By Justin Agrell
I was at Prescott’s 2600 Hacker Quarterly meet up when I first got to see a man-in-the-middle attack in real life. A malicious network was made using two wireless antennas attached to a laptop. The first antenna was used to connect to the cafe’s real Wifi and the second to create a spoof wireless network. When someone connects to the fake network all of the traffic can be analyzed. I was the guinea pig. I simply needed to connect and use the internet as usual to see what could be discovered. I connected and was able to watch all of the traffic my computer generated communicating to the internet on the host the laptop. Credentials used to log on to popular websites were safe, protected by the HTTPS protocol, my email accounts were also safe as they were protected by TLS encryption, but my file server had no encryption and as soon as I logged in everything showed up in the stream of data. My username and password were both in plain text and clearly readable. Everyone watching saw my password and could now use it to access my file server.
It’s demonstrations like these that really display the importance of encryption and how it protects us and our information.
Being able to communicate securely has been important for thousands of years. One of the earliest known methods was used by the Spartans in 7th century B.C.E. A scytale (rhymes with Italy and has a hard C) was a staff with a ribbon wrapped evenly down its length. The author wrote a single letter on each pass of the ribbon to make a legible message. From there they simply unwrapped the ribbon and filled in the remaining space with random letters to further complicated deciphering. The message can only be read by using the original staff or one of the exact same diameter to re-wrap the ribbon in the correct way. I imagine it didn’t take long for Spartans to realize the deadly priority of keeping messages safe and creating this invention. A single interception of a message could lead to the anticipation of the their next attack and the deaths of hundreds or thousands of soldiers.
Allow me to clarify some of the basic terms in cryptography. A cipher is a direct replacement of a symbol for another symbol. For instance, the popular Rotation 13 (or ROT13) cipher has you simply replace the current letter in your message with the letter that is thirteen places later in the alphabet. So the letter A would be replaced with the letter N. A code is a direct replacement for a word with a different word or symbol. A code book is required to both encrypt and decrypt a message. A simple example is using an English to Japanese dictionary to encode (and poorly translate) a message. To decode the message you can use the same dictionary to reverse the procedure. Steganography is the practice of hiding a message on or in something. An old example is tattooing a slave’s head with an important message and letting the hair grow over it. This hides the message which can easily be read after shaving the hair off of the messenger when they arrive to their destination. A modern example of steganography is writing a message on a digital image so that only when you change the contrast of the image is the message legible.
Here are a couple examples of cryptography for you to see them in action. It is a fun practice to create your own method of encrypting messages to share with friends or family. Encryption protects us every second of every day. Banking online and making purchases is only made possible by securing our communications with encryption. Cryptography is a fascinating field and, if you’re like me, you’ll discover it offers an endless number of fun puzzles to solve and stories to fascinate you.
DHBGU GUR ENIRA
(Hint: Q____ ___ ____N)
Justin Agrell has been a certified IT technician since 2005. He loves Linux, adventure motorcycling, and computer gaming. To get in touch, just email him at Justin@U4E.US.