Thoughts on the military and military activities of a diverse nature. Free-ranging and eclectic.

Tuesday, December 14, 2004

Free!

This is coolbert:

I have mentioned in previous blog entries about how weaponry that was once available to only the militaries of the most technologically advanced nations is now readily available to anyone in the world.

Anyone, whether it be a nation-state, a drug cartel, or a criminal gang, possessing the means to pay for advanced weaponry and related technology, can obtain almost whatever is their hearts desire.

One such technological area is the once arcane and secretive field of cryptography.

According to Webopedia, cryptography can be defined as:

"The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text."

We are talking here about protecting information, data, messages, etc., from being read [listened to as well], by unwanted, prying recipients [unintended parties].

Cryptography was for centuries, even for milleniums, almost strictly the purview of governments. And when cryptography was used by governments, it was used primarily only by a few select institutions and individuals within a government. The military, diplomats, and certain select high echelon officials made use of cryptography, and then only when required [to safeguard sensitive secrets].

And the entire process of cryptography was cloaked with the greatest secrecy. Almost NOTHING at all was in the public domain concerning cryptography. What was available was a limited historical record. But this tended to be sparse and was usually not very revealing.

NO LONGER!!!

The modern transformation of cryptography from an arcane "art" to the current ubiquitous public usage [the user may be using cryptography without even realizing it] began with the widespread use of computers in networks. Computer networks such as MILNET [military network], DARPANET [Defense Advanced Research Projects Agency network], and a variety of industrial, commercial, academic, and financial networks, began to merge in a semi-haphazard fashion with a multitude of public and private users to form the current Internet and the World Wide Web [WWW], in all it's manifestations and applications.

And very early in the networking game, say around the mid-1970's, it became abundantly clear that all this communications via computer had to be safeguarded in some manner. Governmental secrets were only one part of the safeguarding issue. Industrial trade secrets, business transactions, and individual privacy were all at stake here. The value of financial transactions DAILY via the international currency markets is over a TRILLION dollars [perhaps more now??]. Some sort of safeguarding was required.

Especially when it was realized that the internet was also susceptible to compromise by a host of nefarious characters. HACKERS. Again, what was once the purview [intercept, cryptanalysis, etc.] of only a small select group of governmental agencies [espionage agencies], was now something that could be practiced by lone individuals working out of their basement [again, HACKERS].

"As the Internet and other forms of electronic communication become more prevalent, electronic security is becoming increasingly important. Cryptography is used to protect e-mail messages, credit card information, and corporate data."

[internet phone can also be secured by cryptographics now available. Click here to see such a site that allows the individual to use secure internet phone for FREE. Believe me, this is something, secure voice communications, that was once available until recently ONLY to the most senior governmental officials].

And safeguarding was found.

A whole host of cryptographic systems have been developed by computer science experts to safeguard the multitude of communications traveling DAILY over the internet. These cryptographic systems [algorithms] have names such as DES, 3DES, AES, Blowfish, GOST, PGP, etc. Cryptographic algorithms that can be obtained by the private individual personal computer [PC] user as freeware. YES, FOR FREE.

[I would point out that these systems all seem to be revised and improved variants of Lucifer. A computer cryptographic algorithm devised in 1966 by a computer scientist working for IBM. It could be that this algorithm was named Lucifer because it was so diabolical in it's concept and design!!].

Not only have a whole host of cryptographic algorithms been devised and made available to the average consumer, but the vital keying obligatory for these systems has been devised and implemented. As was mentioned above:

"Only those who possess a secret key can decipher (or decrypt) the message into plain text."

"Cryptography systems can be broadly classified into symmetric-key systems that use a single key that both the sender and recipient have, and public-key systems that use two keys, a public key known to everyone and a private key that only the recipient of messages uses."

This is referred to as PUBLIC-KEY CRYPTOGRAPHY.

The user of such cryptographics may well ask themselves, "well, how secure are these cryptographics??" I think it is safe to say that these various cryptographics are very, very secure. Secure from all but the most dedicated of espionage agencies of the world's powers. A lot of time, effort, resources would have to be used to read just one message.

And you have to ask yourself, unless you are a person of interest to the espionage agencies of the world's powers, what good would it do to read your message traffic?

The user might then also ask the question, "well, do these cryptographics provide absolute security??" And the answer to that question is NO!! The only cryptographic system that affords absolute security is the one-time-pad [OTP]. And that, if only used correctly. These various cryptographic algorithms now being used are of a periodic nature. A period that is very long, but is nonetheless, periodic. According to the great American cryptographer/cryptanalyst, William Friedman, "any period cryptographic system can be read, if enough resources and time are dedicated to the effort." Read about the one-time-pad by clicking here.

It is important for the user to understand that a cryptographic system does NOT have to provide absolute security. What it must do is defeat the efforts of unintended recipients to read the encrypted message within time to provide actionable intelligence.

The classical scenario is of an encrypted message sent on a Sunday that would say something like:

"Convoy sails from Brindisi on Monday, arrives Malta on Wednesday."

If the unintended recipient of this message was not able to read the message until the following Friday, reading the message does the unintended recipient no good. He does not have actionable intelligence. If the unintended recipient read the message on say Tuesday, he would have actionable intelligence and could act in an appropriate manner [sink the convoy].

Whatever cryptographic system is used to safeguard the above message would only need to be effective enough to delay the unintended recipient from reading the message in time, NOT absolutely safeguarding the message, just providing the required amount of security.

Unfortunately, the various cryptographics available for FREE on the internet are also available to a variety of bad eggs as well. Groups or persons that are disreputable can and do make good use of secure cryptographics to safeguard their activities as well. Groups such as terrorists, rogue nations, criminal gangs, drug cartels, perverts who use the internet are examples of villains that can employ secure cryptographics. However, the positive nature of secure cryptographics on the internet probably far outweighs the use of secure crypto by the villains of this world.

Technology that was not so long ago was available only to persons such as the President of the United States is now available to the average citizen, and as I have said before, FREE TOO!! Can that be bad??!! NO!!!

coolbert.

Labels:

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home