I was introduced to the topic when working on TCP Networking in Java. And soon discovered how essential it is to software development, protecting not only internet traffic but being able to encrypt (and decrypt) any data.

What is cryptography?

History

Cryptography has been around for ages. In essence cryptography itself is the act of protecting certain data by using a certain method to scramble it, with the ability to unscramble it. In ancient times (All the way up to 1900 BCE!) this was already a thing. Especially in the later years, let’s say the roman empire, the use of cryptography was essential to war. A letter detailing your army’s next move had to be secure. If the enemy got their hands on it, it had to be unreadable. Julius Caesar himself reportedly used a so called ‘substitution cipher’ to encrypt letters to his generals. These letters would be written with all letters replaced by a letter X positions further down the alphabet. For example: he would send his generals letters where every letter was replaced with one 3 places further down the alphabet. Meaning the letter ‘a’ would become ‘d’, giving you some pretty odd looking letters of nonsense.

Symmetric-key Cryptography

The form of Cryptography that Caesar used is known as Symmetric-key Cryptography. This is a form of cryptography where the formula used to encrypt/decrypt the text (or data) depends on a predefined key. The sender and receiver both know this key, and therefore know how the encryption works. This way multiple people could use the same encryption formula, but still be unable to decrypt each other’s data. They need to know they key first! In Caesar’s example the key was the number of letters further down in the alphabet would be substituting the original letter. His substitution cipher would yield a different result if you replaced the letter ‘a’ with 1 step (giving you ‘b’) than it would with 6 steps (giving you ‘g’). This way he could use this cipher with multiple people, who would still be unable to read each others letters.

Complexity

Of course the cryptography of the old times was rather simple compared to current day cryptography. After all, if I gave you a letter written in Caesar’s shift cipher it’d be pretty easy to decipher after you assume it’s written in English. You start replacing common letters, see how others would change, compile a few solutions and see which one renders proper words! Rest assured, people came up with more complex ciphers. By making the way you replace letters depend on more and more factors, using complex mathematical formulas for example, it becomes a lot harder to guess which letter is which. The key here being that with ciphers that for example depend on which position down in the dataset the letter occurs to substitute it with a different letter, it becomes impossible to replace the most occurring letter with the most occurring one in the English letter. After all, some E’s would be A’s, and some would be something completely different!

Limits of Complexity

These changes have limits though, the more complex you make your encryption the harder it becomes to crack. That is a fact. But we’re only human! These formulas can only get so complex before it would take us days to decipher the text even if we know the encryption method! This was however (to an extent) countered by a simple trick! A cheat tools of sorts! Machines! Machines, and these days specifically those we know as computers, can do a lot of the hard work for us. Simply put in the dataset and key and watch the miracle of technology work is magic as it spurts out encrypted/decrypted messages 😉

That said, even computers have limits! In the case of computers we want a lot of things to happen really, really fast. If we decrypt a password we don’t want to wait 8 days for the computer to calculate. We want it to happen near instantly as long as we have the key. This has caused the encryption standards used today to have certain size limits. Which is no problem at all.

Modern (computer) Encryption Algorithms

Modern encryption algorithms that run on computers are rather complex, so complex that some of the most popular ones aren’t hidden in any way at all. The algorithm used to encrypt and decrypt data in for example two of the most popular encryption standards (DES and AES) is completely open source. This way the algorithm can be implemented in any programming language. If someone plans to use it, they can read the documentation and write a version of the standard themselves. The strength of these algorithms resides in the keys used to run the algorithm. By using complex keys the combinations of possible encryption are nearly endless. In theory an encryption could be brute forced by running each possible key through the algorithm, but this would take an insane amount of time. Especially considering that the keys can be changed between encryption rounds and be supplemented by some misc. settings and values in the algorithm. This makes the main reason for encryption cracks leaked keys. It’s often easier to retrieve the key used, than to make a machine guess it. Often these leaks are a result of reverse engineering. If a client and server communicate using encrypted data, the client must hide the key somewhere. By finding your way to that key, you can crack the encryption.

 

This will be all for today. In the future I might touch upon some of the uses of modern encryption and show some code examples. Hope you enjoyed this introduction to cryptography!

(Which you just read through a site that appears on your browser through encrypted traffic ;))