Why Do YOU Need Cryptography? By Brendan McKenna It's a good question, really. Why do you need to use cryptography? Like all good questions it has a lot of answers, which will be different according to the individual that's answering the question. What it all boils down to though, is one word -- privacy. With today's modern computer networks, it is no longer uncommon for people to have a computer on their desk, whether at home or at work. Usually, these computers are connected with other computers in some fashion or another. Whether it's simply a modem that is used to call the occasional BBS, or a LAN in an office or a service provider like CompuServe or America Online, or a direct Internet connection, most of us like to see what's going on with the rest of the world, exchange ideas, files, play games, or just browse around. If the computer you're using can have more than one person connected to it at a time -- a network file server, for example, or a multi-user workstation -- then there are already lots of opportunities to communicate with other users, without ever leaving the privacy of your own computer. Today, it is easier to send a message to someone across the world using a computer network than it is to use the mail, you can communicate with people all across the globe simply by typing in a message and entering a few commands or clicking on a button -- as simple as dialing a phone, and a lot less expensive than the phone call would be. There's an important difference between a computer network and a phone, though. The difference is that although both the phone network and the computer network run on computers, with the phone network you always have the voice on the other end of the line that reassures you that you are, in fact, speaking to the person you wanted to speak to, while with the computer network all you have is a few words typed in a file. You may think, "Well, I can look at the header of the message and see that it was my friend that sent me this message." Unfortunately, that may not always be the case. To explain why a message that says that it's from your friend could have been sent by someone else, let's look at what happens to an email message you send, once you send it. First, the software which you use to send the message will check the system you're sending the message from to see if it can find your friend on the same computer you're on, and if it can, it will deliver it. If not, the next thing it will do is look to see if the computer you're on can talk directly to your friend's computer, and if it can, it will send it to your friend's computer so that it can be delivered to your friend there, and if it still can't find your friend, it will try to send it to another computer that can talk to your friend's computer. Now on each of these computers, your message to your friend is stored out on disk somewhere before it is actually sent to your friend, and once it is actually delivered to your friend, it is again stored on disk, and once your friend gets your message, he may or may not keep it around, again in the form of a disk file. And between your computer and your friend's computer, your message probably passed through several computers which make up the network, even if it appeared to connect directly to your friend's computer. This is where the main difference between the telephone network and a computer network lies. With a telephone call, you hear what your friend says directly, with at most a fraction of a second delay, and you can be assured that unless you're using a cordless or cellular phone, or making an international telephone call, that your conversation is pretty much between you and your friend (if you're using a cordless or cellular phone, it is fairly easy for some third party using radio equipment to listen in, and international calls (at least those originating in or destined to the US) are routinely monitored by our government), unless some law enforcement agency has an interest in you or your friend and has gone to court to get an order allowing them to tap your phone conversations. With an email message, it passes through all these computers, and all the necessary software along it's path from you to your friend. Sometimes it's stored on these computers along the way as well, because the computer can't send it along right away. Unfortunately, this leaves you at the mercy of other people, and while the vast majority of them are quite scrupulous about not reading other people's mail, not all of them are. If, for example, their computer has been hacked into, they may not even be aware that someone is monitoring the mail as it passes through their computer. And it's not only while your message is stored in a file that it's vulnerable to prying eyes, either. For example, there is a hardware device called a "network sniffer," normally used by people whose responsibility it is to ensure that the networks are functioning properly, which can be plugged into a network and are capable of recording all traffic passing through a network -- including your message. It is also possible for people who have the access to the system software -- whether legitimately, or by accident, or through actively hacking into a system -- to set up exactly the same sort of "sniffer" program to record everything that passes through a computer. You may think that this isn't a problem if your friend uses the same computer or BBS as you, but it is sometimes also possible to monitor the traffic within the same computer, as it is passed from one program to another on it's way to being delivered to your friend. Let me give you a real world example. I am aware of a computer at a company, where all of the staff for an office uses the same computer to send messages to eachother, and their friends and colleagues around the world through the Internet. This computer had a user X who was the boss in one office, and who normally communicated with his boss through email. Now user X had several employees working for him, and once a year he was required to report on the performance of those employees to his boss, and from these reports, the raises that the employees got for the next year would be determined. Now, as it turned out, one of the employees of user X was actively reading his email messages as he sent them to his boss, exactly how is a little beyond the scope of this story, and when it came time for the performance reports to go out, he was able to intercept and alter his. This was, in fact, later caught (I wouldn't know about the story otherwise) and the employee who did it was punished, and security on this computer was increased, but had it not been caught.... Another good example of how your privacy may not be all you think it is on a computer network is that some companies and universities on the Internet now reserve the right to read all of their user's email, both incoming and outgoing. You do not need to be notified of the monitoring, and may not be aware of it's taking place. You may already be sharing everything from your most intimate thoughts to important business or research information with both your intended recipient and someone else... As you can see, this leaves a lot of possibilities for abuse, and it doesn't end there, either. It is also possible for an unscrupulous user of a computer -- even one that you or your friend doesn't know about -- to send you or your friend an email message that will, for all intents and purposes, look like it had come from your friend or from you, without you ever knowing about it. It is not an uncommon prank on the Internet for newer users, upon learning how to send "forged" email messages, to fill someone's email inbox with messages from "Santa.Claus@North.Pole" or some such. Now, how could encryption help? Let's address each of the problems in turn. The last problem we described, outright forgery of an email message, is, as it turns out, one of the easiest to solve. It is possible, using a type of cryptography known as "Public Key Cryptography," to create a pair of cryptographic "keys" that can be used to defeat this. These keys are yours exclusively -- in all respects, the same as the keys to your house or your car. What is special about the keys used by Public Key cryptography, as opposed to those used by other types of cryptography, is that you keep only one of them secret. The other key you make public -- essentially, you give it to your friends and colleagues. Using your secret key, you can then "sign" your message. Using the public key that you've given them, your friends can check the signature on your message and be certain that the message did, in fact, come from you. Without your secret key, no one else can sign the message and have your friends think it came from you, and they will then be suspicous of anything that they receive from you which isn't properly signed. Of course, although this solves the problem of people forging mail from you, this does leave you with the problem of how safe is your secret key. With the most widely used public key cryptography software, known as PGP or "Pretty Good Privacy," there are several levels of security available to you. Which you should choose is beyond the scope of this discussion, but it is well documented in the user's documentation which comes with it. It is predicted, however that even with the lowest level of security provided by PGP, that the time it would take for someone to "break" your key -- be able to forge your signature -- would take several YEARS of dedicated computer time. With cryptography, your security is viewed in terms of economics. In other words, how much time and money would people interested in forging your messages spend in order to be able to do it? There are not many people who would be willing to spend the money to buy a computer, and all the software necessary, then let the computer run -- without ever shutting it off -- for several years, simply to be able to write a message from you or I and have our friends think that it, in fact came from us. So unless you lose your secret key, or give it away, or have it physically stolen from your computer (where PGP keeps it encrypted), your key is pretty safe. But not all forgery involves the wholesale substitution of one message for another. It can also be something more subtle. For example, suppose in the case of the employee changing his performance report that I gave above, that the employee had chosen to reword it, making himself come out much better than originally intended, and deserving a big raise? What then? Fortunately for you and I, one nice byproduct of signing your messages is that it also eliminates the possibility that the contents of your message was in any way altered during its passage through the computer networks. Even the slightest change -- one letter changed -- will mean that your friend will get an error indicating that the message is not the one that you originally signed. That eliminates the problem of forging your email, but it is still possible to read your email, even if you've signed it. Sometimes you don't want this to happen, either. Perhaps you want to send someone some important information that could hurt your business if someone else were to read it. Perhaps the contents of the message may be embarassing if someone else reads it -- either for you or for someone you know. Or maybe you simply don't like the idea of other people being able to "eavesdrop" on your email conversations. In any case, to prevent people from being able to read the contents of your message, you need to encrypt it. Now, if you already have a package like PGP, and have generated keys to use for signing your messages, then you're in luck. Those same keys can be used to encrypt your mail messages as well. Simply by using a slight variation on signing your message, you can now, using those same keys, encrypt the messages you send, and sign them as well. But there's a twist. The twist is this: the pair of keys you generated that allowed you to sign your messages and your friends verify that the signature doesn't allow you to encrypt a message and send it to them. What it does allow you to do is to receive messages from them that are encrypted though! Here is how it works. The key you gave them is known as your public key. Anyone who has your public key can verify your signature on a message, ensuring for themselves that the message, as they received it, was both unaltered in transit and did in fact come from you. The key that you kept for yourself, your secret key, is special in that it allows you to decrypt -- decode -- any message that is encrypted using your public key. That way, people who have a copy of your public key can encrypt a message and send it to you, and only you can read it. So, in order to send your friends an encrypted message, you need their public key. If you've exchanged public keys already, and can verify eachother's signatures on your messages already, then you already have all you need to do this. You simply encrypt a message to your friend with his or her public key and then sign it with your own private key. That way, when your friend receives the message, they can be sure that the message came from you, wasn't altered in any way -- even inadvertantly -- and that only you, your friend, and anyone you choose to tell about it will be able to tell what you and your friend are saying to eachother. It may seem like a long way to go, and a lot of trouble to go through, just to make sure that what you and your friend are saying to each other is what you really mean to be saying to each other, and that your conversations are private. Let's face it, right now, for most people, it is a bit of a hassle to do. But if you're in a restaurant or bar talking to your friends, and you want to talk about something private, you don't shout about it, you may perhaps put your heads together and whisper, or simply lower your voice so that people at the next table or chair don't hear. On the phone, and particularly on a portable or cellular phone, you may simply not discuss some topics. You might even not want to put something down in writing in a letter, for fear of it being taken out of context, or being read by someone who you didn't want to have reading it, and wait to call or until you see them in person to discuss it. So why not have the same options available to you when you want to send something through the computer? Being able to keep your personal files on a computer safe is another benefit of cryptography. Let's say you're a researcher doing important research and you're keeping your notes on a computer that you share with other people. Maybe you don't want them seeing your research notes and talking about what you're working on with others before you get a chance to publish your results. Or that you're a teacher making up a test on your computer and you don't want to have your students somehow get access to the test before they are supposed to take it. Or that you're a businessman making up your business plans and budgets for the next year. Or you're simply a student who doesn't want everyone else who walks into your dorm room to have instant access to everything and anything you have on your computer. Cryptography makes it easy to take care of. In all of these situations, all you need to do is encrypt your files on your computer. You can even do it using the same public and private key you would use for your email messages. In fact, it's even easier to do than signing and encrypting your email messages. For this you only need your secret key, and all you need to do is run the appropriate program, giving it the name(s) of the file(s) you wish to keep private, and it's done. Later, when you want to work on the file(s), you run the same program, again supplying your secret key, and it will decrypt your data for you. Just don't forget to re-encrypt it when you're done! Even though you may not think that you need cryptography right now, that it's not worth the hassle, or that you don't have anything that needs all that much protection on your computer -- what happens when all of the sudden you do? With the ever faster growth of the things that it is possible to do with your computer -- soon it will probably even be possible to bank by computer, and it's already possible to buy and sell things through computers -- it seems likely that the day will come when you do have information that you don't want either accidentally or maliciously tampered with on your computer. As I said before, cryptography is a question of economics -- how much effort your "opponent" is willing to expend trying to read what you don't want them to, with you trying to increase the effort required, and your opponent trying to decrease them. Without using cryptography -- the effort required is fairly minimal. If you're using a DOS PC, all someone has to do is walk up to it and power it on in most cases. With other operating systems, it is usually a little harder -- but not very much. Using cryptography, you can make it not worth your opponent's while to even bother with your data, and if they decide to try anyway...well, like I said before there aren't very many people who are willing to wait years before they can read the little goodie that they've gotten their hands on, and the rest won't succeed anyway. Your using cryptography is a question of economics too. How much does the software cost, how much time does it take to learn it, how much time does it take to run -- all this figures into whether or not you're going to use cryptography yourself. Well, the good news is that PGP is free for personal use. It may take you an hour or two of your time to set up and read the documentation, but just think -- when was the last time you waited an hour or two to talk to someone so you could discuss something with them in person? Isn't it worth being able to protect your privacy? You buy insurance before you get sick, and before you get into a car accident -- just in case -- and you spend your own money doing it. Isn't it worth the time to get cryptography up and running on your computer -- before something happens -- especially when the software you need is free? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwIFJm+2Xy4M5cZFAQGF6QP/eMlYNJajBQUljm47ZfebL+u834C/U9h0 OZdI5ggDalPK6N9H9oXVlCyD0uJlVmwri85TPbQdW4FN0EpsQmEYC8rxjR7ZR8VC 5G/NixS5a8uNmybv291bYwmWkPB0Wlt3w1zw+GNeUTQDOTKA7Eye9euJRMSq7LTI INNJlRewmsw= =kuCq -----END PGP SIGNATURE-----