home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Black Crawling Systems Archive Release 1.0
/
Black Crawling Systems Archive Release 1.0 (L0pht Heavy Industries, Inc.)(1997).ISO
/
cdc
/
cdc226.txt
< prev
next >
Wrap
Text File
|
1994-12-27
|
16KB
|
330 lines
__________ __ __
/ _______/ /_/ / /
/ /______ __ __ ___ _____ / / _____
/______ / / / / \/ / / _ / / / / __/
_______/ / / / / /\_/ / / // / / / / /-_
/_________/ /_/ /_/ /_/ / ___/ /_/ /----/
/ /
/_/
________ __ __
/ ______/ / / / /
/ / ______ __ __ _____ =/ /=____ / / ____ ____ __ __
/ / / __ _/ / / / / / _ / / / /__ / / / /__ / /__ / / / / /
/ /_____ / /-// / /_/ / / // / / / //_// / / //_// //_// / /_/ /
/_______/ /_/ /_/ /___ / / ___/ /_/ /___/ /_/ /___/ /_ / /___ /
___/ / / / ___/ / ___/ /
/____/ /_/ /____/ /____/
Simple Cryptology
by Dave Ferret
>>> a cDc publication.......1993 <<<
-cDc- CULT OF THE DEAD COW -cDc-
____ _ ____ _ ____ _ ____ _ ____
|____digital_media____digital_culture____digital_media____digital_culture____|
Handy definitions borrowed without permission from sci.crypt Frequently
Asked Questions file:
cryptology - the study of codes and ciphers
cryptography - the act of inventing code or cipher systems
cryptanalysis - the breaking of a code or cipher system without benefit of
the normal deciphering mechanism(s)
______________________________________________________________________________
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% What is Cryptography? (The Short Version) %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
"Cryptography is the art and science of hiding data in plain sight. It is
also the art and science of stealing data hidden in plain sight."
(Both accurate definitions, by Larry Loen.)
Have you ever made secret codes with your friends when you were little?
Whether it was a number code where each letter of the alphabet had a
substituted number, or you made a chart for each of you to translate a message,
you were practicing a simple form of Cryptography. As far as I can back up,
cryptology wasn't widely used until World War I, when actual machines were
created for the sole purpose of making messages unreadable to the enemy.
Cryptography is the method by which "plaintext" is encrypted into an
unreadable form. The plaintext is the original text, before ltering to make it
unreadable to other people. The key, or code, is the actual password (or
whatnot) used to make it unreadable. This is a very simplistic, and not
completely accurate view for which I apologize and again urge anyone seriously
interested to read actual hard-copy books and papers for a more detailed
explanation.
===============================================
= Why are encrypted communications important? =
===============================================
In today's electronic communication forums, encryption can be very
mportant! Do you know for a fact that when you send a message to someone else,
that someone hasn't read it along the way? Have you ever really sent something
you didn't want anyone reading except the person you sent it to? As more and
more things become online, and "paperless" communication predictions start
coming true, it's all the more reason for encryption. Unlike the normal U.S.
Mail where it is a crime to tamper with your mail, email-reading can commonly
go unnoticed on electronic pathways as your message hops from system to system
on its route towards its final destination. Just think, the average Internet
letter makes at least two hops before it reaches its recipient, usually more.
Even on public BBS's, your mail is usually stored in plaintext. Can you be
sure someone else isn't reading it? The sysop? Half a dozen co-sysops and
hangers-on? How hard would it be for system administrators to set up a process
to "grep" (search for known text) all incoming/outgoing mail batches for
certain catch phrases? It's not very hard, I assure you. Although most people
probably don't do things like this, the threat is real. That's why you need to
encrypt your messages. You have the right of privacy, as stated in the
Constitution. That's why cryptography is so key.
=========================================
= Different types of encryption schemes =
=========================================
One-Way encryption algorithms: What are they?
There are certain mathematical/cryptographical algorithms that will
encrypt a string of text/numbers using a complex equation. However, you cannot
reverse these equations again (take my word for it, it has to do with
pieces of the equation being unknown, and purposely lost in the encryption
process).
A real-life example of one-way encryption:
These types of algorithms are used when someone needs to compare text,
such as in password validation checks. Crypt(), the Unix password validation
routine works like this. A password is used at the key to encrypt a plaintext
string of 0's. Then, to verify the password, the computer tries to encrypt the
same string of plaintext with the password typed in. If a match is made to the
original encrypted text, then the password is valid. (Note: Although you can't
reverse this to find out what the original password/key was, you can compare
two encryptions to see if it's the same key.)
The "One-Time Pad"
==================
A long string of random numbers are generated/created. Messages cannot
be any longer than the string of random numbers, but can be shorter.
The text is encrypted by XOR'ing the bits in relation to the random string
of numbers. Bit by bit. So, anyone not knowing the original key wouldn't know
whether the string, "123" was really "456" or "789" because in fact the
originator and the intended receiver know it's really, "012" (wrap around
9->0). This is the best explanation I can come up with for this.
It's a proven technique and is considered quite secure.
Single-Key Encryption
=====================
This is what most non-crypto-speak people would understand as an
encryption system. You enter one string of characters (or whatnot - The KEY)
and encrypt your plaintext with this key. Anyone with knowledge of what this
key is can decrypt and read the plaintext.
Public-Key Encryption
=====================
This is gaining a large following during the time of this writing with
such programs as RIPEM, PGP, and the availability of RSAREF, a RSA Public Key
algorithm library. RIPEM, and PGP (Pretty Good Privacy by Phil Zimmerman) are
both examples of RSA Public Key systems. There are two distinct parts to a
public key system, the PUBLIC key and the PRIVATE key.
o The PUBLIC key is given out to everyone you know who would want to send
you an encrypted message.
o The PRIVATE key you keep secret and do not disclose to anyone.
How it works: User A (Iskra) wants to send a message to User B (B00gerHed)
so Iskra encrypts a message to B00gerHed using BH's public key that was given
out at the last HoHoCon. No one except B00gerHed has the private key to
decrypt the message. So he takes his private key, the counterpart to his
public key, and decrypts the message sent to him by Iskra. Viola. He now sees
that the new red boxes are no longer working because AT&T has cinched up the
timing checks. However, Veggie (User C) has intercepted the encrypted message
and is trying to figure out what they are talking about. But because he
doesn't have B00gerHed's private key, he cannot read it. A successful use of
public key encryption.
There are a LOT of books on this, so that's all I'm going to say.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Books, journals et al... %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%
NOTE: A lot of the best and most complete sources of cryptography and some
algorithms are classified by the United States Government. However, there are
still a decent number I can suggest. Also, the NSA has been pushing for
legislation to require all encryption schemes to be "breakable" in a reasonable
matter of time with back doors or weaknesses so THEY can decrypt your messages.
This is a violation of your rights. I hope you would oppose such things.
Thanks to the following people for some info:
Larry Loen - lwloen@rchland.vnet.ibm.com 11/92)
cme@ellisun.sw.stratus.com (Carl Ellison) 11/92)
Alec Chambers (jac54@cas.org)
mrr@scss3.cl.msu.edu (Mark Riordan)
David Kahn, The Codebreakers, Macmillan, 1967 [history; excellent]
H.F. Gaines, Cryptanalysis, Dover, 1956 [originally 1939, as
Elementary Cryptanalysis].
Abraham Sinkov, Elementary Cryptanalysis, Math. Assoc. of Amer., 1966.
D. Denning, Cryptography and Data Security, Addison-Wesley, 1983.
[ Dorothy Denning, also wrote a paper proposing all public key ]
[ systems be required to "register" their private keys with the ]
[ NSA or other agency for decryption should the gov't feel it ]
[ necessary. ]
Alan G. Konheim, Cryptography: A Primer, Wiley-Interscience, 1981.
Meyer and Matyas, Cryptography: A New Dimension in Computer Data Security,
John Wiley & Sons, 1982.
Books can be ordered from Aegan Park Press. They aren't cheap, but they
are the only known public source for most of these and other books of
historical and analytical interest.
Write for catalog to:
Aegean Park Press
P.O. Box 2837
Laguna Hills, CA 92654-0837
Cryptologia: a cryptology journal, quarterly since Jan 1977.
Cryptologia; Rose-Hulman Institute of Technology; Terre Haute,
Indiana 47803 [general: systems, analysis, history, ...]
Gordon Welchman, The Hut Six Story, McGraw-Hill, 1982.
[excellent description of his WW-II crypto work (breaking the German
Enigma); discussion of modern cryptological implications]
--
Various books available from Artech House, 610 Washington St., Dedham, MA
02026; including:
Deavours & Hruh, Machine Cryptography and Modern Cryptanalysis.
[operation and breaking of cipher machines through about 1955]
Deavours, et al., CRYPTOLOGY Yesterday, Today, and Tomorrow.
[Cryptologia reprints - 1st volume]
Deavours, et al., CRYPTOLOGY: Machines, History & Methods.
[Cryptologia reprints - 2nd volume]
--
Cryptologia
Rose-Hulman Institute of Technology
Terre Haute, Indiana 47803
Cryptologia: a cryptology journal, quarterly since Jan 1977.
Journal of the International Association for Cryptologic Research.
[quarterly since 1988]
The RSA paper: The Comm. of the ACM, Feb 1978, p. 120.
Claude Shannon's 2 1940's papers in the Bell System Tech Journal.
Herbert O. Yardley, The American Black Chamber, Bobbs-Merrill, 1931.
[First hand history - WW-I era]
Edwin Layton, "And I Was There", William Morrow & Co., 1985.
[First hand history - WW-II]
W. Kozaczuk, Enigma, University Publications of America, 1984.
[First hand history (Rejewski's) - pre-WW-II]
Journal of Cryptology
Springer-Verlag New York, Inc.
Service Center Secaucus
44 Hartz Way
Secaucus, NJ 07094
(201)348-4033
$87/year + $8 postage & handling. Published three times a year.
Cryptosystems Journal
Tony Patti, Editor and Publisher
P.O. Box 188
Newtown, PA 18940-0188
(215)579-9888
tony_s_patti@cup.portal.com
$45/year. Published three times a year. Journal dedicated to the
implementation of cryptographic systems on IBM PC's. Emphasis on
tutorial/pragmatic aspects. Evidently all articles are written by the
publisher.
Forbidden Knowledge
P.O. Box 770813
Lakewood, OH 44107
$18 a year - make check or m/o to Darren Smith (editor). Jack Jeffries
(cj137@cleveland.Freenet.Edu) says that this is a local publication which has
articles on cryptology. That's all I know about it.
The Cryptogram
Journal of the American Cryptogram Association
P.O. Box 6454
Silver Spring, MD 20906
This is the Journal of the American Cryptogram Assocation, available by
joining the ACA. Dues are probably about $20/year by now. Published six times
a year. Contains mostly puzzles for you to solve. No techniques invented after
1920 are used, with simple substitution being the most common. Also contains
articles on classical cryptosystems, and book reviews.
The Cryptogram Computer Supplement
Dan Veeneman
P.O. Box 7
Burlington, IL 60109 USA
$2.50/issue. Published three times a year for ACA members. Newsletter
for computer hobbyist members of the ACA.
The Public Key
George H. Foot, Editor
Waterfall, Uvedale Road
Oxted, Surry RH8 0EW
United Kingdom
Cost unknown. Magazine devoted to public key cryptography, especially
amongst personal computer owners. Note that RSA's patents do not apply in
Europe, hence the existence of this magazine.
Surveillant,
Lock Box Mail Unit 18757
Washington, DC 20036-8757
6 issues/year, $48.00. Announces new acquisitions and has some news from
the intelligence field. Each issue comes with a check-off order form for books
announced in that issue.
______________________________________________________________________________
I suggest if you have the time and access to follow the Usenet groups, as
they have heaps of info. Also, reading the sci.crypt FAQ and the few online
publications including Dorothy Denning's work will help you gain a better
understanding. In fact, probably better than this hack job.
Exeunt.
_______ __________________________________________________________________
/ _ _ \|Demon Roach Undrgrnd.806/794-4362|Kingdom of Shit.....806/794-1842|
((___)) |Cool Beans!..........510/THE-COOL|Polka AE {PW:KILL}..806/794-4362|
[ x x ] |The Alcazar..........401/782-6721|Moody Loners w/Guns.415/221-8608|
\ / |The Works............617/861-8976|Finitopia...........916/673-8412|
(' ') |ftp - zero.cypher.com in pub/cdc |ftp - ftp.eff.org in pub/cud/cdc|
(U) |==================================================================|
.ooM |Copr. 1993 cDc communications by Dave Ferret 04/01/93-#226|
\_______/|All Rights Drooled Away. [cDc/K-rAd people are we]|
