What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

More on crypto...

The algorithm used to encrypt with a Ceasar cipher took place in the guys'
little pointed heads instead of in a computer and went like this:

1. Look at the plaintext letter
2. Count four letters down the alphabet
3. The letter you end up with is the ciphertext
4. Write that letter down.
5. Move to the next plaintext letter

You just read an algorithm!

The guys would start at the top of the message and do this over and over
until the enciphering was done.  The decryption steps were the same as above
but done backwards, counting four letter UP the alphabet.  That's an
algorithm.

Algorithms used in ciphers today are seriously complicated, but are based
around the same idea of taking a math action and turning it into an
automatic process that goes until it solves a problem, in this case the
problem of encrypting and decrypting stuff.  Have you heard names like
"RSA," "IDEA," "DES," "Blowfish," "CAST," and "El Gamal?"  Those are the
really popular algorithms (Except for DES. DES is the old unpopular one
that's getting a little weary and tired).

To make things more confusing, sometimes the algorithms that encrypt and
decrypt are different.  We'll go into why later, but just remember, the
"encryption algorithm" turns plaintext into ciphertext, and the "decryption
algorithm" turns ciphertext back into plaintext.

Now what
 

C. The key to it all
 
 Awright, chitlins, this is the funnest part.  The key to the cryptosystem!
Keys are super-important.  A key is the special information that the
algorithm uses in its job of encrypting and then later decrypting messages.
 
 If you're thinking about a key as in how you lock your house, you is right
on de' money.  Your key to your house has to fit your lock perfectly.  It
has to be able to lock AND unlock your house.  Most importantly, it has to
be different from most other keys, so your neighbor can't just wander into
your locked house with HER key and dig into your chips and guacamole.  Like
she lives there or something, sheesh!  I get really bitter when that
happens.  Keys are important.
 
 The cryptosystem key is what makes the encryption different for everybody
that uses it.  People have to use the same algorithm to encrypt and decrypt
stuff, so there has to be something in the whole chain that is used to make
your encryption special.  The algorithm HAS to have a special key, not like
anyone else's.
 
 Back in the old days people would use passphrases like Bible quotes and
sayings as keys.  Then they would use numbers.  The smart ones would use
both.  What they could use as a key depended a lot on what kind of a system
they used.
 
 Now when we actually look at today's keys, they look like big blobs of
numbers and characters and who knows what else.  This is the first few lines
of one of my public keys, check it out:
 
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: PGP for Personal Privacy 5.0
 
 mQGiBDU3uhARBAD6JcwWAU68HZUtONoew0sB24wr5v9YCDEPHy4rb/141+l4pOOh
 qgvogHAaulE6qmy8fePWuPtJKGOJXoVKlalZIs1ibi+aiOwqwFDHTEp8dQBlHXDB
 edc+USPh7WBms08RmEHotZwrJJfBdKWLjldzoe5oBLSb+LKs5Q+SB8GjMwCg/3C2
 
 Nuts, huh?  Important thing: that is just the "text" way of showing
something that the computer really sees as 100% digital.  If you looked at a
digital "binary" (that means ones and zeroes) version of that same key the
way the algorithm has to work with it, it'd be way bigger and would look like:
 
 110101 110011 10001110010011 111110100101010101011010 110011
 1111101001 10101010110 0011111010010101 1010110100 100101011
 110101 110011 00101010101011010 110011 10001110010011 111110
 
 ... and on and on and on.
 
 ~~~~~~~~~~~~~~~~~~~~~~~~ Head Exercise ~~~~~~~~~~~~~~~~~~~~~~~~
 Pretend for a second that you're the algorithm.  You're the process that
the program repeats over and over to encrypt the data.  This is what you
would do:
 
 First off, you would be waiting inside the PC wishing the air conditioning
worked.  Then the user would type a letter that they wanted encrypted.  As
soon as they clicked on the program to encrypt the message, the program
would kick you in the behind and swing you into action.
 
 You would take the person's key in one hand, and only take a little piece
of the message in the other, and start adding them to each other and mashing
them around together till you were finished with that piece of message.
Then you would grab the next piece of the message, the same key, and do it
over again.  You would repeat this until all of the text looked like it was
put through a meat grinder.
 
 The way you would know your job was done with each piece of text (called
"blocks" by cryptopeople) was when you had done however many steps (called
"iterations" by cryptopeople) you were supposed to on that block.  That
would be your signal to move on to the next block.  The way you would know
you were done with the whole shebang was when you ran out of pieces of text
to encrypt, or should I say - when you ran out of "blocks" of "plaintext" to
perform "iterations" on.
 
 Do me a favor, think about whether or not you would have understood that
last sentence before you started reading this ... it sounded cool anyway -
Heh heh heh.
 
 So to sum up: the algorithm does all the freaky mish-mashing on your
message using the unique key as the tool.  That is what makes the encryption
of a message different for each person, because each person has a different key.
 
 So that's the part of the algorithm where the key "fits in."
 
 Get it?  "Fits in?"  Nevermind.
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
D. How do you make a key?
 
 The way the key is generated is really super important.  It's also the
easiest part for you because the software you're using will do all that for
you.  Each crypto program will have different crazy ways of making its keys.
Some of them tell you to swirl your mouse around and pound on your keyboard
for a while.  Why do you do this?  The answer is simple: random data.
 
 You have to use as much random and unpredictable stuff as you possibly can.
The reason for this is that if you use really predictable and non-random
information like the date and your name to make a key, some attacker who
wanted to read your encrypted email could guess what your key is really
easily by playing with that kind of info until he had it right.  If people
can guess your stuff THAT easy, sheesh what's the point?  That ain't real
cryptography, it's kindergarten cryptography.  You HAVE to have random
numbers in a cryptosystem.
 
 ~~~~~~~~~~~~~~~~~~~ Head Exercise ~~~~~~~~~~~~~~~
 Random numbers are tougher to come up with than you might think.  Here's an
example of what I'm talking about:
 
 Pretend for a second that your crypto program comes up with keys by taking
the date, say 1-15-98, and multiplies it by 50 (011598 x 50 = 579900) and
then randomly comes up with another number by multiplying two double digit
numbers (like 36 x 73 = 2628 and then multiplies them all: 1523977200 is the
result.
 
 That's 1011010110101100000101111110000 in binary form.  Looks pretty
random, huh?  But it's not at ALL.
 
 A cryptanalyst can come along and take the output of all possible dates
multiplied by 50 (there's only 365 numbers it could be), and then go through
all those and multiply them by non-prime integers between 1000 and 9801
(there are only so many products of double digit numbers) and he will have
your key before you can blink.
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 This is where we have more help from programmers.  They write programs
called "Random Number Generators."  They're super high-tech programs way
deep inside the key-making programs that use really strange stuff (like
static) and weird things (like how you type) to come up with freaked-out
numbers that NOBODY would have predicted.  These Random Number Generators
are often just called RNGs and are a real vital part of making a key.
Always remember that the program for generating a key is one of the most
intense and crucial parts of any cryptosystem.  

More crypto--->>


Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

Return to the index of Guides to (mostly) Harmless Hacking!

 © 2013 Happy Hacker All rights reserved.