Slashdot Mirror

← Back to Stories (view on slashdot.org)

Modern History of Cryptography Techniques

Posted by CmdrTaco on from the sedoc-terces-repus dept.

Heather writes "The encryption scheme you rely on today might be full of holes just a few years down the road. Learn how far we've come in the last few decades, and why your apps need to be ready for change. This article builds on a previous article about Enigma, Germany's WWII-era encryption system."

22 of 204 comments (clear)

  1. What? by Anonymous Coward · · Score: 5, Funny

    Why can I never undestand articles about cryptography?

    They always seem to be written in a way that makes them incomprehensible.

    1. Re:What? by Anonymous Coward · · Score: 5, Insightful

      Cryptography is pretty heavily math-centric. To truly love cryptography over and above the obvious social factors and coolness level of being able to hide stuff, you really need to be somewhat of an academic math geek. Academia speaks a completely different language than real people. It's a hazard of living in dark hallways and not getting out much to meet the human race.

  2. Why a few years down the road? by Raistlin77 · · Score: 5, Insightful

    The encryption scheme you rely on today might be full of holes just a few years down the road.

    If is will be full of holes just a few years down the road, wouldn't it then be correct to say it's full of holes now?!

    1. Re:Why a few years down the road? by rholliday · · Score: 4, Funny

      I suppose technically that's correct. But, "The encryption schem you use today has holes in it, and the tools will get small enough to go through those holes just a few years down the road." just doesn't quite roll off the tongue. :)

      --
      Xbox reviews.. We think they're funny.
    2. Re:Why a few years down the road? by bentcd · · Score: 4, Insightful

      Not if you only intended for the protection to last a couple of years.
      One of the key decisions to make when choosing an encryption scheme is for how long the information is to be protected. If the answer is "until release date", then you can often get away with a very low-end encryption scheme. If the answer is "forever", then go for one time pad and it'll be secure until doomsday. Of course, one time pad is considerably more expensive in terms of administration, but as is so often the case, you get what you pay for :-)

      --
      sigs are hazardous to your health
  3. Related earlier slashdot story by karvind · · Score: 5, Informative

    U.S. Army Guide to Code Breaking.

  4. why no encryption by default? by william_w_bush · · Score: 4, Insightful

    so... great, but why aren't most tcp streams encrypted by default? the client side load is negligable, and there is a lot of acceleration available server-side. Even relatively simple encryption would make me feel better about those voip calls I'm essentially sending in the clear over a public network.

    The net is a very public network considering, and especially considering how many protocols are plaintext cheap encryption (pref in hardware) seems like it should be required. It's past the proof of concept stage, just having it work at all isn't enough anymore.

    --
    The first rule of USENET is you do not talk about USENET.
    1. Re:why no encryption by default? by qwijibo · · Score: 4, Informative

      As has been mentioned, it's the job of the application to determine whether or not encryption is necessary and what type. There is no one size fits all solution that could be implemented at the network layer without creating more problems than it solves. If you're sending financial transaction information, the additional time to encrypt and sign is worthwhile. It takes time to encrypt and decrypt data. For VOIP, that may be considered an unnecessary and unacceptable inconvenience. However, from an application development standpoint, not offerring the user that choice is pretty lame.

      Another reason for not having a default level of encryption at the network layer is that it takes a long time to get everyone to upgrade. Poor encryption can be worse than none in the sense that non-security-geeks don't know the difference and may assume that their connections are secure. It's better to start with the assumption that they are insecure and if that is not acceptable, mitigate against that risk with an appropriate level of encryption in the application.

  5. Mod parent up by utopianfiat · · Score: 5, Funny

    That is really awesome.
    Now I just need the US Army Guide To Understanding The US Army Guide To Code Breaking

    --
    +5, Truth
  6. Premise is nonsense by Paul+Crowley · · Score: 5, Informative

    DES was *not* considered "uncrackable" when it was launched. In fact, cryptographers such as Michael Weiner warned that the key was too short and described the dangers of a hardware-based key cracker practically as soon as it was announced.

    The history of cryptography is not simply one of algorithms thought uncrackable being cracked. It is one of consistent refinement of our understanding and technique, but to imagine that the history of DES means we'll be breaking open 256-bit AES-encrypted messages in a few years is delusion.

    --
    Xenu loves you!
    1. Re:Premise is nonsense by JUSTONEMORELATTE · · Score: 4, Informative

      FWIW, DES was effectively broken by Evi Nemeth (at CU Boulder) using a paired-primes database and an all-software solution. There was no hardware-based key cracker, there was an algorithm that took a ton of cylces to generate the db, then a simple bit of lookup code to decrypt the cyphertext.
      IIRC, when she demonstrated it, they decrypted something like 5,000 passwords from a nearby /etc/passwd file in less than a minute on a Sun3.
      She made a point of telling us that the NSA has a copy of her work and her database.

  7. Author appears ignorant about cryptography by Paul+Crowley · · Score: 4, Insightful

    Actually, reading on, it looks like the author really doesn't have a clue. At one point he suggests using RSA in place of DES. Even most Slashdot readers know that in practice, when you use RSA for encryption, you use it in conjunction with a symmetric encryption algorithm.

    IBM has considerable cryptographic expertise; it's a shame none of it was brought to bear on this article.

    --
    Xenu loves you!
    1. Re:Author appears ignorant about cryptography by Conare · · Score: 4, Insightful
      Agreed. In addtion I like this from TFA:
      New standards are emerging from NIST, including AES (Advanced Encryption Standard) and TDES (Triple DES).
      Once again even most Slashdot readers know that TDES is finished emerging from NIST and is in the process of being obsoleted by AES which also emerged from NIST long ago.

      It is also interesting to note the bias they give PGP here. Basically, there are two good asymmetric key distribution schemes in the world: PGP and PKI.

      PGP is very useful if you have a small group or feel you can rely on out of band mechanisms for key distribution. For example, if I have been talking to you on the phone, and say I am going to email you my public key, you can be pretty sure it came from me when it arrives a little later.

      In a large organization though, key distribution is more problematic, and this is where PKI excells. For example if I receive a message that purports to be from the CIO telling me to install a patch how can I be sure it is really him and not some random dude(ette)? Ah! because the certificate that contains his public key is digitally signed by an entity that I trust (because they told me that I will trust it when I took the job ). PGP is good for dealing with people you know personally or have met in some fashion. PKI is good for dealing with both people you have met personally, and people that you have not met, but need to be able to exchange secure communication with anyway.

      On the other hand PGP is free.
      --
      Stop Continental Drift! Reunite Gondwanaland!
    2. Re:Author appears ignorant about cryptography by pclminion · · Score: 4, Informative
      It is also interesting to note the bias they give PGP here. Basically, there are two good asymmetric key distribution schemes in the world: PGP and PKI.

      PKI just means "public key infrastructure" and can refer to any method for managing and exchanging public keys. X.509 certificates and the entire framework of trusted authorities surrounding them are just one implementation of a PKI. PGP is another, more simplistic implementation.

      So you can't really compare PGP, which is a specific application, to PKI, which is just a broad term for key management infrastructures.

      And what about "PKI" (in the sense you seem to mean it) isn't free? OpenSSL can do everything with certificates that you'd ever want to do.

  8. Is /. getting astroturfed again? by sixpaw · · Score: 5, Insightful

    The article has no discussion of truly modern encryption schemes (their description stops at RSA/PGP and they don't even go into any details); it has no discussion of why modern schemes are considered more secure than DES, no discussion of what might make them less secure (i.e., no mention of factoring/discrete logs as the root 'hard problems' behind current crypto) and no discussion of what's on the horizon in terms of things like quantum cryptography.

    On the other hand, it does go into cheerful detail on why IBM's Exciting New Coprocessor (r) is the right solution for your enterprise encryption needs!

    I know IBM are the 'Good Guys' and all, but that doesn't make advertising for them (especially in the form of a front-page slashdot article) any more palatable than advertising for anyone else...

  9. Re:I just encrypt disks full of white noise nowada by utopianfiat · · Score: 5, Funny

    I think it'd be fun to try to compress white noise files, and see how well it compresses.

    WHITE NOISE DRINKING GAME:
    Ingredients:
    BSD-based systems with random number generators, need to be the same or it's just unfair.
    Your favorite method of compression.
    Alcohol

    Steps:
    1) each of you dd if=/dev/urandom of=./noise.txt for however big you want the file to be. Bigger is better, imho.
    2) bzip2 noise.txt or your favorite compression algorithm
    3) whoever's file size is the highest has to drink.

    You can mix it up and write a shell script that does the following:
    TIME=`date +%s`
    bzip2 $1
    TIME=`date +%s`-$TIME
    echo $TIME sec. elapsed

    --
    +5, Truth
  10. HA! by MosesJones · · Score: 5, Funny


    I just used MD5 as my encryption mechanism and the files will NEVER be recovered.

    This "joke" such as it is was based on a real world experience where the "smart" IT chap at a company I helped had in his words...

    "Tried a number of different compression and encryption approaches and MD5 consistently gave the smallest files"

    I asked if they had ever done a recovery, and strangely they had not... it was fun watching them try.

    --
    An Eye for an Eye will make the whole world blind - Gandhi
    1. Re:HA! by utopianfiat · · Score: 5, Funny

      "Oh my god, MD5 ate the files!"
      "WHAT?"
      "It just finished digesting!"

      Thank you, I'll be here all week.

      --
      +5, Truth
  11. Recommended reading for those with an interest... by CdBee · · Score: 4, Interesting

    Fiction, but still good:

    Neal Stephenson - Cryptonomicon

    Then to explain how Enoch Root lives so long, you'll need to read

    Neal Stephenson - The Baroque Cycle Trilogy

    --
    I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
  12. IDEA is patented by crimethinker · · Score: 4, Informative
    It is my understanding that IDEA is patented (how this is even possible to patent a sequence of mathematical operations is a topic for another flamewar^Wdiscussion) and the holders of that patent wanted royalties. PGP used IDEA originally, but GnuPG wouldn't touch it for the royalty issue, and it eventually fell out of favour as other ciphers with 128-bit and larger keys became more widely available, e.g. Blowfish, Twofish, Serpent, Rijndael (AES), etc.

    -paul

    --
    Pistol caliber is like religion: everyone has their favourite, and theirs is the only right choice.
  13. World War II encryption tech by ScaryMonkey · · Score: 4, Insightful

    The most fascinating thing to me in the history of WWII encryption is not Enigma (which was pretty cool) but what the Americans used in the Pacific war: the Navajo language. By sending messages in Navajo they utterly confounded the Japanese, who have never been slack in the figuring-things-out department. Goes to show how much stranger of a code our own laguage is, when we think about it

  14. About OTP by Ernesto+Alvarez · · Score: 4, Informative

    Implementing a program that encrypts with an OTP is a no-brainer. Any program capable of doing a bitwise XOR can do it (basically because the algoriths IS a XOR).

    There are two BIG problems with OTP:

    1) You need a lot of random bits (the good stuff, like this, not your cheap pseudo random numbers). You need exactly as many as your plaintext.

    2) You need to securely send a copy to the intended receiver, and make sure the pads are destroyed once used.

    Basically, no one does it because it's a real bitch to implement correctly (pad creation) and it's not worth the effort (unless you're using them in a hotline from Washington to Moscow or something like that).

    You probably don't want a OTP. If you want something to encrypt your files and recover them with a password, you CERTAINLY don't want a OTP (in fact, you can't have one because the pad is not random, it's pseudo random, generated from the password and thus lacks the important properties of an OTP).

    And very important: most companies that sell "One time pad" software usually sell snake oil, so be very careful.

    And if you think you can get away with a pseudo random pad, the soviets spent some big time making pads for diplomatic and espionage messages, and made the little mistake of using the pads more than once, you can see the results here.

    --
    GPG 0x1B479C78