0 No comments

Cryptography (encryption) is as old as human written communication. Early Greeks used it to keep enemies from reading their battle plans as did the Romans. People have used various devices, which became more and more sophisticated as those who might intercept messages became more and more clever about breaking the cryptography. During the American Revolution, George Washington developed a code to communicate with the American colonists fighting the British, so an intercepted message was indecipherable, something that was in part responsible for American independence.

The movie “The Imitation Game” was all about the cracking of the encryption of the enigma machine, used by the Germans during World War II.

Those were all codes that required physical handling of the coded material, the messages. Today, however, coding (cryptography) has become infinitely more sophisticated. It is used for transactions that involve online purchases, communications, and banking, so must be able to keep prying eyes from reading the information and using it for their own nefarious purposes. And those prying eyes become more and more clever every day about cracking the codes and stealing information.

What is encryption? How does it work? Should we trust it with our information?

Bryan Clark in an article “How Does Encryption Work, and Is It Really Safe?” wrote, “While there is still a (relatively) small demographic that doesn’t trust online banking or making purchases at Amazon or other online retailers, the rest of us are quite a bit safer shopping online (from trusted sources) than we would be from taking that same shopping trip at our local mall.”

As Clark wrote, “Encryption is a modern form of cryptography that allows a user to hide information from others. Encryption uses a complex algorithm called a cipher in order to turn normalized data (plaintext) into a series of seemingly random characters (ciphertext) that is unreadable by those without a special key in which to decrypt it.” It has become more and more sophisticated because of the ability of computers to decode relatively simple ciphertext. So ciphertext has become incredibly complex.

Here’s how encryption works, explained in a simple way. Suppose Jack and Jill want to physically, as in person, send a message to each other without anyone else being able to access it. They use a metal box. The box contains a padlock; let’s call that the public key, with a key required to open it, the private key. In the more advanced form of encryption, asymmetric, there are two different keys. He opens the box, plops in his message, and locks the padlock, securing the box.

Jack can’t reopen the box since it requires Jill’s private key to unlock it. Once Jill gets the box, she uses her private key to open the padlock. Now Jill wants to send a message back to Jack, something like a get-well message for “breaking your crown” after going up the hill to fetch a pail of water. She plops her message into the box and locks Jack’s padlock onto it. That padlock requires Jack’s private key to open it. She sends it off to Jack with her open padlock in the box so Jack can send her back a secret message.

Online encryption, what they use to make the information we transmit on the internet, works mostly the same way only with numbers so large, prime numbers of 100+ characters translated into gibberish as keys, that it would require the most sophisticated computer in the world in the neighborhood of one million years to crack using what’s known as the “brute force” method, that is, trying things until they come up with the right key. That’s counter-productive for crooks. But there’s another way we will look at in a minute. We can spot when a website is encrypted because we see an https in front of the web address and a small lock in the web address slot.

I won’t go into the math that is used to encrypt. For a complete and somewhat head-scratching explanation, go to Bryan Clark’s excellent article at www.makeuseof.com/tag/encryption-care.

They still use two keys. They just aren’t physical keys, but as long as both sets of keys remain secret or unbreakable, everything is fine. The private and public keys are still used. You may have seen an example of a “key” at some time, but here’s what one looks like:

Good luck trying to crack the code!

Version: GnuPG v1.4.5 (GNU/Linux)

pre+FOhLuyw3pzpglr5G5braQeGo9HOPWXLr0ukl3fgW0uwBVgdK5lfmCrEKnMQM pOrtlMiheQ09EYMqtCQBt+bI27Swd0WgFkkDkuTdcFVp72C2/g5zPiLVc2j3qhgV go5RntvCoTOQ+oQbt9ioUePm9JH4DNoTzd41tybIL/6ekgWoObBETEQKCixfaP3w hQEOAxgx8INo4cXhEAQAhU44e428lReSMKECqsZ/6/SXg+bud7eP6L+KN2/W9JIJ G6VHVfDaf7svXvRs8V0yteVSvH5Bym9WecaJaD200y18CuV5iK10dLL4nw1B99I8 6zwnWSZsRDomJ69N9h6oR92/Npsb5Af0dML9MaKTBM0OrcjCvIchvZbGVAymoHoE AJFH8GoYQH3r22k7iJC2JkfF5j5+K7EQLQrSDq5nIZG/iI6Tn+mhJulcMnxpBjE6 uciq47eWiodBmHxBu4H008/fVmcV3BixNaiVmD9DYJ1p/z6AlyyifeCpr6hG9kng jeWVNQ5ReZZR+FAr61zIvwaMH4hRA0oblN8SH9qNVD+700AEjb8AFS7egMvBnXQL qb2ARo+zKN/yV9FNnyTuWXCBt3TqCYm3Z/X9Y3HKdyYeImwG6DiP5vzHB+uMNCpX avr3kLY8TsKwmUEUL1rYs3FIuXO2u4siSSbLr2UzPmtgpRIS2BdwBnNIc9yLuHVn
—–END PGP MESSAGE—– (explainthatstuff.com)

Other encryption will look and be just as unreadable. No one can read the encrypted information we send to Amazon to buy something. No one can read the encryption we exchange with banks to bank online. No one can read the encryption from the Starbucks terminal that we use to buy a $6.00 cup of coffee. That’s where the hackers come in. In a Wall Street Journal article April 20, 2015, Elizabeth Dwoskin explained, “If a hacker obtains the encryption keys, or the formula that unlocks the code, all that encryption was for naught.” After all, Target had good encryption, as did Home Depot, as did the US Government’s employee database, as did Ashley Madison, as did Sony, as did many others, but hackers got in by finding a back door, a place with a password that was easily cracked, to sneak into the database of these and more companies.

They did that by using insecure passwords that allowed them access to the entire database of a company. Many times these were from contractors, third-parties, who had or needed access to the affected company’s main database. It was all downhill for customers and consumers from there.

Many times one password they got was used in several other places so could be used to access company and personal information, such as bank and credit accounts, confidential records, and legal documents.

The warnings are clear. We don’t need to be concerned about our data being compromised as long as all the keys stay in the possession of the people they are intended for. It’s when they fall into the hands of those who are less than honorable that we should start worrying.


By Robert L. Cain

Leave a Reply

Your email address will not be published. Required fields are marked *