Understanding basic crypto techniques To begin with, it's important to understand the primary basic techniques of encryption -- symmetric key-based algorithms (i.e., block ciphers and stream ciphers), asymmetric key-based algorithms (such as public key encryption), and hash ciphers (which are used for passwords on most operating systems). These are the three primary methods of cryptography systems -- most systems are based on one of these techniques, or a combination of them. Block ciphers and stream ciphers are known as symmetric key-based algorythms -- what this means, in plain English, is that the same key is used for encryption and decryption. If I encrypt the word 'SPEEDBOAT' as 'QLXXAFRMP', such that Q=S, L=P, X=E, etc, then I should be able to decrypt 'QLXXAFRMP' using the same key. Block ciphers, in which information is divided into equal-sized blocks of text (say, five letters: 'THIS IS A SECRET MESSAGE' would be separated into 'THISI SASEC RETME SSAGE') and then each block is encypted, are commonly used to encrypt files on a system. IDEA is an example of a well-known block cipher (it's one of the encryption methods used in PGP) -- Blowfish is also a block cipher. In stream ciphers, data is encrypted in much smaller chunks, usually bits. This form of encryption is generally what's used to encrypt information as it passes from one system to another, because it's much faster than block ciphers -- crypt (the original UNIX command) is a stream cipher, as are most non-computer based encryption systems. The Cryptoquote in many daily newspapers is a stream cipher -- each letter is encrypted as it comes. The differences between the two are mostly in the implementation. An easy way to think of it is that block ciphers are generally implemented within software, while stream ciphers within the hardware encrypt individual bits as they go by. In asymmetric key-based algorythms, a different key from the one used to encrypt a message is used to decrypt it. This is more commonly known as public key encryption, and RSA is a notable implementation of it -- a user of public key encryption has both a public key (which is used to encrypt a message) and a private key (which is used to decrypt a message). In a public key system, I could post my public key somewhere easily available, and a complete stranger could use it to encrypt a message. He then sends the message to me, and my private key decrypts it. If the message is intercepted, because two different keys are used, even if the interceptor has my public key, the message remains secure. Only the private key can decipher the encrypted message. And then there are one-way hash systems, such as SHA and MD5, which most operating systems use to store passwords. I discuss password management in detail later in the article. Some encryption implementations use all three methods to serve various different purposes in the system. For instance, the well-known public key system PGP (Pretty Good Privacy) uses the IDEA block cipher for the actual encryption of the data, RSA for the public and private keys themselves, and an MD5 one-way hash for passwords. This way, the system itself is protected in many ways, with each cryptography technique being put to its best use. How passwords work ------------------ Most operating systems handle passwords by using one-way hashes. What this means, in practice, is that your password is not stored anywhere on your computer. When you initially enter your password, the system encrypts it using a hash function. The system knows how it hashed the sequence of characters that is your password, so every time you log on, the system encrypts what you have just typed using the same hash function, and compares the encrypted results to the encrypted password. For instance, if your password is 'Superman', the actual hash may look something like 'dLboH6tH$kP/Nre1TMLr4thuBRmz' (please note: this is not an actual hash). Whenever you type in the word 'Superman' at your password prompt, the machine sees 'dLboH6tH$kP/Nre1TMLr4thuBRmz'. It compares, notes that the two hashes are the same, and lets you into your account. What password cracking programs do is either take lists of words (in the case of a dictionary or word file attack) or generate strings of characters (in the case of a brute force attack), encrypts them, and compares them to the hashes in the password file until it finds a match. This is why it's important to protect your password file even though it's encrypted. References ---------- By far the most comprehensive book on cryptography is Bruce Schneier's Applied Cryptography (2nd edition). It's easy to understand, so if this subject interests you, I recommend buying it. For information about breaking password encryption, L0pht's documentation for L0phtCrack (http://www.l0pht.com/l0phtcrack/) contains a brief description of the various methods it uses. Crack (http://www.users.dircon.co.uk/~crypto/) is a dictionary-style password checker, and John the Ripper (http://www.false.com/security/john/) is a brute force-style password checker. /dev/null (null@attrition.org) Professional Script Kiddie