There is a lot of information that we store on computers or send over local nets or the internet that we don’t want others to see: not only client information, but credit card numbers and such. Encryption promises security. But how does it work and how secure is it?
Electronic data encryption is the modern successor of the science of cryptography previously used mainly by military or governments or even intellectuals like Leonard Da Vinci to hide their dangerous and disturbing ideas if author Dan Brown is to be believed.
The most famous historical code was used by Caesar. He sent messages in a code that his generals could decipher by simply substituting two letters next in the Roman alphabet so that a becomes c. Simple, yet it fooled barbarians and schoolteachers (except Latin teachers).
The great leap in encryption was made by a seventh century Persian mathematician, Al Khawariza who in the process of developing mathematics that gave us the term algebra, created the algorithm, a word which is said to be derived from his name, although the process of that derivation is no longer obvious.
The basic concept of one type of algorithm is simple. It is a set of instructions, often using a sequence of simple arithmetic computations one purpose of which can be used for encryption. Here is a basic example: let’s send the word BED in algorithmic code. First convert the letters to numbers by their position in the alphabet, which gives 254. Then multiply 254 by a random number, say 256, which computation equals 65024. This is now cipher text.
Even given that you were told that you were looking for a 3 letter word, how many trials of combinations would it take to list all possible 3 letter words to break the code to decipher and identify BED? With a computer it could be done with some ease. It is even easier if the sender tells you: divide by 256.
The modern algorithm is not so simple and has many steps involving many computations. And, if at some stages, instead of simply multiplying by a number such as 256 an algebraic formula was substituted, the complexity increases exponentially.
So if the encryption software of the sending computer uses a particular method and the receiving computer software knows the steps necessary to decode it, a message can be coded and decoded with ease.
The key says, for example, “today I’m using Caesar’s cipher so decode by moving 2 letters down”. There is double encryption so not only is the message scrambled so is the instruction on what key to use.
On websites operated by banks and reputable businesses, the website software establishes a secure connection when you log on so that every bit of information sent and received until you log off is encrypted. You can check the level of security by clicking on the “security” feature. That page will also contain suggestions for improving security.
A Bit Makes It Possible
It is well know that computers use the binary number system. This uses the base 2 not the base 10 as does our decimal system. The basic unit is called a bit. The term “bit” derives from “Binary digIT”. A byte is 8 bits.
Again, to over-simplify, an encryption key might use large values with 40, 64 or 128 steps in the algorithm. The latter is called 128 bit encryption. A 128-bit number has a possible 2 to the 1 28th power or 3, 402, 823, 669, 209, 384, 634, 633, 746, 074, 300, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000 different combinations! This would be like trying to find one particular grain of sand in the Sahara Desert.
Breaking the Code
Code breakers use a very basic technique they call “brute force” which is unsophisticated trail and error. A software program tries varies combinations at high speed. For example, it may first try Caesar’s cipher- move 2 to the left. This produces thousands of combinations. Then the program uses technique such as “known frequency”. It searches for what are the most frequent words which in English are words such as:” the”, “and”. It also searches most frequent letters which are vowels particularly “e”. The program then identifies clear text or meaningful words which the code breaker examines for clues to decipher the message.
But is it Safe?
The common wisdom from encryption experts is that all the computers on the earth wired together operating for a billion years could not solve 128 bit encryption. They warn however that some mathematician may invent a short cut in the future.
Spyware has been developed so that it can read keystrokes which contain the encryption key and which will be sent to the hacker’s computer. There is software to search and destroy spyware.
Additionally, there are also government back doors. Developers have reported that the US government requires that they provide it with these. Developers themselves sometimes put in back doors that they sell to industrial spies. So the only absolutely hacker proof way to keep information confidential is to enter it on a floppy disk and remove the floppy disk from the computer so that the information is never on a computer that is linked directly or indirectly to the internet. Then, of course, the question,” is it still safe? is answered by the question: Do you know the name of your office cleaning lady?
Here is a summary of the type of protection software that is needed by the average computer:
- A firewall to protect against hackers.
- An automatic updating function with the browser manufacturer and operating systems manufacturers for patches that effect security.
- Virus software
- Encryption software for sending sensitive information by email
- Spy-ware software
Is this over kill? As the geeks say: On the internet only the paranoid survive.