Simple Cryptology

__________ __ __
/ _______/ /_/ / /
/ /______ __ __ ___ _____ / / _____
/______ / / / / \/ / / _ / / / /
__/
_______/ / / / / /\_/ / / // / / / / /-_
/_________/ /_/ /_/ /_/ / ___/ /_/
/—-/
/ /
/_/
________ __ __
/ ______/ / / / /
/ / ______ __ __ _____
=/ /=____ / / ____ ____ __ __
/ / / __ _/ / / / / / _ / / / /__ / / / /__ / /__ / / / / / /> / /_____ / /-// / /_/ / / // / / / //_// / / //_// //_// / /_/ /
/_______/ /_/ /_/ /___ / /
___/ /_/ /___/ /_/ /___/ /_ / /___ /
___/ / / / ___/ / ___/ /
/____/ /_/ /____/
/____/

Simple Cryptology
by Dave Ferret

>>> a cDc
publication…….1993 <<<
-cDc- CULT OF THE DEAD COW -cDc-
____ _ ____ _ ____
_ ____ _ ____

|____digital_media____digital_culture____digital_media____digital_culture____|

Handy
definitions borrowed without permission from sci.crypt Frequently
Asked Questions file:

cryptology - the study of codes and ciphers

cryptography - the act of inventing
code or cipher systems

cryptanalysis - the breaking of a code or cipher system without
benefit of
the normal deciphering mechanism(s)

______________________________________________________________________________

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% What is Cryptography? (The Short Version) % /> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

"Cryptography is the art and
science of hiding data in plain sight. It is
also the art and science of stealing data hidden
in plain sight."

(Both accurate definitions, by Larry Loen.)

Have you
ever made secret codes with your friends when you were little?
Whether it was a number code
where each letter of the alphabet had a
substituted number, or you made a chart for each of
you to translate a message,
you were practicing a simple form of Cryptography. As far as I can
back up,
cryptology wasn’t widely used until World War I, when actual machines were

created for the sole purpose of making messages unreadable to the enemy.

Cryptography
is the method by which "plaintext" is encrypted into an
unreadable form. The
plaintext is the original text, before ltering to make it
unreadable to other people. The key,
or code, is the actual password (or
whatnot) used to make it unreadable. This is a very
simplistic, and not
completely accurate view for which I apologize and again urge anyone
seriously
interested to read actual hard-copy books and papers for a more detailed

explanation.

===============================================
= Why are encrypted
communications important? =
===============================================

In
today’s electronic communication forums, encryption can be very
mportant! Do you know for a
fact that when you send a message to someone else,
that someone hasn’t read it along the way?
Have you ever really sent something
you didn’t want anyone reading except the person you sent
it to? As more and
more things become online, and "paperless" communication
predictions start
coming true, it’s all the more reason for encryption. Unlike the normal
U.S.
Mail where it is a crime to tamper with your mail, email-reading can commonly
go
unnoticed on electronic pathways as your message hops from system to system
on its route
towards its final destination. Just think, the average Internet
letter makes at least two hops
before it reaches its recipient, usually more.
Even on public BBS’s, your mail is usually
stored in plaintext. Can you be
sure someone else isn’t reading it? The sysop? Half a dozen
co-sysops and
hangers-on? How hard would it be for system administrators to set up a
process
to "grep" (search for known text) all incoming/outgoing mail batches for /> certain catch phrases? It’s not very hard, I assure you. Although most people
probably
don’t do things like this, the threat is real. That’s why you need to
encrypt your messages.
You have the right of privacy, as stated in the
Constitution. That’s why cryptography is so
key.

=========================================
= Different types of
encryption schemes =
=========================================

One-Way encryption
algorithms: What are they?

There are certain mathematical/cryptographical algorithms
that will
encrypt a string of text/numbers using a complex equation. However, you cannot

reverse these equations again (take my word for it, it has to do with
pieces of the equation
being unknown, and purposely lost in the encryption
process).

A real-life example
of one-way encryption:

These types of algorithms are used when someone needs to compare
text,
such as in password validation checks. Crypt(), the Unix password validation

routine works like this. A password is used at the key to encrypt a plaintext
string of 0’s.
Then, to verify the password, the computer tries to encrypt the
same string of plaintext with
the password typed in. If a match is made to the
original encrypted text, then the password is
valid. (Note: Although you can’t
reverse this to find out what the original password/key was,
you can compare
two encryptions to see if it’s the same key.)

The
"One-Time Pad"
==================

A long string of random numbers are
generated/created. Messages cannot
be any longer than the string of random numbers, but can be
shorter.

The text is encrypted by XOR’ing the bits in relation to the random string /> of numbers. Bit by bit. So, anyone not knowing the original key wouldn’t know
whether the
string, "123" was really "456" or "789" because in fact the

originator and the intended receiver know it’s really, "012" (wrap around
9->0).
This is the best explanation I can come up with for this.
It’s a proven technique and is
considered quite secure.

Single-Key Encryption
=====================

This is what most non-crypto-speak people would understand as an
encryption system. You
enter one string of characters (or whatnot - The KEY)
and encrypt your plaintext with this
key. Anyone with knowledge of what this
key is can decrypt and read the plaintext.
/>
Public-Key Encryption
=====================

This is gaining a large
following during the time of this writing with
such programs as RIPEM, PGP, and the
availability of RSAREF, a RSA Public Key
algorithm library. RIPEM, and PGP (Pretty Good
Privacy by Phil Zimmerman) are
both examples of RSA Public Key systems. There are two distinct
parts to a
public key system, the PUBLIC key and the PRIVATE key.

o The PUBLIC
key is given out to everyone you know who would want to send
you an encrypted message.

o The PRIVATE key you keep secret and do not disclose to anyone.

How it works:
User A (Iskra) wants to send a message to User B (B00gerHed)
so Iskra encrypts a message to
B00gerHed using BH’s public key that was given
out at the last HoHoCon. No one except
B00gerHed has the private key to
decrypt the message. So he takes his private key, the
counterpart to his
public key, and decrypts the message sent to him by Iskra. Viola. He now
sees
that the new red boxes are no longer working because AT&T has cinched up the

timing checks. However, Veggie (User C) has intercepted the encrypted message
and is trying to
figure out what they are talking about. But because he
doesn’t have B00gerHed’s private key,
he cannot read it. A successful use of
public key encryption.

There are a LOT of
books on this, so that’s all I’m going to say.

%%%%%%%%%%%%%%%%%%%%%%%%%%%% /> % Books, journals et al… %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%

NOTE: A lot of the
best and most complete sources of cryptography and some
algorithms are classified by the
United States Government. However, there are
still a decent number I can suggest. Also, the
NSA has been pushing for
legislation to require all encryption schemes to be
"breakable" in a reasonable
matter of time with back doors or weaknesses so THEY can
decrypt your messages.
This is a violation of your rights. I hope you would oppose such
things.

Thanks to the following people for some info:
Larry Loen -
lwloen@rchland.vnet.ibm.com 11/92)
cme@ellisun.sw.stratus.com (Carl Ellison) 11/92)
Alec
Chambers (jac54@cas.org)
mrr@scss3.cl.msu.edu (Mark Riordan)

David Kahn,
The Codebreakers, Macmillan, 1967 [history; excellent]

H.F. Gaines, Cryptanalysis,
Dover, 1956 [originally 1939, as
Elementary Cryptanalysis].

Abraham Sinkov,
Elementary Cryptanalysis, Math. Assoc. of Amer., 1966.

D. Denning, Cryptography and
Data Security, Addison-Wesley, 1983.

[ Dorothy Denning, also wrote a paper proposing
all public key ]
[ systems be required to "register" their private keys with the
]
[ NSA or other agency for decryption should the gov't feel it ]
[ necessary. ]

Alan G. Konheim, Cryptography: A Primer, Wiley-Interscience, 1981.

Meyer and
Matyas, Cryptography: A New Dimension in Computer Data Security,
John Wiley & Sons,
1982.

Books can be ordered from Aegan Park Press. They aren’t cheap, but they /> are the only known public source for most of these and other books of
historical and
analytical interest.

Write for catalog to:

Aegean Park Press
P.O.
Box 2837
Laguna Hills, CA 92654-0837

Cryptologia: a cryptology journal,
quarterly since Jan 1977.
Cryptologia; Rose-Hulman Institute of Technology; Terre Haute,

Indiana 47803 [general: systems, analysis, history, ...]

Gordon Welchman, The Hut Six
Story, McGraw-Hill, 1982.
[excellent description of his WW-II crypto work (breaking the German

Enigma); discussion of modern cryptological implications]

–
Various books
available from Artech House, 610 Washington St., Dedham, MA
02026; including:

Deavours & Hruh, Machine Cryptography and Modern Cryptanalysis.
[operation and breaking of
cipher machines through about 1955]

Deavours, et al., CRYPTOLOGY Yesterday, Today, and
Tomorrow.
[Cryptologia reprints - 1st volume]

Deavours, et al., CRYPTOLOGY:
Machines, History & Methods.
[Cryptologia reprints - 2nd volume]
–

Cryptologia
Rose-Hulman Institute of Technology
Terre Haute, Indiana 47803

Cryptologia: a cryptology journal, quarterly since Jan 1977.

Journal of the
International Association for Cryptologic Research.
[quarterly since 1988]

The
RSA paper: The Comm. of the ACM, Feb 1978, p. 120.

Claude Shannon’s 2 1940’s papers in
the Bell System Tech Journal.

Herbert O. Yardley, The American Black Chamber,
Bobbs-Merrill, 1931.
[First hand history - WW-I era]

Edwin Layton, "And I
Was There", William Morrow & Co., 1985.
[First hand history - WW-II]

W.
Kozaczuk, Enigma, University Publications of America, 1984.
[First hand history (Rejewski's) -
pre-WW-II]

Journal of Cryptology
Springer-Verlag New York, Inc.
Service
Center Secaucus
44 Hartz Way
Secaucus, NJ 07094
(201)348-4033
$87/year + $8
postage & handling. Published three times a year.

Cryptosystems Journal
Tony
Patti, Editor and Publisher
P.O. Box 188
Newtown, PA 18940-0188
(215)579-9888 /> tony_s_patti@cup.portal.com
$45/year. Published three times a year. Journal dedicated to
the
implementation of cryptographic systems on IBM PC’s. Emphasis on
tutorial/pragmatic
aspects. Evidently all articles are written by the
publisher.

Forbidden
Knowledge
P.O. Box 770813
Lakewood, OH 44107
$18 a year - make check or m/o to
Darren Smith (editor). Jack Jeffries
(cj137@cleveland.Freenet.Edu) says that this is a local
publication which has
articles on cryptology. That’s all I know about it.

The
Cryptogram
Journal of the American Cryptogram Association
P.O. Box 6454
Silver
Spring, MD 20906
This is the Journal of the American Cryptogram Assocation, available by

joining the ACA. Dues are probably about $20/year by now. Published six times
a year. Contains
mostly puzzles for you to solve. No techniques invented after
1920 are used, with simple
substitution being the most common. Also contains
articles on classical cryptosystems, and
book reviews.

The Cryptogram Computer Supplement
Dan Veeneman
P.O. Box 7 /> Burlington, IL 60109 USA
$2.50/issue. Published three times a year for ACA members.
Newsletter
for computer hobbyist members of the ACA.

The Public Key
George
H. Foot, Editor
Waterfall, Uvedale Road
Oxted, Surry RH8 0EW
United Kingdom

Cost unknown. Magazine devoted to public key cryptography, especially
amongst personal
computer owners. Note that RSA’s patents do not apply in
Europe, hence the existence of this
magazine.

Surveillant,
Lock Box Mail Unit 18757
Washington, DC
20036-8757
6 issues/year, $48.00. Announces new acquisitions and has some news from
the
intelligence field. Each issue comes with a check-off order form for books
announced in that
issue.
______________________________________________________________________________

I suggest if you have the time and access to follow the Usenet groups, as
they have
heaps of info. Also, reading the sci.crypt FAQ and the few online
publications including
Dorothy Denning’s work will help you gain a better
understanding. In fact, probably better
than this hack job.

Exeunt.
_______
__________________________________________________________________
/ _ _ \|Demon Roach
Undrgrnd.806/794-4362|Kingdom of Shit…..806/794-1842|
((___)) |Cool
Beans!……….510/THE-COOL|Polka AE {PW:KILL}..806/794-4362|
[ x x ] |The
Alcazar……….401/782-6721|Moody Loners w/Guns.415/221-8608|
\ / |The
Works…………617/861-8976|Finitopia………..916/673-8412|
(’ ‘) |ftp - zero.cypher.com
in pub/cdc |ftp - ftp.eff.org in pub/cud/cdc|
(U)
|==================================================================|
.ooM |Copr. 1993 cDc
communications by Dave Ferret 04/01/93-#226|
\_______/|All Rights Drooled Away. [cDc/K-rAd
people are we]|

• Cryptography
• Phrack Inc Volume Three, Issue 28
• THE ENCYCLOPEDIA OF DIRECT ACTION
• THE TELENET CONNECTION
• JACKPOTTING: What is it?