Introduction to Cryptology Part-I Security Center Mayank Tewari mayank@desdevpro.com http://www.desdevpro.com 10 Aug 2009 Security Cryptology With the increasing importance of the data we store or use there is a basic need of data security. Protecting the data from misuse or loss is a prime requisite. Considering all the above things encryption and decryption of the data comes into play. Collectively it is called 'Cryptography'. Cryptography is in general a very wide topic, so lets just have a look at the basic cryptography. Disclaimer This article is intended for educational purposes only. The purpose of this article is to make you aware of common attack procedures so that you can build appropriate defenses against them. DesDevPro does NOT encourage using these methods to harm other people, their data or machines. Such actions are punishable by law. By reading this disclaimer you accept: To not use this information to gain access to and/or damage unauthorised hardware or software. To use the tools and/or techniques mentioned herein at your own risk. DesDevPro.com, its members, and the author of this content claim no responsibility for any damages resulting from the use of this material. Substitution Ciphers In the learning of cryptography, one may come across a very basic and easily decoded method of encryption: ASCII shifts or substitution. Substitution is generally taking a block of characters and replacing one character with another. For example: I LOVE BIKING Shifting each letter one step forward in the alphabet, this message would become: J MPWF CJLJOH This is probably the easiest method of encryption to decode, and should by no means be used to hide or secure important data. Now, we will attempt to decode another message of which I will not tell you the character shift amount of. We will go through it step by step in an attempt to decode it. S YPC YRRCKNRGLE RFC AMBC – CLB. The dash and period go unchanged. At a first glance, this appears to be complete gibberish, but looking back we notice somebody may have some top secret information stored in this random jumble of letters. Our first step to solving the character shift is the letter E. Following the space, the letter E is the most commonly used letter in the English alphabet. Let us begin by picking this message apart. Look for the most common character that appears… which just so happens to be the letter C. Following the letter frequency count, this should mean that the letter C has replaced the letter E. So… replace every letter C with the letter E. I choose to start case-insensitive substitution decryptions in uppercase or make changes in bold so that any changes are apparent. This prevents changing an already changed character. S YPe YRReKNRGLE RFe AMBe – eLB. Now, you have just completed your first step in decoding this message. If you have looked up a character frequency chart, you would now know that T is the next most used letter. R appears to be the next most used character… so replace it with T. S YPc YtteKNtGLE tFe AMBe – eLB. Now, or occasionally after another character or two, you can probably decode the character shift value. You could have done this after the first decoded letter, but we were having too much fun and never thought about that, right? From what we have seen so far, we can tell that, by looking at a numbered alphabetic chart, that the character offset is two values behind its original character. E became C and R became T. Now that you know the offset value, you can begin to decode the remaining parts of the message. In the end, the message works out to be: U ARE ATTEMPTING THE CODE – END. Another method you could use to uncover the substitutions for another letter is a commonly used word. After uncovering the substitutions for T and E, what word starts with T, ends with E, and is three letters? You guessed it - THE. Most of the time, if you notice that there are repeated tAe parts of encrypted characters, where A represents an encrypted character, the word is likely THE. This is practically the case for all of these occurrences if tAe appears multiple times… unless the encoder has a foot fetish and has encoded some dirty thoughts. If you thought I meant the word TOE at the beginning of this paragraph, you were horribly mistaken. THE is the most commonly used word, right after TO. Although in my example, replacing F with H would only change one character in the entire text, which is practically useless in this example. For larger sentences, this could greatly aid you with reverting substitution. It provides you with another decoded character, and a complete word to help you make sense of a partially decrypted phrase. As many of you may have pondered earlier on in this article, what if you substitute characters with a random pattern, rather than A -/+ N (where A is the letter and N is the character offset) constantly throughout the entire phrase. For example, one could replace the letter A with B, and C with X. This method is only just slightly more difficult to decode than a fixed character offset. You would just have to decode a large enough amount of characters to make sense of a word or phrase, then you can fill in that part of the message, revealing several more characters in the process. Now, a slightly more challenging message to decode... but possible to do in several minutes. Give it a go and see if you can work it out yourself first. I will tell you now that I have a trick up my sleeve that many of you will have forgot about by this point in the article. 5P XHVZGXEACJWXDCYXIBLM RXCK AX5P X73QFXRCN Give up? What if I told you that I changed the space character? That is correct. I replaced the space character with a letter, and replaced a letter with the space character. Bet that threw you off, no? Try again now that you know that valuable piece of information. Another tiny little hint which will help if you get enough figured out - the phrase is used by some font developers to display their fonts. SPACE = X O = C E = SPACE As you probably have noticed now, O is the most common letter used in this phrase. I find that many small phrases or single words do not use the letter E as many times as a longer collection of words does. This was a little more difficult, any some beginners may not have successfully decoded it, let me spoil it for you! Just for fun. THE QUICK BROWN FOX JUMPED OVER THE LAZY DOG