reiver-cryptography/index.xhtml

388 lines
12 KiB
HTML
Raw Normal View History

2023-12-22 21:19:20 +00:00
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta charset="utf-8" />
<title>Cryptography</title>
</head>
<body>
<main>
<article>
<h1>Cryptography</h1>
<address class="h-card">
by
<a rel="author" class="u-url" href="http://changelog.ca/"><span class="p-given-name">Charles</span> <span class="p-additional-name">Iliya</span> <span class="p-family-name">Krempeaux</span></a>
</address>
<p>
<strong>Cryptography</strong> is about how to communicate securely — and how to do so even when there is a <em>malicious</em> person, people, organization(s), or other entities who are trying to stop you from doing so.
</p>
<p>
<strong>Cryptography</strong> is an important part of <strong>privacy</strong>.
</p>
<p>
<strong>Cryptography</strong> is also sometimes called <strong>cryptology</strong>.
</p>
<section>
<h2>Goals</h2>
<p>
<strong>Cryptography</strong> is generally used to try provide three different but related things:
</p>
<ul>
<li><strong>confidentiality</strong>,</li>
<li><strong>integrity</strong>, and</li>
<li><strong>authenticity</strong>.</li>
</ul>
<p>
These three goals form the foundation of the security that <strong>cryptography</strong> tries to provide.
</p>
</section>
<dl>
<dt>Confidentiality</dt>
<dd>
<p>
<strong>Confidentiality</strong> is the goal that only the person, people, organization(s), or other entities you addressed the message to can read the message.
</p>
<p>
<strong>Confidentiality</strong> about how to hide information so that only the person, etc you want to read, listen to, or watch, etc a message can do so.
</p>
<p>
(In <strong>cryptography</strong>, things such as text, audio, and video all get called a "<strong>message</strong>".)
</p>
<p>
For example, if I record a video on my mobile phone and send it to my wife, <strong>confidentiality</strong> has it so that only my wife can watch the video, and no one else.
Not even the people and organizations that provide the communication infrastructure that I use to send the video to my wife.
</p>
<p>
<strong>Confidentiality</strong> is important for <strong>privacy</strong>.
</p>
</dd>
<dt>Integrity</dt>
<dd>
<p>
<strong>Integrity</strong> is the goal that a messages contents cannot be tampered with.
</p>
<p>
For example, if I write this message to my wife —
</p>
<blockquote>
<p>
Meet me at park by the kids' school at 3pm.
</p>
</blockquote>
<p>
<strong>integrity</strong>, for example, has it so someone else cannot change my message to:
</p>
<blockquote>
<p>
Meet me at in the dark scary alley behind the grocery store at 2pm.
</p>
</blockquote>
<p>
With <strong>integrity</strong>, the message my wife receives will be exactly what I sent her.
</p>
</dd>
<dt>Authenticity</dt>
<dd>
<p>
<strong>Authenticity</strong> is the goal that if someone or something claims to be who someone or something, then you can tell if it is actually them.
</p>
<p>
This could be with someone logging into a system.
Or it could be with <em>who</em> or <em>what</em> a message is claimed to be from.
</p>
<p>
For example, if my wife receives a message, she can tell if the message is actually from me or not.
</p>
</dd>
</dl>
<section>
<h2>Jargon</h2>
<p>
Like many specialties, <strong>cryptography</strong> has its own <em>jargon</em>
special words and special phrases that have special meanings in the specialty.
</p>
<p>
Sometimes <em>jargon</em> is comprised of new words and new phrases.
But sometimes <em>jargon</em> is comprised of existing words and existing phrases, which are given new meanings!
(This latter form of <em>jargon</em> can not only confuse, but also mislead people who don't understand the <em>jargon</em> of the specialty.)
</p>
<p>
Some of the basic <em>jargon</em>, in <strong>cryptography</strong>, includes the following words in phrases:
<em>cipher</em>,
<em>cipher-text</em>,
<em>decrypt</em>,
<em>decryption</em>,
<em>digest</em>,
<em>encrypt</em>,
<em>encryption</em>,
<em>hash</em>,
<em>message</em>,
<em>party</em>, and
<em>plain-text</em>.
</p>
<p>
Some of the more advanced <em>jargon</em>, in <strong>cryptography</strong>, includes the following words in phrases:
<em>avalanche-effect</em>,
<em>bcrypt</em>,
<em>brute-force-attack</em>,
<em>collision-attack</em>,
<em>decryption algorithm</em>,
<em>Ed25519</em>,
<em>EdDSA</em>,
<em>encryption algorithm</em>,
<em>GPG</em>,
<em>finger-print</em>,
<em>key</em>,
<em>MD5</em>,
<em>pass-phrase</em>,
<em>pass-word</em>,
<em>pepper</em>,
<em>PGP</em>,
<em>proof-of-work</em>,
<em>rainbow-table</em>,
<em>ROT-13</em>,
<em>RSA</em>,
<em>running key cipher</em>,
<em>salt</em>,
<em>scrypt</em>,
<em>scytale</em>,
<em>SHA-1</em>,
<em>SHA-2</em>,
<em>SHA-3</em>,
<em>shift-cipher</em>,
<em>sponge-function</em>,
<em>signature</em>,
<em>substitution cipher</em>,
<em>TLS</em>,
<em>transposition cipher</em>,
<em>web-of-trust</em>,
etc etc etc.
(There are a lot more advanced <em>jargon</em> than what we listed.)
</p>
<p>
Learning <strong>cryptography</strong>'s <em>jargon</em> will help you understand <strong>cryptography</strong>
as specialists in <strong>cryptography</strong> will very very likely be using <strong>cryptography</strong>'s <em>jargon</em>.
</p>
<p>
Let's first focus on defining the <strong>basic</strong> <em>jargon</em> in <strong>cryptography</strong>.
</p>
<p>
(These definitions <em>won't</em> be in alphabetical order.
But instead will be in an order that I think will make them easier to understand.
Some <em>jargon</em> is easier to understand once you understand other <em>jargon</em>.)
</p>
<section>
<h3>Plain-Text, Cipher-Text, Encryption, Decryption</h3>
<p>
What <strong>plain-text</strong> and <strong>cipher-text</strong> as well as <strong>encryption</strong> and <strong>decryption</strong> are is probably most easily understood with some examples.
</p>
<section>
<h4>Example №1</h4>
<p>
If I write this message to my wife —
</p>
<blockquote>
<p>
COULD YOU PICK UP THE KIDS FROM SCHOOL TODAY AT 2PM, PLEASE?
</p>
</blockquote>
<p>
— that is <strong>plain-text</strong>.
</p>
<p>
I might <em>not</em> want anyone else to be able to read that message (other than my wife).
So I can hide that message from others by turning that <strong>plain-text</strong> message into a <strong>cipher-text</strong> message to try to accomplish that.
</p>
<p>
The process of turning a <strong>plain-text</strong> message into a <strong>cipher-text</strong> message is called <strong>encryption</strong>.
</p>
<p>
What would a <strong>cipher-text</strong> message for that <strong>plain-text</strong> message look like‽
well, it depends on what <strong>encryption algorithm</strong> we use.
</p>
<p>
For a very very simple example, if we were using the <strong>ROT-13</strong> <em>encryption algorithm</em>, then the <strong>cipher-text</strong> would be:
</p>
<blockquote>
<p>
PBHYQ LBH CVPX HC GUR XVQF SEBZ FPUBBY GBQNL NG 2CZ, CYRNFR?
</p>
</blockquote>
<p>
(We will look closer at <strong>ROT-13</strong> later.)
</p>
<p>
For my wife to read my message, she would have to turn that <strong>cipher-text</strong> back into <strong>plain-text</strong>.
</p>
<p>
The process of turning a <strong>cipher-text</strong> message into a <strong>plain-text</strong> message is called <strong>decryption</strong>.
</p>
</section>
<section>
<h4>Example №2</h4>
<p>
Let's look at another example.
We will use the same <strong>plain-text</strong>
</p>
<p>
I.e. again I will write this message to my wife —
</p>
<blockquote>
<p>
COULD YOU PICK UP THE KIDS FROM SCHOOL TODAY AT 2PM, PLEASE?
</p>
</blockquote>
<p>
— and again that will be the <strong>plain-text</strong>.
</p>
<p>
And again, I will <em>not</em> want anyone else to be able to read that message (other than my wife).
So I will hide that message from others by turning that <strong>plain-text</strong> message into a <strong>cipher-text</strong> message to try to accomplish that.
</p>
<p>
<strong>But this time we will use a different <em>encryption algorithm</em>.</strong>
</p>
<p>
With this example, we will use another very very simple <em>encryption algorithm</em> — we will use a <strong>substitution cipher</strong>.
To use a <strong>substitution cipher</strong> as your <em>encryption algorithm</em> you need to pick a <em>substitution-alphabet</em>.
The <em>substitution-alphabet</em> we will use is —
</p>
<table>
<tr>
<th scope="row">normal English alphabet</th>
<td>A</td>
<td>B</td>
<td>C</td>
<td>D</td>
<td>E</td>
<td>F</td>
<td>G</td>
<td>H</td>
<td>I</td>
<td>J</td>
<td>K</td>
<td>L</td>
<td>M</td>
<td>N</td>
<td>O</td>
<td>P</td>
<td>Q</td>
<td>R</td>
<td>S</td>
<td>T</td>
<td>U</td>
<td>V</td>
<td>W</td>
<td>X</td>
<td>Y</td>
<td>Z</td>
</tr>
<tr>
<th scope="row">cipher alphabet</th>
<td>Q</td>
<td>K</td>
<td>T</td>
<td>N</td>
<td>H</td>
<td>F</td>
<td>P</td>
<td>R</td>
<td>M</td>
<td>S</td>
<td>U</td>
<td>J</td>
<td>W</td>
<td>C</td>
<td>B</td>
<td>D</td>
<td>Z</td>
<td>G</td>
<td>X</td>
<td>I</td>
<td>V</td>
<td>Y</td>
<td>O</td>
<td>E</td>
<td>A</td>
<td>L</td>
</tr>
</table>
<p>
(We will look closer at <strong>substitution ciphers</strong> later.
Don't worry if, for example, what a <em>substitution-alphabet</em> is doesn't make sense yet.)
</p>
<p>
With this, if we <strong>encrypt</strong> our <strong>plain-text</strong>, our <strong>cipher-text</strong> would be:
</p>
<blockquote>
<p>
TBVJN ABV DMTU VD IRH UMNX FGBW XTRBBJ IBNQA QI 2DW, DJHQXH?
</p>
</blockquote>
<p>
And again, for my wife to be able to read my message, she would need to have to <strong>decrypt</strong> the <strong>cipher-text</strong> back into the <strong>plain-text</strong> to get:
</p>
<blockquote>
<p>
COULD YOU PICK UP THE KIDS FROM SCHOOL TODAY AT 2PM, PLEASE?
</p>
</blockquote>
</section>
</section>
<p>
So, now that you have seen those examples, let's define those terms.
</p>
<dl>
<dt>Plain-Text</dt>
<dd>
<p>
<strong>Plain-Text</strong> is the original message.
</p>
<p>
In <strong>cryptography</strong>, text, audio, and video all get called a "<strong>plain-text</strong>".
Which can be a bit confusing and even misleading as, in regular language, the word "<em>text</em>" tends not to include <em>audio</em> and <em>video</em>.
But in <strong>cryptography</strong> it does.
</p>
<p>
Usually when <strong>cryptography</strong> specialists talk about <strong>plain-text</strong>, they are doing so in relation to <strong>cipher-text</strong>.
</p>
</dd>
<dt>Cipher-Text</dt>
<dd>
<p>
To make a <strong>plain-text</strong> message <strong>confidential</strong>, we turn it into a <strong>cipher-text</strong>.
</p>
<p>
We turn a <strong>plain-text</strong> message into a <strong>cipher-text</strong> message to hide the message so that only the person, etc you want to read, listen to, or watch, etc the message can do so.
</p>
</dd>
<dt>Encryption</dt>
<dd>
<p>
<strong>Encryption</strong> is the process of turning <strong>plain-text</strong> into a <strong>cipher-text</strong>.
</p>
<p>
What the <strong>cipher-text</strong> ends up being depends on what <strong>encryption algorithm</strong> you end up using.
</p>
</dd>
<dt>Decryption</dt>
<dd>
<p>
<strong>Decryption</strong> is the process of turning <strong>cipher-text</strong> back into <strong>plain-text</strong>.
</p>
</dd>
</dl>
</section>
</article>
</main>
</body>
</html>