Audience: lecturers, professsors from various engg colleges at aicte sponsored workshop on “ web security” at rvrjc guntur
Date : 25-11-08
Bloggernama…
Recently, a true random number generator has been offered for free use online; see the website here. The service owners are very explicit about what such a generator is useful for, and their focus is on scientific simulations. Unfortunately, however, there is also a mention of security and although they state that this feature is not yet implemented, reports on the generator mention cryptography as and application.
It is true that cryptography needs random numbers (or, more accurately, random bit strings). However, these random numbers are used to define cryptographic keys that must be secret. A truly random string that is not secret has zero cryptographic value. So, now you should ask yourself whether you really think that it's a good idea to download your secret key from someone else's website. At the moment, there is no protection on the service so anyone could eavesdrop on the random bits that are downloaded. However, even if the service is protected, do you want anyone else to have access to all of your secret keys?
Using an online random number generator for cryptographic purposes is probably one of the worst ideas possible. It is much much much better to use a pseudorandom generator on your local machine. Having said that, there are hardware random generators available for local machines and these are preferable. Smartcards that generate random strings are also preferable. If you must use software only, make sure you use a call to the operating system (and not some C random() function with the date as a seed; this is so not random that you may as well download your secret keys from an open website).
Yet another security flaw has been found in Microsoft Word that enables an attacker to take complete control of a system via a maliciously generated Word file. You can see more information on the flaw at FrSirt and the Microsoft Security Response Center. Security organizations and Microsoft are advising users to be cautious when opening email attachments from unknown senders. Well, this is good advice, but it has nothing to do with the latest flaws that have been found.
It's important to differentiate between two distinct issues. First, software developers have the ultimate responsibility for ensuring that their products are free of bugs, and especially free of security bugs. Second, and irrespective of this, users are responsible for their own behavior and must understand that security bugs in software are likely to always exist. We need not be surprised at new warnings and must be cautious at all times, not just when a new flaw is discovered. How many times are users cautioned to not open attachments when they don't know the identity of the sender? How many times are users informed that they must regularly download the latest available security patches? How many times are users warned to not download "neat applications" from unknown sources on the Web? And the list goes on and on and on.
I want to stress that I am not diminishing the responsibility of Microsoft or any other software developer to release secure products. However, users have to understand that these bugs are not going to disappear. We can therefore choose to just complain and point fingers at Microsoft (or whoever has developed the buggy software), or we can take responsibility for ourselves and stop assuming that modern computers are secure. Modern computer systems are not secure and they probably won't be for a very long time. Let's just be careful!
Just to end with an anecdote, about five years ago I found myself in an airport with a cool machine that enabled anyone (for free) to video themselves and have the short video sent as an email. So, I sent my wife a short video telling her how much I missed her. When I was asked to enter a subject, I unthinkingly wrote "I love you". A few minutes later my wife received an email with the subject "I love you" (as in the I-Love-You virus) from an unknown email address (being the email of the airport), containing a video attachment. The first thing she did was close her email program, disconnect her machine from the network and call her IT team. Well, I felt pretty silly when they found out what caused all the fuss. However, at least I know that my family is careful. :-)
The Ill Effects of Banning Security Research
The Indian police are having trouble with SIM card cloning:
Police had no idea that one SIM card could be used simultaneously from two handsets before the detention of Nazir Ahmed for interrogation. Nazir was picked up from Morigaon after an SMS from his mobile number in the name of ISF-IM claimed responsibility for Thursday's blasts in Assam.
Nazir had a Reliance connection and an Eve handset. Each handset of this particular model has a unique International Mobile Equipment Identity (IMEI) number. Cops found that two IMEI numbers were using the same SIM. Accordingly there were two record sheets of calls and SMSes from Nazir's mobile number. The record of the SMS to the media was found in only one sheet, which forced police to believe that Nazir's SIM might have been cloned and someone else was using the duplicate card, with or without the owner's knowledge.
"We stumbled upon this technological surprise that Nazir Ahmed's SIM card was used in two handsets," Assam IG (Law and Order) Bhaskarjyoti Mahanta said.
So far, not that interesting. There are lots of vulnerabilities in technological systems, and it's generally a race between the good guys and the bad guys to see who finds them first. It's the last sentence of this article that's significant:
The experts said no one has actually done any research on SIM card cloning because the activity is illegal in the country.
If the good guys can't even participate, the bad guys will always win.
U.S. Court Rules that Hashing = Searching
Really interesting post by Orin Kerr on whether, by taking hash values of someone's hard drive, the police conducted a "search":
District Court Holds that Running Hash Values on Computer Is A Search: The case is United States v. Crist, 2008 WL 4682806 (M.D.Pa. October 22 2008) (Kane, C.J.). It's a child pornography case involving a warrantless search that raises a very interesting and important question of first impression: Is running a hash a Fourth Amendment search? (For background on what a "hash" is and why it matters, see here).
First, the facts. Crist is behind on his rent payments, and his landlord starts to evict him by hiring Sell to remove Crist's belongings and throw them away. Sell comes across Crist's computer, and he hands over the computer to his friend Hipple who he knows is looking for a computer. Hipple starts to look through the files, and he comes across child pornography: Hipple freaks out and calls the police. The police then conduct a warrantless forensic examination of the computer:
In the forensic examination, Agent Buckwash used the following procedure. First, Agent Buckwash created an "MD5 hash value" of Crist's hard drive. An MD5 hash value is a unique alphanumeric representation of the data, a sort of "fingerprint" or "digital DNA." When creating the hash value, Agent Buckwash used a "software write protect" in order to ensure that "nothing can be written to that hard drive." Supp. Tr. 88. Next, he ran a virus scan, during which he identified three relatively innocuous viruses. After that, he created an "image," or exact copy, of all the data on Crist's hard drive.
Agent Buckwash then opened up the image (not the actual hard drive) in a software program called EnCase, which is the principal tool in the analysis. He explained that EnCase does not access the hard drive in the traditional manner, i.e., through the computer's operating system. Rather, EnCase "reads the hard drive itself." Supp. Tr. 102. In other words, it reads every file-bit by bit, cluster by cluster-and creates a index of the files contained on the hard drive. EnCase can, therefore, bypass user-defined passwords, "break down complex file structures for examination," and recover "deleted" files as long as those files have not been written over. Supp. Tr. 102-03.
Once in EnCase, Agent Buckwash ran a "hash value and signature analysis on all of the files on the hard drive." Supp. Tr. 89. In doing so, he was able to "ingerprint" each file in the computer. Once he generated hash values of the files, he compared those hash values to the hash values of files that are known or suspected to contain child pornography. Agent Buckwash discovered five videos containing known child pornography. Attachment 5. He discovered 171 videos containing suspected child pornography.
One of the interesting questions here is whether the search that resulted was within the scope of Hipple's private search; different courts have approached this question differently. But for now the most interesting question is whether running the hash was a Fourth Amendment search. The Court concluded that it was, and that the evidence of child pornography discovered had to be suppressed:
The Government argues that no search occurred in running the EnCase program because the agents "didn't look at any files, they simply accessed the computer." 2d Supp. Tr. 16. The Court rejects this view and finds that the "running of hash values" is a search protected by the Fourth Amendment.
Computers are composed of many compartments, among them a "hard drive," which in turn is composed of many "platters," or disks. To derive the hash values of Crist's computer, the Government physically removed the hard drive from the computer, created a duplicate image of the hard drive without physically invading it, and applied the EnCase program to each compartment, disk, file, folder, and bit.2d Supp. Tr. 18-19. By subjecting the entire computer to a hash value analysis-every file, internet history, picture, and "buddy list" became available for Government review. Such examination constitutes a search.
I think this is generally a correct result: See my article Searches and Seizures in a Digital World, 119 Harv. L. Rev. 531 (2005), for the details. Still, given the lack of analysis here it's somewhat hard to know what to make of the decision. Which stage was the search — the creating the duplicate? The running of the hash? It's not really clear. I don't think it matters very much to this case, because the agent who got the positive hit on the hashes didn't then get a warrant. Instead, he immediately switched over to the EnCase "gallery view" function to see the images, which seems to be to be undoudtedly a search. Still, it's a really interesting question.
How difficult do you think that it is to find credit card numbers? Amazingly, it's easier than easy, as described in this Slashdot article. As hard as it is to believe, it turns out that you can just search for credit card numbers on Google, and you'll actually find them. This is because some people write such bad web applications that the received credit card numbers are stored in open directories on their web server. There is no problem with SSL and how the credit card numbers are transferred. The problem is that the numbers are not securely stored.
So, what can we do about this? Unfortunately not very much. You should always buy goods from reliable vendors, but this is true irrespective of the above (and even reliable vendors can have buggy software). The bottom line is that we are at the mercy of others when it comes to security. The only thing that we can do is to demand high security and penalize companies that do not provide it. This is a slow process, but maybe it can eventually help.
Of course, for those of us in the security industry, it's clear what our responsibilities are. Let's just hope that we live up to them.
This post is a bit exceptional because it doesn't say much about computer security. However, it does say a lot about the public's perception about computer science - a science that is significantly pushing forward the computer era. The underlying ideas used by Google, for example, in its search engine are based on deep mathematical concepts and algorithms that were previously perceived to belong only to the realm of theoretical computer science. (The basic concept used by Google is that of random walks on graphs, if you must know.) Another example that is closer to my heart is that academic research in cryptography has had huge effects on the encryption schemes and protocols that we use every day to secure our computers and networks. This effect is so strong that protocols published in
Nigerian and Stock Scams and Other Spamming Successes
by Andrew Y. Lindell
I guess that I am somewhat naive when it comes to the schemes that people actually fall for. I know that my bank will never send me an email asking me to verify my details, so I ignore all such emails (although, I do understand why people fall for this). I know that no Nigerian is waiting to give me thousands of dollars for doing almost nothing, so I laugh at these emails too. Finally, I would never buy stock that I've never heard of because I received an email telling me what a great opportunity this is. So, because of this naivety, I always wondered - why do spammers bother sending this stuff? I mean, no one falls for it, right?
Hmm, wrong! Here are a few chilling statistics:
• According to the 2006 Internet Crime Report of the FBI, the reported amount of money lost by people falling for the Nigerian letter scam was approximately 3.4 million dollars! Yes, I find this hard to believe too - the average amount lost was $5,100. A quick calculation tells you that about 660 people reported falling for the scam. This doesn't sound like so much, but it's probably fair to assume that many more people fell for it and didn't report anything. However, even if not, an income of 3.4 million dollars is definitely worth the effort and makes it well worth sending the spam. (For those of you not familiar with the details of this scam, see the FBI's common fraud website. It's worth taking the time to read it.)
• Two 2006 studies by Böhme and Holz, and by Frieder and Zitrain show that stock spams actually have an influence on the price of stock and are therefore very profitable. Basically, the perpetrators buy the stock when it's low, send the stock spams that push the price up for a short while, and then sell. Amazing!
• The success of phishing attacks is very well known, so I won't repeat it again here.
What can I say? Well, first, in both the virtual and real worlds, there is no easy way to get healthy or rich - so just ignore all such offers. Furthermore, the integrity of the written word was lost a long long time ago. So, don't believe what you read, and don't give away any private information (even if your account is going to be closed and your money locked for a period of three months). Use email to communicate with friends and for work - ignore everything else!
IBM set a new record with a supercomputer than can carry out one thousand trillion calculation per second (otherwise known as a petaflop); go here for more details. Does this have any influence on the security of cryptosystems? The answer is an unequivocal NO, as long as you are using keys that are long enough. For example, if you are encrypting with plain DES (something that you shouldn't have been doing already 15 years ago), then your secret key could be found by such a machine in just a few minutes. This is because there are about 72,000 trillion possible DES keys. Assuming that 1,000 trillion keys can be tried per second (this probably isn't true, it would take a bit longer than this), this means that 70 seconds or so is enough to try all possible key. OK, but we already know that we shouldn't be using DES. What about 3DES or AES with 128 bit keys? Well, for AES-128, the number of keys is 2128, or about 278 thousand trillion keys. Assuming that you can check one thousand trillion keys per second, it would take about 9,583,696,565,945,500 years to find the secret key. Stated differently, 128 bit keys are way long enough to protect against such attacks, even using the best supercomputers today, and for many many years to come. (Of course, if a weakness is found in the encryption scheme, then it becomes a completely different ballgame.)
Meanwhile, don't worry about your encryption scheme. If you're using a standard algorithm with a long enough key, then you're safe there. Unfortunately, this doesn't mean that you're really safe, because there's much more to a secure solution than a secure cryptographic algorithm; crypto is where it starts (and this is far from where it ends).
For about thirty years now, security researchers have been talking about using digital signatures in court. Thousands of academic papers have had punchlines like “the judge then raises X to the power Y, finds it’s equal to Z, and sends Bob to jail”. So far, this has been pleasant speculation.
Now the rubber starts to hit the road. Since 2006 trucks in Europe have been using digital tachographs. Tachographs record a vehicle’s speed history and help enforce restrictions on drivers’ working hours. For many years they have used circular waxed paper charts, which have been accepted in court as evidence just like any other paper record. However, paper charts are now being replaced with smartcards. Each driver has a card that records 28 days of infringement history, protected by digital signatures. So we’ve now got the first widely-deployed system in which digital sigantures are routinely adduced in evidence. The signed records are being produced to support prosecutions for working too long hours, for speeding, for tachograph tampering, and sundry other villainy.
So do magistrates really raise X to the power Y, find it’s equal to Z, and send Eddie off to jail? Not according to enforcement folks I’ve spoken to. Apparently judges find digital signatures too “difficult” as they’re all in hex. The police, always eager to please, have resolved the problem by applying standard procedures for “securing” digital evidence. When they raid a dodgy trucking company, they image the PC’s disk drive and take copies on DVDs that are sealed in evidence bags. One gets given to the defence and one kept for appeal. The paper logs documenting the procedure are available for Their Worships to inspect. Everyone’s happy, and truckers duly get fined.
In fact the trucking companies are very happy. I understand that 20% of British trucks now use digital tachographs, well ahead of expectations. Perhaps this is not uncorrelated with the fact that digital tachographs keep much less detailed data than could be coaxed out of the old paper charts.
One of the RSA challenge numbers, RSA-640, has been factored:
RSA-640 = 3107418240490043721350750035888567930037346022842727545720161948823
2064405180815045563468296717232867824379162728380334154710731085019
19548529007337724822783525742386454014691736602477652346609
Factor 1: 1634733645809253848443133883865090859841783670033092312181110852389
333100104508151212118167511579
Factor 2: 1900871281664822113126851573935413975471896789968515493666638539088
027103802104498957191261465571
The number, which carries a US$ 20,000 prize for its solution, was factored by F. Bahr, M. Boehm, J. Franke and T. Kleinjung using GFNS. The computation took 5 months on eighty 2.2 GHz Opteron CPUs.
RSA-640 is not the largest challenge number to be factored so far -- RSA-200 is larger (despite the confusing name, RSA-200 is 663 bits long, compared to RSA-640, which is 640 bits). RSA-200 was factored in May 2005 by the same team.
Why is the RSA Factoring Challenge no longer active?
Various cryptographic challenges — including the RSA Factoring Challenge — served in the early days of commercial cryptography to measure the state of progress in practical cryptanalysis and reward researchers for the new knowledge they have brought to the community. Now that the industry has a considerably more advanced understanding of the cryptanalytic strength of common symmetric-key and public-key algorithms, these challenges are no longer active. The records, however, are presented here for reference by interested cryptographers.
What was the RSA Factoring Challenge?
The RSA Factoring challenge was an effort, sponsored by RSA Laboratories, to learn about the actual difficulty of factoring large numbers of the type used in RSA keys. Posted here for historical interest is the set of eight challenge numbers, ranging in size from 576 bits (174 decimal digits) to 2048 bits (617 decimal digits) that made up the challenge. Each number is the product of two large primes, similar to the modulus of an RSA key pair.
Factoring a number means representing it as the product of prime numbers. Prime numbers, such as 2, 3, 5, 7, 11, and 13, are those numbers that are not evenly divisible by any smaller number, except 1. A non-prime, or composite number, can be written as the product of smaller primes, known as its prime factors. 665, for example is the product of the primes 5, 7, and 19. A number is said to be factored when all of its prime factors are identified. As the size of the number increases, the difficulty of factoring increases rapidly.
Factoring 100-digit numbers is easy with today's hardware and algorithms. No public effort has yet resulted in successful factoring of numbers of more than 200 digits. Advances in both computer hardware and number theory, though, are expected to advance the state of the art. One purpose of this contest was to "track" the state of the art in factoring.
The first person to submit a correct factorization for any of the challenge numbers was eligible for a cash prize. Given the amount of computation required for such a factorization, the prizes were mainly symbolic. They served as a small incentive for public demonstrations of factoring on a large scale.
To date, the largest number of this type to be factored, in 2005, was 640 bits. The 704-bit or 768-bit value is likely to be factored soon. On the other hand, barring fundamental algorithmic or computing advances, RSA-2048 should stand for decades.
How do I get the RSA Challenge numbers?
There are eight RSA challenge numbers, ranging in size from 576 bits to 2048 bits. They are available here. To obtain a single challenge number, select its entry and a page will display containing the decimal value of the challenge number, its current status (whether or not it has yet been factored), and the prize awarded for the first factorization. The value may be copied directly from this page, or downloaded as ASCII text.
If you prefer to obtain all the challenge numbers at once, the URL listed above allows you to download a single file, in text format, that contains all eight challenge numbers.
What does it mean when a Challenge Number is factored?
Users of the RSA public-key cryptosystem may wonder what the factoring of a challenge number implies about the security of their keys. Should they immediately replace their keys with larger ones? Should they stop using RSA altogether?
Clearly, the factoring of a challenge-number of specific length does not mean that the RSA cryptosystem is "broken." It does not even mean, necessarily, that keys of the same length as the factored challenge number must be discarded. It simply gives us an idea of the amount of work required to factor a modulus of a given size. This can be translated into an estimate of the cost of breaking a particular RSA key pair.
Suppose, for example, that in the year 2010 a factorization of RSA-768 is announced that requires 6 months of effort on 100,000 workstations. In this hypothetical situation, would all 768-bit RSA keys need to be replaced? The answer is no. If the data being protected needs security for significantly less than six months, and its value is considerably less than the cost of running 100,000 workstations for that period, then 768-bit keys may continue to be used.
Applications that require longer-term security or have data with a high financial value should migrate to longer keys before the factoring of the corresponding challenge number is announced. In either case, the results of the Factoring Challenge provide real data to help the cryptosystem user choose the appropriate key size.
RSA Laboratories' Frequently Asked Questions About Today's Cryptography provides more information on choosing RSA key lengths for various applications. RSA Laboratories Bulletin #13 discusses key length requirements for various cryptosystems.
How were the challenge numbers generated?
The RSA challenge numbers were generated using a secure process that guarantees that the factors of each number cannot be obtained by any method other than factoring the published value. No one, not even RSA Laboratories, knows the factors of any of the challenge numbers.
The generation took place on a Compaq laptop PC with no network connection of any kind. The process proceeded as follows:
1. First, 30,000 random bytes were generated using a ComScire QNG hardware random number generator, attached to the laptop's parallel port.
2. The random bytes were used as the seed values for the B_GenerateKeyPair function, in version 4.0 of the RSA BSAFE library. The private portion of the generated keypair was discarded. The public portion was exported, in DER format to a disk file.
3. The moduli were extracted from the DER files and converted to decimal for posting on the Web page.
4. The laptop's hard drive was destroyed.
How do I know which challenge numbers have been factored?
The status of each of the challenge numbers is available here. The status will be shown as "Not Factored" for values for which no correct factorization has been submitted. If the number has been factored, the status will identify the submitter and the date of submission.
For challenge numbers that have been factored, the individual page will provide a brief description of the factoring effort. A pointer to a web site, if available, that has the details of the effort will also be provided.
What are the best factoring methods?
The best known algorithm for factoring large numbers is the General Number Field Sieve (GNFS).
GNFS consists of a sieving phase that searches a fixed set of prime numbers for candidates that have a particular algebraic relationship, modulo the number to be factored. This is followed by a matrix solving phase that creates a large matrix from the candidate values, then solves it to determine the factors.
The sieving phase may be done in distributed fashion, on a large number of processors simultaneously. The matrix solving phase requires massive amounts of storage and is typically performed on a large supercomputer.
More information on factoring algorithms is available on the RSA Laboratories FAQ.
The TWIRL design by Adi Shamir and Eran Tromer represents the state of the art in hardware circuits for integer factoring, which is likely the most efficient approach for very large numbers. More information about TWIRL and its impact on RSA key size can be found in an RSA Laboratories technical note.
1. Cryptography with C# .NET Framework. The required main namespace for this lab exercise is System.Security.Cryptography, which provides modern cryptographic services such as symmetric and asymmetric encryption, hashing algorithms, and digital signatures. To see all the classes provided by this namespace, see the System.Security.Cryptography topic in the MSDN documentation at http://msdn.microsoft.com/library/.
2. Symmetric Encryption. In this section, we will learn how to encrypt data using symmetric algorithms. With classes defined under the System.Security.Cryptography Namespace, you can implement DES, RC2, Triple-DES, and Rinndael/AES cryptosystems with the key size and block size attributes described in the table below.
Name Block Size Key Length (bits)
DES 64 56
RC2 64 40, 48, 56, 64, 72, 80, 88, 96,
104, 112, 120, 128 (56-bit keys, expressed as 64-bit )
Triple-DES 64 Numbers
Rijndael (AES) 128, 192, 256 128, 192, 256
3. Basic Encryption Example with C#.
using System;
using System.Security.Cryptography;
using System.IO;
using System.Text;
class CryptoClass {
public byte[] Key;
public byte[] IV;
public int KeySize, BlockSize, FeedbackSize;
public CipherMode Mode;
public PaddingMode Padding;
public void Initialize() {
Key = new byte[] { 0xFC, 0x02, 0x03, 0x04,
0x05, 0x06, 0x07, 0x08,
0x09, 0x10, 0x11, 0x12,
0x13, 0x14, 0x15, 0xAA};
IV = new byte[] { 0x99, 0x02, 0x03, 0x04,
0x05, 0x06, 0x07, 0x08,
0x09, 0x10, 0x11, 0x12,
0x13, 0x14, 0x15, 0x16};
KeySize = 128;
BlockSize = 128;
FeedbackSize = 128; This is for feedback mode only
Mode = CipherMode.ECB;
Padding = PaddingMode.Zeros;
} // end of Initialize
public string Encrypt(string plaintext) {
// get a byte array from a string of plaintext
byte[] x_plaintext = Encoding.Default.GetBytes(plaintext);
// create the encryption algorithm
SymmetricAlgorithm x_alg = SymmetricAlgorithm.Create("Rijndael");
x_alg.KeySize = KeySize;
x_alg.BlockSize = BlockSize;
// This is for feedback mode only.
// The feedback size cannot be greater than the block size.
x_alg.FeedbackSize = FeedbackSize;
Console.WriteLine("KeySize = {0}",x_alg.KeySize);
Console.WriteLine("BlockSize = {0}",x_alg.BlockSize);
Console.WriteLine("FeedbackSize = {0}",x_alg.FeedbackSize);
// set Key
x_alg.Key = Key;
// set IV
x_alg.IV = IV;
// set padding and cipher modes
x_alg.Mode = Mode;
x_alg.Padding = Padding;
Console.WriteLine("\nMode: {0}",x_alg.Mode);
Console.WriteLine("Padding: {0}",x_alg.Padding);
// create an ICryptoTransform that can be used to encrypt data
ICryptoTransform x_encryptor = x_alg.CreateEncryptor();
// create the memory stream
MemoryStream x_memory_stream = new MemoryStream();
// create the CryptoStream that ties together the MemoryStream and the ICryptostream
CryptoStream x_cryptostream = new CryptoStream(x_memory_stream,
x_encryptor, CryptoStreamMode.Write);
// write the plaintext out to the cryptostream
x_cryptostream.Write(x_plaintext, 0, x_plaintext.Length);
// close the CryptoStream
x_cryptostream.Close();
// get the ciphertext from the MemoryStream
byte[] x_ciphertext = x_memory_stream.ToArray();
// close memory stream
x_memory_stream.Close();
// convert from array to string
string cipher_Tx =Encoding.Default.GetString(x_ciphertext);
Console.WriteLine("\n{0}\n",plaintext);
// print out the plaintext
Console.WriteLine("\n\t\tPlaintext bytes in Hex:\n");
foreach (byte b in x_plaintext) {
Console.Write("{0:X2} ", b);
} // end of foreach
Console.WriteLine("Ciphertext:\n");
Console.WriteLine("{0}\n", cipher_Tx);
x_encryptor.Dispose();
x_alg.Clear();
return cipher_Tx;
} // end of Encrypt
} // end of CryptoClass
class CryptoApp {
public static void Main() {
string ciphertext;
CryptoClass c1 = new CryptoClass();
c1.Initialize();
// string of plaintext
string ptext = "We Love Cryptography Class!";
ciphertext = c1.Encrypt(ptext);
// print out the ciphertext
// ...
} // end of Main
} // end of CryptoApp
4. Program Explanation. The class CryptoClass contains two methods, which are Initialize and Encrypt. The Initialize method is used to generate the values of the key and initial vector (IV). The Encrypt method receives a string of plaintext as an argument, and then converts the string into an array of bytes.
In this simple example you will set the values of the key and IV manually. Alternatively, the key and IV can be generated randomly using x_alg.GenerateKey() and x_alg.GenerateIV(), respectively. Since AES is a block cipher, you need to specify the mode of operation and block padding on the Mode and Padding members. The following CipherMode options are available: ECB, CBC, CFB, CTS, OFB PaddingMode: Zeros, PKCS7.
To create or instantiate an encryption algorithm object (i.e., x_alg), use the Create method of the SymmetricAlgorithm class with the argument Rijndael as SymmetricAlgorithm x_alg = SymmetricAlgorithm.Create("Rijndael"); You can use this object to set the key, IV, and all other cipher attributes.
In the first stage of encryption, the class SymmetricAlgorithm uses the ICryptoTransform interface for the cryptographic transformation from plaintext to ciphertext or the reverse for decryption. This interface has to be used with the CryptoStream class, which defines a stream that links data streams to cryptographic transformations. The CryptoStream class requires a target data stream, the transformation to use, and the mode of the stream as the arguments. The target data stream is an instance of the MemoryStream class, which is defined under the System.IO namespace. This class defines a stream that uses memory for backing. In the final stage, the ciphertext is obtained from the memory stream.
Before terminating the program, all sensitive information such as the key, IV, or other random seed values left in the memory should be destroyed. This can be achieved by using the Clear method for the instances of the algorithm implementation class, and the Close method for the Memory Stream or CryptoStream objects. The resources used by ICryptoTransform objects can be released by the Dispose method
AIM
Take a 64 bit playing text and encrypt the same using DES algorithm
PROGRAM
#include
#include
void keygen();
int len,x,y = 0,l[40],r[40],r1[48],str1[20], r2[48],i3, tmp3 [64],tmp4[64];
int ip [] = {58,50,42,34,26,18,10,2,60,52,44,36,
28,20,12,4,62,54,46,38,30,22,14,6,64,56,48,40,32,24,16,8,57,49,41,33,25,17,9,1,59,51,43,35,27,19,11,3,61,53,45,37,29,21,13,5,63,55,47,39,31,23,15,7};
int e [] = {32,1,2,3,4,5,4,5,6,7,8,9,8,9,10,11,12,13,12,
13,14,15,16,17,16,17,18,19,20,21,20,21,22,23,24,25,24,25,26,27,28,29,28,29,30,31,32,1};
int c1[100];
int s[64];
int round=1;
int k [] = {0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,0,0,0,0,1,
1,1,1,1,1,0,0,0,0,0,0, 0,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,
1,1,1,1,1,1,1,1,0,0,0,0,0,1,1};
int pc1 [] = {57,49,41,33,25,17,9,1,58,50,42,34,26,18,10,2,
59,51,43,35,27,19,11,3,60,52,44,36,63,55,47,39,31,23,15,7,62,54,46,38,30,22,14,6,61,53,45,37,29,21,13,5,28,20,12,4};
int pc2[]={14,17,11,24,1,5,3,28,15,6,21,10,23,19,12,
4,26,8,16,7,27,20,13,2,41,52,31,37,47,55,30,40,51,45,33,48,44,49,39,56,34,53,46,42,50,36,29,32};
int tmp5[8],flag=0,t,t1,i,j=0,c2[100],c[100],d[100],
key[100],k2[20][100],count=1;
int s1[4][16]={{14,4,13,1,2,15,11,8,3,10,6,12,5,9,0,7},
{0,15,7,4,14,2,13,1,10,6,12,11,9,5,3,8},
{4,1,14,8,13,6,2,11,15,12,9,7,3,10,5,0},
{15,12,8,2,4,9,1,7,5,11,3,14,10,0,6,13}};
int s2[4][16]={{15,1,8,14,6,11,3,4,9,7,2,13,12,0,5,10},
{3,13,4,7,15,2,8,14,12,0,1,10,6,9,11,5},
{0,14,7,11,10,4,13,1,5,8,12,6,9,3,2,15},
{13,8,10,1,3,15,4,2,11,6,7,12,0,5,14,9}};
int s3[4][16]={{10,0,9,14,6,3,15,5,1,13,12,7,11,4,2,8},
{13,7,0,9,3,4,6,10,2,8,5,14,12,11,15,1},
{13,6,4,9,8,15,3,0,11,1,2,12,5,10,14,7},
{1,10,13,0,6,9,8,7,4,15,14,3,11,5,2,12}};
int s4[4][16]={{7,13,14,3,0,6,9,10,1,2,8,5,11,12,4,15},
{13,8,11,5,6,15,0,3,4,7,2,12,1,10,14,9},
{10,6,9,0,12,11,7,13,15,1,3,14,5,2,8,4},
{3,15,0,6,10,1,13,8,9,4,5,11,12,7,2,14}};
int s5[4][16]={{2,12,4,1,7,10,11,6,8,5,3,15,13,0,14,9},
{14,11,2,12,4,7,13,1,5,0,15,10,3,9,8,6},
{4,2,1,11,10,13,7,8,15,9,12,5,6,3,0,14},
{11,8,12,7,1,14,2,13,6,15,0,9,10,4,5,3}};
int s6[4][16]={{12,1,10,15,9,2,6,8,0,13,3,4,14,7,5,11},
{10,15,4,2,7,12,9,5,6,1,13,14,0,11,3,8},
{9,14,15,5,2,8,12,3,7,0,4,10,1,13,11,6},
{4,3,2,12,9,5,15,10,11,14,1,7,6,0,8,13}};
int s7[4][16]={{4,11,2,14,15,0,8,13,3,12,9,7,5,10,6,1},
{13,0,11,7,4,9,1,10,14,3,5,12,2,15,8,6},
{1,4,11,13,12,3,7,14,10,15,6,8,0,5,9,2},
{6,11,13,8,1,4,10,7,9,5,0,15,14,2,3,12}};
int s8[4][16]={{13,2,8,4,6,15,11,1,10,9,3,14,5,0,12,7},
{1,15,13,8,10,3,7,4,12,5,6,11,0,14,9,2},
{7,11,4,1,9,12,14,2,0,6,10,13,15,3,5,8},
{2,1,14,7,4,10,8,13,15,12,9,0,3,5,6,11}};
int p[32]={16,7,20,21,29,12,28,17,1,15,23,26,5,18,
31,10,2,8,24,14,32,27,3,9,19,13,30,6,22,11,4,25};
int g3,w[8],i4,d1=0,g,g1=0,g2,size,ch1[8],a1[4],b1[8][4],
b[8][6],i1,j1,k1=0,tz[4],tmp,tmp1,t11,temp,z=0,m,count1=0,c11[32],res[32];
int iip[]={40,8,48,16,56,24,64,32,39,7,47,15,55,23,
63,31,38,6,46,14,54,22,62,30,37,5,45,13,53,21,61,29,36,4,44,12,52,20,60,28,35,3,43,11,51,19,59,27,34,2,42,10,50,18,58,26,33,1,41,9,49,17,57,25};
char ch[20];
int str[64];
void main()
{
clrscr();
printf("enter the string\n");
gets(ch);
size=strlen(ch);
for(g=0;g
ch1[g]=ch[g];
}
for(g=0;g
g1=0;
while(ch1[g]>0)
{
w[g1++]=ch1[g]%2;
ch1[g]=ch1[g]/2;
}
for(g3=g1;g3<8;g3++)
w[g3]=0;
for(g2=7;g2>=0;g2--)
{
str[d1++]=w[g2];
}
}
for(g3=0;g3<64;g3++)
s[g3]=str[g3];
for(g2=0;g2<64;g2++)
printf("%d",str[g2]);
keygen(); /*16 key generation*/
/*initial permutation*/
for(x=0;x<64;x++)
{
c1[x]=str[ip[x]-1];
}
for(x=0;x<64;x++)
{
printf("%d",c1[x]);
if(((x%7)==0)&&(x!=0))
printf("\n");
}
/*dividing the whole string into l & r*/
for(x=0;x<32;x++)
l[x]=c1[x];
y=0;
for(x=32;x<64;x++)
r[y++]=c1[x];
/*round starts here*/
while(round<=16)
{
/*expansion permutation e table*/
for(x=0;x<48;x++)
{
r1[x]=r[e[x]-1];
}
printf("r1: ");
for(x=0;x<48;x++)
printf("%d",r1[x]);
printf("\n");
/*xor r1 with key*/
for(x=0;x<48;x++)
{
if(r1[x]==k2[round][x])
r2[x]=0;
else
r2[x]=1;
}
printf("\nkey");
for(x=0;x<48;x++)
printf("%d",k2[round][x]);
printf("\n");
for(x=0;x<48;x++)
printf("%d",r2[x]);
/*substitution s-box*/
k1=0;
for(i1=0;i1<8;i1++)
{
for(j1=0;j1<6;j1++)
{
b[i1][j1]=r2[k1++];
}
}
count1=0;
for(i1=0;i1<8;i1++)
{
count1++;
tz[0]=b[i1][0];
tz[1]=b[i1][5];
tmp=(tz[0]*2)+tz[1];
k1=0;
printf("\n");
for(j1=1;j1<5;j1++)
{
tz[k1]=b[i1][j1];
printf("%d",tz[k1]);
k1++;
}
tmp1=(tz[0]*8)+(tz[1]*4)+(tz[2]*2)+tz[3];
switch(count1)
{
case 1 : temp=s1[tmp][tmp1];
break;
case 2 : temp=s2[tmp][tmp1];
break;
case 3 : temp=s3[tmp][tmp1];
break;
case 4 : temp=s4[tmp][tmp1];
break;
case 5 : temp=s5[tmp][tmp1];
break;
case 6 : temp=s6[tmp][tmp1];
break;
case 7 : temp=s7[tmp][tmp1];
break;
case 8 : temp=s8[tmp][tmp1];
break;
}
printf("temp is %d",temp);
t11=0;
if(temp==0)
{
for(m=0;m<4;m++)
b1[i1][m]=0;
}
else
{
while(temp>0)
{
a1[t11]=temp%2;
temp=temp/2;
t11++;
}
for(m=t11;m<4;m++)
a1[m]=0;
z=0;
for(m=3;m>=0;m--)
{
b1[i1][z++]=a1[m];
}
}
}
k1=0;
printf("b1 is\n");
for(i1=0;i1<8;i1++)
{
for(j1=0;j1<4;j1++)
printf("%d",b1[i1][j1]);
printf("\n");
}
for(i1=0;i1<8;i1++)
{
for(j1=0;j1<4;j1++)
c11[k1++]=b1[i1][j1];
}
/*permutation after substitution*/
for(i1=0;i1<32;i1++)
res[i1]=c11[p[i1]-1];
for(i1=0;i1<32;i1++)
printf("%d",c11[i1]);
printf("after substn\n");
for(i1=0;i1<32;i1++)
printf("%d",res[i1]);
printf("xor l[i] with res[i]\n");
for(i1=0;i1<32;i1++)
{
if(l[i1]==res[i1])
res[i1]=0;
else
res[i1]=1;
}
for(i1=0;i1<32;i1++)
l[i1]=r[i1];
for(i1=0;i1<32;i1++)
r[i1]=res[i1];
printf("left and right for next round\n");
for(i1=0;i1<32;i1++)
printf("%d",l[i1]);
printf("\n");
for(i1=0;i1<32;i1++)
printf("%d",r[i1]);
round++;
}
for(i3=0;i3<32;i3++)
{
tmp3[i3]=r[i3];
}
i4=0;
for(i3=32;i3<64;i3++)
{
tmp3[i3]=l[i4++];
}
printf("\nafter swapping\n");
for(i3=0;i3<64;i3++)
printf("%d",tmp3[i3]);
for(i3=0;i3<64;i3++)
{
tmp4[i3]=tmp3[iip[i3]-1];
}
printf("output is\n");
for(i3=0;i3<64;i3++)
printf("%d",tmp4[i3]);
j=0;
for(i=0;i<64;i++)
{
tmp5[j]=(tmp4[i]*128)+(tmp4[i+1]*64)+(tmp4[i+2]*32)+(tmp4[i+3]*16)+(tmp4[i+4]*8)+(tmp4[i+5]*4)+(tmp4[i+6]*2)+tmp4[i+7];
i=i+7;
j++;
}
printf("\n");
for(i=0;i<8;i++)
printf("%c",tmp5[i]);
getch();
}
void keygen()
{
for(i=0;i<56;i++)
{
key[i]=k[pc1[i]-1];
}
for(i=0;i<28;i++)
{
c[i]=key[i];
}
for(i=28;i<56;i++)
{
d[j++]=key[i];
}
while(count<17)
{
t=c[0];
t1=d[0];
for(i=0;i<27;i++)
{
c[i]=c[i+1];
d[i]=d[i+1];
}
if(i==27)
{
c[i]=t;
d[i]=t1;
}
if((count==1)||(count==2)||(count==9)||(count==16))
count++;
else if(flag==1)
{
count++;
flag=0;
}
else
flag=1;
if(flag==0)
{
for(i=0;i<28;i++)
c2[i]=c[i];
j=0;
for(i=28;i<56;i++)
c2[i]=d[j++];
for(i=0;i<48;i++)
k2[count-1][i]=c2[pc2[i]-1];
}
}
}
OUTPUT
Enter the string of 8 chars
SREERAMA
010100110101001001000101010001010101001001000001010011010100000111111111
0001001
1010011
0011101
1010000
0000000
0000001
0000000
0010011
r1: 100000000000000000000000001000000000000010100110
key 010000011101011110001101101111100110001110101010
110000011101011110001101100111100110001100001100
1000temp is 15
1110temp is 11
1111temp is 8
0110temp is 0
0011temp is 7
0011temp is 5
0110temp is 8
0110temp is 11
b1 is
1111
1011
1000
0000
0111
0101
1000
1011
11111011100000000111010110001011after substn
01101000100011101110101110001011xor l[i] with res[i]
left and right for next round
00000000000000000100000000010011
10010111100111011010011101100110r1: 010010101111110011111011110100001110101100001101
key111111100010010011101000000101110110110100110111
101101001101100000010011110001111000011000111010
0110temp is 1
0110temp is 8
0000temp is 13
1001temp is 7
1000temp is 6
1100temp is 1
1100temp is 5
1101temp is 3
b1 is
0001
1000
1101
0111
0110
0001
0101
0011
00011000110101110110000101010011after substn
10000110010111110011100110000010xor l[i] with res[i]
left and right for next round
10010111100111011010011101100110
10000110010111110111100110010001r1: 110000001100001011111110101111110011110010100011
key110110101100111000111000011011110000100111010100
000110100000110011000110110100000011010101110111
0011temp is 1
0000temp is 0
1001temp is 15
0011temp is 3
1010temp is 12
0001temp is 15
1010temp is 5
1011temp is 0
b1 is
0001
0000
1111
0011
1100
1111
0101
0000
00010000111100111100111101010000after substn
10010111011101010010000100001110xor l[i] with res[i]
left and right for next round
10000110010111110111100110010001
00000000111010001000011001101000r1: 000000000001011101010001010000001100001101010000
key110011001011101100011110110000011110000111011111
110011001010110001001111100000010010001010001111
1001temp is 11
0101temp is 11
1000temp is 4
0111temp is 3
0000temp is 4
1001temp is 13
0101temp is 0
0111temp is 4
b1 is
1011
1011
0100
0011
0100
1101
0000
0100
10111011010000110100110100000100after substn
11010000110011010110001000101010xor l[i] with res[i]
left and right for next round
00000000111010001000011001101000
01010110100100100001101110111011r1: 101010101101010010100100000011110111110111110110
key001001101011111001001111011001111001011010001101
100011000110101011101011011010001110101101111011
0001temp is 12
0011temp is 14
0101temp is 9
0101temp is 1
1101temp is 0
0111temp is 8
0110temp is 10
1101temp is 5
b1 is
1100
1110
1001
0001
0000
1000
1010
0101
11001110100100010000100010100101after substn
11010100100010001000110100110001xor l[i] with res[i]
left and right for next round
01010110100100100001101110111011
11010100011000000000101101011001r1: 111010101000001100000000000001010110101011110011
key011010110111110001100010110110100001010111101111
100000011111111101100010110111110111111100011100
0000temp is 4
1111temp is 5
1110temp is 2
0001temp is 6
1011temp is 9
1011temp is 7
1110temp is 9
1110temp is 12
b1 is
0100
0101
0010
0110
1001
0111
1001
1100
01000101001001101001011110011100after substn
00101011011000001111000000111101xor l[i] with res[i]
left and right for next round
11010100011000000000101101011001
01111101111100101110101110000110r1: 001111111011111110100101011101010111110000001100
key111010001110110111111000000011101101101110101101
110101110101001001011101011110111010011110100001
1010temp is 3
1010temp is 7
0100temp is 3
1110temp is 14
1111temp is 9
1101temp is 13
1111temp is 1
0000temp is 2
b1 is
0011
0111
0011
1110
1001
1101
0001
0010
00110111001111101001110100010010after substn
01110111010000100111001001011110xor l[i] with res[i]
left and right for next round
01111101111100101110101110000110
10100011001000100111100100000111r1: 110100000110100100000100001111110010100000001111
key110101001110011100011011010100100111110111110001
000001001000111000011111011011010101010111111110
0000temp is 0
0100temp is 6
1100temp is 5
1111temp is 9
1101temp is 9
1010temp is 13
1011temp is 12
1111temp is 8
b1 is
0000
0110
0101
1001
1001
1101
1100
1000
00000110010110011001110111001000after substn
11111101000100010010000001011001xor l[i] with res[i]
left and right for next round
10100011001000100111100100000111
10000000111000111100101111011111r1: 110000000001011100000111111001010111111011111111
key101111100100101111100110111011001111100001010111
011111100101110011100001000010011000011010101000
1111temp is 8
0010temp is 10
1001temp is 15
0000temp is 3
0001temp is 12
1100temp is 14
1101temp is 10
0100temp is 9
b1 is
1000
1010
1111
0011
1100
1110
1010
1001
10001010111100111100111010101001after substn
11011101111011010000110100001101xor l[i] with res[i]
left and right for next round
10000000111000111100101111011111
01111110110011110111010000001010r1: 001111111101011001011110101110101000000001010100
key101110100111001100101001101001111100011011111010
100001011010010101110111000111010100011010101110
0000temp is 15
1101temp is 0
1010temp is 5
1011temp is 11
0011temp is 12
1010temp is 3
1101temp is 10
0111temp is 2
b1 is
1111
0000
0101
1011
1100
0011
1010
0010
11110000010110111100001110100010after substn
10000101111001111010011001000011xor l[i] with res[i]
left and right for next round
01111110110011110111010000001010
00000101000001000110110110011100r1: 000000001010100000001000001101011011110011111000
key100010010001011101111101100111011001111101000011
100010011011111101110101101010000010001110111011
0001temp is 1
1101temp is 9
1110temp is 2
1010temp is 5
0101temp is 13
0001temp is 1
0111temp is 13
1101temp is 5
b1 is
0001
1001
0010
0101
1101
0001
1101
0101
00011001001001011101000111010101after substn
10100011000111000111100000100111xor l[i] with res[i]
left and right for next round
00000101000001000110110110011100
11011101110100110000110000101101r1: 111011111011111010100110100001011000000101011011
key110001010101101011011101100111101100011001110100
001010101110010001111011000110110100011100101111
0101temp is 15
0111temp is 1
1000temp is 2
1101temp is 7
0011temp is 1
1010temp is 4
1110temp is 6
0111temp is 13
b1 is
1111
0001
0010
0111
0001
0100
0110
1101
11110001001001110001010001101101after substn
10101000110100001101111000101110xor l[i] with res[i]
left and right for next round
11011101110100110000110000101101
10101101110101001011001110110010r1: 010101011011111010101001010110100111110110100101
key000101111111101111100000010110011110111111000100
010000100100010101001001000000111001001001100001
1000temp is 3
0010temp is 7
1010temp is 5
0100temp is 6
0000temp is 2
1100temp is 6
0100temp is 4
0000temp is 2
b1 is
0011
0111
0101
0110
0010
0110
0100
0010
00110111010101100010011001000010after substn
01000100011100110101001010011010xor l[i] with res[i]
left and right for next round
10101101110101001011001110110010
10011001101000000101111010110111r1: 110011110011110100000000001011111101010110101111
key100110100111110111100011101110001110010010011001
010101010100000011100011100101110011000100110110
1010temp is 12
1010temp is 2
0001temp is 7
0001temp is 15
0010temp is 12
1001temp is 14
0010temp is 2
1011temp is 13
b1 is
1100
0010
0111
1111
1100
1110
0010
1101
11000010011111111100111000101101after substn
11011101111001011001110001101100xor l[i] with res[i]
left and right for next round
10011001101000000101111010110111
01110000001100010010111111011110r1: 001110100000000110100010100101011111111011111100
key111110010110011101001101111010110111011000000111
110000110110011011101111011111101000100011111011
1000temp is 15
1011temp is 6
1101temp is 11
0111temp is 8
1111temp is 6
0100temp is 2
0001temp is 11
1101temp is 5
b1 is
1111
0110
1011
1000
0110
0010
1011
0101
11110110101110000110001010110101after substn
01000110101001001000111111110111xor l[i] with res[i]
left and right for next round
01110000001100010010111111011110
11011111000001001101000101000000r1: 011011111110100000001001011010100010101000000001
key001011110011110010111110001010111001101110110011
010000001101010010110111010000011011000110110010
1000temp is 3
0110temp is 8
1001temp is 13
1011temp is 11
1000temp is 8
1101temp is 11
0011temp is 14
1001temp is 6
b1 is
0011
1000
1101
1011
1000
1011
1110
0110
00111000110110111000101111100110after substn
10010101011110110010011101100011xor l[i] with res[i]
left and right for next round
11011111000001001101000101000000
11100101010010100000100010111101
after swapping
1110010101001010000010001011110111011111000001001101000101000000output is
1100100110010000111000011001010110001001010000011101101011001001
AIM
Using RSA algorithm Encrypt a text data and Decrypt the same.
Algorithm:
1. Start
2. Read p.q,d
3. If p,q,d are prime
4. Perform n=p*q, z=(p-1)*(q-1), e=1 mod z
5. Print n,z,e
6. Read Plain Text(p1)
7. Perform Cipher Text C=p^e(mod n)
8. Print Cipher Values(C)
9. Perform Decrypted Text P2=c^d(mod n)
10. Print Decrypted Values(P2)
11. Stop
PROGRAM
/********** RSA PROGRAM ***********/
/*d value should be less than 11 bcoz (c^d)modn can't be computed using available datatypes*/
#include
#include
#include
void main()
{
char a[]={"0ABCDEFGHIJKLMNOPQRSTUVWXYZ"};
int n,i,j,s,n2,k1,p,q,d,m1,e1,l5,z,p2[30],s1,c[30];
unsigned long int l3,m,l4,k2;
double l2,l1,l6;
float e,l;
char p1[30];
clrscr();
printf("enter two prime numbers p and q\n");
scanf("%d %d",&p,&q);
do{
n=p*q;
if(n<26)
{ printf("\n n value is not large enough.\nplease select p, q value such that p*q is greater than 26");
scanf("%d %d",&p,&q);}
}while(n<26);
z=((p-1)*(q-1));
printf("enter the value of d:\n");
scanf("%d",&d);
for(j=1;j
if((j*d)%z==1)
break;
}
e=j;
printf("%d %d %f\n",n,z,e);
printf("ENCRYPTION-CIPHERTEXT");
printf("enter the plain text\n");
scanf("%s",p1);
for(i=0;i
for(j=1;j
if(a[j]==p1[i])
{
s=j;
break;
}
else
continue;
}
printf("%d",s);
e1=(int)e;
l1=pow(((double)s),((double)e1));
k2=fmod(l1,(double)n);
printf("\n%lu\n",k2);
c[i]=(int)k2;
printf("cipher:%d\n",c[i]);
}
printf("\n");
for(i=0;i
l2=(pow(((double)c[i]),((double)d)));
m=fmod(l2,(double)n);
m1=(int)m;
printf(" %c\n",a[m1]);}
getch();
}
OUTPUT enter two prime numbers p and q
3 11
enter the value of d:
7
33 20 3.000000
ENCRYPTION-CIPHERTEXTenter the plain text
SUZANNE
19
28
cipher:28
21
21
cipher:21
26
20
cipher:20
1
1
cipher:1
14
5
cipher:5
14
5
cipher:5
5
26
cipher:26
S
U
Z
A
N
N
E
RSA output:
enter two prime numbers p and q
5 13
enter the value of d:
7
65 48 7.000000
ENCRYPTION-CIPHERTEXTenter the plain text
NAINA
14
14
cipher:14
1
1
cipher:1
9
9
cipher:9
14
14
cipher:14
1
1
cipher:1
N
A
I
N
A
Crypto puzzles…
recreational
fradsrwo adn bcwrsdaka, to adn for, weerh i sopt nbdyoo koswn!
forwards and backwards, to and fro, where I stop nobody knows
Essentially the puzzle was an anagram. Each word can be found by taking the first, then last letter of each word in the puzzle.
cipher
HZ ZHZCECCZ LCXCZEF EUI, A WDAWR WITTAZMI GZHE UAL LCZE EI A THSHEADF JDHLIZ NID A WDHTC EPCF MHMZ’E WITTHE.
EPCLC TCZ JDITJESF CLWAJCM NDIT A TAVHTGT LCWGDHEF LEIWRAMC EI EPC SIL AZOCSCL GZMCDODIGZM.
EIMAF, LEHSS UAZECM YF EPC OIXCDZTCZE, EPCF LGDXHXC AL LISMHCDL IN NIDEGZC.
HN FIG PAXC A JDIYSCT. HN ZI-IZC CSLC WAZ PCSJ. AZM HN FIG WAZ NHZM EPCT.
TAFYC FIG WAZ PHDC: EPC A ECAT.
Break cipher
Frequency of letters : e most frequent then t more frequent, then o,a,n,i.
Digrams: th, in, er, re, an
Trigrams: the, ing, and, ion
C -38 times, e-26 times,
Trigram epc-7 times
Cipher solution
In nineteen seventy two, a crack commando unit was sent to a military prison for a crime they didn’t commit.
These men promptly escaped from a maximum security stockade to the Los Angeles Underground.
Today, still wanted by the government, they survive as soldiers of fortune.
If you have a problem. If no-one else can help. And if you can find them.
Maybe you can hire: The A Team.
ROT-13
ROT-13
Pbatenghyngvbaf lbh unir qvfpbirerq gung guvf zrffntr jnf rapelcgrq hfvat ebg guvegrra
This message has been encrypted using ROT-13. The result is:
Congratulations you have discovered that this message was encrypted using rot thirteen
PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD KBXBJYUXJ LBJOO
KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV OPVOV LBO
LXRO CI SX'XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS,
KXUYPD: “DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP
JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI
XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ
SXGOKLU?”
OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK
We identify the most common characters, digrams and trigrams
in the ciphertext
Example
PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD
KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL,
QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV
EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: “DJOXL EYPD, ICJ
X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC
UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL
EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ
SXGOKLU?”
OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK
First guess:
LBO is THE
Assuming LBO represents THE, we replace L with T, B with H,
and O with E and get
PCQ VMJYPD THYK TYSE KHXHJXWXV HXV ZCJPE EYPD
KHXHJYUXJ THJEE KCPK. CP THE THCMKXPV XPV IYJKT
PYDHT, QHEP KHO HXV EPVEV THE LXRE CI SX'XJMI, KHE JCKE
XPV EYKKEV THE DJCMPV ZEICJE HYS, KXUYPD: “DJEXT EYPD,
ICJ X THCMKXPV XPV CPE PYDHTK Y HXNE ZEEP JEACMPTYPD
TC UCM THE IXZREK CI FXKT XDEK XPV THE REDEPVK CI
XPAYEPT EYPDK. SXU Y SXEE KC ZCRV XK TC AJXNE X IXNCMJ
CI UCMJ SXGEKTU?”
EFYRCDME, TXREK IJCS THE THCMKXPV XPV CPE PYDBTK
Decryption
Code:
Z-A, Z-B, A-C
Ciphertext:
PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD KBXBJYUXJ
LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV
OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV
ZOICJO BYS, KXUYPD: “DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK
Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV
LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO
X IXNCMJ CI UCMJ SXGOKLU?”
OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK
Plaintext:
Now during this time Shahrazad had borne King Shahriyar three sons.
On the thousand and first night, when she had ended the tale of
Ma'aruf, she rose and kissed the ground before him, saying: “Great King,
for a thousand and one nights I have been recounting to you the fables
of past ages and the legends of ancient kings. May I make so bold as to
crave a favour of your majesty?”
Epilogue, Tales from the Thousand and One Nights
A Brief History of Cryptography
IN THE BEGINNING
It is believed that the oldest known text to contain one of the essential components of cryptography, a modification of the text, occurred some 4000 years ago in the Egyptian town of MENET KHUFU where the hieroglyphic inscriptions on the tomb of the nobleman KHNUMHOTEP II were written with a number of unusual symbols to confuse or obscure the meaning of the inscriptions.
In 5BC the SPARTANS, a warrior society famed for their austere lifestyle, bravery, and skill in battle, developed a cryptographic device to send and receive secret messages. This device, a cylinder called a SCYTALE, was in the possession of both the sender and the recipient of the message. To prepare the message, a narrow strip of parchment or leather, much like a modern-day paper streamer, was wound around the SCYTALE and the message was written across it. Once unwound, for transport to the receiver, the tape displayed only a sequence of meaningless letters until it was re-wound onto a SCYTALE of exactly the same diameter. The code, produced by unwinding the tape, was a TRANSPOSITION cypher, that is, one where the letters remain the same but the order is changed. This is still the basis for many popular modern-day techniques.
The other major ingredient of these modern techniques is the ADDITIVE/SUBSTITUTION cypher. Although the Greek writer POLYIBUS described a substitution technique, its first recorded use was by JULIUS CAESAR. Messages were encoded by substituting the letter in the text by one that is three positions to the right. A became D, V became Y etc. The reason why a substitution of three letters, and not four, two or six, was chosen has never been explained.
In an essay written in 1466, an Italian LEON BATTISTA ALBERTI who is often called the ‘father of western cryptography’, described the construction of a cypher disk, founding the concept of POLY ALPHABETIC cyphers. Although he had made the most important advance in cryptography in at least five hundred years, he did not develop his concept. It was left for others, the best known being the French cryptographer BLAISE DE VIGENERE to devise a practical poly alphabetic system which bears his name, the VIGENERE SQUARE. At the time, and for a considerable time afterwards this technique was believed to be unbreakable (Le Chiffre Indechiffrable). There was however a weakness in this cypher waiting to be exploited because the cyphertext produced by this method was vulnerable to the yet undiscovered statistical attack.
Probably in 1854, CHARLES BABBAGE, developed the method of statistical analysis by which he successfully decrypted messages encrypted by the Vigenere square. Unfortunately, due to his habit of not completing ‘the paperwork’, or possibly to protect the fact that because of his work Britain could decrypt Vigenere messages sent in the Crimea, this fact was not discovered until the twentieth century. The honour of developing the statistical attack technique and cracking Vigenere was to go to the Prussian KASISKI in 1863, this technique having since been termed the KASISKI TEST.
WWI, THE WAR TO END ALL WARS
THE ZIMMERMANN TELEGRAM
On the first day of hostilities, the British cable ship TELCONIA located and cut Germany’s transatlantic cables, forcing them to send all their international traffic via Sweden or American-owned cables. Both means ran through the UK and soon all German traffic was routinely routed to ROOM 40, the Royal Navy’s cypher organisation.
On or about January 16, 1917 two Room 40 cryptanalyst WILLIAM MONTGOMERY and NIGEL DE GRAY, were given a message encrypted in the German Foreign Office code, a BOOK CYPHER number 0075. By the next morning they had deduced enough of the message to be chilled by its content. Sent by the German Foreign Minister ZIMMERMANN to the Mexican President via the German Embassies in Washington and Mexico City, it advised the President of Mexico that Germany proposed to start unrestricted submarine warfare in February and that he should, with German help, attack the US and also convince the Japanese to do the same.
In short order the full text was recovered and presented to US President WILSON. On April 2, 1917 the then neutral US declared war on Germany and by 1918 Germany had been defeated.
To obscure the source of the original intercept, and to point to a security breach in Mexico, Room 40, using a British agent in Mexico, obtained a copy of the edited US/MEXICO version of the original Zimmermann cable. This of course differed from the original for procedural reasons associated with its re-transmission from Washington to Mexico City. The decrypt of this was the copy released to the US press its use obscuring the fact that the British had obtained their information not from espionage in Mexico but decryption of the original telegram in London. The Germans spotted the difference and took the bait. The deception was complete and the source was safe. The code breakers of room 40 were yet to benefit from the pen of Winston Churchill or their own historians!
Towards the end of WWI the head of cryptographic research for the US Army MAJOR JOSEPH MAUBORGNE introduced the concept of a code based on truly RANDOM keys. This would take the form of two identical pads printed with lines of randomly generated letters. Using the Vigenere technique, each page is to be used to encrypt and decrypt ONE message and then destroyed. The weakness of the Vigenere square was the repetition of the key. This new technique injected the same randomness into the cyphertext as was contained in the key and there was therefore no useable pattern or structure within the message. Attacks seeking to exploit these weaknesses such as the Babbage and Kasiski tests, would fail.
A key length of as little as 21 letters meant that a KEY EXHAUSTION attack, the cryptographic equivalent of Custer’s last stand, would require the testing of 500 x 1027 keys and even then multiple decrypts may all appear plausible.
This method is still in use today, called the ONE TIME LETTER PAD or OTLP, and is used for encrypting the most secret of communications. OTLP is still the only ‘admitted’ system to provide the ‘holy grail’ of cryptography – perfect secrecy.
THE NOT QUITE SO DISTANT PAST
There can be no doubt that times of conflict focus both national identity and national capability. This in turn leads to accelerated sociological and technological change. The first world war showed the importance of cryptography on the battlefield, and the danger of weak encryption, and spawned the development of the ‘unbreakable’ one time letter pad. The second world war became a defining moment in the history of cryptography and placed it squarely at the centre of military and political strategy from that time to the present day.
Struggling under the weight of axis forces in the west and Japan in the east, the use of encryption by the allied nations and the interception and decryption of enemy cyphers became a game of life and death.
In the evening of 13.04.1943 the headquarters of the Japanese 8th fleet sent messages concerning the itinerary for a visit by the commander in chief (CIC) of the Japanese Fleet. To protect this vital information, the message was encrypted using Japanese Naval code 25 or JN-25. This message, like many others, was intercepted by a US intercept station in Hawaii and the Royal Australian Airforce #1 Wireless Unit in Townsville, North Queensland. Unknown to the Japanese or, as some suggest, suspected but ignored, the Americans had broken this code in late 1940 it having been a subset of a US army and navy code used in the Spanish-American war of 1898,. The allies ability to intercept and decrypt this message led directly to the shooting down of aircraft carrying ADMIRAL YAMAMOTO, over Bougainville, on the morning of 18.04.1943, by a United States P-38 Lightning piloted by CAPT THOMAS G. LAMPHIER. This resulted in the death of the most popular and, many say, capable officer in the Japanese navy robbing them of a brilliant and charismatic leader.
As an adjunct to this, on the occasion of the 50th anniversary of the Australian Defence Signals Directorate (DSD) their wartime allies, the United States of America, the United Kingdom, New Zealand and Canada made presentations. Underscoring under the importance of this war time code breaking the US National Security Agency (NSA) presented DSD with a trophy containing one of the only 5 remaining rotors of a Japanese ‘PURPLE’ cypher machine.
For those with a penchant for conspiracy theories concerning other decryptions of JN-25 and associated radio traffic the book Betrayal at Pearl Harbor makes interesting reading. In this book the authors (one a respected WWII cryptographer - CAPT ERIC NAVE) argue that the British government intercepted all of the ‘winds’ messages, Japanese radio traffic which identified the time of the Pearl Harbour attack. They also suggest that the British failed to alert the Americans in the hope that this would drag them into the war, which of course it did. Michael Smith, author of Station X and The Emperor’s Codes suggests that based on Nave’s unpublished autobiography held at the Australian War Memorial that, despite the book, he did not subscribe to the conspiracy theory and his views were distorted by his co-author (The Emperor’s Codes 278).
More widely known and reported today is the importance to the war effort of ULTRA, the British codeword for SIGINT derived from the decryption of Axis radio messages and, in particular, from the efforts and results of many hundreds of people dedicated to the decryption of German ENIGMA traffic.
The ENIGMA machine was developed by a German ARTHUR SCHERBIUS and was patented in 1919. Despite a lack of commercial success and after several improvements, the machine was adopted by the German Navy in 1926, the Army in 1928 and the Air Force in 1935. It was also introduced into service with other sections of the German government. Such an extensive use of Enigma being due almost entirely to revelations regarding British decryption of German wartime messages made by Winston Churchill in his book World Crisis published in 1926. This cryptographic door opened by Churchill was taken of its hinges in the same year by the official war history of the British Royal Navy and the exploits of Room 40. Scherbius’s Enigma could not have received better publicity. The secrecy that surrounds western codes and code breaking today can be traced almost directly to the impact of these and several other publications. The watchword today is ‘never give a sucker an even chance’. The jibe often directed at the NSA suggesting that their initials stand for ‘never say anything’ is, for them, not very far from the truth.
Unfortunately for the WWI allies their decryption of almost all German cypher traffic had ceased by early 1930 because of the introduction of the Enigma.
The Enigma is referred to as an OFF LINE cypher system which was designed to provide high-grade cyphertext from the input of plaintext and the reverse. Enigma was a manual system whereby each plaintext letter was typed on the KEYBOARD (TASTATUR) and the resultant cyphertext letter appeared illuminated on the LAMP BOARD (GLUHLAMPENFELD). This letter was transcribed on a message pad and the procedure repeated until the message was complete. This cyphertext message was then transmitted by radio using Morse code. Decryption followed the same procedure with the cyphertext letter typed in and the plaintext equivalent displayed on the lamp board.
Although much has been written about British efforts against Enigma, they were not the first. The first crack in the ENIGMA armour came not from brilliant cryptanalysis but as the result of good old fashioned espionage (HUMINT). In late 1931 a disgruntled German public servant allowed, for a fee, a French secret service agent to photograph two ENIGMA instruction manuals which, while non-technical, contained sufficient information to deduce the internal wiring of the machine. The French, despite their previous brilliant wartime cryptanalysis, failed to capitalise on this windfall. Luckily for the British, copies of the manuals were given to Poland under an intelligence-sharing agreement. A brilliant young mathematician MARIAN REJEWSKI began work on this seemingly ‘impossible’ task. Within 18 months the Poles, without revealing their success, were able, by manual means, to recover a ‘day key’ and read Enigma traffic. When the Germans changed the transmission technique, a mechanical device, comprising six separate machines in total, was developed to extract the key. This was the first of many BOMBE’s which were to become synonymous with British code breaking at BLETCHLEY PARK. This success continued until 1938 when two new scrambler wheels (4&5) and 4 more plug board (STEKERBRETT) connections were added. With war imminent and without resources to build larger bombes the Poles considered the common good. On July 24th 1939 British and French cryptnalysts arrived at the Polish BOURO SZYFROW to be told of Rejewski’s success, almost a decade of successful Enigma decryption, and not only to be shown a bombe but to be given one each with the accompanying blue prints. There is no doubt that without this exceptional work done by the Poles prior to the start of WW2 the immensity and complexity of the British wartime decryption task may have defeated them.
The Poles had proven that, despite the apparent strength of the Enigma, there were weak points, and these, along with others discovered by the British, were used to great effect. The Enigma was, in terms of its internal architecture, a swapping machine and, as such, two machines set the same would give the same result. Key X to get C or Key C to get X. This meant that once the ‘setting’ or ‘day key’ was found, all messages using that setting could be decrypted. There was no internal dynamic update of the key based on the message traffic or any other variable. In addition keying X would not give X. This latter weakness was used to great effect when applying ‘cribs’, ‘ordered or known text that provide clues to breaking a cypher’ such as Dear Sir, or Heil Hitler!
Decrypts of Enigma traffic produced many results for the allies. Despite being warned of the German airborne landing on Crete, the allied forces were defeated because they were forbidden to pre-empt the attack in case the source of their information was deduced. Despite a recent (2000) American movie which attempted to rewrite history, British work on the decryption of the German naval Enigma which had more rotors than a ‘normal’ machine, and associated military operations designed to capture code books, led directly to the defeat of the U-boat offensive in the Atlantic and the saving of countless lives on both sides.
A LEGACY OF WAR
OPERATION VENONA (OR NEVER THROW ANYTHING AWAY)
The British began successful SIGINT activities against Russia in 1904. This success continued until British politicians, and the media, made public detailed transcripts of intercepted and decrypted Soviet traffic first in AUGUST 1920 then May 1923 and finally May 1927. Although the roubel didn’t quite drop on the first two occasions, on the third occasion, the Soviets finally got the message and replaced the compromised codes on all their OGPU (KGB) and diplomatic networks with OTLP. This resulted in a complete loss to Britain of Soviet intercept traffic from 1927 to the early 1940s. This, coupled with the literary indiscretions of Churchill and the Royal Navy historians are blunders which are almost impossible to believe, but sadly, which occurred. After ceasing all work in the early 1930’s because of the perceived impossibility of the task, the British began intercepting Russian traffic again in 1940. By 1941 the intercepts were being shared with the US. This intercept work and its associated sharing agreement continued during and after the war, culminating in 1947,1948 in the UKUSA agreement (which also included Australia, New Zealand, and Canada).
While OTLP offers complete security in theory, this is not true if the pads are reused, or, if either the original plain text, or the used pages or current code books fall into the interceptors hands. During the war years, for a variety of reasons, all these events occurred.
In the view of the western allies, the Soviets were not the ‘good guys’ despite their alliance against Germany and Japan.
The US VENONA project began at ARLINGTON HALL Virginia in February 1943 and by 1947 had broken into a considerable amount of traffic including 1945 KGB traffic between Moscow and Canberra. Supplemented by a similar UK effort, they were able, by the early 1950’s, to identify Soviet agents in their respective intelligence and government services and the existence and makeup of a major Soviet spy ring in Australia.
Despite preventing access for almost 20 years the Soviets had, at a most critical time, compromised the security of their global spy network by their failure to follow simple security rules.
THE BEGINNING OF THE FUTURE
The 1980’s and ‘90’s have evolved into a digital world. The advent of the microprocessor and the personal computer (PC) and their acceptance into every-day life has meant that although our primary means of communication is the spoken word the ‘lingua franka’ of our working lives, and increasingly our private lives, is digital. This digital dialect has spawned vast communications networks (INTERNET, DIGITAL (GSM) MOBILE PHONES, AUTOMATIC TELLER MACHINES (ATM) ) offering instant ‘secure’ communication. These networks increasingly carry the most mundane, private and sensitive messages of ordinary citizens, business, government, and all manner of criminals and terrorists. The future of ELECTRONIC COMMERCE (E-COMMERCE) and, in fact, the electronic world, rests on secure digital communication. Unfortunately, so does the success of drug rings, people smugglers, child porn, organised crime, spy rings, and ‘cyber crime’.
Legitimate governments and law enforcement bodies want ‘transparent’ or KEY ESCROW encryption (CLIPPER) to fight crime and ensure national security. This technique, although now all but discredited as a US government ‘Trojan horse’, was designed to allow government/law enforcement to obtain one’s secret key if they established that one was involved in illegal activities. Other governments ban digital security to harass political opposition and quell dissent. Lobby groups, conspiracy theorists, oppressed minorities, distrustful and disgruntled citizens all want triple military-grade encryption fitted to their ‘fly-by’ cards.
The arguments for and against are many. Do you have anything to hide? Do you trust your government? Do you trust the French government since the Rainbow Warrior? Do you trust the US government since the Bay of Pigs or the ‘Contra’ affair? Do you trust your lover, business partner, bank, or the florist? Are you or others at risk because of your political, religious or ethnic heritage? The applications of modern digital encryption are endless and should be applied in direct proportion to your level of paranoia or to the threat to your life and liberty.
DES – DATA ENCRYPTION STANDARD
In 1972 the US NATIONAL BUREAU OF STANDARDS began the search for an encryption algorithm that could be tested and certified. After several false starts in 1974 IBM offered the US government an algorithm which was based on the early 1970’s LUFICER algorithm. The offer was accepted and the algorithm was tested and ‘adjusted’ by the NSA and eventually released as a federal standard in 1976.
DES is a SYMMETRIC BLOCK cypher based on a 64 bit block. The user feeds in a 64 block of plain text and is returned 64 bits of cyphertext. The same algorithm and key are used for the encrypt and decrypt operations.
Since its release in 1976 the key has remained fixed at 56 bits (reduced from a 128 bit key as part of the NSA ‘adjustment’) although it was possible to ‘build’ DES with a 128 bit key, exporting it from the US was banned. Recently however this key length restriction was removed by the US Government.
Much has been written about the security of DES and the hand of the NSA in its design. Constant analysis over the last 20 years has not really compromised its basic security. Some high profile decrypts have come as the result of reduced ‘rounds’ and other ‘manufactured’ situations. Is it good enough for personal or commercial use? - probably. Should the big guy in Baghdad send his travel plans using it? – we don’t think so.
PGP – PRETTY GOOD PRIVACY
This software package is designed to provide an encryption capability for e-mail and was originally developed by PHILIP ZIMMERMANN who began working on the algorithm in the late 1980’s. The development of this system was as much about Zimmermann’s distrust of the US Federal Government and its ability to intercept electronic communication as the development of a commercial cryptographic product. The history of this system has two interesting facets. Initially, an unlicensed implementation of RSA was used to provide key management while the IDEA algorithm was used to provide the actual data encryption layer. Because of Zimmermann’s distrust of the US government, the complete package was downloaded onto the internet so that it could be distributed as freeware. This, of course, created maximum heart-burn for the US government and led to their ill considered use of pressure on him which in turn reinforced his position.
DIFFE-HELLMAN-MERKEL KEY EXCHANGE
WHITFIELD DIFFE was already considering the problems of e-commerce when the US defence department’s ARPA Net, the forerunner of the internet, was still in its infancy. In 1974 he teamed with MARTIN HELLMAN and later RALPH MERKLE to begin research into the problem of key exchange. By 1976, using one-way functions and modular arithmetic, Hellman had developed a strategy to solve the key exchange problem. In June 1976 at the US National Computer Conference, they demonstrated that Bob no longer had to meet Alice to exchange a secret key. While this was a fundamental breakthrough in conceptual terms, it did not offer a ‘real world’ solution to the problem of key exchange. While working on the key exchange problem with Hellman and Merkel, Diffe had continued to ponder a solution for the obvious problems of the key exchange technique. In 1975 he developed the concept of the ASYMMETRIC KEY which opened the possibility of operating a cryptosystem with a PUBLIC (published) and PRIVATE (secret) key. He also published a paper on his work in the same year while continuing to look for the one way function that would make his theory a reality. He never made that connection and the first (then) known developers of an asymmetric key system would be the inventors of RSA
RSA
This algorithm, based on the original work of Diffe, was named after the three inventors Ron Rivest, Adi Shamir and Leonard Adleman. This is an ASYMMETRIC cypher and as such is able to be used for PUBLIC KEY CRYPTOGRAPHY. In simple terms you can send Bob a message encrypted with his PUBLIC/PUBLISHED key and when he has received it he can decrypt it with his SECRET/PRIVATE key (from which his public key was derived). The security of this system is based on the difficulty in FACTORING large numbers. The private and public keys can be functions of large (300-400 digit) prime numbers. While the process is known, recovering the plaintext from the public key is considered to be the equivalent to factoring the product of the two prime numbers. With large numbers this is considered a MAJOR computational task, even by to-days standards, and is believed to be, in terms of time, beyond the capability of any existing technique/computer combination.
As a footnote to this, and to explain the reason that we used ‘believed’ in the previous paragraph, it was revealed in December 1997 in a talk given by Clifford Cocks that he, along with James Ellis, and Malcolm Williamson, all employees of the British GOVERNMENT COMMUNICATIONS HEADQUARTERS (GCHQ) had, as the result of classified research, discovered all the fundamental techniques of public key cryptography by 1975, some three years before the Diffe-Hellerman key exchange or RSA technique were developed. Because of who they were and where they worked it took another 25 years before they put their hands up.
No comments:
Post a Comment