Timothy Parker Consulting Incorporated


 

Breaking the Codes

By now you should be tired of algorithms and acronyms. The last three Help Desks have covered all the major cryptography systems used on Windows, Macintosh, UNIX, and Novell systems today, as well as some that are just emerging. Before we can go the next step to looking at how you can implement these systems for your clients (and how much trouble this will all be for you) it is helpful for you to understand how cryptography systems are broken or cracked. There’s a good reason for this: knowing how to break into a system is a good indication of how to secure it.

The science (some would call it an art) of breaking cryptography systems is called cryptanalysis. The process is to try and read an encrypted message without knowing the keys that were used to generate the message in the first place. There are a number of ways to get a head start on the process of breaking codes, the most common being knowledge either of the message contents or some part of the key. If you know that a message deals with shares in ABC Company, for example, you can make much better educated guesses about what certain words in the encrypted message mean. This leads to a key to the encryption faster. This type of crypto-cracking is known as plaintext, because you know part of the message and use that to leverage the key from the rest of the message.

Sometimes private keys are made known either accidentally or on purpose. Knowing some part of a key, or a good idea of what the key may be composed of, helps shorten the cracking time, too. For example, if you know someone has the habit of using their children’s names as keys, and you know the kids names, you are very close to being able to decipher a message. Getting the keys is usually not too difficult especially if the messages are going over the Internet. There are many ways to intercept IP packets and eventually an idea of a user’s keys may be intercepted. If a cracker can get partial keys or the public keys of both ends of a message route, the odds of breaking the entire message are much higher.


Failing these helpful tips, cryptanalysis proceeded in a brute-force method. There are a number of different methods used to break messages depending on the cracker’s techniques, guesses about the message or key, and both brainpower and horsepower at their disposal. The ciphertext method happens when you have only the encrypted message to work with. Computers then try different keys to try and decipher the message, sometimes with help from the cracker who can guess at words in the message. Since most messages follow standard formats (how many different ways can you structure a business letter?) you may be able to use part of the encrypted message to help choose a key to break the entire contents.

If the encryption algorithm is known, a modified plain-text method can be used. With this technique, the cracker encrypts a message with the same technique (but not the same key) as the target message. By repeating the process with different messages and keys, an idea of the key used to encrypt the target message can be developed. This technique works surprisingly well.

There are some mathematically complex methods of cracking messages that rely on the intricacies or public-private keys. There will be a relationship between the keys and the encrypted message, and this can be deduced given enough number-crunching ability. Mathematicians have written entire books about the science of breaking encryptions in a theoretical manner, many of which have been employed by scientists and engineers working for national security agencies. (One of the most interesting of these books, which is a little tough reading for non-mathematicians, is Applied Cryptography by B. Schneier. A little late night reading for the curious VAR…)

So after wading through that, how do you choose an encryption product for your customers? Now that you know a little of the science behind encryption you should realize that none of these techniques are foolproof. Further, the more difficult the encryption system is to crack, the more overhead is involved. System overhead can become noticeable with software-based encryption, especially when all data on a system is encrypted. For example, encrypting an entire drive used to store user data and all user files on a Windows NT system employing RSA encryption decreases overall system performance by about ten percent. Most users will not notice this change, unless they have to get involved in the encryption and decryption process themselves.

To encode an entire drive, all the user interfaces have to be transparent. A truly transparent encryption system doesn’t yet exist, but there are many systems that are getting close. For now, users usually have to go through an encryption and decryption process for each file manually, adding to their frustration with the system.

Earlier in the series you saw a simple encryption system called Codedrag which can be employed for encryption and decryption of selective files. Commercial systems from RSA and Entrust Technologies do the same, but cost more without necessarily offering more. PGP is free, and works well, too. However, you may want the technical support and industry reputation that RSA and Entrust bring to the encryption field, helping off load you from the problems of supporting an encryption package. There is no one "best" package available, but you should be able to make sensible recommendations to your clients about which packages will help them secure their data.

 

Send mail to tparker@tpci.com with questions or comments about this web site.
Copyright © 1995-2007 Timothy Parker Consulting Incorporated
Last modified: January 23, 2007