In order to talk about encryption, you usually have to talk about math. Lots of fairly complicated math. People write theses on encryption algorithms and base their entire mathematical careers off of them. I’ve always found it to be a very intimidating way to approach the concept.
Basically, in order to encrypt something, you need a secret password known by both yourself and the person you’re trying to contact. This “shared secret” is then used to take your input data (your secret message) and transform it into something that is unrecognizable to an outside observer. Throughout history, this has taken many forms. One-time pads are very tight encryption, the enigma machine was famous for needing the first Turing machine to be built to crack it. If you want explanations as to how the math works for these, this isn’t the right blog.
This shared secret is then used in a “mathy” way to scramble the letters up in your message so much that it would be very difficult or impossible to unscramble without knowing the secret key.
When people talk about encryption they also always seem to use “Alice” and “Bob” as the people wanting to send messages. “Eve” is always the nefarious third party trying to spy on the communication. I don’t know why but make your own story up.
Let me take you through a quick example using a One-time Pad. A One-time pad is called such because in order for it to be secure, you can only use it once to encrypt data. Each successive use, weakens its encryption strength. They’re basically two paper booklets that are identical to each other with random letters on them. Those random letters are identical in each pad as well. The two people wanting to send messages to one another should each have one.
So let’s make our super secret one time pad. First we’re going to agree on a way to turn letters into numbers. We’ll go elementary school style with just listing the numbers of the letters in the alphabet. There are many techniques to making these, commonly called checkerboards or conversion tables, that allow for more characters and the use of a codebook to represent whole words as numbers as well.
Next we’ll make our one time pad by generating a bunch of random letters. Important to note here that randomness is essential to this whole thing. Most of the things you think are random are not. Truly random things are difficult, but we’re not dealing with life or death info.
I went to random.org/strings and got 20 random 2 character strings. One of the most important security rules for making iron clad One-time Pad ciphers is to not use computers at all for encryption/decryption. You do want something truly random to make the pad and that is usually a computer of some sort. The idea is to have a computer make the One-time pad data while Alice and Bob are together and in a safe place. That computer should not belong to either Alice or Bob and would likely be owned by Alice and Bob’s handlers. It shouldn’t be connected to any network, and for real security, should be annihilated with antimatter after use. True randomness is hard to come by but that’s another post. When using a computer to encrypt or decrypt, Alice or Bob could leave behind data without even knowing it and it’s usually a variable that they cannot properly control. Again, we’re just having fun.
IM OT WM GU BY SH EB JR PU YC PV LW ZI CZ DB DM RU BH TY FV
I’ve arranged them in 2 letter groups because this next part is how we’ll encode/decode our message. Let’s convert these to numbers. I’m just going to grab a couple to use as we won’t need all of them.
We’re going to now use this to encode our secret message “I THINK EVE IS LISTENING” by grouping them by two characters, removing spaces, and formatting it like we did before. We do this because we don’t want “Eve” to know how many characters each word has. That would be a hint to our message’s contents.
The next part is where the magic happens. We are going to keep the first secret key the same so Alice can know which One-time pad to use to decode the message. Ideally a One-Time pad is made up of several pages of random characters and you’ll
need a way to let each other know which one you’re using. So we’re going to line up the data and add one to the other. We’re only adding the individual digits and ignoring any time it goes over 10 by just writing the remainder. This is called
Modulus 10, but that’s getting into the “mathy” thing we talked about. Just think
9 + 4 = 13 so we take off the
10 part and end up with
Remember we are only adding single digits. You should never be adding more than one digit from the message to more than one digit of the One-time at a time.
Now that we have our secret encrypted cipher text, we destroy our pad and it will be secure. If we’re caught with the message we wouldn’t be able to provide a way to read it even with a 5$ wrench attack.
0913 1440 2112 1132 0747 1407 1414 1927 3626 3902 2029
So Bob sends his message to Alice via carrier pigeon. Eve has a fleet of pigeon intercepting hawks who grab Bob’s pigeon so Eve can copy down the message and send them on their way. Upon arriving, the pigeon tells Alice its harrowing tale. Unfortunately, Alice doesn’t understand the pigeon’s regional dialect but even if she did, she would not be concerned that the message’s contents were compromised.
To decrypt, Alice needs to take the secret Cipher, and subtract her secret key from it using the same modulus method (subtracting the remainder from 10) so
3 - 9 = -2 which would mean
10 - 2 = 8
The pigeon reads the message and nods in agreement. Seeing this, Alice burns her scratch pad and the One-time pad. Eve can now never know what the message said.
As an exercise, and to demonstrate why this is such a strong encryption method, try decoding the previous cipher using the One-time pad of this:
0913 0835 1017 0827 9348 0594 9918 1805 2118 3082 2503
You’ll notice the cipher is the same. It’s the same thing Eve has, but the message is different! It would have been nice to work out a message that could fit our conversion table nicely but remember that our attacker doesn’t know that either and therefore would have to assume that on the conversion table, there are numbers that go up to 93 and so on. Often time codebooks use numbers like this as well.
Moving forward we’re going to talk about PGP, GPG and different concepts of encryption. This post was specifically made in order to prepare you for heading into our post You down with PGP? Yeah you know me!. So head on over there if you want to dig a little deeper.