In part one, I covered some terminology and the different categories of ciphers. In part two, I covered hashes (used in a large part of the modern Web, including blockchain technology and cryptocurrencies).
This part covers breaking/cracking ciphers, the process of finding the plaintext from the cyphertext when one is unable to decrypt it with a known key.
Breaking Ciphers
No, not torturing the character from The Matrix until he betrays Morpheus
Eye Doctor: Hop up on the chair. Don't break it now.
— South Park; S03E03: "The Succubus"
If you make it, someone will try to break it. With enough time and energy (hopefully centuries, rather than weeks, months or years), they will succeed. In the best case, whatever you're hiding/protecting will no longer be relevant by then (and thus not worth the effort, your porn stash being a possible exception).
As has been mentioned in prior parts, older cipher algorithms (all the way back to Greek and Roman times) tend to be insufficiently complex and thus vulnerable to being easily cracked.
Not-So-Secret Keys
Just as you should keep your car keys away from people who could steal your car, you should keep your secret keys away from people who you don't want reading your communications or monitoring your activity. Just as you shouldn't write down your passwords and leave them in plain sight (lock your drawers and safes), you shouldn't share your keys over insecure mediums (including non-encrypted emails). The same applies to the seed phrases for your cryptocurrency wallets.
One of the problems with this is that you have to share the keys at some point, otherwise the intended recipients of encrypted messages won't be able to read them. This is partially solved by public/private key pairs, in which multiple people can use the same public key to encrypt a message, but only the person (hopefully not people) with the corresponding private key can decrypt it. (This means that the public key need not be as closely guarded as the private key, although you shouldn't give it out willy-nilly.) It's a bit like the double door system employed by many banks, in which you've got to wait for the first locked door to open, but can still be refused entry through the second (in which case security likely escorts you out). You're most likely not getting access to the vault, though.
Sfsqdkw Lzak!
Cryptanalysis is the art/process of examining ciphers for vulnerabilities and breaking ciphertext. Not surprisingly, the NSA (and equivalent organisations in China and Russia) employ(s) many cryptanalysts. (If I'm not mistaken, that's part of what Edward Snowden did when he worked for the NSA.)
Size Matters
"Key-length is mentioned a lot in books and articles about cryptography. That’s because the longer the key (drum roll, please), the harder it is to guess what the key is!"
— Chey Cobb; Cryptography for Dummies
Despite all the fan-fare that has been made about the importance of complexity, length is better than complexity (although a combination of the two is better still). Modern algorithms require a key length of at least sixteen bytes, although some require as many as thirty-two bytes.
If you know the mapping between a plaintext word or character and its equivalent in ciphertext, it makes cracking a ciphertext much easier, by allowing you to perform 1:1 substitution. (This is one of the reasons why the rotation algorithms are so easy to crack.) Given enough time, it might be possible to discover the key (or the flaw in the algorithm that created it.)
When attempting to break a cipher, the first thing to look for is a pattern. For example, looking for the letters E and T (the two most commonly-used letters in English) might be a starting point.
Another popular method is known as "brute forcing" (or an "exhaustive search"). This requires a lot of computing power (since it's trying many different combinations in short succession). Thanks to nVidia being first to make it possible to run a C/C++ program (not just one involving graphical functionality) on a GPU (provided it uses the cuda library), it's possible to get hold of that power fairly easily/inexpensively (relative to the cost of a supercomputer, that is). Without it, mining crypto wouldn't be a thing doable by almost anyone with a computer and a chunk of disposable income. (Given the time it takes to mine a block, I'm fairly certain that mining calculates and verifies hashes, rather than cracks them. The point is that it's possible to use GPUs for cryptographically intense processes.) Many computers working in parallel (such as a botnet or farm) can sometimes prove more effective than a single computer specifically set up for the purpose of cryptanalysis (not including ASICs).
It is because of the popularity of using brute force that it's important to have a long key (why size matters). The bit size of the key determines the power to which 2 is raised. (A sixteen-bit key, which is two bytes, has 2**16 possible combinations of ones and zeros. A 32-bit key has 2**32 possible combinations, and so on. A 128-bit key is often recommended as a good minimum, although 512-bit keys are not uncommon.)
Note: To convert from bits to bytes, divide by eight (8). To convert from bytes to bits, multiply by eight.
Désolé, DES
DES (which stands for "Data Encryption Standard", not that you need to know that) had a 56-bit (7 bytes) key requirement. (It was designed to use 128 bits, but politics interfered and it was broken from the start.) In 1997, it took a distributed system using brute forcing approximately two hundred and fifty (250) days to crack a message encrypted with DES. Given how computing power has advanced in the decades since then, it would take far less than several months to crack now. You can even find DES-cracker software on Github, for that matter. In short; don't use DES for encryption. Use AES instead (at least until such time as it's cracked.)
That is all for this part. In the next part, I'll cover cryptography systems. (It's not enough to be able to generate keys and use them to encrypt and decrypt data. You need to decide how you are going to use them consistently and safely.)
Post thumbnail: Photo by Pixabay on Pexels