Cryptography 1: Ciphers and Keys
Created | Updated Jan 28, 2002
Cryptography, otherwise known as crypto, is the art and science of scrambling a message so that nobody but yourself and your friends can read it. Obviously, this is very important for keeping national secrets safe, classified information out of enemy hands, and your love affairs away from your wife.1
We start out with a readable message, called plaintext. Then we encrypt it in various ways. The result, called ciphertext, looks like a garble, and nobody knows what it says. But if we decrypt the ciphertext message, then we will get the plaintext back to read. Only the people who know how to decrypt the message can actually read it.
ExampleAlice wants to send a kinky message to Bob (they're having an affair). Neither of them want Charlie, Alice's husband, to know what's in the message. So, to keep the message secret, Alice encrypts the message and tells Bob how to decrypt the message. Then she gives Bob the message. They both have a good giggle about it and generally have a very ticklish time.
Charlie gets a copy of the message by snooping through Bob's garbage bin. Unfortunately, he can't read the message because it's encrypted and he doesn't know how to decode it. Foiled again!
The names Alice, Bob and Charlie are traditional.
Ciphers
Messages are encrypted by means of a cipher. A cipher is simply a method of scrambling some text. Ciphers come in different strengths. Some ciphers are really easy to break. Some ciphers are hard to break. Some ciphers would take ten billion years to break if we dedicated the entire world's computing power to it... by which time the sun would have gone nova and engulfed the earth.
Here is an example of an easy cipher to break:
.thgin yb sklaw tunaep ehT
The cipher is called Reversing Thee Message and it works by writing the message backwards. Decrypted, the message would read:
The peanut walks by night.
Here is an example of a slightly harder cipher to break:
Gur wbhearl vf gur erjneq.
The cipher used here is called Rot-13. It works by taking every letter in the message, and pushing it 13 spaces down the alphabet to the right.2 So, every instance of the letter A in the plaintext gets translated to N in the encrypted text. Every B maps to O. Every C maps to P. And so on. Once they get past Z, they loop back to A again, like this:
Plaintext letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext letter: NOPQRSTUVWXYZABCDEFGHIJKLM
To decrypt, just work backwards. The decrypted message is:
The journey is the reward.
This cipher is also known, somewhat generically, as a Caesar cipher. In Ancient Roman times, Julius Caesar used a similar method to send messages to his armies. The cipher is part of a larger category called substitution ciphers, where every letter of the alphabet is substituted for another letter.
We can also encrypt our messages with more than one cipher. This message has been encrypted with both Rot-13 and Reversing Thee Message. See if you can decrypt it. (It should be strangely familiar to a Hitchhiker's Guide reader such as yourself.)
?rava lo kvf lycvgyhz hbl aruj grt hbl bq gnuJ
Finally, here's an example of a very hard cipher to break. It's so hard, it's virtually uncrackable. (If you break this, post a message to the forums and we'll see how famous we can make you. Very famous. World famous.)
-----BEGIN PGP MESSAGE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
qANQR1DDDQQDAwKd+w/vUkf602DJIdbImqMuAeCyatCDb3CgMIlMzdrzVOiqBicA
K6wllGXeKQ==
=3TPM
-----END PGP MESSAGE-----
That particular message was encrypted with a cipher called CAST, by a computer program called Pretty Good Privacy (PGP).
Keys and Passwords
Sometimes, for an extra layer of security, you can encrypt your messages with a key. A key is essentially a variation on a cipher. For example, Rot-13 could be modified to be Rot-12, or Rot-14.3 In this way, even if your enemies know how a cipher is broken, they still wouldn't be able to do anything without the key.
Some of the fancier, high-tech ciphers can use passwords as their keys. So even though you know how the cipher works, you can only decrypt the messages if you know the password. You may have heard of terms like 40-bit, 56-bit, 128-bit key. The bits refer to the length of the keys when you're encrypting... a 40-bit key typically has a 5-letter password, a 56-bit key has 7 letters, a 128-bit key has 16 letters.4
But the key is often a different thing from the password. In public-key crypto (which will be covered later), the public key is randomly made by the computer, and the password is used to access the public key. (It's done this way because it's faster and just as secure.)
The password is used to access the key. Sometimes, they just happen to be the same thing.
If you want to decrypt something that you've intercepted, but you don't know the password, there are various devious ways you could find it out. One of these ways is called brute force. It basically involves guessing the password. And guessing. And guessing. Millions, billions of times. It can take some time. But eventually, you'll guess the password.
Because of the way mathematics works, messages encrypted with long keys (such as 128-bit keys) are harder to crack by brute force, simply because there are many more key combinations. 40-bit encryption is generally not considered secure enough for everyday use, because computers can try every combination in a matter of days. 56-bit encryption is marginal. 128-bit or longer encryption is the best.
Other ways of getting the password are looking over the reader's shoulder as he types it out, sitting in an FBI van outside his house and reading the signals his keyboard or monitor makes, picking through his trash, impersonating him, or merrily torturing him.
ExampleAlice sends Bob a message. The cipher used is similar to Rot-13, except the number is different. Alice and Bob both know the number (which we'll call the key). Charlie intercepts the message. He knows that the cipher is a variant on Rot-13, but without the key, he doesn't know how many spaces he should rotate the letters to decrypt the message.
Since Charlie doesn't have the patience to try the 25 different key combinations, he resorts to the honourable method of Torture and gently stretches Alice's towel until she breaks down and tells him the key. He then decrypts the message and saves the day.
Pertinent Links
- Cryptography 1: Ciphers and Keys<
- Cryptography 2: Public-Key Crypto
- Cryptography 3: Digital Signatures
- Cryptography 4: Crypto Today