Post by Acid Burn on Jun 19, 2006 13:25:57 GMT
--------------------------------------------------
C/O :: Acid Burn of Oblivion Realm
--------------------------------------------------
As today's world grows more and more dependent on technology and digital
communications, the need for information security is glaringly obvious.
Thanks to the high wages paid per word to me by Dr4g, I am here to present
a series of tutorials offering a glimpse into the world of cryptography.
============
WARNING!!!
============
There is no real way to communicate how cryptosystems work without the use
of math. And by math, I mean statisical probability, algorithmics, and
everyone's favorite, number theory. But don't fret! I'll include a handy
explantion of such concepts as the rear their ugly heads. However, if the
situation arises that you have no idea what you have just read, come find me
and ask away and i will try to help.
******************************************
Cryptographic Basics: Who, WTF?!, and How
******************************************
The world of cryptography is composed of 3 types of people :
1) those who find ways to encipher data – Cryptographers
2) those who find ways to break ciphers – Cryptanalysts
3) those who do both and are locked away in dimly lit labs owned by the NSA – Cryptologists
Here we have the circle of life for the world of Cryptography. Well, to be honest,
it's more like a game of Pong, with Cryptographers and Cryptanalysts bouncing
algorithms off each other (the Cryptologists play against themselves, one controller
in each hand). For those of you not acquainted with Cryptographic terms, a cipher
is a word used to describe the system by which the original data was turned into
code. So somebody trying to break a cipher is looking for a way to get the original
data from the code. The process enciphering data is simply taking the original data
and running it through a cryptosystem in order to generate encoded data. Now, a
cryptosystem has actually been a pretty varied thing: in ancient times it was just
a process (or algorithm if you want to be technical) by which a message was scrambled,
today we have both encryption algorithms and keys. Only having an algorithm to encipher
data is not a good idea, and such primitive systems were literally the death of many
historical figures. However, the use of a unique key as an additional safeguard has
allowed for much improved system integrity.
============================================
Here's how today's basic cryptosystem works:
============================================
We have 2 algorithms, one for encrypting the data, and one for decrypting. Next, we have,
in my opinion, the most important invention of cryptology to date, the key. The last
necessary item is the data, which is also commonly referred to as plaintext. The easiest
way to show how these things work is through a mathematical example. If you haven't had
multivariable calculus yet,
Here's a sidetrack to a quick synopsis of multivariable functions:
Lets say you have a regular function, y = f(x) where f(x) is some function
like x2 + 3 . Now, for a multivariable function, z = f(x,y) where f(x,y) is
a function with both x and y as variables like x + 3x2y + 8y. The main point
here is that in a multivariable function, both x and y can be anything inside
the domain of the function z, and that z is dependent on both x and y.
Now, back to how we can rationalize a basic cryptosystem. If we have the encryption
algorithm F, plaintext T, key K, and cyphertext C, then:
C = F( T, K )
F acts like a multivariable function, similar to a case of z = f(x,y) . Now, in order to
decrypt the cyphertext and get the original plaintext, we'll have to use decryption
algorithm D. So now we use:
T = D( C, K )
By implementing the decryption algorithm with the correct key, we are able to generate the
original plaintext message. This type of basic encryption scheme is referred to as a
symmetric cypher. If you've ever used Blowfish or Twofish to encrypt data, you've been using
a symmetric cypher.
=============================
On the importance of the key:
=============================
First of all, it's quite obvious that without the correct key, there is absolutely no way to
generate the original message from the cyphertext. However, this raises the question, “What if
we know the method used to generate the cyphertext?” If F is known, there is still a rather
slim chance at brute-forcing the original message. Granted, it can be done, but the time it
would take is immense, especially when considering the following example. Lets say that you
have a 256-bit maximum allotment in F for K. That means that there are 2^256 possible values
for K. To make matters worse, can be some occasions where different values of K yeild
differeing coherent messages. Brute-forcing even a simple encryption algorithm would take days
at that rate. Keep in mind that having a base 8 or base 16 key would take even longer to decrypt.
This brings us to my closing point for today's initial publication:
Auguste Kerckhoff, a 19th century cryptographer postulated 6 principles of cryptography, however,
only 1 of them is actually useful still and is referred to as Kerckhoff's principle. This states
that the strength of an encryption system should lie only in the difficulty an outsider has in
determining the key. In accord with this, and as stupid as this may sound, cryptographers only
tend to trust public symmetric ciphers. Their reasoning for this is because unpublished symmetric
cyphers are not open to the scrutiny of the community, and while it can be assumed that
cryptographers are skilled in their art, the field is so large that is impossible for any one
team or corporation to have working knowledge of all cryptanalytic methods and attacks.
-------------------------
Note: Credit for these productions goes out to many sources, as mathematical and cryptographical
knowledge are definitely not innate. The work above is the original writings of Acid Burn of the
Oblivion Realm community, however, the ideas and theories presented are not.
C/O :: Acid Burn of Oblivion Realm
--------------------------------------------------
As today's world grows more and more dependent on technology and digital
communications, the need for information security is glaringly obvious.
Thanks to the high wages paid per word to me by Dr4g, I am here to present
a series of tutorials offering a glimpse into the world of cryptography.
============
WARNING!!!
============
There is no real way to communicate how cryptosystems work without the use
of math. And by math, I mean statisical probability, algorithmics, and
everyone's favorite, number theory. But don't fret! I'll include a handy
explantion of such concepts as the rear their ugly heads. However, if the
situation arises that you have no idea what you have just read, come find me
and ask away and i will try to help.
******************************************
Cryptographic Basics: Who, WTF?!, and How
******************************************
The world of cryptography is composed of 3 types of people :
1) those who find ways to encipher data – Cryptographers
2) those who find ways to break ciphers – Cryptanalysts
3) those who do both and are locked away in dimly lit labs owned by the NSA – Cryptologists
Here we have the circle of life for the world of Cryptography. Well, to be honest,
it's more like a game of Pong, with Cryptographers and Cryptanalysts bouncing
algorithms off each other (the Cryptologists play against themselves, one controller
in each hand). For those of you not acquainted with Cryptographic terms, a cipher
is a word used to describe the system by which the original data was turned into
code. So somebody trying to break a cipher is looking for a way to get the original
data from the code. The process enciphering data is simply taking the original data
and running it through a cryptosystem in order to generate encoded data. Now, a
cryptosystem has actually been a pretty varied thing: in ancient times it was just
a process (or algorithm if you want to be technical) by which a message was scrambled,
today we have both encryption algorithms and keys. Only having an algorithm to encipher
data is not a good idea, and such primitive systems were literally the death of many
historical figures. However, the use of a unique key as an additional safeguard has
allowed for much improved system integrity.
============================================
Here's how today's basic cryptosystem works:
============================================
We have 2 algorithms, one for encrypting the data, and one for decrypting. Next, we have,
in my opinion, the most important invention of cryptology to date, the key. The last
necessary item is the data, which is also commonly referred to as plaintext. The easiest
way to show how these things work is through a mathematical example. If you haven't had
multivariable calculus yet,
Here's a sidetrack to a quick synopsis of multivariable functions:
Lets say you have a regular function, y = f(x) where f(x) is some function
like x2 + 3 . Now, for a multivariable function, z = f(x,y) where f(x,y) is
a function with both x and y as variables like x + 3x2y + 8y. The main point
here is that in a multivariable function, both x and y can be anything inside
the domain of the function z, and that z is dependent on both x and y.
Now, back to how we can rationalize a basic cryptosystem. If we have the encryption
algorithm F, plaintext T, key K, and cyphertext C, then:
C = F( T, K )
F acts like a multivariable function, similar to a case of z = f(x,y) . Now, in order to
decrypt the cyphertext and get the original plaintext, we'll have to use decryption
algorithm D. So now we use:
T = D( C, K )
By implementing the decryption algorithm with the correct key, we are able to generate the
original plaintext message. This type of basic encryption scheme is referred to as a
symmetric cypher. If you've ever used Blowfish or Twofish to encrypt data, you've been using
a symmetric cypher.
=============================
On the importance of the key:
=============================
First of all, it's quite obvious that without the correct key, there is absolutely no way to
generate the original message from the cyphertext. However, this raises the question, “What if
we know the method used to generate the cyphertext?” If F is known, there is still a rather
slim chance at brute-forcing the original message. Granted, it can be done, but the time it
would take is immense, especially when considering the following example. Lets say that you
have a 256-bit maximum allotment in F for K. That means that there are 2^256 possible values
for K. To make matters worse, can be some occasions where different values of K yeild
differeing coherent messages. Brute-forcing even a simple encryption algorithm would take days
at that rate. Keep in mind that having a base 8 or base 16 key would take even longer to decrypt.
This brings us to my closing point for today's initial publication:
Auguste Kerckhoff, a 19th century cryptographer postulated 6 principles of cryptography, however,
only 1 of them is actually useful still and is referred to as Kerckhoff's principle. This states
that the strength of an encryption system should lie only in the difficulty an outsider has in
determining the key. In accord with this, and as stupid as this may sound, cryptographers only
tend to trust public symmetric ciphers. Their reasoning for this is because unpublished symmetric
cyphers are not open to the scrutiny of the community, and while it can be assumed that
cryptographers are skilled in their art, the field is so large that is impossible for any one
team or corporation to have working knowledge of all cryptanalytic methods and attacks.
-------------------------
Note: Credit for these productions goes out to many sources, as mathematical and cryptographical
knowledge are definitely not innate. The work above is the original writings of Acid Burn of the
Oblivion Realm community, however, the ideas and theories presented are not.