How software works the magic behind encryption, CGI, search engines, and other everyday technologies
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (6.51 MB, 224 trang )
HOWSOFTWAREWORKS
TheMagicBehindEncryption,CGI,SearchEngines,and
OtherEverydayTechnologies
byV.AntonSpraul
SanFrancisco
HOWSOFTWAREWORKS.Copyright©2015byV.AntonSpraul.
Allrightsreserved.Nopartofthisworkmaybereproducedortransmittedinanyformorbyanymeans,electronicor
mechanical,includingphotocopying,recording,orbyanyinformationstorageorretrievalsystem,withouttheprior
writtenpermissionofthecopyrightownerandthepublisher.
PrintedinUSA
Firstprinting
1918171615123456789
ISBN-10:1-59327-666-4
ISBN-13:978-1-59327-666-9
Publisher:WilliamPollock
ProductionEditor:AlisonLaw
CoverIllustration:JoshEllingson
InteriorDesign:OctopodStudios
DevelopmentalEditors:HayleyBaker,SephKramer,andGregPoulos
TechnicalReviewer:RandallHyde
Copyeditor:RachelMonaghan
Compositor:SusanGlinertStevens
Proofreader:JamesFraleigh
Forinformationondistribution,translations,orbulksales,pleasecontactNoStarchPress,Inc.directly:
NoStarchPress,Inc.
2458thStreet,SanFrancisco,CA94103
phone:415.863.9900;
www.nostarch.com
LibraryofCongressCataloging-in-PublicationData:
Spraul,V.Anton.
Howsoftwareworks:themagicbehindencryption,CGI,searchengines,andothereverydaytechnologies/by
V.AntonSpraul.
pagescm
Includesindex.
Summary:“Aguidefornon-technicalreadersthatexplorestopicslikedataencryption;computergraphics
creation;passwordprotection;videocompression;howdataisfoundinhugedatabases;howprogramscanwork
togetheronthesameproblemwithoutconflict;andhowmapsoftwarefindsroutes.”—Providedbypublisher.
ISBN978-1-59327-666-9—ISBN1-59327-666-4
1.Electronicdataprocessing—Popularworks.2.Computersoftware—Popularworks.3.Computernetworks—
Popularworks.I.Title.
QA76.5.S66632015
005.3—dc23
2015022623
NoStarchPressandtheNoStarchPresslogoareregisteredtrademarksofNoStarchPress,Inc.Otherproductand
companynamesmentionedhereinmaybethetrademarksoftheirrespectiveowners.Ratherthanuseatrademark
symbolwitheveryoccurrenceofatrademarkedname,weareusingthenamesonlyinaneditorialfashionandtothe
benefitofthetrademarkowner,withnointentionofinfringementofthetrademark.
Theinformationinthisbookisdistributedonan“AsIs”basis,withoutwarranty.Whileeveryprecautionhasbeentaken
inthepreparationofthiswork,neithertheauthornorNoStarchPress,Inc.shallhaveanyliabilitytoanypersonor
entitywithrespecttoanylossordamagecausedorallegedtobecauseddirectlyorindirectlybytheinformation
containedinit.
AbouttheAuthor
V.AntonSpraulhastaughtintroductoryprogrammingandcomputersciencetostudents
fromallovertheworldformorethan15years.HeisalsotheauthorofThinkLikea
Programmer(NoStarchPress)andComputerScienceMadeSimple(Broadway).
AbouttheTechnicalReviewer
RandallHydeistheauthorofTheArtofAssemblyLanguageandWriteGreatCode(both
NoStarchPress),andisalsotheco-authorofTheWaiteGroup’sMicrosoftMacro
Assembler6.0Bible(SamsPublishing).HydetaughtassemblylanguageattheUniversity
ofCalifornia,Riverside,formorethanadecadeandhasbeenprogrammingsoftwarefor
nuclearreactorconsolesforthepast12years.
BriefContents
Acknowledgments
Introduction
Chapter1:Encryption
Chapter2:Passwords
Chapter3:WebSecurity
Chapter4:MovieCGI
Chapter5:GameGraphics
Chapter6:DataCompression
Chapter7:Search
Chapter8:Concurrency
Chapter9:MapRoutes
Index
ContentsinDetail
Acknowledgments
Introduction
WhoThisBookIsFor
TopicsCovered
BehindtheMagic
1Encryption
TheGoalofEncryption
Transposition:SameData,DifferentOrder
CipherKeys
AttackingtheEncryption
Substitution:ReplacingData
VaryingtheSubstitutionPattern
KeyExpansion
TheAdvancedEncryptionStandard
BinaryBasics
AESEncryption:TheBigPicture
KeyExpansioninAES
AESEncryptionRounds
BlockChaining
WhyAESIsSecure
PossibleAESAttacks
TheLimitsofPrivate-KeyEncryption
2Passwords
TransformingaPasswordintoaNumber
PropertiesofGoodHashFunctions
TheMD5HashFunction
EncodingthePassword
BitwiseOperations
MD5HashingRounds
MeetingtheCriteriaofaGoodHashFunction
DigitalSignatures
TheProblemofIdentity
CollisionAttacks
PasswordsinAuthenticationSystems
TheDangersofPasswordTables
HashingPasswords
DictionaryAttacks
HashTables
HashChaining
IterativeHashing
SaltingPasswords
ArePasswordTablesSafe?
PasswordStorageServices
AFinalThought
3WebSecurity
HowPublic-KeyCryptographySolvestheSharedKeyProblem
MathToolsforPublic-KeyCryptography
InvertibleFunctions
One-WayFunctions
TrapdoorFunctions
TheRSAEncryptionMethod
CreatingtheKeys
EncryptingDatawithRSA
RSAEffectiveness
RSAUseintheRealWorld
RSAforAuthentication
SecurityontheWeb:HTTPS
Handshaking
TransmittingDataUnderHTTPS
TheSharedKeyProblemSolved?
4MovieCGI
SoftwareforTraditionalAnimation
HowDigitalImagesWork
HowColorsAreDefined
HowSoftwareMakesCelAnimations
FromCelAnimationSoftwaretoRendered2DGraphics
Softwarefor3DCGI
How3DScenesAreDescribed
TheVirtualCamera
DirectLighting
GlobalIllumination
HowLightIsTraced
Full-SceneAnti-Aliasing
CombiningtheRealandtheFake
TheIdealofMovie-QualityRendering
5GameGraphics
HardwareforReal-TimeGraphics
WhyGamesDon’tRayTrace
AllLinesandNoCurves
ProjectionWithoutRayTracing
RenderingTriangles
ThePainter’sAlgorithm
DepthBuffering
Real-TimeLighting
Shadows
AmbientLightandAmbientOcclusion
TextureMapping
Nearest-NeighborSampling
BilinearFiltering
Mipmaps
TrilinearFiltering
Reflections
FakingCurves
DistantImpostors
BumpMapping
Tessellation
Anti-AliasinginRealTime
Supersampling
Multisampling
Post-ProcessAnti-Aliasing
TheRenderingBudget
What’sNextforGameGraphics
6DataCompression
Run-LengthEncoding
DictionaryCompression
TheBasicMethod
HuffmanEncoding
ReorganizingDataforBetterCompression
PredictiveEncoding
Quantization
JPEGImages
ADifferentWaytoStoreColors
TheDiscreteCosineTransform
TheDCTforTwoDimensions
CompressingtheResults
JPEGPictureQuality
CompressingHigh-DefinitionVideo
TemporalRedundancy
MPEG-2VideoCompression
VideoQualitywithTemporalCompression
ThePresentandFutureofVideoCompression
7Search
DefiningtheSearchProblem
PuttingDatainOrder
SelectionSort
Quicksort
BinarySearch
Indexing
Hashing
WebSearch
RankingResults
UsingtheIndexEffectively
What’sNextforWebSearch
8Concurrency
WhyConcurrencyIsNeeded
Performance
MultiuserEnvironments
Multitasking
HowConcurrencyCanFail
MakingConcurrencySafe
Read-OnlyData
Transaction-BasedProcessing
Semaphores
TheProblemofIndefiniteWaits
OrderlyQueues
StarvationfromCircularWaits
PerformanceIssuesofSemaphores
What’sNextforConcurrency
9MapRoutes
WhataMapLooksLiketoSoftware
Best-FirstSearch
ReusingPriorSearchResults
FindingAlltheBestRoutesatOnce
Floyd’sAlgorithm
StoringRouteDirections
TheFutureofRouting
Index
Acknowledgments
Thisbookwasshapedandguidedbyaplatoonoftalentededitors:AlisonLaw,Greg
Poulos,SephKramer,HayleyBaker,RandallHyde,RachelMonaghan,andthe“BigFish”
ofNoStarch,BillPollock.Beyondtheeditorialstaff,Iappreciatethesupportand
kindnessofeveryoneI’veworkedwithatNoStarch.
Thetwopeoplewhohelpedmethemost,though,areMaryBethandMadeline,the
bestwifeanddaughterIcanimagine.Withouttheirloveandsupport,thisbookwouldnot
havebeenwritten.
Introduction
SciencefictionauthorArthurC.Clarkewrotethat“anysufficientlyadvancedtechnology
isindistinguishablefrommagic.”Ifwedon’tknowhowsomethingworks,thenitmightas
wellbeexplainedbysupernaturalforces.Bythatstandard,weliveinanageofmagic.
Softwareiswovenintoourlives,intoeverydaythingslikeonlinetransactions,special
effectsinmovies,andstreamingvideo.We’reforgettingweusedtoliveinaworldin
whichtheanswertoaquestionwasn’tjustaGooglesearchaway,orwherefindingaroute
foracartripbeganwithunfoldingacumbersomemap.
Butfewofushaveanyideahowallthissoftwareworks.Unlikemanyinnovationsof
thepast,youcan’ttakesoftwareaparttoseewhatit’sdoing.Everythinghappensona
computerchipthatlooksthesamewhetherthedeviceisperforminganamazingtaskor
isn’teventurnedon.Knowinghowaprogramworksseemstorequirespendingyearsof
studytobecomeaprogrammer.Soit’snowonderthatmanyofusassumethatsoftwareis
beyondourunderstanding,acollectionofsecretsknownonlytoatechnologicalelite.But
that’swrong.
WhoThisBookIsFor
Anyonecanlearnhowsoftwareworks.Allyouneediscuriosity.Whetheryou’reacasual
fanoftechnology,aprogrammerinthemaking,orsomeoneinbetween,thisbookisfor
you.
Thisbookcoversthemostcommonlyusedprocessesinsoftwareanddoessowithouta
singlelineofprogrammingcode.Nopriorknowledgeofhowcomputersoperateis
required.Tomakethispossible,I’vesimplifiedafewprocessesandclippedsomedetails,
butthatdoesn’tmeanthesearemerehigh-leveloverviews;you’llbegettingthereal
goods,withenoughdetailsthatyou’lltrulyunderstandhowtheseprogramsdowhatthey
do.
TopicsCovered
ComputersaresoubiquitousinthemodernworldthatthelistofsubjectsIcouldcover
seemsendless.I’vechosentopicsthataremostcentraltoourdailylivesandwiththemost
interestingexplanations.
•Chapter1:Encryptionallowsustoscrambleourdatasothatonlywecanaccessit.
Whenyoulockyourphoneorpassword-protecta.zipfile,you’reusingencryption.
We’llseehowdifferentscramblingtechniquesarecombinedinmodernencryption
software.
•Chapter2:Passwordsarethekeysweusetolockourdataandhowweidentify
ourselvestoremotesystems.You’llseehowpasswordsareusedinencryptionandlearn
thesurprisingstepsthatmustbetakentokeeppasswordssafefromattackers.
•Chapter3:WebSecurityiswhatweneedtosafelypurchasegoodsonlineoraccessour
accounts.Lockingdatafortransmissionrequiresadifferentmethodofscramblingcalled
public-keyencryption.You’lldiscoverhowasecurewebsessionrequiresallthe
techniquescoveredinthefirstthreechapters.
•Chapter4:MovieCGIispuresoftwaremagic,creatingwholeworldsoutof
mathematicaldescriptions.You’lldiscoverhowsoftwaretookovertraditionalcel
animationandthenlearnthekeyconceptsbehindmakingacompletemoviesetwith
software.
•Chapter5:GameGraphicsareimpressivenotjustfortheirvisualsbutalsoforhow
theyarecreatedinmerefractionsofasecond.We’llexploreahostofclevertricks
gamesusetoproducestunningimageswhentheydon’thavetimeforthetechniques
discussedinthepreviouschapter.
•Chapter6:DataCompressionshrinksdatasothatwecangetmoreoutofourstorage
andbandwidthlimits.We’llexplorethebestmethodsforshrinkingdata,andthensee
howtheyarecombinedtocompresshigh-definitionvideoforBlu-raydiscsandweb
streams.
•Chapter7:Searchisaboutfindingdatainstantly,whetherit’sasearchforafileonour
owncomputerorasearchacrossthewholeWeb.We’llexplorehowdataisorganized
forquicksearches,howsearchzerosinonrequesteddata,andhowwebsearchesreturn
themostusefulresults.
•Chapter8:Concurrencyallowsmultipleprogramstosharedata.Withoutconcurrency,
multiplayervideogameswouldn’tbepossible,andonlinebanksystemscouldallow
onlyonecustomeratatime.We’lltalkaboutthemethodsthatenabledifferent
processorstoaccessthesamedatawithoutgettingineachother’sway.
•Chapter9:MapRoutesarethoseinstantdirectionswegetfrommappingsitesandincarnavigators.You’lldiscoverwhatamaplooksliketosoftwareandthespecialized
searchtechniquesthatfindthebestroutes.
BehindtheMagic
Ithinkit’simportanttosharethisknowledge.Weshouldn’thavetoliveinaworldwe
don’tunderstand,andit’sbecomingimpossibletounderstandthemodernworldwithout
alsounderstandingsoftware.Clarke’smessagecanbetakenasawarningthatthosewho
understandtechnologycanfoolthosewhodon’t.Forexample,acompanymayclaimthat
thetheftofitslogindataposeslittledangertoitscustomers.Couldthisbetrue,andhow?
Afterreadingthisbook,you’llknowtheanswertoquestionslikethese.
Beyondthat,though,there’sanevenbetterreasontolearnthesecretsofhowsoftware
works:becausethosesecretsarereallycool.Ithinkthebestmagictricksareevenmore
magicalonceyoulearnhowtheyaredone.Readonandyou’llseewhatImean.
1
Encryption
Werelyonsoftwaretoprotectourdataeveryday,butmostofusknowlittleabouthow
thisprotectionworks.Whydoesa“lock”iconinthecornerofyourbrowsermeanit’ssafe
toenteryourcreditcardnumber?Howdoescreatingapasswordforyourphoneactually
protectthedatainside?Whatreallypreventsotherpeoplefromloggingintoyouronline
accounts?
Computersecurityisthescienceofprotectingdata.Inaway,computersecurity
representstechnologysolvingaproblemthattechnologycreated.Notthatlongago,most
datawasn’tstoreddigitally.Wehadfilingcabinetsinourofficesandshoeboxesof
photographsunderourbeds.Ofcourse,backthenyoucouldn’teasilyshareyour
photographswithfriendsaroundtheworldorcheckyourbankbalancefromamobile
phone,butneithercouldanyonestealyourprivatedatawithoutphysicallytakingit.Today,
notonlycanyouberobbedatadistance,butyoumightnotevenknowyou’vebeen
robbed—thatis,untilyourbankcallstoaskwhyyouarebuyingthousandsofdollarsin
giftcards.
Overthesefirstthreechapters,we’lldiscussthemostimportantconceptsbehind
computersecurity.Inthischapter,wetalkaboutencryption.Byitself,encryptionprovides
uswiththecapabilitytolockourdatasoonlywecanunlockit.Additionaltechniques,
discussedinthenexttwochapters,areneededtoprovidethefullsecuritysuitethatwe
dependon,butencryptionisthecoreofcomputersecurity.
TheGoalofEncryption
Thinkofafileonyourcomputer:itmightcontaintext,aphotograph,aspreadsheet,audio,
orvideo.Youwanttoaccessthefilebutkeepitsecretfromeveryoneelse.Thisisthe
fundamentalproblemofcomputersecurity.Tokeepthefilesecret,youcanuseencryption
totransformitintoanewformatthatisunreadableuntilthefilehasbeenreturnedtoits
originalformusingdecryption.Theoriginalfileistheplaintext(evenifthefileisn’ttext),
andtheencryptedfileistheciphertext.
Anattackerissomeonewhoattemptstodecrypttheciphertextwithoutauthorization.
Thegoalofencryptionistocreateaciphertextthatiseasyforauthorizeduserstodecrypt,
whilepracticallyimpossibleforattackerstodecrypt.“Practically”isthesourceofmany
headachesforsecurityresearchers.Justasnolockisabsolutelyunbreakable,no
encryptioncanbeabsolutelyimpossibletodecrypt.Withenoughtimeandenough
computingpower,anyencryptionschemecanbebrokenintheory.Thegoalofcomputer
securityistomakeanattacker’sjobsodifficultthatsuccessfulattacksareimpossiblein
practice,requiringcomputingresourcesbeyondanattacker’smeans.
Ratherthanjumpheadfirstintotheintricaciesofsoftware-basedencryption,I’llstart
thischapterwithsomesimpleexamplesfromthepre-softwaredaysofcodesandspies.
Althoughthestrengthofencryptionhasvastlyimprovedovertheyears,thesesameclassic
techniquesformthebasisofallencryption.Later,you’llseehowtheseideasarecombined
inamoderndigitalencryptionscheme.
Transposition:SameData,DifferentOrder
Oneofthesimplestwaystoencryptdataiscalledtransposition,whichsimplymeans
“changingposition.”TranspositionisthekindofencryptionmyfriendsandIusedwhen
passingnotesingradeschool.Becausethesenoteswerepassedthroughuntrustworthy
hands,itwasimperativethenoteswereunintelligibletoanyonebutus.
Tokeepmessagessecret,werearrangedtheorderofthelettersusingasimple,easy-toreversescheme.SupposeIneededtosharethevitalintelligencethatCATHYLIKES
KEITH(thenameshavebeenchangedtoprotecttheinnocent).Toencryptthemessage,I
copiedeverythirdletteroftheplaintext(ignoringanyspaces).Duringthefirstpass
throughthemessage,Icopiedfiveletters,asshowninFigure1-1.
Figure1-1:Thefirstpassinthetranspositionofthesamplemessage
Havingreachedtheendofthemessage,Istartedbackatthebeginningandcontinued
selectingeverythirdremainingletter.ThesecondpassgotmetothestateshowninFigure
1-2.
Figure1-2:Thesecondtranspositionpass
OnthelastpassIcopiedtheremainingletters,asshowninFigure1-3.
Figure1-3:Thefinaltranspositionpass
TheresultingciphertextisCHISIAYKKTTLEEH.Myfriendscouldreadthemessage
byreversingthetranspositionprocess.ThefirststepisshowninFigure1-4.Returningall
theletterstotheiroriginalpositionrevealstheplaintext.
Figure1-4:Thefirstpassinreversingthetranspositionfordecryption
Thisbasictranspositionmethodwasfuntouse,butit’sterriblyweakencryption.The
biggestconcernisaleak—oneofmyfriendsblabbingabouttheencryptionmethodto
someoneoutsidethecircle.Oncethathappens,sendingencryptedmessageswon’tbe
secureanymore;itwilljustbemorework.Leaksaresadlyinevitable—andnotjustwith
schoolchildren.Everyencryptionmethodisvulnerabletoleaks,andthemorepeopleusea
particularmethod,themorelikelyitwillleak.
Forthisreason,allgoodencryptionsystemsfollowaruleformulatedbyearlyDutch
cryptographerAugusteKerckhoffs,knownasKerckhoffs’sprinciple:thesecurityofdata
shouldnotdependontheencryptionmethodremainingasecret.
CipherKeys
Thisraisesanobviousquestion.Iftheencryptionmethodisnotasecret,howdowe
securelyencryptdata?Theanswerliesinfollowingageneral,publicallydisclosed
encryptionmethod,butvaryingtheencryptionofindividualmessagesusingacipherkey
(orjustkey).Tounderstandwhatakeyis,let’sexamineamoregeneraltransposition
method.
Inthismethod,sendersandreceiversshareasecretnumberpriortosendingany
messages.Let’ssaymyfriendsandIagreeon374.We’llusethisnumbertoalterthe
transpositionpatterninourciphertexts.ThispatternisshowninFigure1-5forthe
messageCATHYLIKESKEITH.Thedigitsofoursecretnumberdictatewhichletter
shouldbecopiedfromtheplaintexttotheciphertext.Becausethefirstdigitis3,thethird
letteroftheplaintext,T,becomesthefirstletteroftheciphertext.Thenextdigitis7,so
thenextletteristheseventhletteraftertheT,whichisS.Next,weselectthefourthletter
fromtheS.ThefirstthreelettersoftheciphertextareTST.
Figure1-6showshowthenexttwolettersarecopiedtotheciphertext.Startingfrom
whereweleftoff(indicatedbythecircled1inthefigure),wecountthreepositions,
returningtothebeginningoftheplaintextwhenwereachtheend,toselectAasthefourth
letteroftheciphertext.ThenextletterchosenissevenpositionsaftertheA,skipping
lettersthathavealreadybeencopied:theK.Theprocesscontinuesuntilallofthelettersof
theplaintexthavebeentransposed.
Figure1-5:Thefirstpassintransposingusingthekey374
Figure1-6:Thesecondpassintransposingusingthekey374
Thesecretnumber374,then,isourcipherkey.Someonewhointerceptsthismessage
won’tbeabletodecryptitwithoutthekey,eveniftheyunderstandwe’reusinga
transpositionmethod.Thecodecanberegularlychangedtopreventblabbermouthsand
turncoatsfromcompromisingtheencryption.
AttackingtheEncryption
Evenwithoutthekey,attackerscanstilltrytorecovertheplaintextthroughothermeans.
Encrypteddatacanbeattackedthroughbruteforce,tryingallthepossiblewaysof
applyingtheencryptionmethodtotheciphertext.Foramessageencryptedusing
transposition,abrute-forceattackwouldexamineallpermutationsoftheciphertext.
Becausebruteforceisalmostalwaysanoption,thenumberoftrialsanattackerwillneed
tofindtheplaintextisagoodbaselineforencryptionstrength.Inourexample,the
messageCATHYLIKESKEITHhasaround40billionpermutations.
That’sahugenumber,soinsteadofbruteforce,asmartattackerwouldapplysome
commonsensetorecovertheplaintextfaster.Iftheattackercanassumetheplaintextisin
English,thenmostofthepermutationscanberuledoutbeforetheyaretested.For
example,theattackercanassumetheplaintextwon’tstartwiththelettersHTbecauseno
Englishwordstartswiththoseletters.That’sabillionpermutationstheattackerwon’t
havetocheck.
Anattackerwithsomeideaofthewordsinthemessagecanbeevensmarterabout
figuringouttheplaintext.Inourexample,theattackermightguessthemessageincludes
thenameofaclassmate.Theycanseewhatnamescanbeformedfromtheciphertext
lettersandthendeterminewhatwordscanbeformedfromtheleftoverletters.
Guessesabouttheplaintextcontentareknownascribs.Thestrongestkindofcribisa
known-plaintextattack.Tocarryoutthistypeofattack,theattackermusthaveaccesstoa
plaintextA,itsmatchingciphertextA,andaciphertextBthatusesthesamecipherkeyas
ciphertextA.Althoughthisscenariosoundsunlikely,itdoeshappen.Peopleoftenleave
documentsunguardedwhentheyarenolongerconsideredsecretwithoutrealizingthey
mayaidattacksonotherdocuments.Known-plaintextattacksarepowerful;figuringout
thetranspositionpatterniseasywhenyouhaveboththeplaintextandciphertextinfront
ofyou.
Thebestdefensesagainstknown-plaintextattacksaregoodsecuritypractices,suchas
regularlychangingpasswords.Evenwiththebestsecuritypractices,though,attackerswill
almostalwayshavesomeideaofaplaintext’scontents(that’swhyaretheysointerestedin
readingit).Inmanycases,theywillknowmostoftheplaintextandmayhaveaccessto
knownplaintext-ciphertextpairs.Agoodencryptionsystemshouldrendercribsand
knownplaintextsuselesstoattackers.
Substitution:ReplacingData
Theotherfundamentalencryptiontechniqueismoreresistanttocribs.Insteadofmoving
thedataaround,substitutionmethodssystematicallyreplaceindividualpiecesofdata.
Withtextmessages,thesimplestformofsubstitutionreplaceseveryoccurrenceofone
letterwithanotherletter.Forexample,everyAbecomesaD,everyBanH,andsoon.A
keyforthistypeofencryptionlookslikeTable1-1.
Table1-1:ASubstitutionCipherKey
Original
A B CDE F GHI J KL M NO P Q R ST U V W X Y Z
Replacement
M NBVCXZ L KFHGJ DS A P O I U Y T R E W Q
Althoughsimplesubstitution,asthismethodiscalled,isanimprovementover
transposition,ittoohasproblems:thereareonlysomanypossiblesubstitutions,soan
attackercansometimesdecryptciphertextthroughbruteforce.
Simplesubstitutionisalsovulnerabletofrequencyanalysis,inwhichanattacker
appliesknowledgeofhowoftenlettersorlettercombinationsoccurinagivenlanguage.
Statedbroadly,knowinghowoftendataitemsarelikelytoappearinaplaintextgivesthe
attackeranadvantage.Forexample,theletterEisthemostcommonletterinEnglish
writing,andTHisthemostcommonletterpair.Therefore,themostfrequentlyoccurring
letterinalongciphertextislikelytorepresentplaintextE,andthemostfrequently
occurringletterpairislikelytorepresentplaintextTH.
Thepoweroffrequencyanalysismeansthatsubstitutionencryptionbecomesmore
vulnerableasthetextgrowslonger.Attacksarealsoeasierwhenacollectionof
ciphertextsisknowntohavebeenencryptedwiththesamekey;avoidingsuchkeyreuseis
animportantsecuritypractice.
VaryingtheSubstitutionPattern
Tostrengthenencryptionagainstfrequencyanalysis,wecanvarythesubstitutionpattern
duringencryption,sothefirstEintheplaintextmightbereplacedwithA,butthesecond
EintheplaintextisreplacedwithaT.Thistechniqueisknownaspolyalphabetic
substitution.Onemethodofpolyalphabeticsubstitutionusesagridofalphabetsknownas
atabularecta,showninFigure1-7.Inthistable,eachrowandcolumnislabeledwiththe
letterofthealphabetthatstartstheroworcolumn.Everylocationinthegridislocated
withtwoletters,suchasrowD,columnH,whichcontainstheletterK.
Figure1-7:Atabularecta—theshadedfirstcolumnandrowarelabels.
Whenusingatabularecta,thekeyistextual—lettersareusedtovarytheencryption
insteadofnumbers,asweusedinourtranspositionexample.Thelettersoftheplaintext
selectrowsinthetabularecta,andthelettersofthekeyselectcolumns.Forexample,
supposeourplaintextmessageisthewordSECRET,andourencryptionkeyistheword
TOUGH.BecausethefirstletteroftheplaintextisSandthefirstletterofthekeyisT,the
firstletteroftheciphertextisfoundatrowS,columnTinthetabularecta:theletterL.We
thenusetheOcolumnofthetabletoencryptthesecondplaintextletterE(resultinginS),
andsoon,asshowninFigure1-8.Becausetheplaintextislongerthanthekey,wemust
reusethefirstletterofthekey.
Figure1-8:EncryptionusingthetabularectaandcipherkeyTOUGH
Decryptionreversestheprocess,asshowninFigure1-9.Thelettersinthekeyindicate
thecolumns,whicharescannedtofindthecorrespondingletterintheciphertext.Therow
wheretheciphertextletterisfoundindicatestheplaintextletter.Inourexample,thefirst
letterofourkeyisT,andthefirstletteroftheciphertextisL.WescantheTcolumnofthe
tabularectatofindL;becauseLappearsinrowS,theplaintextletterisS.Theprocess
repeatsforeveryletteroftheciphertext.
Figure1-9:DecryptionusingthetabularectaandcipherkeyTOUGH
Polyalphabeticsubstitutionismoreeffectivethansimplesubstitutionbecauseitvaries
thesubstitutionpatternthroughoutthemessage.Inourexample,thetwooccurrencesofE
intheplaintextbecomedifferentciphertextletters,andthetwooccurrencesofLinthe
ciphertextrepresenttwodifferentplaintextletters.
KeyExpansion
Althoughpolyalphabeticsubstitutionisagreatimprovementoversimplesubstitution,it’s
effectiveonlywhenthekeyisn’trepeatedtoooften;otherwiseithasthesameproblemsas
simplesubstitution.Withakeylengthoffive,forexample,eachplaintextletterwouldbe
representedbyonlyfivedifferentciphertextletters,leavinglongciphertextsvulnerableto
frequencyanalysisandcribs.Anattackerwouldhavetoworkharder,butgivenenough
ciphertexttoworkwith,anattackercouldstillbreaktheencryption.
Formaximumeffectiveness,weneedencryptionkeysthatareaslongastheplaintext,
atechniqueknownasaone-timepad.Butthat’snotapracticalsolutionformost
situations.Instead,amethodcalledkeyexpansionallowsshortkeystodotheworkof
longerones.Oneimplementationofthisideafrequentlyappearsinspynovels.Insteadof
sharingasuper-longkey,twospieswhoneedtoexchangemessagesagreeonacodebook,
whichisusedasarepositoryoflongkeys.Toavoidarousingsuspicion,thecodebookis
anordinarypieceofliterature,likeaspecificeditionofShakespeare’splays.
Let’ssupposea50-lettermessagewillbesentusingthisscheme.Inadditiontothe
ciphertext,themessagesenderalsoappendstheunexpandedkey.Usingtheworksof
Shakespeareasthecodebook,theunexpandedkeymightbe2.2.4.9.Thefirst2indicates
thesecondofShakespeare’splayswhenlistedalphabetically(AsYouLikeIt).Thesecond
2meansActIIoftheplay.The4meansScene4ofthatact.The9meanstheninth
sentenceofthatsceneinthespecifiededition:“WhenIwasathome,Iwasinabetter
place,buttravelersmustbecontent.”Thenumberoflettersinthissentenceexceedsthe
numberintheplaintextandcouldbeusedforencryptionanddecryptionusingatabula
rectaasbefore.Inthisway,arelativelyshortkeycanbeexpandedtofitaparticular
message.
Notethatthisschemedoesn’tqualifyasaone-timepadbecausethecodebookisfinite,
andthereforethesentence-keyswouldhavetobereusedeventually.Butitdoesmeanour
spiesonlyhavetoremembershortcipherkeyswhileencryptingtheirmessagesmore
securelywithlongerkeys.Asyou’llsee,thekeyexpansionconceptisimportantin
computerencryptionbecausethecipherkeysrequiredarehugebutneedtobestoredin
smallerforms.
TheAdvancedEncryptionStandard
Nowthatwe’veseenhowtransposition,substitution,andkeyexpansionwork
individually,let’sseehowsecuredigitalencryptionresultsfromacarefulcombinationof
allthreetechniques.
TheAdvancedEncryptionStandard(AES)isanopenstandard,whichmeansthe
specificationsmaybeimplementedbyanyonewithoutpayingalicensefee.Whetheryou
realizeitornot,muchofyourdataisprotectedbyAES.Ifyouhaveasecurewireless
networkatyourhomeoroffice,ifyouhaveeverpassword-protectedafileina.zip
archive,orifyouuseacreditcardatastoreormakeawithdrawalfromanATM,youare
probablyrelying,atleastinpart,onAES.
BinaryBasics
Uptonow,I’veusedtextencryptionsamplestokeeptheexamplessimple.Thedata
encryptedbycomputers,though,isrepresentedintheformofbinarynumbers.Ifyou
haven’tworkedwiththesenumbersbefore,here’sanintroduction.
DecimalVersusBinary
Thenumbersystemweallgrewupwithiscalledthedecimalsystem,decimeaning“ten,”
becausethesystemuses10digits,0through9.Eachdigitinanumberrepresentsthe
quantityofaunit10timesgreaterthanthedigittoitsright.Theunitsandquantitiesfor
thedecimalnumber23,065areshowninFigure1-10.The2inthefifthpositionfromthe
leftmeanswehave2“tenthousands,”forexample,andthe6means6“tens.”
Figure1-10:Eachdigitinthedecimalnumber23,065representsadifferentunitquantity.
Inthebinarynumbersystem,thereareonlytwopossibledigits,0or1,whichare
calledbits,forbinarydigits.Eachbitinabinarynumberrepresentsaunittwiceaslargeas
thebittotheright.Theunitsandquantitiesforthebinarynumber110101areshownin
Figure1-11.Asshown,wehaveoneofeachofthefollowingunits:32,16,4,and1.
Therefore,thebinarynumber110101representsthesumofthesefourunitvalues,which
isthedecimalnumber53.
Figure1-11:Eachbitinthebinarynumber110101representsadifferentunitquantity.
Binarynumbersareoftenwrittenwithafixednumberofbits.Themostcommon
lengthforabinarynumberiseightbits,knownasabyte.Althoughthedecimalnumber53
canbewrittenas110101inbinary,writing53asabyterequireseightbits,soleading0
bitsfillouttheotherpositionstomake00110101.Thesmallestbytevalue,00000000,
representsdecimal0;thelargestpossiblebyte,11111111,representsdecimal255.
BitwiseOperations
Alongwiththeusualmathematicaloperationssuchasadditionandmultiplication,
softwarealsousessomeoperationsuniquetobinarynumbers.Theseareknownasbitwise
operationsbecausetheyareappliedindividuallytoeachbitratherthantothebinary
numberaswhole.
Thebitwiseoperationknownasexclusive-or,orXOR,iscommoninencryption.When
twobinarynumbersareXORedtogether,the1sinthesecondnumberflipthe
correspondingbitsinthefirstnumber,asshowninFigure1-12.
Figure1-12:Theexclusive-or(XOR)operation.The1bitsinthesecondbyteindicate
whichbitsare“flipped”inthefirstbyte,asshownintheshadedcolumns.
Remember,encryptionmustbereversible.XORaltersthebitpatternsinawaythat’s
impossibletopredictwithoutknowingthebinarynumbersinvolved,butit’seasily
reversed.XORingtheresultwiththesecondnumberflipsthesamebitsbacktotheir
originalstate,asshowninFigure1-13.
Figure1-13:IfweXORabytewiththesamebytetwice,we’rebacktowherewestarted.
ConvertingDatatoBinaryForm
Computersusebinarynumberstorepresentallkindsofdata.Aplaintextfilecouldbea
textmessage,aspreadsheet,animage,anaudiofile,oranythingelse—butintheend,
everyfileisasequenceofbytes.Mostcomputerdataisalreadynumericandcantherefore
bedirectlyconvertedintobinarynumbers.Insomecases,though,aspecialencoding
systemisneededtoconvertnon-numericdataintobinaryform.
Forexample,toseehowatextmessagebecomesasequenceofbytes,considerthis
message:
Sendmoremoney!
Thismessagehas16characters,countingtheletters,spaces,andexclamationpoint.We
canturneachcharacterintoabyteusingasystemsuchastheAmericanStandardCodefor
InformationInterchange,whichisalwaysreferredtobyitsacronym,ASCII,pronounced
“as-key”.InASCII,capitalAisrepresentedbythenumber65,Bby66,andsoon,through
90forZ.Table1-2showssomeselectedentriesfromtheASCIItable.
Table1-2:SelectedEntriesfromtheASCIITable
