Cryptography Through History

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> Going ahead and getting started with
00:00
the cryptography through history piece.
00:00
In this section,
00:00
we're going to go old school,
00:00
and I mean really old school.
00:00
We're going to go back to the Caesar cipher
00:00
and the Scytale cipher which
00:00
was used in the time of the Spartans,
00:00
and we'll look at Vigenere and Vernam,
00:00
and we'll look at the Enigma machine and its cipher,
00:00
and talk about how these elements
00:00
were used to protect secrets throughout history.
00:00
What we're going to find is that all of these types of
00:00
encryption historically have been symmetric in nature.
00:00
We're going to talk about what symmetric means.
00:00
Let's get started. Let's go ahead and talk about
00:00
these Caesar cipher first.
00:00
Out of these that we're going to cover, Caesar,
00:00
Vernam, and the Enigma machine
00:00
are those that are most likely.
00:00
Any of these are fair game for the exam,
00:00
but if I was a betting person,
00:00
which I actually am,
00:00
I would bet on Caesar,
00:00
Vernam, and Enigma.
00:00
The Caesar cipher back in the day of Caesar.
00:00
One of the ways that was used to pass
00:00
secrets amongst the military
00:00
was the use of the Caesar cipher,
00:00
which was a basic substitution cipher,
00:00
which with a basic substitution cipher,
00:00
what that means is one letter
00:00
is always replaced for the same other letter.
00:00
For instance, in this case,
00:00
the alphabet was shifted three spaces,
00:00
that was the secret to the Caesar cipher.
00:00
A would always be replaced by D,
00:00
B would always be replaced by E,
00:00
C would always be replaced by
00:00
F. With a simple substitution cipher like that,
00:00
pattern analysis is going to
00:00
be a sure way to crack the Caesar cipher,
00:00
because when you know
00:00
basic things about the English language,
00:00
for instance, E is
00:00
the most commonly used letter in the English language.
00:00
If I see a single character
00:00
repeating many times throughout the document,
00:00
I'm going to make the assumption, hey,
00:00
that's probably the letter E. Then I see
00:00
a three-letter word that
00:00
ends with what I assumed the letter E is.
00:00
Think for just a second, can you think of
00:00
a three-letter word that ends in the letter E?
00:00
Bet you can, the.
00:00
We can start from something very small and build
00:00
and build and build until we start to see the patterns,
00:00
we start to see frequency.
00:00
That's the way that we attack substitution ciphers.
00:00
Of course, in today's day and age,
00:00
we're not going to see the Caesar cipher
00:00
be successful to a degree,
00:00
but if you go back to the time in which it was used,
00:00
when most people didn't read or write any way,
00:00
you add this additional complexity and you wind up
00:00
having very adequate protection for your messages.
00:00
Now, somewhat recently, we
00:00
used a spin off of the Caesar cipher called ROT13,
00:00
R-O-T13, and then actually stood for Rotate 13.
00:00
The idea, and this goes back to a mythical time
00:00
in human history when we actually did
00:00
not want to offend each other.
00:00
Close your eyes and imagine that time if you can,
00:00
but there was a period.
00:00
What people would do is if they were going to
00:00
post inflammatory content or off-color content,
00:00
what they do is they use a software
00:00
and encrypt it with ROT13,
00:00
which basically just meant
00:00
all the characters should be shifted 13 spaces.
00:00
That way, what they'd post,
00:00
nobody would accidentally see
00:00
it and you had to go through,
00:00
and they post a little warning,
00:00
this contains off-color content or something like that,
00:00
decrypt it with ROT13.
00:00
It was a way of you skating
00:00
any content that might be controversial.
00:00
I have a friend of mine who signs all of his emails.
00:00
This email was encrypted with
00:00
double ROT13. Think about it.
00:00
Double ROT13, 26 character shift. Never mind.
00:00
That's the Caesar cipher and
00:00
its corresponding ROT13 cipher.
00:00
Now, we also have the Scytale cipher,
00:00
not as likely to be on the test, but certainly could be.
00:00
This goes back to the time of the Spartans.
00:00
What I would do if I wanted to
00:00
communicate with a general out in the field,
00:00
is I would take a rod or stick,
00:00
maybe two inches in diameter,
00:00
and then I would wrap tape around that rod,
00:00
and then I'd write my message out across the tape.
00:00
Now, once you pull the tape
00:00
off the rod and you just stretched out the tape,
00:00
the letters would make any sense.
00:00
It wouldn't form legitimate words.
00:00
It would be all scrambled.
00:00
Now, I send that to the general out in
00:00
the field who knows to wrap
00:00
the tape around a two inch rod
00:00
and then he's able to reveal the message.
00:00
The question becomes, how did
00:00
that general note to wrap it around the two inch rod?
00:00
How did he know not to wrap it around
00:00
a one-inch rod or a
00:00
four-inch rod or this that or the other?
00:00
The answer is, I don't know.
00:00
I don't know how he knew that.
00:00
I know that I couldn't have put that on the tape.
00:00
I couldn't have seen the tape that says,
00:00
when you get this, wrap it around the two-inch rod.
00:00
Anybody that intercepts that message is going
00:00
to know how to decrypt it, so to speak.
00:00
I had to have told the general somehow,
00:00
some way beforehand,
00:00
the secret that he and I
00:00
both need to know could not be included in the message.
00:00
We can take that to the Caesar cipher as well.
00:00
How do you know on your end
00:00
that I shifted the characters three spaces to
00:00
the right so that you can
00:00
shift them three spaces to the left or whatever?
00:00
How do we share the secret?
00:00
What we're dealing with is a specific type of
00:00
cryptography called symmetric cryptography.
00:00
Symmetric cryptography means that
00:00
the same secret is used on both ends.
00:00
My secret is I'm going to shift
00:00
the alphabet three spaces to the left,
00:00
you need to know to shift
00:00
the alphabet three spaces to
00:00
the right in order to decode the message.
00:00
We have to have that secret
00:00
exchanged before we can have communication.
00:00
The trouble with that is there's
00:00
no good way that's part of
00:00
the message to protect the secret.
00:00
The secret would have had to have been
00:00
exchanged ahead of time.
00:00
We're going to refer to that later as what we
00:00
call out-of-band key exchange.
00:00
Out-of-band, meaning,
00:00
somehow some way you had to
00:00
distribute the secret to the parties.
00:00
Then when the message comes later, both parties,
00:00
the sender's going to know how to encode the message,
00:00
the receiver's going to know how to decode the message.
00:00
That is always going to be
00:00
a problem we face with symmetric cryptography.
00:00
Anytime the encryption is based on a secret,
00:00
both parties share,
00:00
the biggest problem is
00:00
getting that secret between the parties
00:00
securely and making sure
00:00
that both parties know how to use the secret.
00:00
>> Now that's going to continue.
00:00
We move on to the Vigenere cipher,
00:00
which is also symmetric in nature.
00:00
Basically, what you see
00:00
here in the most significant thing about
00:00
Vigenere is it was the first polyalphabetic cipher.
00:00
You can see our little chart over on
00:00
the right is that we have
00:00
multiple instances of the alphabet, polyalphabetic.
00:00
The way this would work is you and I would
00:00
agree upon a set of characters or a word,
00:00
ahead of time, and that's going to be our shared secret.
00:00
Before I send you off into the field,
00:00
you and I agree our secret word is CISSP.
00:00
Now, I'm going to send you a message,
00:00
study, but I want it to be encrypted.
00:00
I'm going to take the first character of our secret word,
00:00
CISSP, first character C,
00:00
and I'm going to take the first character of my message.
00:00
My message is study so the first character would be
00:00
S. I'm going to go across
00:00
the columns until I see the letter
00:00
C. Then I'm going to come down the row till I
00:00
see the letter S. Where the C
00:00
and S align in the grid is the letter U.
00:00
That's the first character of my cipher text.
00:00
I continue to match up character by character.
00:00
One character at a time until
00:00
my ciphertext or my encrypted message is complete.
00:00
I doubt you'll see that on the exam,
00:00
but it's worth just addressing.
00:00
Now, system I think very well could be on the exams,
00:00
the Enigma machine and it's significant
00:00
because this was used by the Germans in World War II.
00:00
The Japanese also had
00:00
a comparable system called the Purple Machine.
00:00
This is a rotary based system.
00:00
Looks like a typewriter and when
00:00
the Germans would want to create a message,
00:00
they would configure the rotors a certain
00:00
way that's pre agreed upon.
00:00
There's that out-of-band exchange of the secret.
00:00
They would predetermine a rotor configuration,
00:00
type the message, and in
00:00
plain text it would spit out ciphertext.
00:00
On the receiving end they have
00:00
the rotors configured the same way.
00:00
They type in the ciphertext,
00:00
it spits out the plain text.
00:00
Once again, we have symmetric encryption,
00:00
a secret shared by both parties.
00:00
They had to have exchange that secret somehow before.
00:00
It was actually a three rotor machine
00:00
and they got broken relatively early,
00:00
so the Germans added
00:00
a fourth rotor that
00:00
increased the complexity significantly.
00:00
The way we cracked this,
00:00
there were a couple of ways that
00:00
the Allies cracked the Enigma machine,
00:00
one of which was through pattern analysis.
00:00
The Germans started all of
00:00
their messages with the days date,
00:00
and they ended all their messages
00:00
with the phrase, hail Hitler.
00:00
We knew what a portion of the message
00:00
was and that gave us
00:00
a leg up in figuring out
00:00
what the rest of the message was.
00:00
Doesn't mean it was easy,
00:00
it was actually very, very complex.
00:00
If you've ever seen the movie, The Imitation Game.
00:00
That was a movie that
00:00
looked at Alan Turing and his work
00:00
in decrypting the Enigma Machine.
00:00
But at any rate,
00:00
we'll talk about breaking
00:00
cryptography and you're going to see
00:00
the same tools that we've used, pattern analysis.
00:00
Then also we wound up intercepting
00:00
a system so we could see how it worked.
00:00
We could see,
00:00
this is our plain texts let's see
00:00
how it spits out encrypted text.
00:00
In analyzing the two,
00:00
we can figure out the relationships.
00:00
It was credited with shaving
00:00
several months of World War II.
00:00
Some folks have estimated up to a year's time.
00:00
It was very, very helpful that
00:00
the Allies were able to crack this encryption.
00:00
Not last but not least in the historical cryptography,
00:00
is the Vernam Cipher.
00:00
The Vernam Cipher sometimes
00:00
referred to as the One Time pad.
00:00
The One Time Pad is used,
00:00
wait for it, one time.
00:00
That's part of the security of the One Time Pad.
00:00
The One Time Pad is a keypad,
00:00
or that pad itself is the actual secret.
00:00
What happens is characters in
00:00
the message are matched up against characters
00:00
in the One Time Pad and it uses
00:00
a process called x-oring, exclusive oring.
00:00
We're going to look at that in just a minute when we look
00:00
at stream at symmetric cryptography.
00:00
Don't worry about the math of it just yet,
00:00
but just know that just like before,
00:00
we have a secret shared
00:00
between the sender and the receiver.
00:00
Character of the message is
00:00
matched up against the character of the keypad,
00:00
and that provides encrypted text.
00:00
Now, what makes it mathematically unbreakable?
00:00
The pad must be at least as long as the message.
00:00
For instance, if I have a 32-bit key in a 64-bit message,
00:00
I would have to actually use that key twice.
00:00
That would be repetition, that would be pattern.
00:00
I have to make sure that
00:00
the key rather is
00:00
the same size or longer than the message.
00:00
I have to make sure the pad is used one time,
00:00
I have to make sure the pad is securely
00:00
distributed and stored securely.
00:00
If those pieces of criteria are met,
00:00
then we have a mathematically unbreakable ciphers.
00:00
That's very significant.
00:00
As a matter of fact,
00:00
any of the elements today that
00:00
use one timeness as part of,
00:00
I don't even think one timeness is a word,
00:00
but today one timeness is a word,
00:00
but that use one timeness as part of its secrecy.
00:00
If you have those little password generators
00:00
that every 60 seconds give you a new password,
00:00
that dates back in concept to the Vernam Cipher,
00:00
or session keys that are used
00:00
one time and then destroyed,
00:00
dates back to the Vernam Cipher.
00:00
We have covered the traditional uses
00:00
of cryptography throughout history.
00:00
We've looked at some of the major ones.
00:00
We talked about the three character shift
00:00
of the Caesar Cipher.
00:00
We talked about the [inaudible] Cipher,
00:00
wrapping tape around a rod.
00:00
We looked at the Vigenere Cipher,
00:00
which was polyalphabetic.
00:00
We talked about the Enigma Machine and also
00:00
the equivalent for the Japanese
00:00
was called the Purple Machine.
00:00
Those both were cracked during
00:00
World War II to great benefit of the Allies.
00:00
Then last but not least,
00:00
we talked about the One Time Pad and the Vernam Cipher.
00:00
I do think a couple of these may show up on your exam.
00:00
Don't dismiss these just
00:00
because some of the technologies are hundreds or even
Up Next