July 1, 2011, 5:17 a.m.
posted by gelassen
One big problem with ancient ciphers is that they were easily figured out, and the secret messages weren’t secret for very long. As cryptography got more complex, the secret messages stayed secret for a longer period. As I mention in a sidebar earlier in the chapter, the Enigma machine took several years to break and it was finally cracked through a combination of eavesdropping, engineering, pattern recognition, human laziness (on the German side), and some sheer luck. The Enigma team listened and heard clacking and clicking, which told them they were dealing with a machine, and then they managed to make a duplicate machine themselves (and got it right with luck). They noticed that some messages started with the same grouping of letters and were very lucky that the Germans used the same phrases many times to synchronize remote machines.
If you leave the keys to your car in the ignition and the doors unlocked, what do you think the chances are that it will be stolen soon? (If it’s a new Mercedes SL55 AMG valued at over $110,000, I’d say the chances are pretty good that it would be gone by morning.) The point is, if you leave the keys where other people can find them, you’re the one to blame. One of the biggest weaknesses in cryptography has been the poor use or sharing of keys. Like your password, you don’t write it on a sticky note and put it on your monitor. (Do people still do that?)
Key-length is mentioned a lot in books and articles about cryptography. That’s because the longer the key (drum roll, please), the harder it is to guess what the key is! All the examples of keys I’ve given you in this chapter are very short, very easy keys. Even if these keys weren’t already common knowledge, they still wouldn’t take long to guess. You could probably even do it with plain old paper and pencil.
The job of keeping keys a secret has been one that has plagued us for centuries. You have to share the key at some point in some manner, or the recipient won’t be able to decipher the message. This is such a major job that I’ve devoted all of Chapter 7 to the subject of managing keys.
If you know for certain both a plaintext word and its ciphertext mate in a message, it can make cracking the message a piece of cake. For example, if you look at an encrypted message with a string of characters like XROL and you know that it means CAKE, you can go through the entire message substituting all the Xs with Cs, Rs with As, and so on. If nothing else, it can certainly give you a clue as to what the words might be. It’s kind of like playing Wheel of Fortune. If you play around with these variations long enough, you might just discover the key for the entire message.
The first thing you look for when you’re trying to break a code is a pattern in the encrypted message. For example, the letter E is the most commonly used letter in the English language, so you look for a letter in the message that is used more than any of the others. That may indicate that that particular letter is actually the letter E. Failing that, the second most common letter in the English language is the letter T.
Finding a pattern was part of the solution for the man who has partially cracked the Kryptos sculpture at the CIA headquarters building (which I talk about a couple sections back). He looked long and hard for a grouping of letters that would correspond to the word the. Because the is extremely common in the English language, it’s usually a safe bet to start there, and many cryptanalysts do.
I’m kind of joking and kind of not when I list brute force as a method of breaking an encrypted message or file. Actually it’s done quite often thanks to computers getting faster and the ability of linking computers together for strength and will power. In some cases, computers working in parallel can be more powerful than one of the most powerful computers used by the NSA.
Brute force is a trial and error method of trying every possible combination of characters against the encrypted data in an attempt to discover the key. That’s one of the reasons I always stress that you use the longest keys possible. For example, a 56-bit key has 256 possible keys. That’s more than 72 quadrillion keys that must potentially be tried in order to find the correct one. You might think that, given those numbers, a 56-bit key would be pretty safe then. Wrong. In 1997, a distributed computing effort cracked the RSA’s 56-bit RC5 encryption in less than 250 days. One of the more famous brute force cracks was that of the DES algorithm. Many people didn’t think it was possible to crack DES by using brute force, and everyone in the crypto world was talking about it when it happened.