Cryptography

What a great topic! Cryptography is a way to hide information using algorithms or methods. Cryptography can allow you to hide information without anyone else detecting it is there, protect information from being seen by unauthorized people, or just be a hobby you dabble in.

The really interesting part of crypto to me is that the algorithms that hide information are completely open to inspection by anyone, also known as open source. If you find someone selling you a cryptographic tool or routine that they say is proprietary, it has no guarantee of being secure. The security comes in the way the information you want to hide, along with a key you choose, is manipulated in the algorithm. Given the same information and the same key, the algorithm will produce the same result. Thus, it is important to keep your key secret. This is simplified version of how cryptographic algorithms work, I encourage you to study further.

JavaScrypt

Here, I have used John Walker's public domain JavaScript that provides AES (and here) encryption tools to use. These are different than most encryption tools because they are purely web-based - you can use them from any computer that supports a browser. you do not need software installed on a machine to encrypt or decrypt information.

How might this be useful?

Suppose you have a yahoo e-mail account and you and your friend are starting a new business. You lack capital and can only use the computers are your local library to access the internet, but you need to exchange business plan ideas, and other proprietary information. How would you do this?

Go to the JavaScrypt page above, type in your key, then your information (called plain text) and encrypt it.

Copy or type the encrypted text (called cipher text) into your web-based e-mail and send your friend the message. In order to decrypt your cipher text, your friend must copy the cipher text to the same web-page, and enter the same key. The message will then be decrypted and the plain text can be seen.

Security note: Do not send the key as part of your e-mail message! For the most secure transfer of information, be sure you and your friend have agreed upon a key in advance. Also, never use the same key twice. This technique is called a one-time pad and is unbreakable*. John Walker gives a good example:

Alice and Bob have decided to use a "book code" for their encryption keys. When they last met face to face, they agreed to obtain the keys for their encrypted messages from an innocuous science fiction novel, Rudy Rucker's The Hacker and the Ants. Each time Alice or Bob sends a message, they pick a page of the book and line number on the page at random, then use whatever text appears on that line as the encryption key. The line, once used, is crossed out (sorry, Rudy!) so it will never inadvertently be reused. This way, no two messages are ever sent with the same key, and each key, composed of an entire line of English text, is sufficiently long as to be difficult to guess. (Book codes are far from optimal; later on we'll discuss more secure alternatives. At the moment, we're concerned with the mechanics of encryption and decryption, not details of key generation and distribution.)

This time, by throwing dice or whatever, Alice has chosen line 28 on page 172 of the book, which reads:

"serious hacker you don't let flames bother you. Instead"

This is the key for the message, so Alice types it into the Key box on the JavaScrypt page.

Try it out! But be sure you know how to use it and have agreed upon keys prior to sending sensitive information.

Also, note that no information is saved by these algorithms to the server or to the client running it. The JavaScript on the JavaScrypt page is page is open source (right-click, save as...), check it out for your self!

There are many good sites with crypto information:

Bruce Schneier (THE crypto guy)

Good tools too: