| Let us take the example of scrambling an egg. | | | | Rijmen and Joan Daemen. Typically, AES uses |
| First, crack the shell, pour the contents into a | | | | 256-bits (equivalent to 78 digits) for its keys. The |
| bowl and beat the contents vigorously until you | | | | key is any number between 0 and |
| achieved the needed result - well, a scrambled | | | | 84665640564039457584007913129639935. This |
| egg. This action of mixing the molecules of the | | | | number is the same as the estimated number of |
| egg is encryption. Since the molecules are | | | | atoms in the universe.The National Security |
| mixed-up, we say the egg has achieved a higher | | | | Agency (NSA) approved AES in June 2003 for |
| state of entropy (state of randomness). To | | | | protecting top-level secrets within US |
| return the scrambled egg to its original form | | | | governmental agencies (of course subject to their |
| (including uncracking the shell) is decryption. | | | | approval of the implementation methods). They |
| Impossible?However, if we substitute the word | | | | are reputedly the ones that can eavesdrop on all |
| "egg" and replace it with "number", "molecules" | | | | telephone conversations going on around the |
| with "digits", it is POSSIBLE. This, my friend, is the | | | | world. Besides, this organization is recognized to |
| exciting world of cryptography (crypto for short). | | | | be the largest employer of mathematicians in the |
| It is a new field dominated by talented | | | | world and may be the largest buyer of computer |
| mathematicians who uses vocabulary like | | | | hardware in the world. The NSA probably have |
| "non-linear polynomial relations", "overdefined | | | | cryptographic expertise many years ahead of the |
| systems of multivariate polynomial equations", | | | | public and can undoubtedly break many of the |
| "Galois fields", and so forth. These cryptographers | | | | systems used in practice. For reasons of national |
| uses language that mere mortals like us cannot | | | | security, almost all information about the NSA - |
| pretend to understand.In the computer, | | | | even its budget is classified.A brute force attack |
| everything stored are numbers. Your MP3 file is a | | | | is basically to use all possible combinations in trying |
| number. Your text message is a number. Your | | | | to decrypt encrypted materials.A dictionary attack |
| address book is a longer number. The number 65 | | | | usually refers to text-based passphrases |
| represents the character "A", 97 for the small "a", | | | | (passwords) by using commonly used passwords. |
| and so on.For humans, we recognize numbers | | | | The total number of commonly used passwords |
| with the digits from 0 to 9, where else, the | | | | is surprisingly small, in computer terms.An |
| computer can only recognize 0 or 1. This is the | | | | adversary is somebody, be it an individual, |
| binary system which uses bits instead of digits. To | | | | company, business rival, enemy, traitor or |
| convert bits to digits, just simply multiply the | | | | governmental agency who would probably gain by |
| number of bits by 0.3 to get a good estimation. | | | | having access to your encrypted secrets. A |
| For example, if you have 256-bits of Indonesian | | | | determined adversary is one with more "brains" |
| Rupiah (one of the lowest currency denomination | | | | and resources. The best form of security is to |
| in the world), Bill Gates' wealth in comparison | | | | have zero adversary (practically impossible to |
| would be microscopic.The hexadecimal (base 16) | | | | achieve), the next best is to have zero |
| system uses the ten digits from 0 to 9, plus the | | | | determined adversary!A keylogger is a software |
| six extra symbols from A to F. This set has | | | | program or hardware to capture all keystrokes |
| sixteen different "digits", hence the hexadecimal | | | | typed. This is by far the most effective |
| name. This notation is useful for computer | | | | mechanism to crack password-based |
| workers to peek into the "real contents" stored | | | | implementations of cryptosystems. Software |
| by the computer. Alternatively, treat these | | | | keylogger programs are more common because |
| different number systems as currencies, be it | | | | they are small, work in stealth-mode and easily |
| Euro, Swiss Franc, British Pound and the like. Just | | | | downloaded from the internet. Advanced |
| like an object can be priced with different values | | | | keyloggers have the ability to run silently on a |
| using these currencies, a number can also be | | | | target machine and remotely deliver the recorded |
| "priced" in these different number systems as | | | | information to the user who introduced this |
| well.To digress a bit, have you ever wondered | | | | covert monitoring session. Keystroke monitoring, |
| why you had to study prime numbers in school? I | | | | as everything else created by man, can either be |
| am sure most mathematics teachers do not | | | | useful or harmful, depending on the monitor's |
| know this answer. Answer: A subbranch called | | | | intents. All confidential information which passes |
| public-key cryptography which uses prime | | | | through the keyboard and reaches the computer |
| numbers especially for encrypting e-mails. Over | | | | includes all passwords, usernames, identification |
| there, they are talking of even bigger numbers | | | | data, credit card details, and confidential |
| like 2048, 4096, 8192 bits.)When we want to | | | | documents (as they are typed).For the last |
| encrypt something, we need to use a cipher. A | | | | definition, we will use an example. Let's say you |
| cipher is just an algorithm similar to a recipe for | | | | have your house equipped with the latest locks, |
| baking a cake. It has precise, unambiguous steps. | | | | no master keys and no locksmith can tamper |
| To carry out the encryption process, you need a | | | | with them. Your doors and windows are |
| key (some called it passphrase). A good practice | | | | unbreakable. How then does an adversary get |
| in cryptography needs the key used by a cipher | | | | into your house without using a bulldozer to break |
| must be of high entropy to be effective.Data | | | | your front door? Answer: the roof - by removing |
| Encryption Standard (DES), introduced as a | | | | a few tiles, the adversary can get into your |
| standard in the late 1970's, was the most | | | | house. This is an exploit (weakness point). Every |
| commonly used cipher in the 1980's and early | | | | system, organization, individual has exploits.See, it |
| 1990's. It uses a 56-bit key. It was broken in the | | | | is not that difficult after all. If you can understand |
| late 1990's with specialized computers costing | | | | the material presented in this article, |
| about US$250,000 in 56 hours. With today's | | | | congratulations - you have become crypto-literate |
| (2005) hardware, it is possible to crack within a | | | | (less than 1% of all current computer users). If |
| day.Subsequently, Triple-DES superseded DES as | | | | you do not believe me, try using some of this |
| the logical way to preserve compatibility with | | | | newfound knowledge on your banker friends or |
| earlier investments by big corporations (mainly | | | | computer professionals.Stan Seecrets' Postulate: |
| banks). It uses two 56-bit key using three | | | | "The sum total of all human knowledge is a prime |
| steps:-1. Encrypt with Key 1. | | | | number."Corollary: "The sum total of all human |
| 2. Decrypt with Key 2. | | | | wisdom is not a prime number."This article may |
| 3. Encrypt with Key 1.The effective key length | | | | be freely reprinted providing it is published in its |
| used is only 112-bits (equivalent to 34 digits). The | | | | entirety, including the author's bio and link to the |
| key is any number between 0 and | | | | URL below.The author, Stan Seecrets, is a |
| 5192296858534827628530496329220095. Some | | | | veteran software developer with 25+ years |
| modify the last process using Key 3, making it | | | | experience at ( which specializes in protecting |
| more effective at 168-bit keys.Advanced | | | | digital assets. This site provides quality software |
| Encryption Standard (AES) was adopted as a | | | | priced like books, free-reprint articles on stock |
| standard by the National Institute of Standards & | | | | charts and computer security, free downloads and |
| Technology, U.S.A. (NIST) in 2001. AES is based | | | | numerous free stuff. © Copyright 2005, |
| on the Rijndael (pronounced "rhine-doll") cipher | | | | Stan Seecrets. All rights reserved. |
| developed by two Belgian cryptographers, Victor | | | | |