Cryptography

The History and Mathematics of Codes and Code Breaking

Tag: false security

Weak or Bust: Why the Strength of an Encryption Matters

There are two reasons as to why a weak encryption can be worse than no encryption at all: the first being a sense of overconfidence that can prove fatal if the encryption is decrypted and the second tipping off decryptors who often become more cautious and further scrutinize your messages. As explicitly outlined in the book, Mary Queen of Scot’s overconfidence clearly demonstrates the negatives of not creating a strong cipher. By disregarding caution and placing misguided faith in a weak cipher, she inadvertently revealed more information than she would have had she exercised caution. It’s also necessary to note that Mary Queen believed she had a strong cipher, thus providing one more reason as to why caution must always be exercised even if you believe your code to be unbreakable. This strain of thought can actually be applied to a multitude of situations: when engaging in a secretive activity or one that you would not prefer others to know of, it’s better to err on the side of caution.

But perhaps more importantly, a bad cipher may warn the enemy of an impending code. A seemingly legible message that holds a deeper meaning may be more deeply scrutinized if the decryptor suspects a cipher at play. This can be even more dangerous as a heightened sense of awareness and caution could lead to both direct and indirect long-term effects for sender and recipient. Thus, no encryption can often be more effective than a poorly-made one.

It’s necessary in an increasingly complex and secretive world that people realize that whatever codes they create can be broken by online tools accessible to billions. It is both important and necessary to exercise restraint and caution when sending hidden messages – failure to do so may result in harsher penalties than if you had not attempted to encode your message at all.

A Surveillance Story That Hits at Home

In Radiolab’s podcast, Darknode, the story of the “suburban Boy Scout turned black hat hacker” resonated with me the most in terms of the security vs. privacy debate. For starters, the story truly represented how “you either die a hero, or live long enough to see yourself become the villain” (The Dark Knight Rises). In today’s society, we are surveilled – plain and simple. So, what I found so compelling, was how Radiolab was able to portray that no one is immune to this new era of life and anyone can become part of it. Specifically, in this case, the person being surveilled eventually became the one executing the surveillance; I personally took it as his form of “rebellion” even though he was not necessarily as drastic as the friend that initially introduced him to the concept.

The second reason that this story resonated and made such a strong case with me is because I have actually lived the story being told. When I used to be much more active in my internet explorations, I actually encountered, and was friends with, many “script kitties” (as described in the podcast these are scripters who are able to take advantage of just enough of the tools available to scrape the surface of hacking). What I found fascinating, is the story and development of how botnets came into existence and how they initially had a more innocent origin. I was also able to piece together that his reference to “hitting people off the internet over video games” was a reference to a term I became very familiar with called DDoSing. It was truly amazing hearing an experience so similar to my own that was able to shape the course of someone’s life.

Overall, this section of the podcast furthered my opinion of how the issues of privacy vs. security are changing the way humans interact in today’s society.

 

Never Trust A Weak Encryption

In the first chapter of The Code Book by Simon Singh, he states that “a weak encryption is worse than no encryption at all”. A weak encryption is worse than no encryption at all because the sender and receiver of the message believe that the message is secure. A weak encryption leads to a false sense of security. If someone was to send a message with no encryption, they would know that their message was floating around and would be more cautious. People that send encrypted messages should always be mindful of what information their message contains. Over time many messages can be decrypted, and a sender of an encrypted message should remain mindful of that. No one should put all of their trust into a encryption since the message could possibly be deciphered. People that want to keep their messages secret should keep their messages very vague even if they are encrypted. There is always a chance that a message can be decrypted, so the sender should not only rely on a encryption to make sure that their message is secure. Mary Queen of Scots should have been vaguer with the messages that she sent. Since she truly believed that her messages would not be decrypted, she was not withholding the information that she sent. Her trust in the encryption led to her execution.

 

Feeling Safe is not Being Safe

I value my privacy greatly but I also value my own security. If I were to give up a little of one to get a lot of the other, I would obviously choose privacy in terms of what to sacrifice but the post does not talk about security but the “feeling” of being secure. Depending on how much privacy I would have to sacrifice to feel secure would alter my choice. The feeling of being secure is important when it comes to fear and paranoia but in the long run it’s just a feeling. If you aren’t actually protected then you have the right to always be worried no matter what the
circumstances. I think it’s extremely significant that the post did not say “what would you give up to be safe?” I think that the Newseum knew that giving up privacy does not guarantee safety. When presented with this question I thought about a scenario where all my rights were taken in order to be protected and yet I am still exposed. The scenario was unsettling knowing that no matter what I will never truly be safe. Though there can be precautions put in place, at a certain point, exposing yourself and sacrificing your rights does not contribute to your own security.

Assume the Worst

Before the Vigenère cipher, a simple monoalphabetic substitution cipher was the most advanced encryption. This is a weak way of coding however, as an encryption is only as strong as the key used to create it, and tools such as frequency analysis make this easy to conquer. Any code could be broken if the person who intercepted it was well acquainted with basic deciphering methods. The best way to protect your secret message was to assume that anyone could intercept and decipher your code. It was a given that before the Vigenère cipher was invented, that no encryption was completely safe. That being said, not many people realized this and truly thought they were keeping their secrets safe. A perfect example of this is Mary Queen of Scots.

Mary Queen of Scots spent her time imprisoned sending encrypted messages back and forth with a conspiracy group. Mary, along with the rest of the group, ignorantly thought that no one was able to crack their “master” encryptions. As a result they talked about many sensitive topics, especially the coup to overthrow the Queen of England. Their false sense of security led to their demise because, in reality, their code was very easy to break. They thought that their code was unbreakable, however, there was no sure way to know how accurate this claim was. Mary downfall was underestimating the environment in which she lived. She assumed that no one would be smart enough to break her code, but as she soon learnt, an encrypted message can be cracked to spill the secrets it contains.

Security vs Privacy: The Dangers of too much Authority

Chapter four of Little Brother really made me mad due to the abuse of basic human rights the American government was willing to surpass in order to receive more legalized power. Expanding on this problem, I am going to address how the governments abuse of Marcus and other captives basic human rights directly relate to the government trying to get more legal power through the public’s fear. When Marcus was captured, bagged, and brought to an interrogation facility, nicked named Gintmo-On-The-Bay, his fourth amendment right was violated. The fourth amendment states “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized (Cornell Law School).” Marcus’ personal digital activity and information was searched unreasonably, he was seized illegally, and he was forced to sign a paper saying he was voluntarily seized and interrogated which I would consider a violation of the fifth amendment which protects people from self incrimination. Because of the government trying to “secure” it violated peoples rights. The governments concern with security, in this case, was false making their actions even worse. The American government in Little Brother had a goal of taking advantage of a terrorist attack and blaming it on the lack of security. From there the government would expand on its power by persuading citizens to support laws that give the government more surveillance control over the citizens themselves. This is dangerous because as the government receives more surveillance power, it becomes easier to label a protester as terrorist. Once this happens, innocent people such as Marcus, will be captured and interrogated based on faulty information.

A False Sense of Security

In saying “The cipher of Mary Queen of Scots clearly demonstrates that a weak encryption can be worse than no encryption at all.”, I believe that Singh is implying that in using a cipher, Mary and her recipient felt much safer than if they had used no encryption at all. They believe their message is secure, so they do not feel the need to be discrete in their language. Had they not used any encryption, the content of their messages would not have been nearly as direct as it was with the encryption.
For those who attempt to keep their communication secret through encryption, this statement implies that their encryption method needs to be rather strong if they expect it to be effective at concealing their messages. One cannot hope to use a simple Caesar cipher effectively, as that encryption method is rather weak. It could be cracked by even the lowliest of amateur cryptographers in a small amount of time. The fact that Singh describes the cipher of Mary Queen of Scots, an encryption method that I couldn’t hope to begin to comprehend, to be weak implies that for an encryption method to be effective, it must be very complex. This tells me that unless you and your recipient are seasoned cryptographers, you shouldn’t bother trying to encrypt your messages, for one could decrypt them with ease. Instead, you should try to use more discrete language and keep in mind that your words could very well fall into the hands of your enemies.

Mary’s dilema with a weak encryption

Mary, Queen of Scots, said that a weak encryption can be worse than no encryption at all. Mary and Babington started with a good encryption but as cryptanalysis progressed in England they failed to change there code and make it stronger. This allowed Queen Elizabeth’s men to crack the encryption and forge letters to Mary and Babington.

This ability to crack the code and use it against your enemy is what Mary was warning of. Their weakened code was cracked with ease and Mary and Babington were unaware that their cypher had been broken. Mary and Babington were placed in a false sense of security that left them writing the entirety of the plans in their letters. When Walsingham’s men discovered the letters and broke the encryption, they knew they had sufficient evidence to execute Mary and Babington.

Mary and Babington were not prepared for the encryption to be broken. They believed that hiding the letters and encrypting them were sufficient when in reality they had led themselves to their own demise. A weak encryption is far more worse than no encryption at all because you place yourself in a false sense of security and rely heavily on the strength of your encryption to keep you safe. As seen in the case of Queen Mary, she was killed because she did not prepare for the worst.

Powered by WordPress & Theme by Anders Norén