Forum Thread: Some Basics on Cryptography

So, I am not going to get too technical here, this is an impromptu response for Alex's "Looking for Contributions" post. 

In cryptography you can break things up into encryption and decryption, which is exactly what it sounds like. Of course, there are many types and approaches to each, and if you travel far down any possible route things get very difficult rather quickly. 

Now, if you spend much time in cryptography you will see two words get thrown around a lot. If you're new or starting out you may get them confused and this is to set you straight right quick. Cipher and Hash are two very huge concepts in cryptography and the difference between them is pretty simple if you stick to only the basics: A hash cannot be returned to it's un-hashed form (ideally), and a cipher can be returned to plain-text, but only with a key that specifies how the text was ciphered. Another thing to tell the two apart is that the length of a cipher is variable whereas the length of a hash is fixed. An MD5 hash will always be 32 characters long, 3DES is not always the same length etc. This whole "always the same length output" concept can be pretty trippy at first, so let's just stick with ciphers for now.

A text cipher works on one or two of two possible methods. Obfuscation and substitution. At first you say, "There must be more than that! With all the different kinds of ciphers out there everything is only based on two methods of protection?" The answer is, Yes. Every cipher is either hiding/rearranging your message in something else, or substituting your message (or parts of your message) for something else. 

Substitution Examples


You could use a simple Caesar cipher. A Caesar cipher where you shift all the letters up or down the alphabet a static number of spots. Caesar reportedly like using three, but who really cares. With a key of +6 our message would become… 


Now, if we were to plot those letters onto a 4x4 square, and then take the columns rather than the rows we get something like this:





Which would come to : "Z GXNO OOYYTY ZM"

Now haven't we come a long way from "THIS IS A STRING". It would be quite the pain to get back to that now. Now if we wanted to obfuscate even further we could add extra junk characters to further confuse our opponent although depending on how it was done it may not even help. I won't get into why but if you fine folks want to puzzle it out in the comments feel free. Another thing you could feel free to do would be figure out a way to add junk characters in a manner that actually makes this string more secure, and post your method with our without code in the comments. 

Please tell me what you think, ask questions at will, and provide constructive criticism for next time I feel like writing something.

4 Responses

Really nice, a simplistic explanation. I cleaned a few parts up, but the core has been unchanged. Thanks so much for the post :).

I wish I were more into cryptography...that is still my weakest point in hacking. You seem to be moving along in it quickly, Mr.Mathematician. ;D

It is probably one of my favorite parts of "hacking". I find encryption and decryption are just like puzzles. Puzzles of logic and math! :D

I personally want to try and create an effective way of utilising one time pad encryption. However the current problem is that it is as strong as the encryption key is secure. The algorithm itself is simplistic enough. 

Which then creates an issue, for example, if you want to send an encrypted file which was encrypted in OTP, you need to find a way to encrypt the OTP decryption key safely enough. 

If you are thinking about writing an article, you can always try to do a simple OTP encryption program in Python (seeing as Alex seems to like python quite a bit ;) )

I'm not skilled enough in py yet, so meh.

Sure, but encrypting with an OTP-like encryption system would either be weaker than intended or would be space-inefficient (and thereby not so good for encrypting files, although messages would probably be fine). From what I read on the wiki it looks like OTP uses only substitution if the key is the same length as the plaintext, and only uses obfuscation by hiding your message among junk characters if the key is longer than the original message.

Share Your Thoughts

  • Hot
  • Active