provide the highly esteemed Happle reader with a comprehensive overview of modern cryptography as well as what makes cryptographic algorithms secure or insecure.
Cryptographic Misconceptions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After having gone through most of the Freeware and Shareware cryptography application available to the general public, I’ve got a decent understanding of what mistakes people are making when writing cryptography software. The most common of developer blunder is to assume that if your result after encrypting looks absolutely nothing like the original text, your program can secure data. I’ve had people tell me that their algorithm is amazing because their math teacher couldn’t figure out what the cipher text was before it was encrypted. It doesn’t matter how well your math teacher knows their multiplication tables people, their crypt analysis skills are nothing compared to a half-decent cipherPunk and their old ThinkC compiler. The first thing you have to ask yourself is this: “If I gave someone all the source code for my encryption program, would it still be nearly impossible for them to crack in less than a year?” If you can’t give out your crypto-source code because it might compromise the security of your program, then it was never secure in the first place. Modern ciphers don’t hide what they’re doing for people. The ciphers being developed in this decade rely on making themselves impractical to compromise. The algorithms are based on keys and passphrases while using standard manipulation methods. The result is encrypted data which has a number of possible origins that is directly proportional to the size of the key used (the ‘keyspace’) or the length and discretionary nature of the passphrase that the user has chosen. I realize I may be losing you due to the completely bland nature this paragraph has adopted so I’ll give you a few visual examples.
ex1.
An example of a very poor algorithm is one that doesn’t change the method of encryption depending on a user entered passphrase or keyspace.
Suppose an algorithm is handed a text with the following string: ‘Bushido Cyberspace’ The algorithm takes each letter and adds ‘5’ to the ascii value of the original letter. (By the way, Bushido IS a word.) The result is as follows: ‘Gzxmnit Hdgjwxufhj’ Certainly, at first glance, the result is unreadable, it’s even conceivable that many people would be unable to determine the original text given the resulting cipher text. Now suppose the algorithm exchanges the placing of the two words and reverses everything except the capital letters. The result would be:
‘Hjhfuxwjgd Gtinmxz’ now if someone were to try only an alphabetic shift approach to determining the original text, they would not get the correct result. They would get the correct letters, but not the correct positioning. Now for the final assumption in this example. Let’s assume that you tell your math teacher: “I shifted the ascii values and I also shifted the position of ‘some’ of the letters” Well if you had a half decent math teacher then he or she would likely smack you in the head. It would simply take them too long to sit down and try all of the possible combinations (there are far more than 10,000 possibilities.) If we assume that your math teacher can work out 5 solutions every ten minutes, it would still take him or her over 14 days to find an answer. That’s not including time for eating, sleeping, or hanging out on Hotline. So most people stop at this point. They say to themselves, or to an admin on [ACI] “Hey, my math teacher can’t figure it out, so it’s secure.”
Well, not quite kid. I have to get back to the cipherPunk and their C compiler. If you tell a cPunk what you told your teacher about the algorithm, it might take them an hour and a half to write a program to crack your algorithm, and the computer would do the rest of the work in about 5 minutes. Then, once they find out exactly how your algorithm works (how you reposition the letters) they can write another program in five minutes to crack anything you encrypt in under 10 seconds. Then they can distribute the program and the weeks of work that you poured into your ‘secure’ algorithm just serve as a reminder that you’re not very good at coding secure algorithms. But that won’t happen now that you’ve read this paper.
What makes an algorithm insecure?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
First of all, I’m not sure what kind of reader you are, so let me step back an inch or so and explain what I’m talking about here. A cipher is generally thought of as a self contained set of code which, when put to use, can encrypt and decrypt information. Ciphers depend on mathematical algorithms, which are sections of code that manipulate the data. Algorithms are usually long, drawn out, mathematical sets which can take the phrase “Hello world!” and turn it into a 35 character set of random numbers and letters. It’s usually accompanied by a sister-algorithm that reverses the process. Ok, well now that algorithms have been defined, let’s explore what makes certain algorithms useless. As you saw in the last section, an algorithm is insecure if it was designed to elude people. Hiding things in your socks eludes most people; so if your algorithm is over their heads don’t be too impressed with yourself. You have to realize that you’re up against a computer, a smart crypto-elite programmer, and possibly a few of his friends’ processors. The average modern computer can chug through your algorithm, processing thousands of possible outcomes and original texts every second. If the algorithm is based mainly on methods of moving the text around, then you probably won’t get much more than 10-20 million possibilities. A single modern computer can crack an algorithm like that in about an hour and a half. (Though that might be giving the algorithm a bit too much credit.) There are other algorithms that do base their methods of encryption on passphrases and keys. If there is a single flaw in the design of the algorithm’s security, the cipher can likely be compromised before it’s a week old. Let me show you an example of an advisory I wrote for a terribly insecure cipher released not too long ago.
[advanced computing information database]
Advisory for:
mSec Crypt() (no version number specified in the application)
I encrypted approximately 10 different plaintexts 3 times each with varying passwords and varying program settings. The test which shows the flaws most apparently is below.
The plaintext I encrypted is as follows:
abcdefghijklmnopqrstuvwxyz
1234567890
When encrypted with the most secure key that the program offers the result is as follows:
-- Begin mSec Private Key Encrypt --
KJIHGFEDCBA@?>=<;:987654321{zyxwvuts
-- End mSec Private Key Encrypt ---
Alright, so in this case I just ran a string of sequential characters through the cipher on it’s most ‘secure” setting and, as soon as I saw the result, I knew what sort of algorithm was used to encrypt the text. The original text is just reversed and the ASCII value is shifted over according to the value of the passphrase entered. The problem with this is that there are less than 256 possibilities for the ascii shift. Regardless of how long it might take a person to calculate all of the possibilities, a computer program can take all of these possibilities in a fraction of a second.
What Makes a Strong Cryptographic Algorithm?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Since I’ve given some explanation on what makes an algorithm insecure, I’ll move on to the features and characteristics of a potentially secure cipher. While I might have been a bit hard on the importance of a cipher’s potential entropy in the last chapter, we must all be aware that it is, of course, the basis of encryption technology to make the data impossible to read by humans. What strong algorithms take into account is that they now have to make the data impossible to be read by some of the new computer processors as well. So the modern algorithms perform enough of a pass-phrase modification to make the result almost entirely different from the original. There are a few standard methods of getting this done, I’ll outline the most used below.
o Permutation
Suppose a message is as follows: “Neural_Arcology” A permutation separates an original text into sections of approximately 5-10 characters and then changes the position of a number of letters. If we performed a permutation on the above phrase using blocks of 5 characters then the result might be as follows: “aureNcAr_lyoglo” The developers would refer to this as a 5_53421 permutation. The string of 5 digits referring to the positions of the original characters after the permutation.
o Blocking
Suppose a message is as follows: “vacant panda motel” Blocking involves designating sections of the original text to numbered blocks, after which, each block has its position rearranged by the algorithm. Blocking the above phrase into sections of three characters and rearranging it gives the following result: “ndavac patlant mo”
o Substitution & Shift operations
Substitution operations simply substitute a specified set of characters for the original characters which are to be encrypted. The phrase “Dave, are you there?” might become
“hrksl res wiv m,seso”
Many people use these functions in conjunction with a passphrase and consider the entire application to be secure. Well, these people still have a lot to learn. If you want to code a fairly secure cipher then you’ll need to use (most likely) all of these functions, as well as other similar functions. You’ll need to use them more than once each time you encrypt, and layer them so that the result of the encryption is completely different both in size, character sets, and location of charcters. It is also important that as many functions as possible rely on a user-entered passphrase to get the work done.
The manner in which the passphrase influences the various functions is of vital importance. A good cipher will make sure that a message encrypted with the passphrasem “hello” is very different from a message that is encrypted with “hellp” (‘p’ being one letter after ‘o’ in the alphabet =) How does an algorithm accomplish this in an effective manner? Usually it expands the passphrase to a much larger size. A good passphrase algorithm can take the word “DataNaga” and expand it to a 2000 character set of random characters. The algorithm can then substitute according to the expanded passphrase with much more effectiveness.
Overview of Modern Cryptographic Systems
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There are a few generally accepted standard forms of cryptography. These are standard forms of encrypting/decrypting and communicating over private channels. The two largest such forms of cryptographic systems are -Symmetric Key algorithms- and -Public Key algorithms-
o Symmetric Key Cryptography
This form of encryption sets up a model in which a key is used to encrypt data. The party that wishes to decrypt that data must use the original key, the one that was used to encrypt, in order to return the ciphertext into the original legible data. So suppose we have two people, Bob and Alice, and they would like to use encryption to hide evidence of their affair. Bob and Alice meet in a Starbuck’s coffee and, on their TI85 calculator, come up with a big page-long key that they can use to encrypt materials later on. They go back to their homes and Bob encrypts his love letter using the agreed upon key. He transmits the encrypted data over the internet and Alice eventually decrypts the letter using the same key. There is a flaw in this protocol however. Let’s suppose that Susan, Bob’s legal wife, knows a bit about computers as well. Susan could take Bob’s key from his computer, or she could bribe the kid at Starbucks for the security camera’s tape which clearly shows the key that Bob and Alice worked on. Now Susan can read everything that Bob sends Alice, as well as everything that Alice sends Bob. (Never mind that she could just use the tape of them in a Starbucks as proof of the affair, this is a paper on cryptography.)
o Public Key Cryptography
This is the form of encryption that both governments and the technologically elite have accepted as the standard in ultimate cryptographic security. Let me explain the protocol to you. This time Bob has learned from his earlier mistake. (Not the cheating part, but using a symmetric algorithm) So he and his new lover, Denise, use a public key cryptographic algorithm to keep their affair secret. Bob and Denise both download a copy of PGP and when they start the program it creates a pair of keys for both of them. One of the keys is known as a Public Key and the other is a Private Key. Later that evening, Bob encrypts some more love letters to Denise using her public key. What it’s important to realize at this point is that a message encrypted with Denise’s public key can only be decrypted with her private key. Denise keeps her private key stored in a safe place and she’s the only person who needs to know its location. So she receives Bob’s letters and uses her private key to decrypt them. She writes a reply and encrypts it with Bob’s public key (public keys are freely available and can be given to anyone. No message can be decrypted with a public key) And Bob decrypts the message with his private key. And the process repeats. There is no room in this protocol to allow for Susan, the jealous wife, to find out what they’re saying to each other, because each time they decrypt messages with a private key, they also need to enter a passphrase (approximately 4 or 5 words) in order for the private key to work. Since Bob and Denise both store their passphrases in their heads like good little computer users should, there is no way (short of installing home video cams) for Susan to interrupt Bob’s adulterous habits. Things to keep in mind: Public key cryptography uses keys with enough complexity to allow for 2^64 possible keys. That’s a number with over 60 digits for the people that don’t know what exponents are.
Brief Conclusion
~~~~~~~~~~~~~~~~
I sympathize with David Brin’s concern for a society shrouded in secrecy, but I cannot escape reality, and therefore, the fact that privacy is the inevitable future for computer users. It’s important that more people involve themselves in the field and that they stop producing applications which provide less security than hiding your life savings under your mattress. When you develop cryptography applications in the future you should now have a half decent idea of what is secure and what is insecure. you should be aware that your opponents are not people wearing neckties, hoping to crack your algorithm with a pencil, paper, and an iron will. Your opponents are computers; capable of thousands upon thousands of calculations per second. There’s no problem with coming up with algorithms that can only be secure if they’re secret. Algorithms like that can be decent fun and they’re a challenge to write, just don’t expect them to keep your data safe. Also, don’t expect any of the low-end shareware applications to keep your texts safe, the only thing I’d trust with my files is PGP or Blowfish. But on the other hand, I don’t have anything to hide.
