# Part I: Introduction

Document Sample

```					Cryptography & Encryption
Kevin Curran
Cryptography
• During World War II, several mechanical devices were invented
for performing encryption, including rotor machines, most notably
the Enigma cipher.
• The Ciphers implemented by these machines brought about a
significant increase in the complexity of cryptanalysis.
• Encryption methods have historically been divided into two
categories: substitution ciphers and transposition ciphers.

• Substitution ciphers preserve the order of the plaintext symbols
but disguise them. Transposition ciphers, in contrast, reorder the
letters but do not disguise them.
• Plaintext is the common term for the original text of a message
before it has been encrypted
Caesar Cipher

• The first military code put to serious use was perhaps the so called Caesar
cipher.

• The purpose of this cipher is simply to allow written messages to pass
between commanders with some degree of security. If the messenger is
captured, he himself will not divulge the content of the message, as he
could not himself read it.

• Even if the message itself is captured, it could not be deciphered by the
enemy, at least not on the battlefield.

• On the other hand, the proper recipient of the message needs to be able
to decipher it quickly and accurately so the cipher must be readily
decipherable by those in the know.
.
Caesar Cipher

• The cipher attributed to Caesar is indeed very simple for it involves
shifting the letters of the alphabet along three places.

• A message can then be quickly deciphered, especially if one has the shifted
alphabet before ones eyes:

ABCDEFGHIJKLMNOPQRSTUVWXYZ

DEFGHIJKLMNOPQRSTUVWXYZABC

• In this Caesar cipher, the message CROSS THE RUBICON (this is known as
the plaintext message) is enciphered as FURVV WKH UXELFRQ (called the
ciphertext message).
Caesar Cipher Weakness
• This might be enough to confound the enemy, at least the first time around.

• However it is not very secure, and indeed if the enemy knew, or guessed that the cipher
was based on an alphabet shift, the code could well be cracked in a minute or two upon
intercepting even a short message like this one.

• Indeed once the enciphered form of one single letter is correctly guessed then the whole
code is blown as the cyclic shift in the alphabet is revealed:

….. for instance if we guess that A -> D when enciphered, and we know that the cipher is
a simple Caesar shift, then the key to the cipher is there for all to see.

• A more difficult cipher is to swap each letter with another in no particular pattern. In this
way if the enciphered form of a letter such as I or A is guessed (often an easy task as these
two are the only one-letter words) we cannot immediately find the rule for the rest of the
cipher because there is none.
• The arbitrary nature of the substitution is an inconvenience for the code
users as well as it can be difficult to remember how to form the cipher.
• Mistakes will be made unless the secret cipher is written down and
then it could easily fall into the wrong hands.
• We can crack mono-substitution ciphers with frequency analysis, pattern
matching, and trial and error until all is revealed.

• Given a fairly long intercepted message encoded as a simple
substitution cipher, it is not hard to spot the true meaning of letters.

• The symbols for I and A are likely to occur in isolation and common
letters such as E and T will have equally common symbols substituting for
each of them.

• From this, short words can be guessed, giving more of the cipher ….
Vigenère cipher
• Nonetheless, by the 16th century these basic ideas had been taken
further to develop military codes that were considered impregnable in
their day yet could easily be deciphered by those who held their key.

• The main type, which stood defiant for several centuries, goes by the name of
the Vigenère cipher.

• Its beauty is that the key is simply a single word, such as LIBERTY. Any
unauthorised interceptor, even one who knows that his enemy is using a
Vigenère cipher, will have the greatest of difficulty unravelling the code without
the secret code word.

• Indeed it was widely accepted that cracking these codes was a practical
impossibility and so was not even worth attempting directly.
Vigenère cipher

• The only hope lay in somehow acquiring the code word.

• …….. This could be any string of letters at all so the system
looked completely secure to those who used it with due care and
attention.
Vigenère cipher – how it works
•Each letter of the key word, which is written vertically, represents the first
letter in a simple Caesar cipher.

•We then encipher the first letter of the message using the first cipher,
the second using the second, and so on, starting the cycle of Caesar ciphers
over again once we reach the end of the key word.

•For example, suppose our plain text message is

A MAN A PLAN A CANAL PANAMA

• The idea seems first to have been formulated by Leon Battista Alberti of
Florence in a visit to the Vatican in the 1460’s. So quite old…..
Vigenère Table
.

Vigenère cipher table based on LIBERTY.
Vigenère cipher – how it works
• Using LIBERTY as our watch word, the sender and legitimate receiver of the
message would set up a cipher table as in previous slide.

• The initial A is then enciphered as L; the word MAN is enciphered using the
13th letter of the second cipher, the first of the third, and the 14th of the
fourth respectively, giving the encoded form of the word as UBR.

• Continuing, we discover the full enciphered message as shown below.

• We repeat the key word above plaintext message as a reminder of
which of the seven shifted alphabets to use in the encoding for each letter.
Vigenère cipher – how it works
• Immediately it is clear that the codebreaker meets some new obstacles.

• The standard trick of assuming that an isolated letter represents either the
word A or I is still valid, but we see that the three instances of the letter A in
this case are enciphered differently on each occasion, sowing the seeds of real
confusion in the mind of the codebreaker.

• Simple frequency analysis will also be found wanting, the real frequencies
being disguised by the changing nature of the code throughout the message.

----- Is there any way of ever tackling such a perplexing cipher?

• Indeed there is, and the first to show that these ciphers could be cracked
was the English mathematician Charles Babbage (1791–1871).
Cryptography
• Cryptanalysis is the study of methods for obtaining the plain text of encrypted
information without access to the key that is usually required to decrypt. In lay-
man's terms it is the practice of code breaking or cracking code. The dictionary
defines cryptanalysis as the analysis and deciphering of cryptographic
writings/systems, or the branch of cryptography concerned with decoding
encrypted messages.

• Cryptanalyst's are the natural adversary of a cryptographer, in that a
cryptographer works to protect or secure information and a cryptanalyst works
to read date that has been encrypted. Although they also complement each
other well as without cryptanalyst's, or the understanding of the cryptanalysis
process it would be very difficult to create secure cryptography. So when
designing a new cryptogram it is common to use cryptanalysis in order to find
and correct any weaknesses in the algorithm.

• Most cryptanalysis techniques exploit patterns found in the plain text code in
order to crack the cipher; however compression of the data can reduce these
patterns and hence enhance the resistance to cryptanalysis
Cracking the Vigenère cipher
• It is not too hard to see how we might go about attacking a Vigenère cipher.
It is, after all, just a cycle of Caesar ciphers, which themselves succumb quite
easily to frequency analysis.

• Indeed if we happened to know, or to guess, the length of the key
word in the Vigenère cipher, we already have found a crack in the
fortress.

• In our cipher, length of cycle is seven, meaning that an enciphered message
consists of a cycle of 7 Caesar ciphers. Therefore in focusing on the letters in
positions 1, 8, 15, · · · , 1 + 7k , · · · , we are dealing with a simple Caesar cipher.

• If we can identify one of the frequently occurring letters in this sequence,
such as e or t, we soon discover that A has been shifted to L, B to M, and so on.
By attacking the other embedded cycles the same way, we could discover the
key word, LIBERTY, from which point the secret code would open up to us.
Cracking the Vigenère cipher
• Of course we would not know the length of the keyword, so generally we
would be in for a lot more work.

• This rudimentary analysis though is enough to show that a short simple word
leads to a Vigenère cipher that is quite vulnerable to the cryptoanalyst.

• A one-letter key word corresponds to a simple Caesar cipher and a short key
word would lead to too much repetition to be really secure.

• Certainly long conversational messages containing many common short
words such as THE, AND, IT and the like would leave many clues that would be
seized upon and exploited by intercepting agents.
Cracking the Vigenère cipher
•Although inconvenient, it would not be too hard for the users of the cipher to
memorize quite a long key:

MANUTDAREGOINGTOWINEVERYTROPHYNEXTYEAR

is an easily remembered key of length 38. Certainly the analyst would
need to intercept a lot of message text before the patterns of ordinary language
would be visible in a Vigenère cipher with very long key words.

• However, long intercepted ciphertexts do eventually leave traces of the
length of the key word.

• For example, suppose the name London was used many times in an enemy
plan. Although enciphered in many different ways, eventually the name
London would be encoded in the same way more than once so that the
interceptor would see duplicated enciphered text.
Cracking the Vigenère cipher
• Using our LIBERTY cipher for instance and beginning from the first letter of
the key word we would encipher London as WWOHFG.

• Suppose that the interceptor spotted two instances of this strange string
WWOHFG separated by, let us say, 21 symbols from the beginning of the first
string to the second. What would this represent?

• It could just be a coincidence, for it may be that two completely different
words were translated to the same string due to them being enciphered
using different Caesar ciphers.

• This certainly can happen with very short strings of up to three symbols
but becomes progressively unlikely with longer strings
Cracking the Vigenère cipher
•Repetition of a six-letter string one would get an intercepting agent excited.

• If the spy assumes what is likely, that WWOHFG represents two instances
of the same word, then the separation of any two instances of this enciphered
word in the ciphertext must be some multiple of the length of the key word.

• Since this separation is 21 spaces, the spy infers that the key word has length
either 3 or 7 (the correct value) or 21.

• This is a real breakthrough – they can now work on the ciphertext using
frequency analysis on the strings of every third, every seventh and then, if
necessary, every 21st symbol. If they have a good long sample of ciphertext,
the key word should soon emerge when she looks for cycles of length seven.

•In this way the vulnerability of Vigenère ciphers is revealed and they are
now regarded as too weak to be used in serious enciphered transmission.
Unbreakable Codes

•Is it possible to devise a code so
strong that it is absolutely unbreakable?
Unbreakable Codes

The Short Answer is Yes….but….
Code talkers…..A unique method
Code Talkers
• Code talkers was a term used to describe people who talk using a
coded language.

• It is frequently used to describe 400 Native American Marines
who served in the United States Marine Corps whose primary job
was the transmission of secret tactical messages.
• Code talkers transmitted these messages over military telephone
or radio communications nets using formal or informally
developed codes built upon their native languages.
• Their service improved communications in terms of speed of
encryption at both ends in front line operations during World
War II.
Code Talkers
The name code talkers is strongly associated with bilingual Navajo
speakers specially recruited during WWII by the Marines to serve in their
standard communications units in the Pacific Theater.

Code talking, however, was pioneered by Choctaw Indians serving in the
U.S. Army during World War I. These soldiers are referred to as Choctaw
Code Talkers.

Other Native American code talkers were deployed by the United States
Army during World War II, including Cherokee, Choctaw, Lakota,
Meskwaki, and Comanche soldiers.

Soldiers of Basque ancestry were used for code talking by the U.S.
Marines during World War II in areas where other Basque speakers were
not expected to be operating.
Code Talkers
Adolf Hitler knew about the successful use of code talkers during World War I.
He sent a team of some thirty anthropologists to learn Native American
languages before the outbreak of World War II.

However, it proved too difficult for them to learn the many languages and
dialects that existed. Because of Nazi German anthropologists' attempts to
learn the languages, the U.S. Army did not implement a large-scale code talker
program in the European Theater.

Fourteen Comanche code talkers took part in the Invasion of Normandy, and
continued to serve in the 4th Infantry Division during further European
operations.

Comanches of the 4th Signal Company compiled a vocabulary of over 100
code terms using words or phrases in their own language.
Code Talkers
• Using a substitution method similar
to the Navajo, the Comanche code
word for tank was "turtle", bomber
was "pregnant airplane", machine gun
was "sewing machine" and Adolf
Hitler became "crazy white man".

• Two Comanche code-talkers were
assigned to each regiment, the rest to
4th Infantry Division headquarters.

• Shortly after landing on Utah Beach
on June 6, 1944, the Comanches
began transmitting messages
Navajo Code
• Philip Johnston proposed using Navajo to US Marine Corps at start of WWII

• Johnston, a World War I veteran, was raised on the Navajo reservation as the
son of a missionary to the Navajos, and was one of the few non-Navajos who
spoke their language fluently.

• Because Navajo has a complex grammar, it is not nearly mutually intelligible
enough with even its closest relatives within the Na-Dene family to provide
meaningful information, and was at this time an unwritten language, Johnston
saw Navajo as answering the military requirement for an undecipherable code.

• Navajo was spoken only on the Navajo lands of the American Southwest, and
its syntax and tonal qualities, not to mention dialects, made it unintelligible to
anyone without extensive exposure and training.

• One estimate indicates that at the outbreak of World War II fewer than 30
non-Navajos, none of them Japanese, could understand the language.
Navajo Code
• Early in 1942, Johnston staged tests under simulated combat which
demonstrated that Navajos could encode, transmit, and decode a three-line
English message in 20 seconds, versus the 30 mins required by machines .

• The idea was accepted, with Vogel recommending that the Marines recruit
200 Navajos. The first 29 Navajo recruits attended boot camp in May 1942.

• The Navajo code was formally developed and modelled on the Joint
Army/Navy Phonetic Alphabet that uses agreed-upon English words to
represent letters.

• As it was determined that phonetically spelling out all military terms letter by
letter into words—while in combat—would be too time consuming, some
terms, concepts, tactics and instruments of modern warfare were given
uniquely formal descriptive nomenclatures in Navajo (the word for "potato"
being used to refer to a hand grenade, or "turtle" to a tank, for example).
Navajo Code
• A codebook was developed to teach the many relevant words and concepts to
new initiates.

• Text was for classroom purposes only, and never to be taken into the field.

• The code talkers memorized all these variations and practiced their rapid use
under stressful conditions during training.

• Uninitiated Navajo speakers would have no idea what the code talkers'
messages meant; they would hear only truncated and disjointed strings of
individual, unrelated nouns and verbs.

•The Navajo code talkers were commended for their skill, speed and accuracy
accrued throughout the war. At the Battle of Iwo Jima, Major Howard Connor,
5th Marine Division signal officer, had six Navajo code talkers working around
the clock during the first two days of the battle.
Navajo Code End
•As the war progressed, additional code words were added on and incorporated
program-wide. In other instances, informal short-cut code words were devised
for a particular campaign and not disseminated beyond the area of operation.

• To ensure a consistent use of code terminologies throughout the Pacific
Theater, representative code talkers of each of the U.S. Marine divisions met in
Hawaii to discuss shortcomings in the code, incorporate new terms into the
system, and update their codebooks.

• These representatives in turn trained other code talkers who could not attend
the meeting.

•The deployment of the Navajo code talkers continued through the Korean
War and after, until it was ended early in the Vietnam War.
Navajo Cryptographic Properties

• Non-speakers would find it extremely difficult to accurately distinguish
unfamiliar sounds used in these languages.

• Additionally, a speaker who has acquired a language during their childhood
sounds distinctly different from a person who acquired the same language in
later life, thus reducing the chance of successful impostors sending false
messages.

• Finally, the additional layer of an alphabet cypher was added to prevent
interception by native speakers not trained as code talkers, in the event of their
capture by the Japanese.

• A similar system employing Welsh was used by British forces, but not to any
great extent during World War II. Welsh was used more recently in the Balkan
peace-keeping efforts for non-vital messages.
Navajo Cryptographic Properties

• Navajo was an attractive choice for code use because few people outside the
Navajo themselves had ever learned to speak the language.

• Virtually no books in Navajo had ever been published. Outside of the
language itself, the Navajo spoken code was not very complex by cryptographic
standards and would likely have been broken if a native speaker and trained
cryptographers worked together effectively.

• The Japanese had an opportunity to attempt this when they captured Joe
Kieyoomia in the Philippines in 1942 during the Bataan Death March.

• Kieyoomia, a Navajo Sergeant in the U.S. Army, but not a code talker, was
ordered to interpret the radio messages later in the war.
Navajo Cryptographic Properties

• However, since Kieyoomia had not participated in the code training, the
messages made no sense to him.

• When he reported that he could not understand the messages, his captors
tortured him.

• Given the simplicity of the alphabet code involved, it is probable that the code
could have been broken easily if Kieyoomia's knowledge of the language had
been exploited more effectively by Japanese cryptographers.

• The Japanese Imperial Army and Navy never cracked the spoken code.

• So do not underestimate the power of words……
WindTalkers
Back to Unbreakable Codes

• We have said that it is possible to devise a code so strong that it is
absolutely unbreakable.

• Indeed this can be achieved in practice by following the idea behind the
Vigenère cipher to its natural conclusion.

• This is what Joseph Mauborgne of the US crytpographic service did around the
time of the First World War.

• As we have already pointed out, the weakness of the Vigenère cipher lay in
the key word being short and recognizable.

• The answer then was to make it long and unrecognizable.
Back to Unbreakable Codes

• But how long?

• Longer than any message you would ever send.

• To make it unrecognizable, we make the key word
completely random.

• The result of this approach is known as the one-time pad cipher.
• The sender and receiver each need identical copies of the one- time pad, which
consists of no more than a very long totally random string of letters from the
alphabet.

• Only they possess this super key word. The secret message is then sent in
whatever way convenient using the one-time pad in the Vigenère fashion.

• Since the key word never ends (or more precisely does not end before the
message is concluded) there is no cycle of ciphers.

• Since each individual letter in the key word is random, and bears no
relation to any other letter, the string that is transmitted is itself a totally
random string. After the message is transmitted the sender destroys the pad, as
does the receiver after he has deciphered the message.
•…Although cumbersome, the method is secure. If the enciphered message is
intercepted during transmission it is of little use to the unauthorised interceptor

• He may be able to tell something about how long the message is, but little
more.

• Even the lengths of individual words can be masked, symbols like punctuation
marks and spaces can themselves be given a symbol in an augmented
alphabet.

• The one-time pad could then be a random string from this enhanced alphabet,
completing disguising the structure of the grammar in the transmitted
message.
• In principle, all aspects of the message can be written in binary code

• the message then becomes a string consisting of the symbols 0 and 1, which is
disguised by adding to it a completely random binary string as represented by the

•If the message digit were a , and the random digit in the corresponding random
string were b, then the transmitted digit would be a + b, where this sum is
calculated according to the rules of arithmetic modulo 2:

that is 0 + 1 = 1 + 0 = 1 and 0 + 0 = 1 + 1 = 0.
• e.g. if the message were simply the string of ten consecutive 1 symbols
1111111111, and the first ten digits on the one-time pad were 0111011011,
then the transmitted string would be that of the random string with the
digits 0 and 1 interchanged throughout: 1000100100.

• The unauthorised interceptor is left holding a random string that contains no
information, which, in isolation, is meaningless.

•Even if the eavesdropper happened to know part of the message, the intercepted
string would be of no use to him in deciphering the remainder as there is
no relationship whatever between the remainder of the transmitted string and
the remainder of the message—the connection is a totally random substring on

•He cannot decipher any further without getting hold of that pad.

• Although completely secure, the one-
time pad is used for only the highest
priority intelligence, as the production of a
large number of pads and the care that
must go in to ensuring they are never
copied and fall into the wrong hands soon
becomes excessive.
Book Ciphers

• A very secure cipher that can be
produced without too much difficulty
is a book cipher. This involves both
parties holding copies of a very long
piece of text, a book perhaps.

• The book is the key to the whole
cipher and this must remain secret.

• For this reason, it would be best if
the ‘book’ is written by the code
makers themselves—no literary merit
is required, indeed the more arbitrary
and nonsensical the better.
Book Ciphers

• The words of the book are then numbered 1, 2, · · · and so on up to however
many words can be produced.

• If the sender wishes to code the message PAP, she starts reading the book
and follows through till she find the first word beginning with P: it may be the
40th word, in which case the plaintext P is enciphered as the number 40.

• Since the next letter is A, she would find a word beginning with A, it might
be 8, so that would become the next cipher symbol.

• To encipher the final P, she would locate the next word in the text beginning
with P, it might be word number 104, and so her enciphered message would
be 40 8 104.

• Without the ‘book’ , this is a near impossible code to break, even if long
messages are intercepted.
Book Ciphers

• To be as secure as possible, the enciphering should involve always going
forward in the book and, after enciphering each symbol, a good practice is to
jump to the midline of the next paragraph before continuing the search for a
suitable word.

• This ensures that there is little or no correlation between the words that are
used in forming the cipher by separating them by large near-random distances
in the text.

• Although the text itself is being used up very wastefully, words are cheap.

• The underlying idea is similar to the one-time pad as the first letters of
the words of the text are being thought of as a random string from the
alphabet and the message just tells the recipient which letters to pick out of
this string in order to form the plaintext message.
Key Generation

•Until the early 1970’s the clandestine world of the cipher (secret code) had
not fundamentally changed for thousands of years. To be sure, the codes and
the code breakers had progressed in leaps and bounds.

• The heroic work of Alan Turing and the codebreakers at GCHQ in England
in cracking the Enigma codes is an inspiring story

• The underlying idea, and the assumptions that underpinned it, had however
not altered in all that time. The purpose of a cipher was for the sender to
transmit to his chosen receiver a message which, while travelling in the public
domain, was vulnerable to interception.

• However, the transmission was of no use to the receiver unless he possessed
the key to the cipher. All ciphers had common feature that secure messages
could not be passed back and forth unless those conducting the secure
conversation had, at one time, exchanged the key to the cipher in secrecy…
Coding theory

• It was presumed that this was an implicit Principle of Coding Theory: to be
effective, the key to a cipher must change hands.

• Around 1970 however, mathematicians began to question this and showed,
with an elegant argument, that this ‘principle’ was not well founded.
Alice, Bob and Eve

• The three fictitious characters involved in secret transmissions traditionally
go by the names of Alice and Bob with Eve, the eavesdropper,
intercepting their messages and generally causing mischief.

• Perhaps because of the name,
Eve is usually regarded as the evil
figure in the drama although this is
quite unfair:

……as Alice and Bob could be
hatching plots of their own and Eve
represents a benign intelligence
service striving to protect citizens
from the conspiratorial schemes of
the other pair.
Secure Key Exchange

• Transmission of a secure message from Alice to Bob does not in itself
necessitate the exchange of the key to a cipher, for they can proceed as follows.

1.   Alice writes her plaintext message for Bob, and places it in a box that she
secures with her own padlock. Only Alice has the key to this lock.

2. She then posts the box to Bob, who of course cannot open it. Bob however
then adds a second padlock to the box, for which he alone possesses the key.

3.   The box is then returned to Alice, who then removes her own lock, and
sends the box for a second time to Bob.

4. This time Bob may unlock the box and read Alice’s message, secure in the
knowledge that Eve could not have peeked at the contents during delivery
process.
Secure Key Exchange

• In this way a secret message may be securely sent on an insecure channel
without Alice and Bob ever exchanging keys. (Eve still could of course simply
steal the box, then neither she nor Bob would know Alice’s message—this
corresponds to a direct physical attack on Alice and Bob’s communications
medium.)

• This thought experiment shows that there is no law that says that a key must
exchange hands in the exchange of secure messages.

• The padlocks could be regarded as metaphors. Alice and Bob’s ‘locks’
might be their own coding of the message rather than a physical device separating
the would-be eavesdropper from the plaintext message.

• This represented a fresh way of looking at an age old problem. .
Simultaneous Key Creation

• The story of the padlocked box sets the scene for a tantalising
mathematical problem.

• Is it possible for Alice and Bob to set up a secure
cipher between them without ever meeting one
another or making use of a third party to act as a go
between?

• After all, the practical problem that had dogged cipher applications from the
beginning was that of key exchange—the initial transfer of the key to the cipher
between the interested parties.
Simultaneous Key Creation

• In principle it was solvable: the key simply had to be exchanged with careful
attention paid so that it did not fall into the wrong hands along the way.

• However, in practice, especially in the commercial world, thousands of
people wish to talk to one another in confidence and cipher keys needed
to be changed often in order to maintain the integrity of the system.

•In the real world the sheer effort that needed to go into secure key exchange
proved to be a major cost and made widespread secure communication
impossible.
Simultaneous Key Creation

• Our first impulse might be to create a mathematical version of the padlocked
box, the lock being a metaphor for an encryption and its key the decryption.

1.   Alice takes her plaintext message M and encrypts it, sending the message in
Alice’s cipher, A (M ) to Bob.

Neither Eve nor Bob can make anything of this.

2. Bob then puts his padlock on the box in the form of a further encryption
using his own secret cipher and then send the doubly encrypted message, B
(A (M )) back to Alice.

Again Eve can make nothing of this gibberish

3. Alice then has the cipher form of the doubly padlocked box back in her hands.
Simultaneous Key Creation

•Now Alice has a problem. Applying her decryption algorithm to recover B
(M ) from the doubly encrypted message B (A (M )) may not work. It depends
on whether the cipher operations of Alice and Bob can be carried out in either
order and yield the same net result.

•In general they will not. Most mathematical operations will not commute in
the way required.

• To take a very simple example, suppose that the plain-text message is the
number 6 and that Alice’s way of disguising her message is simple to add the
number 4 while Bob’s secret cipher involves doubling the number.

• Alice sends 6 + 4 = 10 to Bob. Bob sends 2 × 10 = 20 back to Alice. If
Alice now tries to remove her lock by carrying out her deciphering operation,
subtracting 4, she will return the number 16 to Bob.
Simultaneous Key Creation

Finally Bob tries to undo his cipher by dividing by 2 and winds up with
16/2 = 8.

But this is wrong—he was supposed to end up with the plaintext message
of 6.

The trouble is the two ciphers, that is the two mathematical padlocks, have
interfered with one another’s operation.
Key Creation II

• This seems to be only a technical hitch. Surely we can get around this by
finding ciphers that can easily glide past one another.

• For instance, both Alice and Bob could encipher their message by
adding on their own personal secret number (which could be huge).

• If for instance Bob added 2 instead of multiplying by 2 the problem vanishes:
Alice would take her message (the number M = 6), send it disguised as 6 + 4 =
10, Bob would return 10 + 2 = 12 to Alice, who would then subtract her secret
number and reply with, 12 - 4 = 8, and finally Bob would subtract his secret
number to reveal the original message 8 - 2 = 6.
• However, we must not forget Eve. Put yourself in her place.
Eve intercepts all these numbers and knows, or at least suspects, that the cipher of
both Alice and Bob involves addition of a secret number.

1.   She intercepts the 1st message, Alice sending the number 10 to Bob.
2. Next she intercepts Bob’s reply, the number 12 and immediately she cracks
Bob’s cipher for it is the number 12 -10 = 2.
3.   Next Eve observes that Alice has converted Bob’s message of 12 to 8, showing
that her secret cipher number is 12 - 8 = 4.
4. Having cracked both ciphers Eve now has no trouble deducing that the
plaintext message of Alice must have been 10 - 4 = 6.
…it would not help Alice or Bob to replace their secret cipher numbers with huge
ones for Eve could still use the same method to reveal their values. Simple
addition is too simple a basis for a cipher to defeat a resourceful Eve.
Whitfield Diffie
In the mid 1970’s Whitfield Diffie and Martin Hellman took a
different slant on the idea of a mathematical copy of the double
padlocks for secure key exchange.

If only, they mused, it were possible for Alice and Bob to cast a
spell that would magic up a key—the same key—in the security
of their own homes.

They could then use it to converse, safe in the knowledge that
the nefarious Eve could not listen in.

Again a key can always be coded in terms of numbers, indeed a
single number will suffice, provided it is big enough. Therefore
their search was for a way for Alice and Bob to
communicate just enough information for them to create
the key number in their secure environments.
Secure Cipher Key

The approach involved a process that was assumed to lie in the public domain.

However, each of Alice and Bob have their own secret ingredient that is never
revealed to anyone at all, not even one another.

Somehow they must change just enough information to cook up the same
cipher key, which will then be the basis of further secure communication.

Eve will know Alice and Bob’s methods and eavesdrop on all their insecure
dialogue yet, despite having massive intellectual resources and computing
power at her disposal, she will not be able to reproduce the key to Alice and
Bob’s communications.

(Put in this light, we can understand why governments the world over are not
keen on just anyone having access to such good ciphers.)
Diffie-Hellman approach

The Diffie-Hellman approach is
conceptually simpler than the
doubly padlocked box as it
involves enciphering but no
deciphering to create the key
– locking but no unlocking,
making the process only half as
complicated. Impossible, we may
think, but what may sound far
fetched can be made more
plausible by means of another
simple metaphorical example.
Paint Can Example
As their secret key, Alice and Bob are going to manufacture an exact colour
1. Each takes one litre of white paint and mixes it with another litre of paint of
a colour that only they know: Alice might use her own secret shade of scarlet,
Bob his own peculiar blue.
2. They then arrange a rendezvous to exchange paint cans: Alice handing Bob
two litres of pink paint, Bob giving Alice a two-litre pot of pale blue. They
may even taunt their relentless adversary Eve by inviting her to their tryst and
giving her an exact replica of each of the two-litre cans of colored paint.
3. Alice and Bob return home. Alice takes Bob’s can and mixes with it one
litre of her special scarlet paint. At the other end, Bob mixes in a litre of his
blue into the can that Alice gave to Bob. Both Alice and Bob now have three-
litre mixtures of a particular shade of purple, consisting of 1 litre each of white,
scarlet, and blue, and it is this exact shade that is the secret key to their cipher.
But what about Eve?
Eve on the other hand is left holding the cans and is stymied. She cannot
unmix the paint to find out the exact shades of scarlet and of blue that Alice
and Bob have used.

Even more frustrating, even though she has the two-litre mixtures of red &
white, and of blue & white, it is not possible for her to create from them a
paint mixture in which the ratios of white to red to blue are 1 : 1 : 1, which is
what she wants to do in order to create the exact shade of purple she needs
that represents Alice and Bob’s key. (This is because whatever mixture she
concocts from the two cans will always be half white.)

Importantly this was all done without any deciphering on the part of Alice
and Bob (they didn’t need to unmix paint). Indeed the common key they
have created did not even exist until after each had returned to their own
secure environment to conjure it up. If only Alice and Bob could talk with
paint, then the key exchange problem would truly be solved!
Getting close now…..

• Diffie and Hellman had a good idea but the challenge was to
produce a mathematical version of the paint mixing exchange.

• Crucially, the operations involved must commute with one
another: when mixing paint, the final outcome depends only on
the ratio of the colours we use and not on the order in which the
paints are mixed together.

The enciphering processes must likewise be able to slip past one
another to produce the same overall effect.
A potential way?

One method that might occur to Alice and Bob would be to base their secret
cipher on a power of 2 (not necessarily integral). For example….

1.   Alice selects as her secret number a = 1.71 while Bob chooses b = 2.92.

2. Alice then sends to Bob (and presumably Eve) 2a = 3.2716082, while Bob
sends Alice, 2b = 7.5684612.

3.   Alice and Bob then create the secret cipher based on the number 2ab .

4. In Alice’s case she takes the number Bob sent her and raises it to the
power a to find that (2b)a = 2ba = 31.849526. Bob likewise creates
the same number by taking Alice’s given number 2 , and raising it to the
power b to get (2a)b = 2ab = 31.849526.
….Eve again….

• Since the operations of exponentiating to one power and then another do
commute, Alice/Bob have created the same key to their cipher code.

• But what of Eve? She has intercepted the values of both 2a and 2b and
needs to find the value of 2ab to be able to decipher Alice and Bob’s future
conversations.

• Unfortunately for Alice and Bob, if Eve is any sort of mathematician, she will
be able to find the values of both a and b and then the required 2ab with ease.

• Nonetheless, the idea of repeated exponentiation was successfully used by
Diffie and Hellman to allow Alice and Bob to use a method akin to this to
create a mutual key that any outsider could recreate only with the utmost
difficulty. Their method exploited the added ingredient of modular arithmetic.
Lets try another way….

Once again Alice and Bob choose a base number, for the purposes of the example
we take it to be 2, and once again Alice and Bob choose one number each
known only to them personally.

This time we even insist that they select ordinary positive integers: let us say Alice
chooses a = 7 and Bob goes for b = 9.

However there is now to be an extra ingredient, another number p , which is also
assumed to lie in the public domain: let us suppose that p = 47. Alice now
computes 2a as before but this time the number she transmits is the remainder
when this number is divided by p .

In this case she finds 27 = 128 = 2 × 47 + 34, so the number 34 is sent over an
insecure channel to Bob. Similarly Bob computes 2b = 29 = 512 = 10 × 47 + 42, and
transmits 42 to Alice.
Simple Key Encryption

• What Alice now does in the security of her own home is calculate the
remainder when 42a is divided by p , while Bob calculates the remainder
when p is divided into 34 .

• Alice and Bob will both end up with the same number, the same key, as
in each case the net result will be the remainder when 2ab is divided by p.

• Alice will find that the remainder when 427 is divided by 47 is 37, and so
will Bob when he divides 349 by 47.

• Alice and Bob have now created a shared key, the number 37.
Simple Key Encryption

• Eve on the other hand is left frustrated.

•Her mathematical problem is this; she does not know the values of a or b
but she does know that 2a and 2b leave respective remainders of 42 and 34
when divided by 47.

• The key is to find the remainder when 2ab is divided by 47.

• This is much more difficult than her previous problem that involved no
arithmetic of remainders.
Simple Key Encryption
• In the original attempt where Alice and Bob exchanged powers of 2, Eve would
have little difficulty homing in on the actual values of a and b.

• Given that 2a = 3.2716082 we see immediately that a must be between 1
and 2 and Eve can play the higher-then-lower game to approximate the value of
a better and better.

• She would test the values a = 1.5, 1.6, 1.7, 1.8 and discover that 21.7 < 2a < 21.8 ,
telling Eve that a = 1.7 . . . . Then she would continue the hunt in the
second decimal place and soon discover that Alice used a = 1.71.

• In the same way, Eve would soon know Bob’s secret number was b = 2.92 and
she would be away.
Simple Key Encryption
• However, by contrast, the remainder when higher and higher powers of a
are divided by a fixed number p behaves much more erratically, rendering
this approach useless.

• In reality there is not much alternative to testing all the possible keys and
this Eve can try: she can compute 21 , 22 , · · · and find the remainder when
each is divided by 47 until she hits on a value that matches the remainder
when Alice’s 2a is divided by p = 47.

•Then she could calculate the value of the key in the same way that Alice
did and Eve will have breached the security of Alice and Bob.

• In our little example, this approach is clearly possible but in practice,
Alice and Bob can use numbers so large that this approach becomes
infeasible.
Simple Key Encryption

• Roughly speaking, unless Eve has access to much, much stronger
computational power than Alice and Bob, Eve will not be able to break
into the key for a very, very long time. She will have to give up and try
another approach.

• And there are other evil things for Eve to contemplate. In her
frustration she may try to mislead Alice and Bob by sending messages of
her own purporting to come from them.

• Alice and Bob still need to be on their guard.
Public Key Encryption
• The Diffie-Hellman key exchange was an exciting development but a fresh
ideas was still needed, the reason being that the manner in which security
codes are used, for example on the internet, is very different from the
traditional use, something that might not be clear at first glance.
• e.g. when a customer entrusts their personal details to an internet
provider, address, phone, credit card number and so forth, they need to be
sure that this information will not be intercepted and transferred elsewhere.

• The safe transfer is effected through the sensitive information being
enciphered.

• However, customers know nothing of this cipher so how is this done?

• It comes as no surprise to learn that this is carried out automatically on the
customer’s behalf—the buyer need have no knowledge of the code being
used and may not be even be aware of its existence.
Public Key Encryption
• There is potentially a big problem with this.

• The encoding has to be done before transmission, otherwise there is no point
and no security.

• This means that the enciphering process lies in the public domain.

• It may not be readily visible to the consumer, but it is present in the system to
which the general public have access, so it cannot be regarded as secure.

• If an unscrupulous party gains access to the enciphered transmissions, and also
knows how to encipher the message, surely it will not be too hard to reverse the
process and decipher the original message.

• This would be disastrous and make all such transactions insecure, rendering
confidential internet traffic an impossibility.
Public Key Encryption
• For example, if the enciphering process was a Vigenère cipher of some kind,
perhaps even a one-time pad, and the enciphering pad was accessible then the
interceptor could decipher the message just as easily as the proper receiver.

• Surely once Eve knows how to encipher messages, she will be able to decipher
them as well, and undermine the system.

• This would certainly be the case with all the codes that we have introduced to
this point. The problem calls for a new way of doing things.

•What is required is to devise a code for Alice, which she can place in the public
domain so that anyone can use it to send her messages but, somehow, she is still
the only one who can decipher the coded message—the ‘public’ key is one that
can lock, but not unlock the vessel containing her secret.

• No so called Public Key Cryptosystem is possible until a solution to this
problem is found.
Public Key Encryption

• Finally……we are there
Public Key Encryption
• In 1970’s a number of people hit on this and realized its potential
importance.

• However, to bring the idea to fruition involved the invention of a
trapdoor function. Each user would need such a function f that would
be in principle available to everyone who could then calculate its values f
(x ).

•However, the owner of the function, Alice, would know something vital
about it that allowed her to decipher and recover x from the value of f (x ).

•What is more, other people, even though they knew how to calculate f (x
), must not be able to deduce this key piece of information however
hard they try.

…………….This seemed a tall order.
Public Key Encryption

• Nonetheless, it was achieved by Clifford Cocks soon after joining the British
Intelligence organization GCHQ in Cheltenham in 1973. After being
introduced to the idea of public key cryptography by his colleagues he
invented a suitable system in about an hour.

• He used his knowledge of Number Theory to devise a suitable
trapdoor function with the required one-way property: given x , anyone
could calculate f (x ) but given f (x ), it was near impossible to recover the
number x unless you were in on the secret of its structure.

• The mathematics that Cocks exploited was pure mathematics and, it seems,
no-one but a pure mathematician would ever have come up with it.

• His method is the basis of today’s public key cryptography.
Public Key Encryption

• Unfortunately, Cocks worked for a secretive government organization so
his great breakthrough was never released into the public domain.

• Instead, the same ideas were stumbled on and exploited by a number of
mathematicians and computer scientists working in the USA a few years
later.

•The names usually associated with the discovery and development of
public key cryptography are Diffie, Hellman and Merkle along with Rivest,
Shamir and Adleman from whose initials the name RSA codes derives.
Public Key Encryption

• The idea of a trapdoor function is the key to it all but having the idea is
not enough.

• Those who became enmeshed in the search for a suitable trapdoor cast
around wildly, devising all forms of fantastical procedures in the search for
this their Holy Grail.

• However, by far the strongest candidate that has been devised so far, and
the one on which nearly all commercial encryption is currently based,
is that of Clifford Cocks and rests upon the observation that it is
exceedingly difficult in practice to find the prime factors of a very large
number even though, in principle, the problem is simple to solve.
Public Key Encryption

• The principal ingredient of Alice’s RSA private key is a very large pair of
prime numbers, p and q . (In real life these numbers are up to 200 digits in
length.)

• In order to use Alice’s public key however, Bob does not need p and q but
rather the product, n of these two primes: pq = n. This represents the first
step in the process.

• The next key step however is to invent a trapdoor function f (x ) that can
be calculated as long as we possess n but has the property that, given the
number f (x ), it is a practical impossibility to recover x without the two
magic numbers p and q .

• Practical experience had shown that recovering p and q from n took a
prohibitive amount of computing power.
Public Key Encryption
• However, taking the next step, finding a suitable function f (x ), required both
diabolical cunning and familiarity with the theory of numbers.

• …This was revolutionary…. as it completely contradicted the received
wisdom as to what constituted applicable mathematics.

•Pure number theory was a field regarded as most useless areas of maths…

• The maths that Cocks and the others used is based on the Euler totient
function which is centuries old…

• Today the RSA program is the most used piece of software on Earth and it is
squarely based on the ideas of Euclid, Fermat and Euler and arguments of Cocks.

•Mathematical ideas are often centuries ahead of their own era but when
their time arrives, their impact can be revolutionary.
How Clifford Proceeded

• Since any message can be translated into a string of numbers, the problem
comes down to how Bob may securely send a particular number, let us call it
M for message, to Alice without Eve finding out its value.

•Alice’s private key is based on two prime numbers, p and q that only she
knows.

•In this toy example, which is quite representative of the real situation, we shall
use the small primes p = 23 and q = 47.

• The publicly known product of these two numbers is n = 23 × 47 = 1081.

•(In practice of course, p and q are huge and in any case all this is happening
behind the scenes and is done invisibly on behalf of any real life Bob and
Alice.)
Public Key Encryption
• The approach is to mask the value of M using modular arithmetic, that is to
say clock arithmetic in this case based on a clock whose face is numbered by 0,
1, 2, · · · , n -1.

• What Alice leaves in the public domain is the number n and also another
number, e for encoding messages meant for her.

• What Bob sends to Alice is not of course M itself (for if he did then Eve
would be liable to overhear) but rather the remainder when Me is divided by n.

• For example, if Bob’s message was M = 77 and if the encoding number that
Alice tells people to use is e = 15, then Bob, or rather his computer,
would calculate the remainder when 7715 was divided by n = 1081. This
remainder turns out to be 646.
• Your calculator will complain bitterly over the size of the numbers involved. )
Public Key Encryption

And so Bob sends to Alice his disguised message in the form of the enciphered
message 646.

Eve will presumably intercept this message and know that Bob’s message is
encoded as 646 when using Alice’s public key which she knows as well as
anyone consists of n = 1081 and e = 15. But how can the original message be
teased back out?

For Alice, who knows that 1081 = 23 × 47, this is quite straight-forward. For,
once in possession of the prime factors of n, it is possible to determine a
decoding number d which is found using the values of p , q and e .

It turns out in this case that a suitable value for the decoding number is d =
135. Alice’s computer then works out the remainder when 646135 is divided by
n = 1081, and the underlying mathematics ensures that the answer will be the
original message M = 77.
RSA Key Ingredient

A key ingredient in the method is the value of the number (p - 1)(q - 1), which
is denoted by φ(n), and in this case we see that φ(1081) = 22 × 46 = 1012.

The encoding number e that Alice chooses in her public key cannot be
completely arbitrary but must have no factor in common with φ(n).

The prime factors of 1012 are seen to be 2, 11 and 23 so that e must not be a
multiple of any of these three primes. This is only a very mild restriction and
Alice’s particular choice of e = 15 = 3 × 5 is perfectly all right.

The decoding number d is chosen, and this is always possible, so that the product
ed leaves a remainder of 1 when divided by (p - 1)(q - 1).

The message number M itself needs to be less than n but in practice this is no restriction as the size
of n in real applications is so monstrous it can accommodate all the values of M enough to cover any
real message we would ever wish to send.
Public Key Encryption

To see all this in action we may illustrate with an example featuring
even smaller numbers that the one earlier.

For instance let us take p = 3 and q = 11 so that n = pq = 33 and φ(n) =
(p - 1)(q - 1) = 2 × 10 = 20.

Alice then publishes n = 33 and suppose she sets e = 7, which is permissible, as 7
has no factor in common with 20.

The number d then has to be chosen so that ed = 7d leaves a remainder of 1
when divided by 20.

By inspection we see a solution is d = 3, for then 7d = 21.
Public Key Encryption

Now Alice has her little RSA cipher all set up.

If Bob wants to send the message M = 6, then he computes Me = 67 = 279,
936, divides this number by 33 to find that the remainder is 30, and so
Bob would send the number 30 over an open channel.

Alice would receive Bob’s 30 and decipher its real meaning by calculating 303
= 27, 000.

Division by n = 33 then gives her 27, 000 = 33 × 818 + 6.

Again it is only the remainder 6 that is of interest as that is Bob’s plaintext
message.
Another sample Example

Remember again, that this example uses small numbers, but in a
real situation, the numbers are very large. Assume that g = 7 and p =
23. The steps are as follows:

1.   Alice chooses x = 3 and calculates R1 = 73 mod 23 = 21.
2.   Bob chooses y = 6 and calculates R2 = 76 mod 23 = 4.
3.   Alice sends the number 21 to Bob.
4.   Bob sends the number 4 to Alice.
5.   Alice calculates the symmetric key K = 43 mod 23 = 18.
6.   Bob calculates the symmetric key K = 216 mod 23 = 18.
7.   The value of K is the same for both Alice and Bob;
gxy mod p = 718 mod 35 = 18.
Public Key Encryption

For the time being, RSA encryption is effective and safe but there are
still ways in which Eve may try to sow seeds of confusion and that must be
guarded against.

It is true that Bob may now send messages to Alice safe in the
knowledge that only she can understand them.

But how is Alice to know that the message really comes from Bob and not
some imposter - Eve, (who we always assume is hideously intelligent and
does nothing all day except hatch plots to make life a misery for Alice and
Bob) who can easily send messages of her own to both Alice or Bob, claiming
that they come from the other?
Digital Signatures

However, Bob can authenticate his messages to Alice using his own private
key and Alice should not trust any message purporting to come from Bob
unless it contains this so-called digital signature.

The way Bob proceeds is as follows.

1. He writes his personal message to Alice in plaintext in his own home.
2. He then takes some personal form of identification, let’s call it I ,
which could be his name perhaps together with some other personal
details, and treats it as if it were an incoming message—that is to say he
decrypts I , using his own private key, to form a string of gibberish we
shall call B¬(I).

The notation here is meant to convey the idea that Bob is inverting the
normal procedure in that he is ‘deciphering’ the string I with his own
private key instead of enciphering it with a public key.
Digital Signatures

This is not secure, on the contrary, anyone who suspects that B¬(I) comes
from Bob can verify this by using Bob’s public key, and this is the whole point.

When Alice finally receives Bob’s message she will take this meaningless
looking string and feed it into Bob’s public key B to retrieve B (B¬(I) ) = I
again.

Alice will then know the message truly came from Bob, as only he has the
power to create the string B¬(I) .
Digital Signatures

In full, Bob’s computer executes the following tasks on his behalf. It
takes Bob’s plaintext message, M , along with his digital signature, B¬(I), and
encrypts it using Alice’s public key.

The encrypted message is then sent to Alice who is the only one who can
decrypt it to recover M and B¬(I) . Finally Alice’s machine will recover I using
Bob’s public key, which tells her that the origin of the incoming message really
is Bob and no-one else.

Eve is left impotent with rage. She certainly cannot get into the message
sent by Bob as she lacks Alice’s private key, so she will not even be
able to see the digital signature B¬(I) that Bob has used as authentification.
She can send messages to Alice using Alice’s public key, but if Alice’s
computer system is vigilant it will reject them as they will lack the
authentification of Bob or any of Alice’s confidantes
Symmetric Key Recap

Alice and Bob can create a session key between
themselves without using a KDC.

This method of session-key creation is also referred to
as the symmetric-key agreement.
Diffie-Hellman method
The symmetric (shared) key in the Diffie-Hellman
method is K = gxy mod p.
Let us give a more realistic example. We used a program to create a
random integer of 512 bits (the ideal is 1024 bits). The integer p is a
159-digit number. We also choose g, x, and y as shown below:
The following shows the values of R1, R2, and K.
Diffie-Hellman Visualised
Man-in-the-middle attack
Station-to-station key agreement method
Public Key Conclusion

Eve cannot interfere with communications between Alice & Bob, nor can she
even talk to them herself. Eve is firmly locked out of Alice and Bob’s world.
It seems that the pythagorean dictum that ‘All is Number’ reigns supreme in
the world of secure communications.

But is this a temporary state of affairs?
…..see-saw battle between the codemakers and breakers has a long history
whereby the cipher makers for a time seem invulnerable, only to have the
tables turned in dramatic fashion by the code breakers.

Eve may, and probably soon will, increase her computing capacity many times
over, allowing her to crack current private keys in quick order.
However, Alice and Bob will not be standing still and, just by finding ever
larger primes (after all, Euclid showed us they never run out) will be able to
keep Eve at bay with relative ease.
Public Key Infrastructure (PKI)

PKI is a set of hardware, software, people, policies, and procedures needed to
create, manage, distribute, use, store, and revoke digital certificates.

In cryptography, a PKI is an arrangement that binds public keys with respective
user identities by means of a certificate authority (CA).

The user identity must be unique within each CA domain.

The binding is established through the registration and issuance process, which,
depending on the level of assurance the binding has, may be carried out by
software at a CA, or under human supervision.

The PKI role that assures this binding is called the Registration Authority
(RA).
Public Key Infrastructure (PKI)

The RA ensures that the public key is bound to the individual to which it is
assigned in a way that ensures non-repudiation.
The term trusted third party (TTP) may also be used for certificate authority
(CA). The term PKI is sometimes erroneously used to denote public key
algorithms, which do not require the use of a CA.
There are three main approaches to getting this trust: Certificate Authorities
(CAs), Web of Trust (WoT), and Simple public key infrastructure (SPKI).
The primary role of the CA is to digitally sign and publish the public key
bound to a given user. This is done using the CA's own private key, so that
trust in the user key relies on one's trust in the validity of the CA's key.
The mechanism that binds keys to users is called the Registration Authority
(RA), which may or may not be separate from the CA. The key-user binding
is established, depending on the level of assurance the binding has, by software
or under human supervision
PKI

..
Steganography

Steganography refers to hiding a secret message inside a larger message in
such a way that someone unaware of the presence of the hidden message
cannot detect it.
Steganography in terms of computer data works by replacing useless or
unused data in regular files (such as images, audio files, or documents)
with different, invisible information. This hidden information can be plain
text, encrypted text, or even images
This method is useful for those who wish to avoid it being known that
they are sending private information at all; with a public key encryption
method, although the data is safe, anyone viewing it will be able to see
that what is transferring is a private encrypted message
With steganography, even this fact is kept private, as you can hide a
message in a simple photograph, where no one will suspect its presence.
Cryptography

• Cryptography and steganography are different however.

• Cryptographic techniques can be used to scramble a
message so that if it is discovered it cannot be read. If a
cryptographic message is discovered it is generally known to
be a piece of hidden information (anyone intercepting it will
be suspicious) but it is scrambled so that it is difficult or
impossible to understand and de-code.

• Steganography hides the very existence of a message so that
if successful it generally attracts no suspicion at all.

• One reason not to feel too guilty about your bad password behaviour is that it
seems to be almost universal.

• An analysis of leaked pin numbers (2012) revealed that about one in 10 of us
uses "1234“

• A recent security breach at Yahoo showed that thousands of users' passwords
were either "password", "welcome", "123456" or "ninja".

•People choose terrible passwords even when more is at stake than their savings:
among military security specialists,

• It is well-known that at the height of the cold war, the "secret unlocking code"
for America's nuclear missiles was 00000000.

• Five years ago, Newsnight revealed that, until 1997, some British
nuclear missiles were armed by turning a key in what was
essentially a bike lock.

• To choose whether the bomb should explode in the air or on the
ground, you turned dials using an Allen key, Ikea-style.

• There were not any passcodes at all. Speed of retaliation, in the
event of an enemy attack, counted for everything.

This is where the length of your password makes an almost
unbelievable difference.

For a hacker with the computing power to make 1,000 guesses
per second, a five-letter, purely random, all-lower-case password,
such as "fpqzy", would take three and three-quarter hours to
crack.

Increase the number of letters to 20, though, and the cracking
time increases, just a little bit: it's 6.5 thousand trillion centuries...
Then there's the question of predictability.

Nobody thinks up passwords by combining truly random sequences of letters
and numbers; instead they follow rules, like using real words and replacing the
letter O with a zero, or using first names followed by a year.

Hackers know this, so their software can incorporate these rules when
generating guesses, vastly reducing the time it takes to hit on a correct one.

And every time there's a new leak of millions of passwords – as happened to
Gawker in 2010 and to LinkedIn and Yahoo this year – it effectively adds to a
massive body of knowledge about how people create passwords, which makes
things even easier.

If you think you've got a clever system for coming up with passwords, the
chances are that hackers are already familiar with it….lets examine further…

The average Web user maintains 25 separate accounts but uses just 6.5
passwords to protect them.

As the Gawker breach demonstrated, such password reuse, combined with
the frequent use of e-mail addresses as user names, means that once hackers
have plucked login credentials from one site, they often have the means to
compromise dozens of other accounts, too.

Newer hardware and modern techniques have also helped to contribute to
the rise in password cracking.

Now used increasingly for computing, graphics processors allow password-
cracking programs to work thousands of times faster than they did just a
decade ago on similarly priced PCs that used traditional CPUs alone.

Check out https://www.cloudcracker.com/
https://www.cloudcracker.com/

A PC running a single AMD Radeon HD7970 GPU, for instance, can try on
average an astounding 8.2 billion password combinations each second,
depending on the algorithm used to scramble them.

Only a decade ago, such speeds were possible only when using pricey
supercomputers.

The advances do not stop there. PCs equipped with two or more \$500 GPUs
can achieve speeds two, three, or more times faster, and free password cracking
programs such as oclHashcat-plus will run on many of them with little or no
tinkering.

Hackers running such gear also work in tandem in online forums (e.g.
http://forum.insidepro.com ), which allow them to pool resources and know-
how to crack lists of 100,000 or more passwords in just hours.

• Employers who insist on their staff changing passwords every 90 days probably
are not increasing security, and may be making things worse.

• The same goes for some of the password rules that your bank insists you
follow – no more than 12 characters, spaces not allowed etc

• Password hacking takes many different forms, but one crucial thing to
understand is that it's often not a matter of devilish cunning but of
bludgeoning with brute force.

• Take the example of a hacker who sneaks on to a company's servers and steals
a file containing a few million passwords.

• These will (hopefully) have been encrypted, so he cannot just log into your
account: if your password is "hello" – which of course it should not be – it
might be recorded in the file as something like
"\$1\$r6T8SUB9\$Qxe41FJyF/3gkPIuvKOQ90".

• Nor can he simply decode the gobbledegook, providing "one-way
encryption" was used. What he can do, though, is feed millions of password
guesses through the same encryption algorithm until one of them – bingo! –
results in a matching string of gobbledegook.

•…….Then he knows he's found a password.

• (An additional encryption technique, known as "salting", renders this kind of
attack impractical, but it's unclear how many firms actually use it.)

Most importantly, a series of leaks over the past few years containing more than
100 million real-world passwords have provided crackers with important new
insights about how people in different walks of life choose passwords on
different sites or in different settings.

The ever-growing list of leaked passwords allows programmers to write rules
that make cracking algorithms faster and more accurate; password attacks have
become cut-and-paste exercises that even script kiddies can perform with ease.

This \$12,000 computer, dubbed
Project Erebus v2.5 by creator
d3ad0ne, contains eight AMD
Radeon HD7970 GPU cards.
Running version 0.10 of oclHashcat-
lite.

It requires just 12 hours to brute
force the entire keyspace for
containing upper- or lower-any
eight-character password case letters,
digits or symbols.

It aided Team Hashcat in winning the
2012 Crack Me If You Can contest.

The most important single contribution to cracking came in late 2009, when
an SQL injection attack against online games service RockYou.com exposed 32
million plaintext passwords used by its members to log in to their accounts.

The passcodes, which came to 14.3 million once duplicates were removed, were
posted online; almost overnight, the unprecedented corpus of real-world
credentials changed the way hackers alike cracked passwords. Like many
password breaches, almost none of the 1.3 million Gawker credentials exposed
in December 2010 contained human-readable passcodes.

Instead, they had been converted into what are known as "hash values" by
passing them through a one-way cryptographic function that creates a unique
sequence of characters for each plaintext input.

When passed through the MD5 algorithm, for instance, the string "password"
(minus the quotes) translates into "5f4dcc3b5aa765d61d8327deb882cf99".
Even minor changes to the plaintext input—say, "password1" or "Password"—
result in vastly different hash values ("7c6a180b36896a0a8c02787eeafb0e4c"
and "dc647eb65e6711e155375218212b3964" respectively).

When processed by the SHA1 algorithm, the inputs "password", "password1",
and "Password" result in "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",

In theory, once a string has been converted into a hash value, it's impossible to
revert it to plaintext using cryptographic means.

Password cracking, then, is the practice of running plaintext guesses through the
same cryptographic function used to generate a compromised hash.

When the two hash values match, the password has been identified.

The RockYou dump was a watershed moment, but it turned out to be only the
start of what's become a much larger cracking phenomenon. By putting 14
million of the most common passwords into the public domain, it allowed
people attacking cryptographically protected password leaks to almost
instantaneously crack the weakest passwords.

That made it possible to devote more resources to cracking the stronger ones.

Within days of the Gawker breach, for instance, a large percentage of the
password hashes had been converted to plaintext, a feat that gave crackers an
even larger corpus of real-world passwords to inform future attacks.

That collective body of passwords has only snowballed since then, and it grows
ever larger with each passing breach. …more than 100 million passwords have
been published , either in plaintext or in ciphertext that can be readily cracked.

In the RockYou aftermath, everything changed.

Gone were word lists compiled from Webster's and other dictionaries that were
then modified in hopes of mimicking the words people actually used to access
their e-mail and other online services. In their place went a single collection of
letters, numbers, and symbols—including everything from pet names to
cartoon characters—that would seed future password attacks.

No longer this theoretical word list of Klingon planets and stuff like that

The list may crack 60 percent of a newly compromised website.

Now you have 60 percent of the work done and you have not done any
thinking at all. You have just used your previous knowledge.

Almost as important as the precise words used to access millions of online
accounts, the RockYou breach revealed the strategic thinking people often
employed when they chose a passcode.

For most people, the goal was to make the password both easy to remember
and hard for others to guess.

Not surprisingly, the RockYou list confirmed that nearly all capital letters come
at the beginning of a password; almost all numbers and punctuation show up at
the end.

It also revealed a strong tendency to use first names followed by years, such as
Julia1984 or Christopher1965.

Other complex passwords require similar manipulations to be cracked.

The RockYou list, and the hundred-millions-plus passwords that have
collectively been exposed in its aftermath, brought to light a plethora of other
techniques people employ to protect simple passcodes from traditional
dictionary attacks.

One is adding numbers or non-alphanumeric characters such as "!!!" to them,
usually at the end, but sometimes at the beginning.

Another, known as "mangling," transforms words such as "super" or "princess"
into "sup34" and "prince\$\$."

Still others append a mirror image of the chosen word, so "book" becomes

One promising technique therefore is to use programs such as the open-source
Passpal to reduce cracking time by identifying patterns exhibited in a statistically
significant percentage of intercepted passwords.

For example, as noted earlier, many website users have a propensity to append
years to proper names, words, or other strings of text that contain a single
capital letter at the beginning.

Using brute-force techniques to crack the password Julia1984 would require 629
possible combinations, a "keyspace" that's calculated by the number of possible
letters (52) plus the number of numbers (10) and raising the sum to the power
of nine (which in this example is the max number of password characters a
cracker is targeting).

Using an AMD Radeon HD7970, it would still take about 19 days to cycle
through all the possibilities.

Using features built into password-cracking apps such as Hashcat and Extreme
GPU Bruteforcer, the same password can be recovered in about 90 seconds by
performing what's known as a mask attack.

It works by intelligently reducing the keyspace to only those guesses likely to
match a given pattern.

Rather than trying aaaaa0000, ZZZZZ9999, and every possible combination in
between, it tries a lower- or upper-case letter only for the first character, and
tries only lower-case characters for the next four characters. It then appends all
possible four-digit numbers to the end.

The result is a drastically reduced keyspace of about 237.6 billion, or 52 * 26 *
26 * 26 * 26 * 10 * 10 * 10 * 10.

An even more powerful technique is a hybrid attack. It combines a word list
with rules to greatly expand the number of passwords those lists can crack.

Rather than brute-forcing the five letters in Julia1984, hackers simply compile a
list of first names for every single Facebook user and add them to a medium-
sized dictionary of, say, 100 million words.

While the attack requires more combinations than the mask attack above—
specifically about 1 trillion (100 million * 104) possible strings—it is still a
manageable number that takes only about two minutes using the same AMD
7970 card.

The payoff, however, is more than worth the additional effort, since it will
quickly crack Christopher2000, thomas1964, and scores of others.

With half the passwords in a given breach recovered, cracking
experts can use Passpal and other programs to isolate patterns that
are unique to the website from which they came.

They then write new rules to crack the remaining unknown
passwords. More often than not, however, no amount of
sophistication and high-end hardware is enough to quickly crack
some hashes exposed in a server breach.

To ensure they keep up with changing password choices, crackers
will regularly brute-force crack some percentage of the unknown
passwords, even when they contain as many as nine or more
characters.

It is expensive, but they do it to improve their model and keep up
with passwords people are choosing…Then, given that knowledge,
they can go back and build rules and word lists to effectively crack
lists without having to brute force all of them.

When they feed their successes back into your process, they just
keep learning more and more and more and it does snowball.
Rainbow tables

Hellman tables - compiled ahead of a password attack and worked by using
precalculated data stored on disk…. reduced the computing resources required
to crack a DES hash from about \$5,000 to just \$10…Oechslin proposed
refinements became known as rainbow tables.

Almost overnight, they changed the way people went about cracking large
numbers of password hashes. Like earlier time-memory tradeoffs proposed by
Hellman, the concept was simple.

Rather than asking a computer to enumerate each possible password in real-
time and compare it against a targeted hash, precalculated data was stored in
memory or on disk in a highly compressed form to speed up the process and
lower the computing needed to brute force huge numbers of hashes.

While earlier techniques had also tried this approach, they produced tables that
were unnecessarily large and therefore unwieldy for cracking passwords.
Rainbow tables

The genius of rainbow tables is a complex mathematical formula that expresses
virtually every possible password combination without requiring each one to be
stored in memory or on disk.

Each table targets a specific algorithm and keyspace, and it contains a collection
of chains.

Each chain starts with an arbitrary password on one side and ends with a single
hash value on the other end.

The beginning password is put through the algorithm to generate its hash, and
that value is then passed through one of many different "reduction functions"
to generate a new password guess.

The new password is then hashed.

The breakthrough was not just the speed with which the tables could crack
passwords; it was also their ability to crack almost every possible password as
long as it did not fall outside the targeted keyspace.

Rainbow tables are believed to get their name because each chain link uses a
different reduction function, but all chains follow the same pattern—much as
each color in a rainbow is different but all rainbows follow the ROYGBIV
pattern.

The space savings alone are huge. Storing a table of every possible 10-character
password with only lowercase letters, along with its corresponding MD5 hash,
would require about 3,108 terabytes of disk space.

A rainbow table expressing 99.9 percent of those combinations, by contrast,
requires just 167 gigabytes.

In the era of Windows XP, when Microsoft's underlying LAN Manager
restricted password lengths to no more than 14 characters that at maximum
were converted into two seven-character passwords and that converted all
letters into uppercase, the results were devastating.

In 2003, hackers released Ophcrack, an open-source program that used
rainbow tables to crack most Windows passwords in just minutes. Even more
powerful cracking applications quickly followed.

CloudCracker for instance is a service that takes about 20 minutes to check a
WiFi password against 300 million possible words.

The huge advances in GPU-assisted password cracking have diminished much of
the advantages of rainbow tables, however.

Passwords with 6 or fewer characters can be brute-force cracked with less fuss
using GPU-powered computers, while passwords longer than 9or 10 characters
require rainbow tables with unwieldy file sizes. That leaves only a small sweet spot
of 7or 8 characters where rainbow tables are especially useful these days.

Still, the tables maintain their status as a useful, if niche, tool for some hackers.
Witness Free Rainbow Tables, a project that allows volunteers to donate spare
computer cycles to generate publicly available tables that crack hashes returned
by algorithms including SHA1, MD5, and NTLM. Its organizers have already
amassed six terabytes worth of data.

With the participation of more than 3,900 volunteer computers, Free Rainbow
Tables adds an estimated 36 megabits of table data every second…

An updated version of LAN Manager known as NTLM was introduced lowering
the susceptibility of Windows passwords to rainbow table attacks, but did not
eliminate the risk. To this day, the authentication system still does not apply
cryptographic "salt" to passwords to render such attacks infeasible.
Salting appends several unique characters to each account password before
running it though a cryptographic function, a process that blunts the value of
rainbow tables and other types of precomputed attacks.
A 16-bit salt, for example, requires 65,535—or 216—separate tables to be
defeated. A random salt of 32 bits makes rainbow table attacks even more
impractical by pushing the number of tables required to more than four billion.
(The salt must be saved for each user and is usually stored beside the user name
and password hash, so the information is available during each user login.
Salt is rarely kept apart from the hash. Even when known, its virtue lies in its
uniqueness, which defeats pre-computation of results.)

In addition to making rainbow-table attacks infeasible, salting can also
significantly add to the resources required to carry out more traditional
cracking attacks, since it ensures that each stored hash is unique even if two
users choose the same passcode.

That, in turn, requires each hash in a compromised table to be cracked
separately, even if they mask one or more identical plaintext passwords.

Despite the benefit of the technique, and the relative ease of implementing it, a
surprising number of websites—including LinkedIn, Yahoo, and eHarmony—
didn't use it when they were recently breached. Hashes derived from NTLM,
because they never use salting, are among the easiest to crack.

To the detriment of millions of users, going without salt is only one of the
many sins that popular websites routinely commit against password security.
No, SHA1 is not a secure hashing
algorithm

A large percentage of the sites that fall prey to password breaches
commit another error that further diminishes the protection of
hashes: they use algorithms that were never designed to protect

That is because SHA1, DES, and MD5 were designed to convert
plaintext into hashes extremely quickly using minimal computing
resources, and this is exactly what people running password
cracking programs want most.

(NTLM, which still uses MD4, is also highly susceptible to
cracking.)

For instance…..it took security researcher Jeremi Gosney six days to crack
more than 90% of the 6.5 million SHA1 hashes exposed in LinkedIn breach.

He recovered a fifth of the plaintext passwords in just 30 seconds. In the
following two hours, he cracked another one-third of them. One day into the
exercise, he had recovered a total of 64 percent, and in the five days that
followed he cracked another 26 percent.

A key part of his success—besides his 500-million-strong word list and a
computer equipped with four AMD Radeon HD6990 graphics cards—was the
decision by LinkedIn engineers to hash passwords using SHA1.

The algorithm uses a single cryptographic iteration to convert plaintext,
allowing Gosney's system to cycle through more than 15.5 billion guesses per
second.

By contrast, algorithms specifically designed to protect passwords are
engineered to require significantly more time and computation to convert
plaintext into hashes.

For instance, SHA512crypt, which is included in Mac OS X and most Unix-based
operating systems, passes text through 5,000 iterations, a hurdle that would
have limited Gosney to slightly less than 2,600 guesses per second.

The Bcrypt algorithm is even more computationally expensive, in large part
because it subjects text to multiple iterations of the Blowfish cipher that was
deliberately modified to increase the time required to generate a hash.

PBKDF2, a function built into Microsoft's .Net software developer framework,
offers similar benefits.

These computationally expensive functions require increased server processing,
of course.

This can increase the strain on Web servers and could even open them up to
new types of DoS attacks but the benefit in improved security largely outweighs
the investment.

Had LinkedIn engineers used Bcrypt, for example, Gosney would have been able
to make fewer than 1,750 guesses per second.

If the LinkedIn passwords had been hashed using bcrypt, he never would have
been able to crack 90 percent of them ….. The number of attacks he had to
run, combined with the sophistication of the attacks he had to run to get many
of the passwords [more than] 15 characters, would have taken literally centuries
to finish. Any hacker would have given up after about a week.

Even powerful computation engines have trouble cracking longer passwords
using brute force.

Assuming such an attack checks for all combinations of all 95 letters, numbers,
and symbols available on a standard English-language keyboard, it takes a
matter of hours for a desktop computer with an Intel Core i7 980x processor to
brute-force crack any five character password.

Increasing the password length by just one character requires about a day;
bumping the length by one more character, though, dramatically increases the
cracking time to more than 10 days.

This limitation is known as the "exponential wall of brute-force cracking."

..

Brute-force cracks work well against shorter passwords. The
technique can take days or months for longer passcodes, even when
using Amazon's cloud-based EC2 service.
Adding a GPU card to a system helps, but not as much as many might imagine.
An AMD Radeon 6970 still needs more than 10 days to brute force a seven-
character passcode. And the wall barely budges even when significantly more
powerful resources are brought to bear. Using an Amazon EC2 cloud system
that combines the horsepower of more than 1,000 individual GPUs, it still
takes about 10 days to brute-force an 8 character password.

The exponential wall rarely impedes most password crackers. As demonstrated
by the RockYou dump, the typical person is notoriously sloppy when choosing
a passcode. A full 70 percent of them contained eight characters or less.

Only 14 million of the 32 million total were unique, showing that a large
percentage of passwords are duplicates.

It is estimated that 66 percent of entries from the typical unsalted hash list can
be cracked by a single person in less than two days.

Therefore it is important that a password not already be a part of the corpus of
the hundreds of millions of codes already compiled in crackers' word lists, that
it be randomly generated by a computer, and that it have a minimum of nine
characters to make brute-force cracks infeasible.

Since it is not uncommon for people to have dozens of accounts these days, the
easiest way to put this advice into practice is to use program such as 1Password

Both apps allow users to create long, randomly generated passwords and to
store them securely in a cryptographically protected file that's unlocked with a

Using a password manager to change passcodes regularly is also essential.

The least hackable password, then, would be a long string of
completely random letters, numbers, spaces and symbols – but
you would never remember it.

However, because length matters so much, the surprising truth is
that a longish string of random English words, all in lower case –
say, "awoken wheels angling ostrich" – is actually much more
secure than a shorter password that follows your bank's annoying
rules, such as "M@nch3st3r". And easier to remember:

You've already formed a memorable image of some noisy wheels
waking up an ostrich fishing by a riverbank, haven't you?

A related weakness in account recovery was also to blame for a vicious hacking
assault on the Wired magazine writer Mat Honan in August.

Hackers managed to commandeer his Google account, send racist messages
under his name on Twitter and remotely wipe all the data on his laptop, phone

All this happened, one of the hackers later told Honan via online messages,
because Amazon's customer services line was happy to give out the last four
digits of his credit card number – which was what Apple's customer services
needed in order to reset access to his Apple iCloud account.

hacking/all/

Some websites will let you use a passphrase, like the one about the
angling ostrich.

But many will not – and in those cases, several security experts
agree, you should defy your bank and write them down.

Their logic is simple: when you know you cannot commit
something to paper, you keep it simple, so you end up choosing

(The same applies to the advice – sometimes a requirement – to
change your password regularly: the more passwords you have to
remember, the more pressure to choose easy ones.) “

I have 68 different passwords," a Microsoft security specialist named
Jesper Johansson told a conference several years ago. "If I am not
allowed to write any of them down, guess what I am going to do? I am
going to use the same password on every one of them."

The cryptographer Bruce Schneier, another advocate of writing down
passwords, points out that most of us are pretty good at maintaining the
security of small scraps of paper.

Whether you can trust your spouse, or your housemates, is the kind of
security calculation you are qualified to make.

Whether your bank account might be at risk from a Russian hacking
collective really isn't.

One problem with this however…..

If somebody swipes money from your account, you will have a
harder time getting it back if you are deemed to have been

You could have the most difficult-to-interpret password in the
world, but if you tell someone else what it is, you have blown it.

LastPass is a free online password manager and Form Filler that makes your web
browsing easier and more secure.

You can import from most major password storage vendors (such as
TurboPasswords, and Passpack) and export too.

LastPass captures passwords that other managers won’t including many AJAX
forms, and allows you to make strong passwords easily.

Your sensitive data is encrypted _locally_ before upload so even LastPass cannot

One Time Passwords, Screen Keyboard, and Grid multi-factor help protect your
account.

It's not a perfect solution.

LastPass is secure to an almost problematic degree: since it conducts all its
encryption and decryption on users' own computers, my master password is
unknown to the company, which means no one will be able to help you should
you forget it.

(There's no recovery process based on security questions, either.)

And so – yes – you may need to write it down, in coded form, on a scrap of
paper, which you should carefully hidden.

(but try to memorise it instead…..)

Remember – There is no such thing as total security, let alone total security
plus total convenience, but this feels like a workable compromise.
Can you trust browsers
Can you trust browsers with passwords?

can be convenient, but it poses some security risks.

How much of a risk depends on which browser you are using, whether you sync
with other devices, and whether you are using any of the browser's extra
security features.

We look next at the main vulnerabilities in some of the most popular
browsers—Internet Explorer, Google Chrome, and Mozilla Firefox—and ways
you can protect against those weak spots
Can you trust browsers with passwords?

Some browsers let you (or, potentially, thieves) view a list of your saved login
credentials, including the site, username, and password.

And for those that do not, utilities like WebBrowserPassView can easily let you
compile a list of them.

This is handy if you forget a password or you want to evaluate all your
passwords, but it is problematic if an intruder uses such software on your
computer.

Another way you (or thieves) can recover saved passwords is by using a utility
like BulletsPassView to reveal the password behind a masked password field on a
webpage or window ….or do what I showed in class previously using simple
edits on the password field.
Internet Explorer 9

Internet Explorer 9 offers the most basic password-saving functionality of the
browsers covered. Its AutoComplete feature can also remember your name,
address, and other data you type into Web forms or search fields. It doesn’t
provide a way for you to view saved passwords from within the browser settings: It
only allows you to change the main settings and delete AutoComplete history.

Not being able to view a list of the passwords can help prevent casual snooping.
And even though you can still log in to sites the browser saved the password for,
you can’t by default view the password itself however, a determined hacker can
use a utility to see a list of all your saved passwords or to reveal the actual
characters behind the password field on a login page.

Internet Explorer 9 does not offer a native synchronization feature to keep your
settings and saved data synced across computers or devices, but, from a security
standpoint, at least that’s one less security risk you have to worry about.
Internet Explorer 10

Internet Explorer 10 in Windows 8 will provide new password saving and
syncing features, but it’s not yet clear if they will be available when you use
Windows 7.

Some tests in the Release Previews of Internet Explorer 10 and Windows 8,
found that you can view and manage saved browser passwords using the
improved Credential Manager in the Control Panel.

And for security, before you can view the actual saved passwords you must
reenter your Windows account password, which can help prevent casual
snooping by others.
Can you trust browsers with passwords?

Windows 8 will also offer a new synchronization feature that lets you sync
passwords for apps, websites, and networks—in addition to Windows settings
and preferences—across your other Windows 8 computers and tablets.

For security reasons, before you sync your passwords with a new computer or
tablet, you must log in to a Microsoft site and approve the new device.

And if you have specified a mobile number on your Microsoft account
beforehand, you'll get a confirmation code texted to your mobile phone that
you must enter on the Microsoft site before the trust is granted and passwords
are synced.

Google Chrome provides a more feature-rich password-saving feature than
Internet Explorer does, as well as an autofill feature that can also keep track of
your credit card details. But while these can be great time-saving features, they
also pose more security risks.

Chrome lets you—or a thief for that matter—browse through the list of saved
usernames and passwords (alphabetized by site name) or enter the site name
into the search field to filter the list.

For privacy, Chrome masks each saved password with asterisks, but you can click
the entry and press the Show button to reveal the actual password. You can also
change the password, but unfortunately Chrome does not sense password
changes, so it will not prompt you when you log in to a site with a new
password. You must go to the saved password entry and update it manually.
Chrome

You can view a list of all saved addresses and credit card details, including the
name on card, the account number, and the expiration date. Chrome partially
masks your credit card numbers with asterisks, but you can click the entry and
then click Edit to reveal the full number. The only card detail not saved is the
card's security code, which is often—but not always—required to make
purchases.

Unfortunately, Chrome doesn’t offer a
master password feature like Firefox does in
order to protect all your passwords and credit
card details.

Thus, anyone who is logged on to your
Windows account can view all the saved
passwords and credit card details.
Chrome

Chrome offers a syncing feature to keep most of your settings and saved data
(including passwords, but not credit card details) synced across multiple
computers and devices, but this creates another security vulnerability.

By default, Chrome only requires you to enter your Google account password
to set up a new computer or device to sync your browsing data.

This is a great convenience; but if your Google account password is hacked, the
intruder can potentially access a list of all your passwords unless you set a
syncing passphrase, as we’ll discuss.
Chrome

To keep your saved passwords secured during syncing, Chrome encrypts them
when they travel from your computers or devices to Google's servers (and vice-
versa). You can also set the browser to encrypt all other synced data.

By default, Chrome uses your Google account password to encrypt and decrypt
the synced data, but you can enter another passphrase if you want to add an
extra layer of protection to your synced data.

When you set up Chrome to sync on a new computer or device, you'll need to
passphrase.
Firefox

Firefox offers advanced password-saving features that are even better than
Chrome's. But while Firefox doesn’t natively support saving credit card details,
at least that's one less security issue you need to worry about. As with Chrome,
you can browse, search, and remove saved passwords via the Firefox settings.
Can you trust browsers with passwords?

Though you cannot change the passwords in the settings, Firefox
automatically senses password changes you've made elsewhere and asks if
you want to update your password when you log on to a site with a
password that’s different than what’s saved on your PC.

Unlike Chrome, Firefox lets you set a master password to encrypt and
Can you trust browsers with passwords?

Firefox lets you set a "master password" to add an extra layer of security.
You must enter the master password the first time you use a saved password,
once per browser session.

Additionally, even though you enter the master password the first time, you
must always enter it before you can view saved passwords via the list in the
Firefox settings.

This is a great feature to help prevent casual snooping of your passwords, and it
even prevents most third-party utilities from recovering them.

Firefox can also sync your passwords, settings,
and other saved data among devices. Similar to
what Chrome provides, but by default Firefox
encrypts all synced data instead of just your
Can you trust browsers - Summary

Internet Explorer 9 helps prevent casual snooping—there is no list of saved
passwords in the settings—but it does not provide advanced security features to
prevent someone on your Windows account from using third-party utilities to

Google Chrome 21 allows anyone on your Windows account to view your list
of saved passwords and credit card details, so be careful who you let on. if you
sync your browsing data across multiple computers and devices, consider
turning on encryption of data and setting custom passphrase for double-
protection.

Firefox 14 also by default allows anyone on your Windows account to view
your list of saved passwords, but you can create a master password to encrypt
and protect them. And if you use the browser syncing feature, Firefox offers
great security.

Of the three browsers we reviewed, I’d choose Firefox for the best password
security thanks to its master-password feature, but I’m also eager to see the
Can you trust browsers - Summary

Of the three browsers reviewed, you could argue that Firefox has the best
password security thanks to its master-password feature, but it will also be
worth seeing the final version of Internet Explorer 10 for both Windows 7 and
8.
Conclusion

• Never save passwords or sync browser data on other people’s
computers.
• Try to use different passwords for each site—at least for banking and
other sensitive accounts.
• Create separate Windows accounts for each user, or at least for those
you don’t fully trust.
• For extended family or friends, utilize the Guest Windows account.
• Use a good antivirus program and keep it updated.
• Think about fully encrypting laptops, netbooks, and mobile devices.
• Look into third-party password-management services like LastPass or
KeePass.
Conclusion

```
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
 views: 12 posted: 11/3/2012 language: Unknown pages: 169