Archive for the ‘Cryptography’ Category

Your Tax Dollars At Work: Identity Theft

The Washington Post reports another data snafu at a government agency:

More than 1,100 laptop computers have vanished [poof!] from the Department of Commerce since 2001, including nearly 250 from the Census Bureau containing such personal information as names, incomes and Social Security numbers, federal officials said yesterday.

This disclosure by the department came in response to a request by the House Committee on Government Reform, which this summer asked 17 federal departments to detail any loss of computers holding sensitive personal information.

Of the 10 departments that have responded, the losses at Commerce are “by far the most egregious,” said David Marin, staff director for the committee. He added that the silence of the remaining seven departments could reflect their reluctance to reveal problems of similar magnitude. [my emphasis]

This doesn’t really surprise me. No one likes their dirty laundry aired in public. I wonder whether congress will follow up on this?

Although I’d love to point fingers and say “na, na, naaa, na, na,” I really can’t blame anyone for this. Too few people realize how important the information on a laptop really is. With the explosion of easily transported electronic devices, information that used to fit in a warehouse can now be transported in your pocket. Public consciousness hasn’t keep up with developments. The sensitivity of the information isn’t something you can keep drumming into people. They either get it or not.

At some point laptops started being the Computer De Jour for anyone wearing a suit and tie (or a nicely pressed business outfit with classy accessories). According to my experience, anyone with enough clout can run roughshod over security issues, at least for someone in the Census Bureau and not in Homeland Security. The DHS has stringent computer controls! (Or maybe not?) But if you have a laptop, you take it with you. And sometimes laptops get stolen. No rocket science here people.

The only real solution here will probably involve hardware supported data encryption. The data encryption needs to be both code to the individual and absolutely transparent to the user. No extra installation, no extra hassle. If anything the computer has to be easier to use with encryption than without. This might take the form of biometric data (fingerprint scanning?) coupled with a direct encrypt/decrypt chip between the hard drive and the rest of the computer.

The problem is that if there is no standard for the hardware, no system will be supported widely enough to be worth implementing. And US government can’t implement a standard because that’s in a hands-off legal area. (Or at least a hands-off political area)

But if I had my druthers, that’s where I’d want my tax dollars going. And not my information into the hands of thieves.

Of Slaves, Code Rings and Cryptography

I have always been fascinated by cryptography. Actually, I’m fascinated by what cryptography used to be. You see somehow, computers have taken quite a bit of the cloak and dagger out of the subject. It is now possible to create nearly perfect codes for everyday use and perfect codes for one time use. Anyone can reach a level of cryptographic sophistication with the click of a mouse unimagined by the kings and poets of earlier centuries. Math and engineering have usurped 3000 years of ingenuity.
 
Oddly, I’m not one of those persons who spent hours and days trying to decipher the secret message Tony the Tiger was trying to send me during breakfast. I also didn’t grow up during the age where you could get a secret decoder ring for your favourite Saturday Matinee feature. (Although I sometimes feel I need one listening to George W. Bush.)  Finally I’ll admit to being addicted to Fargo North Decoder on The Electric Company.

Seriously however, I always wanted to know more about why some people seem to be able to solve these things easily and why people are always warned not to try to think of their own code because it has been done and will have problems. I want to look through a keyhole and discover what ideas people tried to hide and what their secret methods were. Trying to keeping information secret and having those secrets exposed has affected history more often than many people realise.

Thus, I found my perfect book in the classic tomb The Code Breakers by David Kahn. Originally published in 1967, he has put together the definitive history of codes and ciphers and their effect on war and peace. Beginning with the steganographic techniques used by the Greeks (shave slave, tattoo message on the head of slave, let hair grow back, send said slave to recipient, shave slave…), through Elizabethan England (the day Mary Queen of Scots really lost her head), into the European black chambers (when the ambassador of one country forwards the mail to a second because spies got the envelopes mixed up), to the trenches of WWI (where the Germans never got anything quite cryptographically right), historical topics are extremely well covered. Unfortunately more modern topics are less fulfilling. The book, even in its revised form from 1996, is dated. There is a long, almost obsolete section on the NSA. I would argue that the discussion of the more modern versions of cryptography, asymmetric keys, PGP or quantum cryptography are better left to the shorter, more modern The Code Book by science author Simon Singh.

There are several reasons why any book on cryptography will be out of date almost before publication. Governments try to keep modern ciphers and effective algorithms secret and often outlaw (or at least try to outlaw) those methods that can’t reasonably be subverted. Thus any book discussing modern techniques will of course not be able to reflect current affairs. This is clearly shown in Kahn’s book. Published a mere twenty years after the Second World War but before the breaking of the German Enigma code was declassified; Kahn’s on this account is justifiably thin.

In addition, most modern methods have moved from something that can easily be mastered in an afternoon to something that can only be understood with a Masters in mathematics. The discussion of the more modern methods is where Singh’s book shines. He devotes most of his book bringing life to Bletchly Park (where the WWII English code breakers were headquartered), the ideas of Rivest, Shamir and Aldeman (the creators of the RSA algorithm) and the legal battles waged by Phil Zimmerman the author of the pretty good privacy software. (Aside: Phil Zimmerman is not to be mistaken for Arthur Zimmermann, the German foreign minister who almost single-handedly brought the United States into the First World War when the English broke the code in the infamous Zimmermann Telegraph. But that’s another crypto-story.)

Finally, cryptography is one of the fastest moving branches of computer science today. Some form of cryptography often hides behind the headlines that a DVD ‘encoding’ has been cracked or a password file compromised. Cryptography, both trying to find ways to quickly and securely encrypt as well as efficiently and correctly decrypt information, is increasingly important and increasingly invisible in our modern world. The only way to remain abreast of these changes would be to work in the field itself.

Neither of these books is directed at the person looking to start a career in cryptography; that’s not their goal. They try to give a historical backdrop to an almost timeless endeavour, keeping secrets secret. These are the antidotes, the stories of bygone days, those looking for modern methods should look somewhere else.

I will be relating some of the stories, gleaned from these and other sources in the weeks and months ahead. I’ll also show the methods of breaking some of the classic ciphers in addition to showing some of the mathematical methods used to determine which of the classic ciphers might have been used. I find things like this a wonderful way to spend a rainy weekend. Who knows, maybe you’ll find something interesting.

If you don’t want to wait for me to get around to writing about this stuff, run don’t walk to the local bookstore and get these books. (Actually drive don’t run because the bookstore is probably too far, you’ll get there faster and the books are rather heavy. You could also order them online. But, hey, if running floats your boat…I was just saying.) You might even try nabbing these little guys at the local library.

Both books, The Code Breakers by David Kahn and The Code Book by Simon Singh, are fun reads and I’m sure you’ll learn more about why some things happened the way they did and not the way you might have thought. And that message doesn’t need a code ring.