Real-life cryptography is a bit more involved than these simple schemes. Here is a more realistic example. Say you want to encrypt the phrase “It is raining in Budapest”. You could decide to replace each letter by the next letter of the alphabet. The original and the scrambled message will look like this:
Message in plain text: It is raining in Budapest
Scrambled message: Ju jt sbjojoh jo Cvebqftu
In effect, you have shifted the entire alphabet by one letter while scrambling the message.
Let us analyze this example. The process of encryption and decryption has four components:
- A message in plain text.
- A procedure or an algorithm to scramble this message, namely, shifting the alphabet
- The number of positions you shifted the alphabet by – 1, in our example.
- A scrambled version of the message produced by using the algorithm and a secret value that both parties know – in this example, the number 1 (the number of positions to shift the alphabet by)
In cryptographic terminology, the original message is called “plaintext”. The algorithm is called the “cipher”. The secret value that must be used for shifting is called the “key” and the scrambled message is called “ciphertext”. The same key is used both to encrypt and to decrypt the message and hence such encryption is called “symmetric key encryption”.
To summarize, plaintext is encrypted to ciphertext (and decrypted from ciphertext) by applying a cipher that uses a symmetric key shared by the two parties. (Phew!)
You should note two things here:
- A different ciphertext can be generated using the same cipher simply by changing key. If we change the key from 1 to 2, our example will look like this:
Plaintext: It is raining in Budapest
Ciphertext (Key =1): Ju jt sbjojoh jo Cvebqftu
Ciphertext (Key=2): Kv ku tckpkpi ko Dwfcrguv - The cipher can be public knowledge; the important piece of information is the key.
The cipher in this example is rather simplistic. It would probably suffice to keep a secret from your little sister, but it would not cut mustard with the KGB. The KGB has people called “cryptanalysts” on their payroll. Their job is to break codes. By analyzing the frequency of letters and their occurrence in two and three letter words, it is fairly easy for them to crack your cipher. Any self-respecting cryptanalyst will do it in minutes.
You can make life more difficult for cryptanalysts by coming up with a key that will make it difficult to analyze letter frequencies. Replace the first letter in the message with the next letter in alphabet and the second letter in message with the next but one letter. Repeat this process for the next two letters, and so on. In other words, shift the alphabet by one for an odd numbered letter and shift the alphabet by two for every even numbered letter. So our cipher remains more or less the same but the key now becomes 12. By increasing the length of the key, you have made your encryption “stronger”– or more difficult to crack.
There are several publicly available ciphers that are known by military-sounding acronyms such as RSA, DES and AES. (This is fitting, given the military origins of cryptography!) Each cipher supports a given “key strength”. The best ciphers are designed to last past doomsday, so long as a strong enough key is used.
Now that you understand how cryptography works, we can get back to protecting sensitive information on your PC. To get started, you must procure disk-encryption software such as TrueCrypt (http://www.truecrypt.org). Disk-encryption software runs on your computer in the background, much like antivirus software. It stores your data in regular files on your disk just as Microsoft Word stores its information in .doc files and Microsoft Excel in .xls files. The file is then “mounted” as a virtual disk volume and gets a drive letter of its own. Whenever you save information to this “disk”, it is automatically encrypted. Conversely, wherever you read information from this disk, it is automatically decrypted. The entire process is transparent to you.
You can create several virtual disks using the software, each of which will get its own drive letter. While creating the file, the software asks you to choose from a variety of ciphers to apply to your information. Based on your choice, it then asks you to select key strength. Typically you will get to choose from 40, 56, 128, 256, 384 and 512 bit keys. Don’t worry, you won’t have to come up with a 512-bit key; the software does it for you. It asks you to perform a random operation on your PC, such as vigorously moving your mouse around. Then it generates a random key of the desired length by applying some complex mathematical function to your mouse movements. It appends the key to the file and uses it to encrypt and decrypt your information while reading from and writing to the file.
Since the key is stored with the file itself, there must be some way to prevent it from falling into the hands of unauthorized users. The software accomplishes this by asking you for a password when you create the file. It DOES NOT store the password in plaintext. Rather, it performs a mathematical operation on the password that generates a scrambled version of the password called “password hash”. It stores the password hash with the file and the key.
Whenever you mount the virtual disk, the encryption software asks you for your password. Once you enter the password, the software performs the same mathematical operation on it that it performed the very first time and produces the password hash. If the generated password hash matches with the stored password hash, it assumes that you have access to the data and lets you mount the drive. Once the drive is mounted, it uses the key to encrypt and decrypt information seamlessly while you access it. You can then save any file to the encrypted drive as you would to a regular drive.
If a malicious person gains access to your computer, he can access the encrypted file on the disk like any other file. But all he will see is a jumble of meaningless characters. And this is how disk encryption works.
The PCMech.com weekly newsletter has been running strong for over 8 years. Sign up to get tech news, updates and exclusive content - right in your inbox. Also get (several) free gifts.
Pages: 1 2
