Let's start this blog trying to ...

...tell what cryptology is and where it comes from.

Cryptology (cryptography + cryptanalysis ) is an ancient science mainly practiced in war times and in diplomatic communications between nations. It is known that roman dictator Julius Caesar used cryptography in his communications (this word comes from ancient Greece kryptós=hidden and gráphein=writing, hidden writing). The method used was very simplistic. The main algorithm was just to add three letters from the alphabet to the one to hid. This way, if the letter reached the last letter of the alphabet, it just continued from the first letter (A would become D, B would become E, Y would become B and so on). Cryptanalysis (the part of cryptology that tries to know what the message is not knowing the key) is very easy too; it's just a matter of subtracting three letters from the alphabet and there you have it! The original message in all it's splendor!

So, for example, for the sentence "THIS IS A COMPUTER SECURITY RELATED BLOG" its conversion using Caesar's cipher would be "WKLV LV D FRPSXWHU VHFXULWB UHODWHG EORJ ".

If you want to keep yourself entertained for a while just try to crypt-analyse this "UFSSHWBUG MCI VOJS XIGH QFMDHOBOZMGSR MCIF TWFGH QFMDHCUFOA". But be careful! Caesar used a 3 letters displacement, but actually any displacement may be used... You're warned... ;)

Nevertheless, from Caesar's times since now this science has vastly evolved. There are basically two ways for hiding information from curious eyes this days: using symmetric key or using public/private key algorithms (you guys out there, I know there are lots of other ways, but let's start with those two ;) ). The two systems have their own strong points and weaknesses. In this post we will focus on symmetric key. We'll look at public/private key on the next post.

Using symmetric key method, the message transmitter and the receiver must know the algorithm and the key used to crypt and decrypt it. This situation forces the use of a secure channel for the transmitter and receiver to agree the secret key and the algorithm previously to the sending of any message. It has to be that way, because if it isn't an enemy could be aware of it and take note of the key and algorithm. If this situation was to be done, the enemy could take the role of any of the two parts sending messages that would serve to him and intercepting messages to manipulate them.

This way, using symmetric key methods, we mainly face two potential problems:

• we don't know if the message comes from the person we believe that should to come from, and
• we don't know if the message has been manipulated by someone knowing the secret key.

For those two problems to be solved is necessary the use of private/public key algorithms.

Symmetric methods are also known as classical cipher methods. There are mainly two kinds of classical cipher methods, which are:

• Substitution processes

They mainly create a correspondence between the message alphabet and the ciphered text alphabet, which may be the same as the message or another one. This way, each character from the clear message will correspond to one or more characters in the ciphered alphabet. Caesar's cipher is an example of this kind of methods.

Nevertheless there is more than Caesar's cipher in this category. Here are two examples:

• Vigenère cipher (1586):
  
  Vigenère cipher is a Caesar's cipher generalization. It takes successive times different values. This can be achieved by doing the secret key to be a word being repeated all along the text to be ciphered. For example, suppose the secret key is 'HELLO' and you want to cipher the sentence 'TODAY IS A GOOD DAY'. This is the process to do it:

Message:

T

O

D

A

Y

I

S

A

G

O

O

D

D

A

Y

Key:

H

E

L

L

O

H

E

L

L

O

H

E

L

L

O

Cryptogram:

A

S

O

L

M

P

W

L

R

C

V

H

O

L

M

This method was considered very secure during centuries until Major FriedrichWilhelm Kasiski discovered a method to break it in 1863.

• Vernam cipher (1917):

This is the first cipher to be considered unconditionally secure. A cipher is considered unconditionally secure when it gets secure against an attack with computational unlimited strength and resources. It uses a binary alphabet to represent the message because it was initially used for telegraphic communications making use of the Baudot code (five binary digits for each alphabetic character). For each of the five bits used to represent a character an XOR (exclusive or) operation is executed with the corresponding bit of the secret key. We will see it better with an example; for the message 'come soon' we have:

Original message	C	O	M	E	S	O	O	N
ASCII message	00011	01111	01101	00101	10011	01111	01111	01110
Key	00100	11110	00101	00011	10110	11000	11110	00011
Cryptogram	00111	10001	01000	00110	00101	10111	10001	01101

So, what's the point on this? Well, the XOR operation has the peculiarity of being able to leave the things as they were. I'll explain. At that point, if you apply the key over the cryptogram again, what you get is... Right! The original ASCII message again! :0 Try it if you don't believe me... :)

• Transposition processes

This kind of processes restructure the characters on the plaintext to make it unreadable for anyone that doesn't know which sorting has been used. Maybe the most known example of this is the scytale.

That's all by now about symmetric key. In the next post we will focus on public/private key cryptography. We will do a general revising about it and in later posts we will see how we can profit on it using available tools mainly in the open source world.

I hope you like this post. Please feel free to leave your opinion about it in the comments section.

Till next post!

Welcome!

Welcome to the first post on my blog.

My intention in writing this blog is about helping on security matters by being practical.

Hope you like it!