bit-tech.net

A field guide to crypto

Introduction

Cryptography - the very word speaks of mystery, secrets, and a good storyline. In fact, what most of us know about the subject revolves around exactly those terms. Its history and usage are often portrayed as shrouded secrets, where the only data valuable enough to deserve such treatment involves the national security of some nation. For most of us, the very concept brings up images of the CIA or MI6.

Hollywood and suspense writers have done little to disabuse us of this notion, with some of the greatest novels and movies focusing around the cloak and dagger portrayal of coded messages. That image isn't entirely wrong, either - even back before medieval times, cryptography was used to conceal plans to overthrow governments and assassinate church leaders. Computers have been a tremendous aid to that, allowing much more complex algorithms, elaborate keys and longer messages.

But whether you envision encryption as something out of James Bond, A Beautiful Mind or The Recruit, it's just all just one sliver of the really big world of cryptography. Computers haven't just made it more complex, they've also made it far more accessible. Crypto has a much bigger role in our day-to-day lives, one that we should be embracing for our own privacy and security.

Of course, to do so requires that we take some of the magic and mystery out of the show. So settle in, put your math brain on "blast," and get ready. It's time to get a basic understanding of cryptography - what it is, how we can use it, and what tools are available to us.

A field guide to crypto Cracking the Code A field guide to crypto Cracking the Code

Numbers, numbers everywhere

Contrary to popular belief, cryptography is not just a numbers game. Broadly defined, crypto is the reversible transformation of communication to make it less likely to be understood by anyone other than the intended recipient. At its most basic level, it is the math of communication.

This means there is the possibility for cryptography in pretty much anything where there is a message and a recipient. Have you ever been to a grocery store and had a couple in line speaking a different language? That's cryptography at work - a message between two people where it is liable to be intercepted, but those outsiders are more likely to not understand it.

Most data that we store on computer is a form of communication and computers are phenomenal at math, so it's no wonder that the two often intersect. Whether it's a video to watch later, an email to a friend or the password to your banking account, your data can be safely shielded from prying eyes. But why would you, who has nothing to hide anyway, care so much about concealing it?

First of all, crypto is not concealing anything - it's simply keeping it private. You can't hide the basic fact that there is data there, no matter what fancy algorithms you use. Instead, the point is simply to keep the recipient list to a minimum - whether that recipient be you or someone else. Cryptography, in all of its many forms, is about access control.

A field guide to crypto Cracking the Code A field guide to crypto Cracking the Code
Encryption can be about privacy, not concealment.

Now, why you might want to do that is a lot easier question. Most people, when given the choice, will prefer to keep their personal info to themselves - but perhaps you let others use your computer, or would like to access your private data on someone else's? Perhaps you live in a college or at home where your machine cannot be assured it's you sitting at the keyboard - the security is not there. Maybe you want to check your email at work, but don't want everyone knowing your business thanks to a prying Sys-Admin?

Even if those don't apply (which, face it, for most of us, they do), there is always the potential for your computer to be hijacked by a hacker or virus that is designed to leech your private info and make it all too public. Stored passwords, address books and even corporate email can become someone else's property. And to top it all off, data snooped off of hard drives is now being admitted into evidence in criminal and civil proceedings in US and the UK, which is happening more thanks to organizations like the RIAA and laws like the US Patriot Act.

Yep, for all intents and purposes, it's a brave new world out there. And "out there" is a big place that your data often has to traverse to get to its intended destination. With all that in mind, who wouldn't want it to be a little more secure?

We have our reasons and we have our understanding of what crypto is and isn't. So now let's get into the real meat: how it's implemented and what tools are at our disposal.