*CHECK THE CRYPTO LIBRARY HERE* Ensuring the privacy and confidentiality of data stored on and transmitted between information systems is another important aspect of computer security, and this is built on the foundation of cryptography, the branch of mathematics concerned with procedures for encrypting and decrypting information. Cryptanalysis is the study of how to crack encryption algorithms or their implementations.
The basic terminology is that cryptography refers to the science and art of designing ciphers; cryptanalysis to the science and art of breaking them; while cryptology, often shortened to just crypto, is the study of both.
There are two kinds of cryptosystems: symmetric and asymmetric. In symmetric systems the same key (the secret key) is used to encrypt and decrypt a message. Data manipulation in symmetric systems is faster than asymmetric systems as they generally use shorter key lengths. Asymmetric systems use a public key to encrypt a message and a private key to decrypt it. Use of asymmetric systems enhances the security of communication.
Every security professional should be familiar with the basics of this field, including knowledge of Public key cryptography with its elements of certificates, signatures, certificate authorities (CAs), and public key infrastructure (PKI).
Vernam -Vigenère Ciphers
In 1918 Gilbert S. Vernam, an engineer for the American Telephone & Telegraph Company (AT&T), introduced the most important key variant to the Vigenère system.
At that time all messages transmitted over AT&T’s teleprinter system were encoded in the Baudot Code, a binary code in which a combination of marks and spaces represents a letter, number, or other symbol. Vernam suggested a means of introducing equivocation at the same rate at which it was reduced by redundancy among symbols of the message, thereby safeguarding communications against cryptanalytic attack. A random series of marks and spaces (a running key) were mingled with the message during encryption to produce what is known as a stream or streaming cipher.
The key itself consisted of a punched paper tape that could be read automatically while symbols were typed at the teletypewriter keyboard and encrypted for transmission. This operation was performed in reverse using a copy of the paper tape at the receiving 25 Cipher Systems teletypewriter to decrypt the cipher. Vernam initially
believed that a short random key could safely be reused many times, thus justifying the effort to deliver such a large key, but reuse of the key turned out to be vulnerable to attack by methods of the type devised by Kasiski. Vernam offered an alternative solution: a key generated by combining two shorter key tapes of m and n binary digits, or bits, where m and n share no common factor other than 1 (they are relatively prime). A bit stream so computed does not repeat until mn bits of key have been produced.
This version of the Vernam cipher system was adopted and employed by the U.S. Army until Major Joseph O. Mauborgne of the Army Signal Corps demonstrated during World War I that a cipher constructed from a key produced by linearly combining two or more short tapes could be decrypted by methods of the sort employed to
cryptanalyze running-key ciphers. Mauborgne’s work led to the realization that neither the repeating singlekey nor the two-tape Vernam-Vigenère cipher system
Ciphers really came into their own during WWI and WWII. Entire military and government departments were dedicated to the tasks of coming up with new methods of making secret messages. In addition to making secret messages, these offices also had to figure out how to decrypt the enemy’s secret messages. It was from that base of intelligence that modern cryptography has come to be. The government soon discovered that, war or no war, they still had to create secret messages. Cryptography's potential for use as a tool for espionage and sedition (meaning= conduct or speech inciting people to rebel against the authority of a state or monarch ) has led many governments to classify it as a weapon and to limit or even prohibit its use and export.
Unfortunately, encryption methods have become increasingly sophisticated out of necessity, as the theft and unauthorised decryption of sensitive information has grown right along with electronic commerce itself. Illegal decryption is often the basis for cyber crimes such as identity theft. By the first decade of the 21st century, this type of fraud was already affecting millions of people in the United States alone, resulting in the losses of billions of dollars by businesses and consumers.
This is an example of one crypto book I have for offline reading (downloading) in the library: