Cryptography Overview – CompTIA Security+ SY0-401: 6.1

Our modern applications make extensive use of cryptography. In this video, you’ll learn the basics of cryptography and some of the history of ciphers and secrecy.
<< Previous Video: User Access Reviews and MonitoringNext: Symmetric vs. Asymmetric Encryption >>

Cryptography is obviously extremely important in what we are doing today, with our networks and our computers. The term cryptography comes from the Greek word “cryptos,” which means hidden or secret. And that’s exactly, obviously, what we’re doing when we’re talking about cryptography.

There are number of features that cryptography brings to the table. One is confidentiality. This is the one we normally think about.

If we’re going to send our credit card information across the internet we want to be sure that nobody in between would be able to see that credit card information. They’ll have all of that information absolutely secret. Nobody’s able to see it except for me and the person that I’m sending it to. Everything else, completely confidential.

The authentication and access control is also a capability that’s provided to us through cryptography. This authentication method means that if I’m putting in a username and then a password, the cryptography around that password and the way that we keep it secret validates that it is me. I’m able to send that message in an encrypted form, and the other side is able to validate that that is indeed exactly the person I would be expecting there.

There’s also a capability called non-repudiation, which means if I receive a message from you there’s no way you can say that you did not send this. I can really tell that this was you that sent it. There’s no way you can deny what you put into this message because I have a way to determine that it really did come from you, and that you really did write these things.

And that also brings us to integrity. We know that when we receive this message, and we check it with these cryptography and the methods that we’re going to talk about, that we can be assured that nobody has tampered with anything inside of this message. If anybody was to change one word, or one letter, we would be able to notice it. And cryptography makes sure that when we receive a message we can be sure that it was not tampered somewhere along the way.

There are a number of common terms you’ll need to know about cryptography. The first is plaintext. Before you encrypt anything it is plaintext, or something that we sometimes will call in the clear. If we were to send this information out over the network anyone would be able to read it. We haven’t done any type the hiding or encrypting of this message.

Once we do encrypt the information it becomes ciphertext. We have taken our plaintext, we have applied a cipher to it, and the resulting encrypted information is the ciphertext. That cipher is what we’re using to encrypt that message. It’s an algorithm. It’s a mathematical method that we are using to take the plaintext and encrypt it or convert it into something that people can’t read. And that is the cipher that allows us to do that.

The art of cracking this encryption then is cryptanalysis. Having your cryptographers in a government facility trying to understand and make sure that the messages that they are sending our secure, and trying to crack the messages that are coming from other places, is a big, big business. And even though it’s something that is relatively hush, hush and top secret, it’s something that is happening every day.

There are many different ways to scramble up a message, and encrypt it in a way that no one would be able to read it. One common way is something called a substitution cipher. This is one of the oldest methods that you’ll find of encrypting data. This is also called Caesar’s cipher because Caesar is one of the people that originated this method of sending information back and forth, and certainly made it very popular.

What he did was take a normal alphabet and he changed all of the letters down a certain number. In fact, a very common one is ROT13. You’ve rotated this group 13 steps to the right so that instead of writing a letter A, you would write the letter N. Instead of writing the letter B, you would write the letter O.

So your cipher is really this 13. As long as you know the number 13 you can take a message and encrypt it and decrypt it with that particular key.

This is obviously something that would turn this funny looking message into, hello world. It’s a very simple one to do. And it made it very easy to send this message. It’s encrypted, you can’t read it. You would have to know exactly what you would need to do, how many methods, how many sections you needed to move this down and rotate it, to be able to read that message.

Another type of cipher is a transposition cipher, where we keep exactly the same letters but we just scramble them up and put them in a different format. And then you would provide the person on the other end with the key– what letter should go in what position. And they would transpose them back into the order that it was designed so that you could make hello world out of this scrambled bunch of letters that has exactly the right letters in it, they’re just all in the wrong place.

We often see people trying to figure out these particular sections of ciphertext. And one of the methods it they’ll use, especially on these older substitution ciphers and transposition ciphers, is to use frequency analysis. They’ll examine the entire ciphertext and they’ll try to determine how many times do I see the letter R? How many times do I see the letter Q? How many times do I see the letter W?

And they’ll start creating a frequency table of how many times we’re seeing different characters. And if we think that this is the English language, we know the letter E is certainly one of the most popular letters. T is the second most, A is the third most, O is the fourth most, and so on. And you can start substituting in some of these frequencies that we’re seeing in our ciphertext to try to figure out exactly what the real message might be inside of that ciphertext.

Well obviously, in modern times, a ROT13 or a transposition cipher is not really going to keep things very safe. So we started to see things like mechanical ciphers appear around the World War II time frame. This is one that Germany used. This is an Enigma machine, which took a message and encrypted it using a piece of machinery, which means you would have to have this piece of machinery on one end, and this piece of machinery on the other end, to be able to decrypt the messages that were being sent back and forth.

Being able to hack or crack that particular encryption code was an extremely important part of what happened during World War II. A lot of interesting history there.

There are also mathematical ciphers. And these are the ones that we will probably see the most of, especially in modern times, because if you can make it a very, very complex cipher then obviously it will be very, very, very difficult to be able to decrypt that message in some way. And we’re going to go through a number of mathematical ciphers, not just in this video, but in many others were we will talk about hashing. We’ll talk about doing symmetric encryption, and asymmetric encryption. If you’re at all interested in getting into cryptography you will need to have an extremely strong background in mathematics.

We’ve talked a little bit so far about keys. And we’ve talked about if you know what the key is then when that encrypted message gets on the other side, you can apply a key to it, with the correct cipher, and come up with the plaintext, back to the information we wanted to get our hands on. These keys can be very simple, like the ROT13 key. We needed that number 13. That was the important part of it.

If it’s something like a PGP or GPG, and we’ll talk more about those as well, the keys are very, very complex. This is my public key, for instance, that I use when I start encrypting information using some asymmetric encryption method. So you have to make sure you have the right kind of key for the message that you’re getting so that you can encrypt it properly.

Another cryptography technique is a one-time pad. This is one where you would have a page of letters on one side. You have exactly the same page of letters on the other side. The person who is encrypting the message will go through each letter of the message, and they would combine the first letter of this pad with the first letter the message to come up with ciphertext. Then the second letter of the pad with the second letter of the plaintext message to come up with the next letter of the ciphertext, and so on.

They would go all the way through your plaintext message to create the ciphertext. And obviously this would be very, very difficult to be able to decrypt unless you had this exact key on both sides. You’d have to have that exact pad of paper, which is where the one-time pad comes from. You use that message one time, you get rid of it. And you have a completely new key, a completely new one-time pad, to be able to use. You use it one time and you’re done.

So the next message, even if the first message was decrypted in some way, the second message someone would have to start all the way from the beginning again to try to decrypt that message. It is all of these different cryptography methods and cryptography features that really provide us with a very, very powerful way to keep all of our information private on our computers and across our network.