We control what you think with Language |
Said and done |
Jargon, buzzwords, slogans |
Cryptography or cryptology; from Greek κρυπτός kryptós, "hidden, secret"; and γράφειν graphein, "writing", or -λογία -logia, "study", respectively is the practice and study of techniques for secure communication in the presence of third parties called adversaries. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography.
Cryptography prior to the modern age was effectively synonymous with encryption, the conversion of information from a readable state to apparent nonsense. Since World War I and the advent of the computer, the methods used to carry out cryptology have become increasingly complex and its application more widespread.
Modern cryptography is heavily based on mathematical theory and computer science practice; cryptographic algorithms are designed around computational hardness assumptions, making such algorithms hard to break in practice by any adversary. It is theoretically possible to break such a system, but it is infeasible to do so by any known practical means.
The growth of cryptographic technology has raised a number of legal issues in the information age. Cryptography's potential for use as a tool for espionage and sedition has led many governments to classify it as a weapon and to limit or even prohibit its use and export. In some jurisdictions where the use of cryptography is legal, laws permit investigators to compel the disclosure of encryption keys for documents relevant to an investigation.
Cryptography dates all the way to the earliest forms of writing, with some of the earliest codes being used to conceal messages from those ignorant in certain language due to the slow spread of literacy. Steganography was also developed around this time, which refers to the practice of hiding a message in plain sight, such as the story related by Herodotus of a slave having a message tattooed on his head and hidden with regrown hair.
Some of the earliest ciphers were substitution ciphers, where letters were switched for other letters to disguise the contents of the original.
The cipher is "customized" by the random key, which causes the plaintext to scramble into an unpredictable ciphertext. The science and art of decrypting the message without the key is called cryptanalysis, and it typically involves mathematical ingenuity to reduce the cipher's strength, and supercomputers to break the reduced problem.
Modern ciphers make use of computer technology, which often provides for more complex ciphering and deciphering methods than is possible with human help.
Encryption is a method of protecting data or messages in transit. In the event that the storage for that information is copied or stolen, it is generally expected that the content itself isn't likely to be retrieved within a reasonable amount of time. For example, personal medical records might not be relevant if the person has been dead for many years already or information about an upcoming terrorist attack might not be relevant months or years after it has already happened.
Cryptographic algorithms can be divided into types depending on their use:
Symmetrical algorithms are faster and can encrypt large plaintexts, but they require a pre-shared key, and therefore are alone unsuitable for encryption in situations where keys cannot be exchanged securely (such as the internet).
The RSA algorithm is used for two purposes. If the key that encrypts is public, it allows sending short encrypted messages, such as symmetric encryption keys to the recipient. The recipient can then decrypt the key with their private RSA key. If the key that encrypts is private, it can be used for digital signatures, where a cryptographic hash of some message is encrypted by the user. The recipient can then decrypt the signature to reveal the hash, and by comparing that hash with the hash of the purported message, they can verify the authorship of the message.
Diffie-Hellman and its elliptic curve variant do not encrypt data, but are used to establish a shared key to use in a symmetric cipher.
In cryptographic protocols such as TLS, the data is encrypted with a symmetrical cipher, but either RSA or Diffie-Hellman is used to agree on the symmetric key.
Hash functions are used for integrity and authorship verification. They have specific properties, the most important of which are
All used ciphers are subjected to a constant barrage of cryptanalysis, which slowly erodes their security. However, modern ciphers have enough computational headroom to not be broken by even the most advanced supercomputers and methods. Cryptographic protocols are only as strong as their weakest link, and there are several attack vectors:
Governments have differing responses to cryptography.
Password-protecting a computer does not automatically mean that the data it contains has been encrypted. Usually, basic password-protection is only at the operating system-level and does not change how the data is stored on the disk. It is usually intended to prevent casual attackers who have physical access to the machine from impersonating an existing user. It also prevents other users on the same computer from accessing files owned by other users unless they have administrator/root/super user access rights to override ownership restrictions. This is trivially defeated by simply accessing the data through another operating system or another machine.
Not everything should be encrypted the same way, there needs to be a differentiation between:
Counter-intuitively, storing password in an encrypted format is not a secure practice. Traditional encryption means by definition that the information could be decrypted. Verifying authentication through passwords in that way would imply that the stored password has to be decrypted each time it needs to be verified so the encryption key would need to be known and stored in some way by the verifying entity. If the password database was compromised, the encryption key could be retrieved and used to access all the stored passwords it contains. The solution to this problem is storing passwords in hashed format.[5] However, hashes are still vulnerable to lookup tables, which an attacker can use to find a password with a given hash. An attacker can also gather a list of users with the same password simply by looking for all users with matching hashes. These attacks can be thwarted using salts; since the salts are randomly generated, the attacker will not be able to use a precomputed lookup table, and since no two users' passwords should be hashed using the same salt, it is impossible to find other users with a known password. The attacker's only way of cracking a salted hash is by brute force; hashing functions designed for passwords are deliberately designed to be slow so that attempting to iterate through every possible password would take an impractical amount of time.[6] With the growth of parallel computing power such as high speed ASICs and modern graphics cards, additional security is needed. These threads have been mitigated with with memory hard, slow hash functions such as Argon2. The slow nature means, it can take several seconds to test one password, and the memory-hard means converting the password into a key requires storing large amount of data into the RAM of the computer. With 1GB memory requirement, a RTX4090 GPU with 16,384 CUDA cores, can only use a fraction of those for parallel computing, as the device only has 24GB of RAM, and can only try 24 passwords simultaneously.
Cryptography is an intellectual art, requiring studies of the disciplines of mathematics and language for skilled practice, and since those disciplines have become the subject of woo-related conspiracy and misinformation in other areas, cryptography is no exception.
Some of the earliest woo comes from the earliest days of literacy, where written languages were only understood by very few, and thus encrypted writing was subject to superstition and fear on the part of those ignorant of its meaning. With the increase in literacy, the woo evolved as cryptography was often assumed to play a role in deciphering messages allegedly hidden in religious texts (like the Bible code), suspected as having a sinister purpose (since fraternal orders like the Freemasons used their own ciphers to keep their affairs private), and no end of conspiracy theories by those who assume messages are encrypted in everyday media that can only be understood by the non-sheeple.