ENCRYPTION AND
DECRYPTION 101
by That Anonymous Dude !
The computer is
without a doubt the greatest technological revolution in the history of mankind. Today,
millions of people worldwide uses computers and the Internet. Every day, trillions bytes
of data is created, edited, transferred and stored. A big part of that data is secret, or
just not for the public eyes. A long time ago, there were no good way to protect your data
from viewers or hackers. Sure, an application could be made that only showed the data if
the right password was given to the program, but the data would still be stored in a file,
which anyone could read. It would be very easy for a programmer to crack such a poor
protection, and thus we need a stronger kind of protection.
The encryption/decryption technique is not a new thing, infact, it has been
around even before the first computer was invented. But since the first computer was sold,
the encryption/decryption techniques has evolved and many different kinds of technuiques
has been invented. Today, millions of files are being encrypted every day. It is used by
banks, phones, Internet, storage, and much more. Almost all sensitive information that is
transferred throu the Internet, is encrypted. An online shop is a good example. Every time
you send your credit-card number through the Internet, it is encrypted so that it can´t
be viewed by unauthorized people.
This article is not supposed to make you an encryption/decryption scientist,
just to let you see the most basic techniques used. We will go throu a simple encryption
algorithm, but stay at an easy level. The encryption method described in this text is
therefore not a strong protection, but it is good enough for personal use. The reason why
we wont go deeper into the subject is simply becouse, the stronger kinds of
encryption/decryption technics used today by banks, governments and FBI is much more
complicated, and would take hundreds of pages to explain.
As we said before, using a program to protect a file with a password is´nt
good enough, becouse there would still be a file on the harddrive, which anyone could
read. Encryption removes this problem by changing the content of the file until it is
unrecognizable. It uses a password to decide how to "scramble" the data, so that
the data can be "unscrambled" at a later time, if the same password is used. A
stronger protection uses a more complicated "scrambling" technique, which
ofcourse makes it even harder to "unscramble" without the correct password.
The simplest way to encrypt a file, or a string of data, is to add the letter
of the passwords on each of the bytes. By looping throu all the letters in the password,
over and over again, we can encrypt a file or string of data, even if it´s longer then
the password.
First we must choose a password, which we will use to show you how the
looping is done. Lets say the password is "secret". Ofcourse, the password may
contain any number of letters. Every time a new byte is to be encrypted, the loop will
step to the next letter in the password. When the last letter of the password has been
reached, it jumps back to the first letter of the password, and starts over, like this:
secretsecretsecretsecretsecretsecretsecret
As you can see, the password is repeated over and over again. each time a new
letter is choosed, it will be used to encrypt one byte of data. This means that the first
byte of a file would be encrypted with the first letter of the password. The second byte
would be encrypted with the second letter, the third byte with the third letter, and so
forth. When the last letter of the password has been used, the loop will jump to the first
letter and use it again, but the byte number will continue to run, like this:
Letter
number |
Password
letter |
Byte
number |
| Letter 1 |
s |
Byte 1 |
| Letter 2 |
e |
Byte 2 |
| Letter 3 |
c |
Byte 3 |
| Letter 4 |
r |
Byte 4 |
| Letter 5 |
e |
Byte 5 |
| Letter 6 |
t |
Byte 6 |
| Letter 1 |
s |
Byte 7 |
| Letter 2 |
e |
Byte 8 |
| Letter 3 |
c |
Byte 9 |
| Letter 4 |
r |
Byte 10 |
| Letter 5 |
e |
Byte 11 |
| Letter 6 |
t |
Byte 12 |
| Letter 1 |
s |
Byte 13 |
| Letter 2 |
e |
Byte 14 |
| Letter 3 |
c |
Byte 15 |
| Letter 4 |
r |
Byte 16 |
| Letter 5 |
e |
Byte 17 |
| Letter 6 |
t |
Byte 18 |
| Letter 1 |
s |
Byte 19 |
| Letter 2 |
e |
Byte 20 |
| Letter 3 |
c |
Byte 21 |
| Letter 4 |
r |
Byte 22 |
| Letter 5 |
e |
Byte 23 |
| Letter 6 |
t |
Byte 24 |
And so forth.
The password will be repeated over and over again until the last byte of the
file, or data string, is reached.
Ok, now we know how to decide which password letter to used with which byte,
but how do we make the actual encryption? There are several different techniques to do
this, but the important thing to remember here is that we must be able to decrypt the data
later. This means that we must use a way to change the data, which can be replicated at a
later time, when we need to unchange it again. This is one of those techniques.
Every letter in your computer has a number between 0 and 255 assigned to it
so the computer can understand it. This number is called the ascii code, and it is perfect
to use in our encryption algorithm, since we will encrypt each byte separately. A byte can
only contain a number between 0 and 255, which is the exact same numbers that an ascii
code can have. All files can be read as a binary file of bytes, even if it is a .exe or a
.txt file.
Lets take one byte of data, and encrypt it with one letter from the password.
It doesn't matter what their values are. First, we check to see what the ascii code is for
the password letter. Then we add this number to the byte value. We have now changed it,
and to change it back, we only have to subtract the ascii code from the byte value, and it
is restored to its original state. By adding the ascii codes of the letters to every byte
in the file, or string of data, we can then encrypt it beyond recognition. When we want to
decrypt the encrypted data, we simply use the same password, and subtract the ascii codes
from the data, and the file, or string of data, is restored.
However, there is a slight problem with this system. As you read before, one
byte of data can´t contain a number greater then 255 or lower then 0. Since we add two
numbers, which both can be anywhere between 0 and 255, the chances are big that some
encrypted data would have a higher number then 255, and wouldn´t be able to fit into a
byte. This problem is easily fixed though. By checking each encrypted number, before they
are saved into the bytes, we can see if they are greater then 255. If the encrypted data
isn´t greater then 255, it is simply saved in a byte, but if it is greater then 255, we
subtract 256 from the encrypted data, before saving it into a byte. This ensures that
whatever the letters ascii code and the byte value was, the result will always be a number
between 0 and 255.
Of course, this means that when we decrypt each byte, that is, when we
subtract the ascii codes from the bytes value, the result may be lower then 0. If any
result is lower then 0, we just need to add 256 to that result, to make that decrypted
data fit between the 0 and 255 limits. We can do this becouse
| Byte + ascii - 256 |
= |
Byte - ascii + 256 |
Go ahead, try some numbers out. Set the byte to any number between 0 and 255,
and do the same with the ascii code number, then calculate the formula, and you will see
that it is correct.
The decryption program doesn´t need any extra information to know were to
add 256 and were not too. When the encryption program subtracted 256 from a bytes value,
it also made sure that the byte will get a negative value when it is decrypted. Therefore,
the decryption only needs to see if the decrypted byte is lower then 0, to determine if
256 should be added or not.
Again, this encryption technique is a good example for the beginners, but it
is not very hard to crack with a couple of super computers. This example can however
inspire you to invent new techniques, or at least make you experiment with it.
In every password protected system, no matter how secure, it´s important to
remember to choose a good password. You should rather choose a random set of letters then
your name backwards. Many hackers tries to crack a password protection by guessing the
password. Therefore, use a password that would be hard to guess. It would only take an
hour or two for a hacker to guess your password, if you for example used your name, phone
number, security number, street address or anything like that.
It is also a good idea to choose a long password, becouse of another method
to crack a password protected system, called "brute force". Brute force is a
technique which tries every possible combination of letters, until the right password has
been found. The longer a password is, the more combinations a brute force program has to
go throu before it finds the correct password, and your password will then be much harder
to crack. For example, a six letter password, that can contain the letters a-z and 0-9 has
1838265625 different combinations. This may sound impressive, but the fact is that a
standard computer with a good brute force program would only need a couple of hours to
crack it. By making your password longer, more combinations are possible, and the time it
would take to brute force it will rapidly increase. Here are a list of different password
length verses the number of combinations they each have, and the maximum time needed to
brute force them:
Password
length |
Possible
combinations |
Time needed
to brute force |
| 1 letter |
35 |
< 1 second |
| 2 letters |
1225 |
< 1 second |
| 3 letters |
42875 |
< 1 second |
| 4 letters |
1500625 |
18 seconds |
| 5 letters |
52521875 |
7 minutes |
| 6 letters |
1838265625 |
4 hours |
| 7 letters |
64339296875 |
6 days |
| 8 letters |
2251875390625 |
7 months |
| 9 letters |
7,881563867188e+13 |
20 years |
| 10 letters |
2,758547353516e+15 |
700 years |
As you can see, the number of possible combinations and time needed to brute
force them increases rapidly as the password becomes longer. Brute force is a slow way to
crack a password, but it works. But since it would take a standard computer 700 years to
find a ten letter password, they don´t impose much threat to the security.
The encryption technique used in this article is good enough to stand against
these two cracking techniques, as long as you choose a good password. But don´t think you
are untouchable just becouse these two tricks can´t crack your encryption. Governments
all around the world hire scientists, programmers, hackers, and invest millions of dollar
in hundreds of super computers, just to try to crack other countries encryptions used in
military communications. In these cases, we are not talking about any puny brute force
program, here we are talking about artificial intelligence programming. Scientists and
programmmers spends all their time to make smarter programs that can detect patterns in
the encrypted data, and try to crack them by using logic. With such incredible programs
and enormous computer powers, our little encryption wouldn´t take more then a second to
crack, even if your password was 100 letters long. But, on the other hand, why should you
need to worry about the FBI and other governments, if you are a law obiding citizen,
right?:)
There is lots of information in libraries and especially on the Internet
about encryption, but unfortunately, most of them are written by scientists, and are
extremely hard to understand for anyone that isn´t an encryption scientist. My only
advice is, search the web, and don´t give up. You will be able to pick up bits and pieces
and slowly learn the art of encryption.
Personally, i never knew there was such a thing as encryption when i made my
first encryption program. I had an "great" idea on how to protect data from
unauthorized individuals, and i made a program that changes the data according to a
password. It was first when i showed my program to others, that i learn it was already
invented, and was called encryption. If you want to continue to learn more about the art
of encryption and decryption, i can only say, use your head, read alot, and don´t give
up.
Good luck!
** That Anonymous
Dude est un ami suédois qui a décidé de rejoindre notre équipe, même s'il n'est
pas tunisien :-). Il est spécialiste en 3D et en cryptage, piratge,...etc. :-) |
