Audio 101 from Its from Onion on 2010-07-28 (file.mbox)

From: Its from Onion <areda..._at_msn.com>
Date: Wed, 28 Jul 2010 20:52:13 -0500

>From - Sat Mar 02 00:57:22 2024
Received: by 10.220.76.6 with SMTP id a6mr276633vck.26.1247900595363;
 Sat, 18 Jul 2009 00:03:15 -0700 (PDT)
Return-Path: <areda..._at_msn.com>
Received: from blu0-omc2-s14.blu0.hotmail.com (blu0-omc2-s14.blu0.hotmail.com [65.55.111.89])
 by gmr-mx.google.com with ESMTP id 21si139154vwj.12.2009.07.18.00.03.15;
 Sat, 18 Jul 2009 00:03:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of areda..._at_msn.com designates 65.55.111.89 as permitted sender) client-ip=65.55.111.89;
Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of areda..._at_msn.com designates 65.55.111.89 as permitted sender) smtp.mail=areda..._at_msn.com
Received: from BLU149-DS8 ([65.55.111.72]) by blu0-omc2-s14.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
 Sat, 18 Jul 2009 00:03:15 -0700
X-Originating-IP: [24.158.238.87]
X-Originating-Email: [areda..._at_msn.com]
Message-ID: <BLU149-DS8784D9DA1ACF402404742BC1F0_at_phx.gbl>
Return-Path: areda..._at_msn.com
From: "Its from Onion" <areda..._at_msn.com>
To: "TSCM-L2006" <TSCM-..._at_googlegroups.com>
Subject: cryptography
Date: Sat, 18 Jul 2009 02:03:13 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="----=_NextPart_000_00B9_01CA074B.E8407340"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: MSN 9
X-MimeOLE: Produced By MSN MimeOLE V9.60.0053.2200
Seal-Send-Time: Sat, 18 Jul 2009 02:03:13 -0500
X-OriginalArrivalTime: 18 Jul 2009 07:03:15.0266 (UTC) FILETIME=[D233D220:01CA0775]

------=_NextPart_000_00B9_01CA074B.E8407340
Content-Type: text/plain;
 charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

So first off, for those of you looking for the very basics of cryptography,=
I would like to recommend taking a look at Arrexels article "Cryptography-=
The VERY Basics." It is a nice little article on a simple form of encrypti=
ng messages, though we will briefly go over this method here as well.

Alright then! Cryptography is essentially the art of protecting information=
. It does so by changing the information into an unreadable form (as oppose=
d to Steganography, which simply hides the existence of such information). =
One of the simplest ways to do this is what is called "Monoalphabetic Subst=
itution."

Monoalphabetic Substitution
This form is what is described in Arrexels article. Essentially, the idea i=
s to replace letters with other letters in a predetermined fashion. For ins=
tance, we can make a lookup table for encrypting and decrypting in this sys=
tem like so:
a b c d e f g h i j k l m n o p q r s t u v w x y z
b c d e f g h i j k l m n o p q r s t u v w x y z a
If we want to encrypt the word "plaintext," we first take the first letter,=
p, and look it up in the first row of our table, and find the letter right=
below it: q. So "p" becomes "q." Doing this lookup all the way through giv=
es the encrypted form: "qmbjoufyu." To reverse the process, look at the sec=
ond row of the table, and find the corresponding letter in the first row.=
=20
This type of code is vulnerable to frequency analysis, and, more interestin=
gly, things called Markov Chain Monte Carlo Methods (a very interesting art=
icle on them found here<http://www-stat.stanford.edu/~cgates/PERSI/papers/M=
CMCRev.pdf>, though not terribly accessible to newbies). For computer secur=
ity<http://www.hackthissite.org/#>, it is therefore rather impractical.=20

Polyalphabetic Substitution
In the above example, only one ciphertext alphabet (as the second row above=
is called) was used. In the case of Polyalphabetic Substitution, more than=
one is used. One way to do this is to apply one alphabet to every other le=
tter starting with the first one, and another alphabet for every other lett=
er starting with the second. This may be a little confusing, so here is an =
example. First, let us make a pair of look up tables:
a b c d e f g h i j k l m n o p q r s t u v w x y z
b c d e f g h i j k l m n o p q r s t u v w x y z a
and:
a b c d e f g h i j k l m n o p q r s t u v w x y z
c d e f g h i j k l m n o p q r s t u v w x y z a b
where we want to encode "plaintext" again. So, we take the first letter "p"=
, and look it up in the first lookup table. As before, it turns into "q." F=
or the second letter, we use the second lookup table, turning "l" into "n."=
For the third letter, we use the first table again, and so on. Proceeding =
in this way we get: qnbkovfzu.
As you can see, the letter "t" is encoded as a "v" in one place and a "u" i=
n another. Naturally, this sort of code is more secure than Monoalphabetic =
Substitution. It is still, however, vulnerable to (modified) frequency anal=
ysis, and a version of the MCMC Methods. So again, it is rather impractical=
.

Transposition
Transposition is an entirely different type of beast altogether. With a tra=
nsposition cipher, rather than changing letters to different letters with a=
lookup table, you just move the letters around. For instance, say we want =
to encrypt, as per usual, "plaintext." Let us write the word in, say, two c=
olumns:
p t
l e
a x
i t
n
Now, we simply read off the rows as our encrypted text. In this case, it wo=
uld be: "pt le ax it n."
This is just an example. As you can imagine, there are many, many ways of s=
crambling the letters (362,880 different ways for "plaintext" as a matter o=
f fact). However, computers<http://www.hackthissite.org/#> are fast enough =
to unscramble such things without too much trouble, so, in addition to some=
other considerations (which we will get to), modern cryptography does not =
employ this method either.

A special note on hashing
For hackers, one of the most important types of cryptography you may encoun=
ter is that of hashing. Hashing refers to encrypting something SO WELL that=
no one, I mean no one, can get the original information back again. Think =
of it as one way coding, that is, once you ENcode it, you cannot DEcode it.=
You may be asking yourself, "Now why on earth would you want to do such at=
thing? Encrypt information so that no one can ever read it again? Preposte=
rous!" But fear not! there is a rational reason to do this.
Say you have a password that only you know, and you want to keep it in a no=
t-so-secure place. This password is very important to you though, as it all=
ows you to log on to your computer. How can your computer compare<http://ww=
w.hackthissite.org/#> the password you enter when logging on, to the passwo=
rd you stored in a not-so-secure place, without letting anyone see what you=
r password actually is? The answer is hashing. Consider this algorithm:
1. Hash your stored password.
2. Put in the not-so-secure place.
3. Next time you log on, hash the password you enter.
4. Compare the entered password hash to the stored password hash.
5. If they are the same, you get logged on, otherwise, you stay locked out.
As you can see, the computer can check to see if your password matches with=
out storing the password in a readable state. Some common hashing algorithm=
s are MD5, SHA 1, and Blowfish (I have heard tell, though, that it was rece=
ntly shown that two different passwords may have the same hash in MD5, but =
that could just be a rumor).
"But wait," you say, "I've done several several Realistic challenges where =
I have decoded hashes! What is going on??" Well, when you "decoded" those h=
ashes what you were actually doing is is taking every possible letter combi=
nation, encrypting that as a hash, and comparing it to the hash you saved. =
So you were not decoding per se, but rather checking to see what text gets =
encoded as your saved hash. Basically, you cheated.

AES/Rijndael*
Rijndael (prounounced rain-doll) is the encryption standard used by the Uni=
ted States government. As you can imagine, it is very complicated. I will b=
riefly explain (in VERY basic terms), but I will have to assume some knowle=
dge of some Group Theory, binary, and XORing. Anyone who is familiar with A=
ES, understand, I am about to GREATLY oversimplify the algorithm for the sa=
ke of clarity, and you will have to forgive me. I know this is not exactly =
the way it works, but I think this explanation covers the underlying proces=
s in an edifying and understandable way.
First, start out with your message, and a password to encrypt it with. Conv=
ert it to binary. Call the binary "m." XOR your "m" with your password "k."=
Call the result "y."
Now for the meat of the AES. AES involves a few functions I will call "MixC=
olumns," "ShiftRows," and "SubBytes." Do not worry about what they do for n=
ow, we will get to that in a second. Lets call the AES output "c." Then:
c =3D k XOR MixColumns(ShiftRows(SubBytes(y)))
Great! Now, for what those functions actually do...
SubBytes
For this, we will be working in the field Z_2[x]/<x^8+x^4+x^3+x+1>. Z_2[x] =
is the ring of polynomials with coefficients being either 0 or 1. Since x^8=
+x^4+x^3+x+1 is an irreducible polynomial, we know that Z_2[x]/<x^8+x^4+x^3=
+x+1> will be a field. We will call this field "F." Nuff said.
Here comes the binary part (other than XORing, of course). Take one byte of=
"y" and make every zero or one the coefficient in a polynomial in F. For i=
nstance, say your byte is 10110101. Then your polynomial will be=20
x^7 + 0x^6 + x^5 + x^4 + 0x^3 + x^2 + 0x + 1=20
=3D x^7 + x^5 + x^4 + x^2 + 1
Now, since F is a field, we know that all elements in it (except for zero, =
of course) have an inverse. SubBytes finds this inverse, and replaces the o=
riginal byte with the one generated by the inverse polynomial (just like we=
found the polynomial from the byte, we can do the reverse and find a byte =
from a polynomial).
ShiftRows
ShiftRows step is a transposition step. It writes the bytes in blocks of 16=
, and "shifts the rows":

1 5 9 13
2 6 10 14
3 7 11 15
4 8 12 16

turns into

1 5 9 13
6 10 14 2
11 15 3 7
16 4 8 12

Then it reads off the columns as the new order in each block.
MixColumns
MixColumns is like SubBytes, except this time, we are working in the field =
F[t]/<t^4+1>. Moreover, you do not use single bytes, you use groups of four=
bytes. The first byte determines the coefficient of t^3, the second determ=
ines the coefficient of t^2 and so on. Then you multiply this by a given po=
lynomial also in this field, and use the result as your new set of four byt=
es.
And there you have it! AES/Rijndael in basic, abbreviated form. If you want=
some more details, you can try the Wikipedia page on AES, though that is a=
little thick. Otherwise, PM me if you have basic questions, and if there i=
s enough demand, I will write an article just on AES.

Public Key Cryptography
And finally, here is the mainstay of cryptography today. Since I do not wan=
t this article to be a book, I will cover the Diffie-Hellman Key exchange<h=
ttp://www.hackthissite.org/#>, and if you guys want to know about RSA, PM m=
e or let me know and I might do an article on that.
The Problem
In all the past sections, I have described crypto-systems that have a fatal=
flaw: the require a code book, of some sort or another. With substitution =
ciphers, you have the lookup tables. With Transposition, you have how you s=
crambled the letters. With AES, you have the password. And the problem with=
code books is, both the sender and the receiver of the coded message have =
to have a copy. If two people are communicating over insecure channels, and=
they wish to begin exchanging coded messages, how can they do so? If one o=
f them sends a code book over the insecure channel, an eavesdropper will ha=
ve a copy as well. What to do, what to do...
The Solution
Public Key Cryptography. Say Alice and Bob wanna exchange password protecte=
d emails using AES. How do they arrange to get the same password without se=
nding it to each other? One good way is called the Diffie-Hellman Key Excha=
nge. Now, this gets a little complicated, so I recommend you write it down =
as you read, like taking notes, so you can really understand it. I think yo=
u will find that while it looks scary, its really quite simple.
Alice picks a number "e," a number "p" and a number d. Then she calculates =
e^d mod p, or in english, the remainder of e raised to the power of d when =
divided by p (if you do not understand this, look up modular arithmetic<htt=
p://www.hackthissite.org/#>). Let us call this number "a" for Alice. Then, =
Alice sends e, p, and a to Bob, but keeps "d" a secret. Bob then picks a nu=
mber "c" to keep secret for himself. After that, he finds e^c mod p (let us=
call it "b" for Bob), and sends it to Alice. Next, Alice raises b to the d=
(mod p), and Bob raises a to the c (mod p). So, written out, we have:
a^c =3D (e^d mod p)^c =3D e^(dc) mod p
for Bob, and=20
b^d =3D (e^c mod p)^d =3D e^(dc) mod p
for Alice. You will notice that in the end, both Alice and Bob have the sam=
e number. This is their very own secret password, that no one but they know=
.
At first, this may not seem to be secure. After all, you're broadcasting wh=
at a and b are right? So shouldnt an eavesdropper be able to figure out wha=
t d and c are? Technically yes. But this problem is referred to as "The Dis=
crete Log Problem" in mathematics, and is notoriously difficult.
------=_NextPart_000_00B9_01CA074B.E8407340
Content-Type: text/html;
 charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dwindows-125=
2">
<STYLE></STYLE>

<META content=3D"MSHTML 6.00.6000.16850" name=3DGENERATOR></HEAD>
<BODY id=3DMailContainerBody=20
style=3D"PADDING-LEFT: 10px; FONT-WEIGHT: normal; FONT-SIZE: 12pt; COLOR: #=
000000; BORDER-TOP-STYLE: none; PADDING-TOP: 15px; FONT-STYLE: normal; FONT=
-FAMILY: Times New Roman; BORDER-RIGHT-STYLE: none; BORDER-LEFT-STYLE: none=
; TEXT-DECORATION: none; BORDER-BOTTOM-STYLE: none"=20
leftMargin=3D0 topMargin=3D0 acc_role=3D"text" CanvasTabStop=3D"true"=20
name=3D"Compose message area">
<DIV>
<DIV id=3DpreLoadLayer1=20
style=3D"MARGIN-TOP: -15px; DISPLAY: none; Z-INDEX: 2; MARGIN-LEFT: -10px; =
POSITION: absolute"></DIV>So=20
first off, for those of you looking for the very basics of cryptography, I =
would=20
like to recommend taking a look at Arrexels article "Cryptography- The VERY=
=20
Basics." It is a nice little article on a simple form of encrypting message=
s,=20
though we will briefly go over this method here as well. Alright the=
n!=20
Cryptography is essentially the art of protecting information. It does so b=
y=20
changing the information into an unreadable form (as opposed to Steganograp=
hy,=20
which simply hides the existence of such information). One of the simplest =
ways=20
to do this is what is called "Monoalphabetic Substitution." Monoalphabetic Substitution This form is what is describ=
ed in=20
Arrexels article. Essentially, the idea is to replace letters with other le=
tters=20
in a predetermined fashion. For instance, we can make a lookup <FONT=20
style=3D"FONT-WEIGHT: 400; FONT-SIZE: 12px; FONT-FAMILY: Tahoma, Arial, Hel=
vetica, sans-serif; POSITION: static"=20
color=3D#06464><SPAN class=3DkLink=20
title=3D"http://www.hackthissite.org/#
CTRL + Click to follow link"=20
style=3D"FONT-WEIGHT: 400; FONT-SIZE: 12px; FONT-FAMILY: Tahoma, Arial, Hel=
vetica, sans-serif; POSITION: relative">table=20
for encrypting and decrypting in this <FONT=20
style=3D"FONT-WEIGHT: 400; FONT-SIZE: 12px; FONT-FAMILY: Tahoma, Arial, Hel=
vetica, sans-serif; POSITION: static"=20
color=3D#06464><SPAN class=3DkLink=20
title=3D"http://www.hackthissite.org/#
CTRL + Click to follow link"=20
style=3D"FONT-WEIGHT: 400; FONT-SIZE: 12px; BORDER-BOTTOM: 3px solid; FONT-=
FAMILY: Tahoma, Arial, Helvetica, sans-serif; POSITION: relative">system</S=
PAN><SPAN=20
id=3DpreLoadWrap1 style=3D"POSITION: relative"> like so: a b c d =
e f g h i=20
j k l m n o p q r s t u v w x y z b c d e f g h i j k l m n o p q r s t =
u v w=20
x y z a If we want to encrypt the word "plaintext," we first take the fi=
rst=20
letter, p, and look it up in the first row of our table, and find the lette=
r=20
right below it: q. So "p" becomes "q." Doing this lookup all the way throug=
h=20
gives the encrypted form: "qmbjoufyu." To reverse the process, look at the=
=20
second row of the table, and find the corresponding letter in the first row=
.=20
 This type of code is vulnerable to frequency analysis, and, more=20
interestingly, things called Markov Chain Monte Carlo Methods (a very=20
interesting article on them found <A=20
title=3Dhttp://www-stat.stanford.edu/~cgates/PERSI/papers/MCMCRev.pdf=20
href=3D"http://www-stat.stanford.edu/~cgates/PERSI/papers/MCMCRev.pdf" XhgX=
W=3D"0"=20
_nwii=3D"0">here</A>, though not terribly accessible to newbies). For <A=20
class=3DkLink oncontextmenu=3D"return false;" id=3DKonaLink2=20
onmouseover=3DadlinkMouseOver(event,this,2); title=3Dhttp://www.hackthissit=
e.org/#=20
style=3D"POSITION: static; TEXT-DECORATION: underline! important"=20
onclick=3DadlinkMouseClick(event,this,2); onmouseout=3DadlinkMouseOut(event=
,this,2);=20
href=3D"http://www.hackthissite.org/#" target=3D_top><FONT=20
style=3D"FONT-WEIGHT: 400; FONT-SIZE: 12px; FONT-FAMILY: Tahoma, Arial, Hel=
vetica, sans-serif; POSITION: static"=20
color=3D#06464>computer=
=20
security<=
/SPAN></A>,=20
it is therefore rather impractical. Polyalphabetic Substitution In the above example, only o=
ne=20
ciphertext alphabet (as the second row above is called) was used. In the ca=
se of=20
Polyalphabetic Substitution, more than one is used. One way to do this is t=
o=20
apply one alphabet to every other letter starting with the first one, and=
=20
another alphabet for every other letter starting with the second. This may =
be a=20
little confusing, so here is an example. First, let us make a pair of look =
up=20
tables: a b c d e f g h i j k l m n o p q r s t u v w x y z b c d e f=
g h=20
i j k l m n o p q r s t u v w x y z a and: a b c d e f g h i j k l m =
n o p=20
q r s t u v w x y z c d e f g h i j k l m n o p q r s t u v w x y z a=20
b where we want to encode "plaintext" again. So, we take the first lette=
r=20
"p", and look it up in the first lookup table. As before, it turns into "q.=
" For=20
the second letter, we use the second lookup table, turning "l" into "n." Fo=
r the=20
third letter, we use the first table again, and so on. Proceeding in this w=
ay we=20
get: qnbkovfzu. As you can see, the letter "t" is encoded as a "v" in on=
e=20
place and a "u" in another. Naturally, this sort of code is more secure tha=
n=20
Monoalphabetic Substitution. It is still, however, vulnerable to (modified)=
=20
frequency analysis, and a version of the MCMC Methods. So again, it is rath=
er=20
impractical. Transposition Transpo=
sition is=20
an entirely different type of beast altogether. With a transposition cipher=
,=20
rather than changing letters to different letters with a lookup table, you =
just=20
move the letters around. For instance, say we want to encrypt, as per usual=
,=20
"plaintext." Let us write the word in, say, two columns: p t l e a=
=20
x i t n Now, we simply read off the rows as our encrypted text. In=
this=20
case, it would be: "pt le ax it n." This is just an example. As you can=
=20
imagine, there are many, many ways of scrambling the letters (362,880 diffe=
rent=20
ways for "plaintext" as a matter of fact). However, <A class=3DkLink=20
oncontextmenu=3D"return false;" id=3DKonaLink3=20
onmouseover=3DadlinkMouseOver(event,this,3); title=3Dhttp://www.hackthissit=
e.org/#=20
style=3D"POSITION: static; TEXT-DECORATION: underline! important"=20
onclick=3DadlinkMouseClick(event,this,3); onmouseout=3DadlinkMouseOut(event=
,this,3);=20
href=3D"http://www.hackthissite.org/#" target=3D_top><FONT=20
style=3D"FONT-WEIGHT: 400; FONT-SIZE: 12px; FONT-FAMILY: Tahoma, Arial, Hel=
vetica, sans-serif; POSITION: static"=20
color=3D#06464>computers</A>=20
are fast enough to unscramble such things without too much trouble, so, in=
=20
addition to some other considerations (which we will get to), modern=20
cryptography does not employ this method either. A=20
special note on hashing For hackers, one of the most important types=
of=20
cryptography you may encounter is that of hashing. Hashing refers to encryp=
ting=20
something SO WELL that no one, I mean no one, can get the original informat=
ion=20
back again. Think of it as one way coding, that is, once you ENcode it, you=
=20
cannot DEcode it. You may be asking yourself, "Now why on earth would you w=
ant=20
to do such at thing? Encrypt information so that no one can ever read it ag=
ain?=20
Preposterous!" But fear not! there is a rational reason to do this. Say =
you=20
have a password that only you know, and you want to keep it in a not-so-sec=
ure=20
place. This password is very important to you though, as it allows you to l=
og on=20
to your computer. How can your <A class=3DkLink oncontextmenu=3D"return fal=
se;"=20
id=3DKonaLink4 onmouseover=3DadlinkMouseOver(event,this,4);=20
title=3Dhttp://www.hackthissite.org/#=20
style=3D"POSITION: static; TEXT-DECORATION: underline! important"=20
onclick=3DadlinkMouseClick(event,this,4); onmouseout=3DadlinkMouseOut(event=
,this,4);=20
href=3D"http://www.hackthissite.org/#" target=3D_top><FONT=20
style=3D"FONT-WEIGHT: 400; FONT-SIZE: 12px; FONT-FAMILY: Tahoma, Arial, Hel=
vetica, sans-serif; POSITION: static"=20
color=3D#06464>computer=20
compare</A>=20
the password you enter when logging on, to the password you stored in a=20
not-so-secure place, without letting anyone see what your password actually=
is?=20
The answer is hashing. Consider this algorithm: 1. Hash your stored=20
password. 2. Put in the not-so-secure place. 3. Next time you log on,=
hash=20
the password you enter. 4. Compare the entered password hash to the stor=
ed=20
password hash. 5. If they are the same, you get logged on, otherwise, yo=
u=20
stay locked out. As you can see, the computer can check to see if your=
=20
password matches without storing the password in a readable state. Some com=
mon=20
hashing algorithms are MD5, SHA 1, and Blowfish (I have heard tell, though,=
that=20
it was recently shown that two different passwords may have the same hash i=
n=20
MD5, but that could just be a rumor). "But wait," you say, "I've done se=
veral=20
several Realistic challenges where I have decoded hashes! What is going on?=
?"=20
Well, when you "decoded" those hashes what you were actually doing is is ta=
king=20
every possible letter combination, encrypting that as a hash, and comparing=
it=20
to the hash you saved. So you were not decoding per se, but rather checking=
to=20
see what text gets encoded as your saved hash. Basically, you cheated. <=
BR><B=20
XhgXW=3D"0" _nwii=3D"0">AES/Rijndael* Rijndael (prounounced rain-dol=
l) is the=20
encryption standard used by the United States government. As you can imagin=
e, it=20
is very complicated. I will briefly explain (in VERY basic terms), but I wi=
ll=20
have to assume some knowledge of some Group Theory, binary, and XORing. Any=
one=20
who is familiar with AES, understand, I am about to GREATLY oversimplify th=
e=20
algorithm for the sake of clarity, and you will have to forgive me. I know =
this=20
is not exactly the way it works, but I think this explanation covers the=20
underlying process in an edifying and understand=
able=20
way. First, start out with your message, and a password to encrypt it wi=
th.=20
Convert it to binary. Call the binary "m." XOR your "m" with your password =
"k."=20
Call the result "y." Now for the meat of the AES. AES involves a few=20
functions I will call "MixColumns," "ShiftRows," and "SubBytes." Do not wor=
ry=20
about what they do for now, we will get to that in a second. Lets call the =
AES=20
output "c." Then: c =3D k XOR MixColumns(ShiftRows(SubBytes(y))) Grea=
t! Now,=20
for what those functions actually do... SubBytes For this, we will be working in the field=20
Z_2[x]/<x^8+x^4+x^3+x+1>. Z_2[x] is the ring of polynomials with=20
coefficients being either 0 or 1. Since x^8+x^4+x^3+x+1 is an irreducible=
=20
polynomial, we know that Z_2[x]/<x^8+x^4+x^3+x+1> will be a field. We=
will=20
call this field "F." Nuff said. Here comes the binary part (other than=
=20
XORing, of course). Take one byte of "y" and make every zero or one the=20
coefficient in a polynomial in F. For instance, say your byte is 10110101. =
Then=20
your polynomial will be x^7 + 0x^6 + x^5 + x^4 + 0x^3 + x^2 + 0x + 1 <B=
R>=3D=20
x^7 + x^5 + x^4 + x^2 + 1 Now, since F is a field, we know that all elem=
ents=20
in it (except for zero, of course) have an inverse. SubBytes finds this inv=
erse,=20
and replaces the original byte with the one generated by the inverse polyno=
mial=20
(just like we found the polynomial from the byte, we can do the reverse and=
find=20
a byte from a polynomial). ShiftRows S=
hiftRows=20
step is a transposition step. It writes the bytes in blocks of 16, and "shi=
fts=20
the rows": 1 5 9 13 2 6 10 14 3 7 11 15 4 8 12 16 tu=
rns=20
into 1 5 9 13 6 10 14 2 11 15 3 7 16 4 8 12 Then it =
reads=20
off the columns as the new order in each block. MixColumns MixColumns is like SubBytes, except this time=
, we=20
are working in the field F[t]/<t^4+1>. Moreover, you do not use singl=
e=20
bytes, you use groups of four bytes. The first byte determines the coeffici=
ent=20
of t^3, the second determines the coefficient of t^2 and so on. Then you=20
multiply this by a given polynomial also in this field, and use the result =
as=20
your new set of four bytes. And there you have it! AES/Rijndael in basic=
,=20
abbreviated form. If you want some more details, you can try the Wikipedia =
page=20
on AES, though that is a little thick. Otherwise, PM me if you have basic=
=20
questions, and if there is enough demand, I will write an article just on=
=20
AES. Public Key Cryptography And f=
inally,=20
here is the mainstay of cryptography today. Since I do not want this articl=
e to=20
be a book, I will cover the Diffie-Hellman Key <A class=3DkLink=20
oncontextmenu=3D"return false;" id=3DKonaLink5=20
onmouseover=3DadlinkMouseOver(event,this,5); title=3Dhttp://www.hackthissit=
e.org/#=20
style=3D"POSITION: static; TEXT-DECORATION: underline! important"=20
onclick=3DadlinkMouseClick(event,this,5); onmouseout=3DadlinkMouseOut(event=
,this,5);=20
href=3D"http://www.hackthissite.org/#" target=3D_top><FONT=20
style=3D"FONT-WEIGHT: 400; FONT-SIZE: 12px; FONT-FAMILY: Tahoma, Arial, Hel=
vetica, sans-serif; POSITION: static"=20
color=3D#06464>exchange</A>,=20
and if you guys want to know about RSA, PM me or let me know and I might do=
an=20
article on that. The Problem In all th=
e past=20
sections, I have described crypto-systems that have a fatal flaw: the requi=
re a=20
code book, of some sort or another. With substitution ciphers, you have the=
=20
lookup tables. With Transposition, you have how you scrambled the letters. =
With=20
AES, you have the password. And the problem with code books is, both the se=
nder=20
and the receiver of the coded message have to have a copy. If two people ar=
e=20
communicating over insecure channels, and they wish to begin exchanging cod=
ed=20
messages, how can they do so? If one of them sends a code book over the ins=
ecure=20
channel, an eavesdropper will have a copy as well. What to do, what to=20
do... The Solution Public Key Cryptogr=
aphy. Say=20
Alice and Bob wanna exchange password protected emails using AES. How do th=
ey=20
arrange to get the same password without sending it to each other? One good=
way=20
is called the Diffie-Hellman Key Exchange. Now, this gets a little complica=
ted,=20
so I recommend you write it down as you read, like taking notes, so you can=
=20
really understand it. I think you will find that while it looks scary, its=
=20
really quite simple. Alice picks a number "e," a number "p" and a number=
d.=20
Then she calculates e^d mod p, or in english, the remainder of e raised to =
the=20
power of d when divided by p (if you do not understand this, look up modula=
r <A=20
class=3DkLink oncontextmenu=3D"return false;" id=3DKonaLink6=20
onmouseover=3DadlinkMouseOver(event,this,6); title=3Dhttp://www.hackthissit=
e.org/#=20
style=3D"POSITION: static; TEXT-DECORATION: underline! important"=20
onclick=3DadlinkMouseClick(event,this,6); onmouseout=3DadlinkMouseOut(event=
,this,6);=20
href=3D"http://www.hackthissite.org/#" target=3D_top><FONT=20
style=3D"FONT-WEIGHT: 400; FONT-SIZE: 12px; FONT-FAMILY: Tahoma, Arial, Hel=
vetica, sans-serif; POSITION: static"=20
color=3D#06464>arithmetic</A>).=20
Let us call this number "a" for Alice. Then, Alice sends e, p, and a to Bob=
, but=20
keeps "d" a secret. Bob then picks a number "c" to keep secret for himself.=
=20
After that, he finds e^c mod p (let us call it "b" for Bob), and sends it t=
o=20
Alice. Next, Alice raises b to the d (mod p), and Bob raises a to the c (mo=
d p).=20
So, written out, we have: a^c =3D (e^d mod p)^c =3D e^(dc) mod p for =
Bob, and=20
 b^d =3D (e^c mod p)^d =3D e^(dc) mod p for Alice. You will notice th=
at in the=20
end, both Alice and Bob have the same number. This is their very own secret=
=20
password, that no one but they know. At first, this may not seem to be=
=20
secure. After all, you're broadcasting what a and b are right? So shouldnt =
an=20
eavesdropper be able to figure out what d and c are? Technically yes. But t=
his=20
problem is referred to as "The Discrete Log Problem" in mathematics, and is=
=20
notoriously difficult.</DIV></BODY></HTML>

------=_NextPart_000_00B9_01CA074B.E8407340--
Received on Sat Mar 02 2024 - 00:57:22 CST

This archive was generated by hypermail 2.3.0 : Sat Mar 02 2024 - 01:11:45 CST