Cryptography Reference
In-Depth Information
Bugging a room, listening over laser mikes, extorting a company's employees,
or penetrating a company's perimeters, and similar things are hard work and
risky. No wonder spies are well paid. But when a popular encoding algorithm
is secretly cracked, and the attack can be 'cast' in reasonably fast software,
then data espionage gets much easier. Using this software is easy. Imagine
somebody who can just about move a mouse suddenly getting hold of your
confidential information and selling it to the brains behind the scenes to replen-
ish his petty cash! This person won't have any hard work to do, because our
networks are astonishingly easy to eavesdrop (or computers to tap), and he
will normally not leave any traces. Other persons or computers can also use
the program: copying the software is cheaper than buying a bug.
Yet another factor illustrates the special role of cryptology: if an eavesdropper
can't decrypt encrypted messages, he can at least hoard them. One day either
the encryption algorithm or the protocol will be cracked, or the eavesdropper
will get access to a faster computer — and here we go, he will read all your mes-
sages in arrears. Since some information doesn't lose its value with age, even
in our hectic times, you could have an unpleasant surprise after several years.
For who knows what methods cryptanalysis will use in five years from now?
Fast and good decryption programs could enable large-scale surveillance the
'needlework spy' can only dream of. This is one of the new-quality risks to the
information society. There are parallels to using nuclear power: the probability of
an accident is much smaller than with other processes (in cryptology this means
that money forging is much easier than finding an exploitable backdoor in the
DES algorithm). But
when
an accident happens, the damage can outdo everything
known so far.
Not even the leaky software mentioned above could have as many conse-
quences as the fast, unauthorized decryption of a widely used algorithm — if at
all possible.
All vulnerabilities mentioned so far have to be exploited individually; in con-
trast, cryptanalysis can be massware. You will find a small example on the CD
that comes with this topic:
newwpcrack
is a program that finds the password
for an encrypted WordPerfect file on a PC with high probability within 10 ms.
Surprising Simplifications
I admit, I want to scare you a little. Really usable software like the one for
WordPerfect doesn't normally come for free, and only the theoretical method is
discussed. Almost no program will work as fast as WordPerfect. But don't rely
