Tuesday, January 12, 2016

Cryptography and You - A basic introduction to the tradecraft


Cryptography is an interesting subject that touches on every one of our waking days. Your bank ATM transactions, point of sale visits, internet... all use crypto in a seamless way to give you a modicum of security in your transactions.  However, how do you get your hands around crypto, where you decide the parameters? How do you begin to understand what crypto is, and how you can deal with it?  This short post is a "toe in the water" survey of the subject.

Cartoon by Scott Adams www.dilbert.com


A good place to dive into this technically complex subject is this free downloadable pdf of a Stanford lecture on crypto. It will provide some context for my following remarks. A more in-depth and technical look is "Cryptography: Theory and Practice" for those that are interested in diving deeper into the details on their own.




Cryptography is designed to give the users security.  One may ponder if in your other activities, if it is better to not be seen at all, or to be seen and not understood?  The example is that of giving your wife a brush pass to get the shopping list for groceries such that no one even knows what went on.  In the alternative, if you handed your wife a 1 meter square poster board with 5 number groups on it in the middle of the produce section on the first day after the EBT accounts were plus-ed up, people would know that you were up to "something", but would have no idea "what".

Example of a One Time, 5 Digit Group Pad, courtesy Crypto Museum
The One Time Pad is an interesting theoretically secure system that is fraught with danger, although it does make for a useful practice tool to learn about the mechanics of cryptography.  While the math behind the concept is unassailable, the human element is generally the weakest part of any security scheme.  People get lazy, they get tired, they forget a step or they re-use a series of random numbers.  Although it is entirely possible to generate one time pads on your own, the logistics and distribution of them, not to mention the security of them is problematic, even for nation state level adversaries.

A most excellent place to read about the strengths and pitfalls of one time pads (OTP) is over at Dirk Rijemnant's site.  There is far, far more technical goodness there than I can cover in this short post and my best advice is go read it all.  Well written, well considered and zero hyperbole.

One aspect of OTP use is the issue of "modular math".  Even a guy with a History degree can do it, I assure you, as I am "that guy".   A way to practice this and all the aspects surrounding the previously mysterious OTP can best be done by, well, - doing.  For this, Dirk Rijmenants has put together a short manual to address the mechanics and considerations so that you can better appreciate what you read and see elsewhere.  It will take you through the theory and process, soup to nuts as it were.  All credit and associated kudos to Mr. Rijmenants for his diligent work, more so for making it readable to the layman. These three introductory readings will be enough to get you started on the road to understanding and applying some basic cryptography techniques.

As a conversational aside, cryptography remains an interesting sidebar of military history that continues to fascinate and intrigue, and has spawned an entire sub-genre of hobbyists.

Although not directly affiliated with Cryptomuseum, the Bletchley Park Museum offers an interesting historical curiosity in the form of a "Build at home ENIGMA simulator".  While ENIGMA is an entirely different principle of crypto, the fact that you can go on-line and buy a replica, build it, and have a functional equivalent to one of World War II's greatest intelligence secrets that is fully compatible with existing ENIGMA machines, works to decrypt actual ENIGMA messages and can be built with a high degree of fidelity to the general appearance of a real ENIGMA machine is an absolute stunner.

The Museum Jan Corver sells ham radio gear and a DIY Enigma E machine as well.

Here is a short Youtube clip on the Enigma "E".  A little too much euro techno in the soundtrack for me, but IMO it is interesting nonetheless:



Here's a more compact (pocket sized!), up to date version made by 'Murricans using the Arduino development board. For the cost involved, £150 for the European device and 114 USD for the American one... I guess it comes down to what you want out of it.  Both are able to interface with your laptop to provide a better user experience ... I personally can't stand those small screens.



This is a $2.00 Android smart phone ENIGMA app you can buy and download!

In conclusion, the world of cryptography is not just applied math.  The ENIGMA machine is no longer really an "ENIGMA" anymore as the encryption principle implemented has been broken many times in the past.  As such, it for educational, historical and entertainment purposes only. Crypto is more, far more, than just securing your daily transactions.  It is the backbone of secure military communications, so long as the inherent limitations and structural weaknesses are understood and adjusted for.

I'll be writing more in-depth ideas about how to incorporate cryptography into your communications plans, and how our opposition is using cryptography. The referenced PDFs should give you a good starter education on the subject for now so you will be better prepared for more in-depth material.

Author retired Marine Mustang Officer Partyzantski was a qualified USMC Aviation Electronic Warfare Officer (EWO) and graduated with the highest academic average for his year group from Corry Station.  He still finds cryptography an endlessly fascinating subject.

 Thanks for visiting, reading and hopefully sharing with others.  Purchasing books or completing other shopping needs through our Amazon portal is greatly appreciated and helps us get our message out to educate more people!  You can follow us on Twitter @stopshoutblog or email us or donate through PayPal.  Questions, comments and concerns always welcome! All comments are moderated, but will post when we have time to review and release them.




Donate to SSB and spread the word with a bumpersticker!

2 comments:

Arthur said...

"Android smart phone ENIGMA app"

Reminds me of the Simpsons episode where Montgomery Burns goes though multiple layers of super security to get into a control room, only to have to chase a raccoon out of the broken screen door in the back.

Partyzantski said...

Arthur,

Thank you for seeing the humor in this. I always liked the Monty Burns story lines in that show.
The level of sophistication that talented hobbyists now have in their grasp is astonishing. There are a number of crypto machine emulators and programs in the separate articles at www.cryptomuseum.com. They are fascinating! Try the Hagelin M209 review at http://cryptomuseum.com/crypto/hagelin/m209/index.htm
http://users.telenet.be/d.rijmenants/en/m209sim.htm is the program. I have toyed around with it, fascinating how America went to war in the past.
Thank you for stopping by stopshouting.blogspot.com! I hope to see you around here and look forward to your comments.
-Partyzantski