The Cryptography of Today

by kriminal 3nigma

Governments have long understood the importance of keeping information private, both for military and economic reasons.  What better way to do this than with an advanced computing cryptography formula?  Past wars have been won or lost because the most powerful government on Earth didn't have the same cryptography that a 15-year-old crypto-phreak can have on a PC today.  I have extensively read books, studied formulae, and learned the general methods of cryptography and am now known as a cryptography phreak (similar to a phone phreak), also known as a crypto-phreak or a crypto.

Crypto-phreaks are all around the world, and many are programmers, scientists, or advanced mathematicians.  Each of these people live to give the public better privacy from the bloodthirsty governments of today.  In this article I will attempt to give you a good outline on cryptography and how each and every one of you can use it to your advantage.

Encryption For Everyone

Basically, every message or file you encrypt has a digital "signature" added to it.  You and you only can apply this digital signature unless someone else has your password.  The recipient will be able to be almost positive that the message or file is really from you, that it was sent at exactly the indicated time, and most importantly, that it hasn't been tampered with in the slightest and that others can't decipher it.

This is all based upon mathematical principles, including what we now know as "one-way functions" and "public-key encryption."  The mathematical principles are very complicated, to the extent that even I, a crypto-phreak, do not understand bar the easiest concepts.

A one-way function is something that is very easy to do, or - put it this way - something that is much easier to do than to undo.  For example breaking a window is very easy to do, but can you put it back together as easily?  I think not.  The sorts of one-way functions required for cryptography are that it is easy to undo if you have that little extra piece of information and close to impossible if you don't have it.  There are many one-way functions in math and one involves prime numbers.  Everyone learns prime numbers; they are basically numbers that can only be divided by 1 and themselves, such as 2, 3, 5, 7, 11.

There are an infinite number of these and there is no known pattern to them except that they are prime.  When you multiply two together you get a number that can be divided evenly by those two primes.  Finding the primes of a number is known as "factoring."  I think I'll now stop treating you all as babies and get on with it.

It's easy to multiply two primes, example 11,927 and 20,903 (which gives us 249,310,081) but it's very difficult to recover those two primes from the result.  This is a perfect example of a one-way function, which is the most sophisticated encryption system known to us today.  It may take weeks for even a supercomputer to factor a large number that was created by two primes.  This is exactly the reason why an encryption system was based on factoring two different decoding keys; one to encrypt the message/file and one to decrypt it.  With only one you only have half the capabilities, i.e., with only the key used for encryption you can only encrypt files/messages, theoretically.

Decrypting requires a separate key, available only to the intended recipient of the message.  This key is based on the product of the two prime numbers, where the decrypting key is based on the numbers themselves.  A computer can randomly generate a new pair of unique keys in a moment because it is simple for a computer to make two primes and multiply them.  The encrypting key can then be made public without appreciable risk.

Now here's how it works, I want to send 2600 this article.  My computer looks up 2600's public key and uses it to encrypt this information.  No one can read the message other than 2600, because their public key doesn't have any information needed to decrypt the article.  My computer then sends this newly encrypted file and 2600 decrypts it with a private key that corresponds to their public one.  Now they want to answer and tell me what a great job I did!  The computer looks up my public key, they encrypt their message with it and send what looks like random numbers and letters as an e-mail.  I then take this, paste it into my homemade decrypter and tada!

Now you may be wondering how big these primes have to be to ensure a very elite and secure one-way function.  The concept of public-key encryption was invented by a dude known as Whitfield Diffie and Martin Hellman in 1977.  Another set of crypto-phreaks, who the public called scientists, Ron Rivest, Adi Shamir, and Leonard Adelman, soon came up with the notion of using prime factorization as part of what we now know as RSA encryption, after the initials of their surnames.

Today it is estimated that it would take millions of years to factor a 130-digit number that was the product of two primes, regardless how much computing power was used.  To prove this point they had a little "competition."  They challenged the world to find the two factors in this 129-digit number, known to crypto-phreaks as RSA-129.  It was, and is, as follows:

114,381,625,757,888,867,669,235,779,976,146,612,010,218,296,721,242,362,562,561,842,935,706,935,245,733,897,830,597,123,563,958,705,058,989,075,147,599,290,026,879,543,541

They were quite sure that this message they had encrypted using the number as the public key would be quite secure forever.  But they hadn't expected computers to get so powerful, so quickly.  And in 1993 a group of more than 600 academics and crypto-phreaks from around the world began an assault on the RSA-129, using the Internet to coordinate each individual's work.

In less than a year they factored the number into two primes, one 64- and one 65-digits long.  (This time I'm not wasting my time typing up these two primes!)  They then decrypted the message that said, "The magic words are squeamish and ossifrage."

So as you can see from this, a number 129-digits long isn't enough to encrypt data that is really important and sensitive.  Mathematicians today believe that a number 250-digits long is more than enough to stop the whole population of Earth from uncovering the two primes.  But who really knows?  Computers are getting faster by the second so we might end up with an RSA-1,000,000.

One thing we don't have to worry about is running out of primes - there are said to be far more primes than atoms in this universe (yeah right).  Key encryption allows more than just privacy; it can also ensure authentication of many things.  This will, hopefully, bring new online benefits in the future (more on this later).  Security can also be increased by including time stamps with the encrypted messages or digital IDs.

Society's Biggest Problem

None of the protection systems that most commercial and government computer systems use today are completely fail-safe.  The best they can do is make it as hard as possible to try to get into them.

Despite popular opinions to the contrary, computer security has a good record.  Well at least that's what they tell the public.  In fact it is estimated that at least 2000 computers are broken into in a week, in Australia and the U.S. alone.  Computers are capable of protecting information in such a way that even the smartest hackers can't get at it readily unless someone entrusted with information makes a mistake, but not too many computer systems in the world use this, or take full advantage, of these methods.

The main reason computer systems are so easily breached and files so easily decrypted, is that people are stupid when it comes to passwords and setting up systems.  People don't want to spend hours on end just to set up a network.  They do it the easy way, with the default passwords.

Because most systems will soon use today's encryption techniques such as to order concert tickets and buy other products, a breakthrough in mathematics or computer science that defeats the cryptographic system could be a disaster to the people owning these systems and to the government in general.  The obvious breakthrough would be to create a mathematical formula that gives us an easy way to factor extremely large prime numbers.  Any person(s) possessing this power could do anything they wanted, electronically.

Every Cryto-Phreak's Nightmare

Many in the U.S. government are opposed to encryption capabilities because it reduces the stronghold they have over the people of the U.S.  Though this, of course, isn't quite how they put it.  They say that such encryption "...reduces their ability to gather information."

But, thanks to many crypto-phreaks, this technology, and technology as a whole, can't be stopped.  The National Security Agency (NSA) is a part of the U.S. government's defense and intelligence community that protects the U.S.'s secret communications and decrypts foreign communications to gather intelligence data.  The NSA doesn't want software containing advanced encryption capabilities to be sent outside the United States.

This doesn't bother me and many other crypto-phreaks at the moment, because we don't live in the U.S., but if the U.S. government manages to do this, many other governments may follow.  However, this software is already available throughout the world, and any computer can run it.  No political policy will be able to restore the U.S. government's tapping capabilities that it had in the past.

The U.S. government recently had a court case with one Philip Zimmermann, the programmer of Pretty Good Privacy (PGP), one of the best and most commonly used encryption programs.  The case ended in Phil not being able to release PGP outside of the U.S.  But (unofficially of course), Phil sent the scanned source of PGP 5.0 to his friends in Europe.  They then scanned this and compiled it (though it was called PGP 5.0 International version).  They also distributed it like crazy all over the globe, thanks to the Internet.  As you can see from this, cryptography will never be stopped, just like hacking.  They may catch a crypto-phreak or another Mitnick but they won't stop us all.  

Now if commerce rests on any single concept, it must be identity.  There can be no business without ownership.  To regulate commerce there must be a legal system with accountability and that can't happen without precisely identified individuals.  What the U.S. government is planning is to make sure everyone has an identity on the Internet, using the encryption methods previously mentioned.

The U.S. and British governments both came up with ideas on how to manage all these keys but it seems that key escrows aren't to be, for now.  Instead the U.S. government is planning to pass a bill that will ensure that there is a backdoor in each and every cryptographical program (in the U.S.) so that the NSA, FBI, CIA, and the many other unknown governmental groups will be able to access any bit of any person's encrypted bytes.  Does this seem immoral?  No, why would it be?

According to many of Clinton's advisors, backdooring software and enabling the government agencies full access to key escrows are necessary to combat state-sponsored terrorism and prevent the undermining of the emerging Internet economy.

Does this sound like a load of bullshit to you too?  The worst part is that the computer illiterate thinks it's all true.  Help them to see the truth.