reiver-cryptography/index.xhtml

388 lines
12 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta charset="utf-8" />
<title>Cryptography</title>
</head>
<body>
<main>
<article>
<h1>Cryptography</h1>
<address class="h-card">
by
<a rel="author" class="u-url" href="http://changelog.ca/"><span class="p-given-name">Charles</span> <span class="p-additional-name">Iliya</span> <span class="p-family-name">Krempeaux</span></a>
</address>
<p>
<strong>Cryptography</strong> is about how to communicate securely — and how to do so even when there is a <em>malicious</em> person, people, organization(s), or other entities who are trying to stop you from doing so.
</p>
<p>
<strong>Cryptography</strong> is an important part of <strong>privacy</strong>.
</p>
<p>
<strong>Cryptography</strong> is also sometimes called <strong>cryptology</strong>.
</p>
<section>
<h2>Goals</h2>
<p>
<strong>Cryptography</strong> is generally used to try provide three different but related things:
</p>
<ul>
<li><strong>confidentiality</strong>,</li>
<li><strong>integrity</strong>, and</li>
<li><strong>authenticity</strong>.</li>
</ul>
<p>
These three goals form the foundation of the security that <strong>cryptography</strong> tries to provide.
</p>
</section>
<dl>
<dt>Confidentiality</dt>
<dd>
<p>
<strong>Confidentiality</strong> is the goal that only the person, people, organization(s), or other entities you addressed the message to can read the message.
</p>
<p>
<strong>Confidentiality</strong> about how to hide information so that only the person, etc you want to read, listen to, or watch, etc a message can do so.
</p>
<p>
(In <strong>cryptography</strong>, things such as text, audio, and video all get called a "<strong>message</strong>".)
</p>
<p>
For example, if I record a video on my mobile phone and send it to my wife, <strong>confidentiality</strong> has it so that only my wife can watch the video, and no one else.
Not even the people and organizations that provide the communication infrastructure that I use to send the video to my wife.
</p>
<p>
<strong>Confidentiality</strong> is important for <strong>privacy</strong>.
</p>
</dd>
<dt>Integrity</dt>
<dd>
<p>
<strong>Integrity</strong> is the goal that a messages contents cannot be tampered with.
</p>
<p>
For example, if I write this message to my wife —
</p>
<blockquote>
<p>
Meet me at park by the kids' school at 3pm.
</p>
</blockquote>
<p>
<strong>integrity</strong>, for example, has it so someone else cannot change my message to:
</p>
<blockquote>
<p>
Meet me at in the dark scary alley behind the grocery store at 2pm.
</p>
</blockquote>
<p>
With <strong>integrity</strong>, the message my wife receives will be exactly what I sent her.
</p>
</dd>
<dt>Authenticity</dt>
<dd>
<p>
<strong>Authenticity</strong> is the goal that if someone or something claims to be who someone or something, then you can tell if it is actually them.
</p>
<p>
This could be with someone logging into a system.
Or it could be with <em>who</em> or <em>what</em> a message is claimed to be from.
</p>
<p>
For example, if my wife receives a message, she can tell if the message is actually from me or not.
</p>
</dd>
</dl>
<section>
<h2>Jargon</h2>
<p>
Like many specialties, <strong>cryptography</strong> has its own <em>jargon</em>
special words and special phrases that have special meanings in the specialty.
</p>
<p>
Sometimes <em>jargon</em> is comprised of new words and new phrases.
But sometimes <em>jargon</em> is comprised of existing words and existing phrases, which are given new meanings!
(This latter form of <em>jargon</em> can not only confuse, but also mislead people who don't understand the <em>jargon</em> of the specialty.)
</p>
<p>
Some of the basic <em>jargon</em>, in <strong>cryptography</strong>, includes the following words in phrases:
<em>cipher</em>,
<em>cipher-text</em>,
<em>decrypt</em>,
<em>decryption</em>,
<em>digest</em>,
<em>encrypt</em>,
<em>encryption</em>,
<em>hash</em>,
<em>message</em>,
<em>party</em>, and
<em>plain-text</em>.
</p>
<p>
Some of the more advanced <em>jargon</em>, in <strong>cryptography</strong>, includes the following words in phrases:
<em>avalanche-effect</em>,
<em>bcrypt</em>,
<em>brute-force-attack</em>,
<em>collision-attack</em>,
<em>decryption algorithm</em>,
<em>Ed25519</em>,
<em>EdDSA</em>,
<em>encryption algorithm</em>,
<em>GPG</em>,
<em>finger-print</em>,
<em>key</em>,
<em>MD5</em>,
<em>pass-phrase</em>,
<em>pass-word</em>,
<em>pepper</em>,
<em>PGP</em>,
<em>proof-of-work</em>,
<em>rainbow-table</em>,
<em>ROT-13</em>,
<em>RSA</em>,
<em>running key cipher</em>,
<em>salt</em>,
<em>scrypt</em>,
<em>scytale</em>,
<em>SHA-1</em>,
<em>SHA-2</em>,
<em>SHA-3</em>,
<em>shift-cipher</em>,
<em>sponge-function</em>,
<em>signature</em>,
<em>substitution cipher</em>,
<em>TLS</em>,
<em>transposition cipher</em>,
<em>web-of-trust</em>,
etc etc etc.
(There are a lot more advanced <em>jargon</em> than what we listed.)
</p>
<p>
Learning <strong>cryptography</strong>'s <em>jargon</em> will help you understand <strong>cryptography</strong>
as specialists in <strong>cryptography</strong> will very very likely be using <strong>cryptography</strong>'s <em>jargon</em>.
</p>
<p>
Let's first focus on defining the <strong>basic</strong> <em>jargon</em> in <strong>cryptography</strong>.
</p>
<p>
(These definitions <em>won't</em> be in alphabetical order.
But instead will be in an order that I think will make them easier to understand.
Some <em>jargon</em> is easier to understand once you understand other <em>jargon</em>.)
</p>
<section>
<h3>Plain-Text, Cipher-Text, Encryption, Decryption</h3>
<p>
What <strong>plain-text</strong> and <strong>cipher-text</strong> as well as <strong>encryption</strong> and <strong>decryption</strong> are is probably most easily understood with some examples.
</p>
<section>
<h4>Example №1</h4>
<p>
If I write this message to my wife —
</p>
<blockquote>
<p>
COULD YOU PICK UP THE KIDS FROM SCHOOL TODAY AT 2PM, PLEASE?
</p>
</blockquote>
<p>
— that is <strong>plain-text</strong>.
</p>
<p>
I might <em>not</em> want anyone else to be able to read that message (other than my wife).
So I can hide that message from others by turning that <strong>plain-text</strong> message into a <strong>cipher-text</strong> message to try to accomplish that.
</p>
<p>
The process of turning a <strong>plain-text</strong> message into a <strong>cipher-text</strong> message is called <strong>encryption</strong>.
</p>
<p>
What would a <strong>cipher-text</strong> message for that <strong>plain-text</strong> message look like‽
well, it depends on what <strong>encryption algorithm</strong> we use.
</p>
<p>
For a very very simple example, if we were using the <strong>ROT-13</strong> <em>encryption algorithm</em>, then the <strong>cipher-text</strong> would be:
</p>
<blockquote>
<p>
PBHYQ LBH CVPX HC GUR XVQF SEBZ FPUBBY GBQNL NG 2CZ, CYRNFR?
</p>
</blockquote>
<p>
(We will look closer at <strong>ROT-13</strong> later.)
</p>
<p>
For my wife to read my message, she would have to turn that <strong>cipher-text</strong> back into <strong>plain-text</strong>.
</p>
<p>
The process of turning a <strong>cipher-text</strong> message into a <strong>plain-text</strong> message is called <strong>decryption</strong>.
</p>
</section>
<section>
<h4>Example №2</h4>
<p>
Let's look at another example.
We will use the same <strong>plain-text</strong>
</p>
<p>
I.e. again I will write this message to my wife —
</p>
<blockquote>
<p>
COULD YOU PICK UP THE KIDS FROM SCHOOL TODAY AT 2PM, PLEASE?
</p>
</blockquote>
<p>
— and again that will be the <strong>plain-text</strong>.
</p>
<p>
And again, I will <em>not</em> want anyone else to be able to read that message (other than my wife).
So I will hide that message from others by turning that <strong>plain-text</strong> message into a <strong>cipher-text</strong> message to try to accomplish that.
</p>
<p>
<strong>But this time we will use a different <em>encryption algorithm</em>.</strong>
</p>
<p>
With this example, we will use another very very simple <em>encryption algorithm</em> — we will use a <strong>substitution cipher</strong>.
To use a <strong>substitution cipher</strong> as your <em>encryption algorithm</em> you need to pick a <em>substitution-alphabet</em>.
The <em>substitution-alphabet</em> we will use is —
</p>
<table>
<tr>
<th scope="row">normal English alphabet</th>
<td>A</td>
<td>B</td>
<td>C</td>
<td>D</td>
<td>E</td>
<td>F</td>
<td>G</td>
<td>H</td>
<td>I</td>
<td>J</td>
<td>K</td>
<td>L</td>
<td>M</td>
<td>N</td>
<td>O</td>
<td>P</td>
<td>Q</td>
<td>R</td>
<td>S</td>
<td>T</td>
<td>U</td>
<td>V</td>
<td>W</td>
<td>X</td>
<td>Y</td>
<td>Z</td>
</tr>
<tr>
<th scope="row">cipher alphabet</th>
<td>Q</td>
<td>K</td>
<td>T</td>
<td>N</td>
<td>H</td>
<td>F</td>
<td>P</td>
<td>R</td>
<td>M</td>
<td>S</td>
<td>U</td>
<td>J</td>
<td>W</td>
<td>C</td>
<td>B</td>
<td>D</td>
<td>Z</td>
<td>G</td>
<td>X</td>
<td>I</td>
<td>V</td>
<td>Y</td>
<td>O</td>
<td>E</td>
<td>A</td>
<td>L</td>
</tr>
</table>
<p>
(We will look closer at <strong>substitution ciphers</strong> later.
Don't worry if, for example, what a <em>substitution-alphabet</em> is doesn't make sense yet.)
</p>
<p>
With this, if we <strong>encrypt</strong> our <strong>plain-text</strong>, our <strong>cipher-text</strong> would be:
</p>
<blockquote>
<p>
TBVJN ABV DMTU VD IRH UMNX FGBW XTRBBJ IBNQA QI 2DW, DJHQXH?
</p>
</blockquote>
<p>
And again, for my wife to be able to read my message, she would need to have to <strong>decrypt</strong> the <strong>cipher-text</strong> back into the <strong>plain-text</strong> to get:
</p>
<blockquote>
<p>
COULD YOU PICK UP THE KIDS FROM SCHOOL TODAY AT 2PM, PLEASE?
</p>
</blockquote>
</section>
</section>
<p>
So, now that you have seen those examples, let's define those terms.
</p>
<dl>
<dt>Plain-Text</dt>
<dd>
<p>
<strong>Plain-Text</strong> is the original message.
</p>
<p>
In <strong>cryptography</strong>, text, audio, and video all get called a "<strong>plain-text</strong>".
Which can be a bit confusing and even misleading as, in regular language, the word "<em>text</em>" tends not to include <em>audio</em> and <em>video</em>.
But in <strong>cryptography</strong> it does.
</p>
<p>
Usually when <strong>cryptography</strong> specialists talk about <strong>plain-text</strong>, they are doing so in relation to <strong>cipher-text</strong>.
</p>
</dd>
<dt>Cipher-Text</dt>
<dd>
<p>
To make a <strong>plain-text</strong> message <strong>confidential</strong>, we turn it into a <strong>cipher-text</strong>.
</p>
<p>
We turn a <strong>plain-text</strong> message into a <strong>cipher-text</strong> message to hide the message so that only the person, etc you want to read, listen to, or watch, etc the message can do so.
</p>
</dd>
<dt>Encryption</dt>
<dd>
<p>
<strong>Encryption</strong> is the process of turning <strong>plain-text</strong> into a <strong>cipher-text</strong>.
</p>
<p>
What the <strong>cipher-text</strong> ends up being depends on what <strong>encryption algorithm</strong> you end up using.
</p>
</dd>
<dt>Decryption</dt>
<dd>
<p>
<strong>Decryption</strong> is the process of turning <strong>cipher-text</strong> back into <strong>plain-text</strong>.
</p>
</dd>
</dl>
</section>
</article>
</main>
</body>
</html>