Add Me!Close Menu Navigation

My technical corner about Linux, Perl, programming, computer networks and network security

Add Me!Open Categories Menu

The cryptography and Truecrypt basics

In this post i will try to simply explain the amazing cryptographic world to people whose don’t understand it. If you are interesting the cryptography and the informations protection in computers technology but you aren’t able to understand many terms, this article is for you!

 

Cryptography for ordinary people

The encryption, the cryptography in computer science is very easy to explain. Cryptography is used when you want to comunicate with trusted person (or persons) and additionaly you don’t want that the communication to be readable by anyone else.

To prove the theory that the cryptography is easy to explain take a look at the simple equation below:

  • 2 + x = y

It seems like a simple maths homework for 5 year old children, but it also explains how cryptography works. You imagine that situation:

  • 2 is a secret message AFTER the encryption – so it is completely unreadable for humans and computers
  • x is a secret key (usually password) that is required to „solve” the equation – the key is unknown of course for untrusted people
  • y is a message AFTER decryption – readable for humans. But a condition which causes that ‘y’ to be readable is an encryption algorithm. We imagine a very simple algorithm which creates a readable message when the equation looks like: 2 + x = 5

If we are the destination receiver of the encrypted message, probably we know the secret key (password), because a mystery person who has encrypted the secret message for us, gave the key to us. So in this example we know that x=3 because 2 + 3 = 5 makes mathematic sense.

If we use the correct password (3) we have the decrypted message. The secret message in this example is: 5.

If the result isn’t mathematical also it’s still unreadable, because the encryption algorithm unable to create any readable form from the original encrypted message (2)

This is the simplest explaination of the cryptography.

 

But what if we are not the person intended for the encrypted message and we don’t have the key? Yes, you are right! To read encrypted message we must guess this key, trying many combinations like this:

2 + (-123) = 5 ?

2 + (-1 ) = 5 ?

2 + 0 = 5 ?

2 + 1 = 5 ?

[…]

Of course at the present time cryptography isn’t based on these simple equations, because guessing the key will be very simple if a child can solve it. So nowadays, the cryptography is based on very, very hard mathematical functions (logarithms, integrals, etc) and very, very big prime numbers using it. These mathematical actions and numbers require very powerfull computers to solve encrypted algorithms if we don’t know some tricks of course (secret keys = secret numbers = the password).

Present computers even the best in goverment and the military industry are so slow at solving the most secure encrypted algorithms with long and complicated (strong) secret keys. The mathematical science is still hard to imagine for humans (do you know or can you imagine the biggest natural number?)

 

I have a question for courios people: Is there only one secret key in my simple example for the encrypted algorithm? :-)

 

Symmetric encryption algorithm

You imagine a box or a safe in which we have secret documents. The box has also only one secret key, which can open it. But the key can have many copies, so many people who have the key can open the box and read the secret documents from it (decrypting) or inserting into the box (encrypting)

The more technical advanced key (the password) is less likely to break (guess, solve)

 

Assymetric encryption algorithm (with pair keys: secret and public)

If you imagine a house on a busy street in big city. Outsite the fence we have a public box for letters. The box is public because everyone who are walking near can drop letters, and envelopes into the box,  a letter from pop fans, a divorce letter, a letter with anthrax in it, etc. The box is the public key – everyone can use our public key to only leave a message (encrypt) only for us.

But if someone has dropped something already, then they can’t get back it, because each person can only drop into, but not pull out. The box has a special construction – only the person who has the secret key can pull out all the contents (decrypt). Because the house and the box is ours, we have the secret key only and nobody else.

There is one very important thing that we must know. The box and the keys (public and secret) are a set – we musn’t buy these things separately, because a mystery company sells this only as a set! These have to be a set, because if it isn’t, the key won’t work properly. So a box in neighbour’s fence won’t work with our keys and vice versa. Only we must be carefull to avoid loosing our secret key, because if our neighbour finds our key, he can open our box and inspect our post!

Of course the quality of the lock in our box and the  solid construction of the keys (password for the secret key) we choose ourself when buying the set.

 

Electronic security signature

There is a one more important thing which is connected with asymmetric encryption: the electronic security signature. To explain this, we should return to the public house and the box analogy. Our public box has once more magic option. The box has a special compartment. The compartment is designed for inserting mails in a special way. The compartment doesn’t take mails, but only checks marks on mails. The marks are unique for each compartment. Probably it doesn’t exist in the entire Universe that there are more than one identical compartment with identical marks.

So the compartment only checks that mail is marked by itself. If yes, this indicates that sent mail has a postmark which belongs to the box and the home owner also. But where do those marks on any mails from us come from? Of course, we can mark (sign) mail before sending it using our private key – the same private key which is used to open the public box outside our home. Only our private key can mark our mails exactly like so that our compartment in our box can recognize it. This is the only way because as you remember each box, secret key and comparment in the box also has been bought as a set. Each valid set has these things working properly only between things that belong to the same set.

We assume now, that we want to send an important e-mail to someone who doesn’t trust us. This person doesn’t know us so he doesn’t know also that the e-mail contains a letter or a bomb. If we sign our mail, we can be more trustworhy for someone. But there is one problem with our signature: How is this person going to make sure that the e-mail with that signature is sent from us? Of course: he can check this signature using our public box (public key) with the compartment, hang outside the home, on the fence. This check can be done by everyone, because our public box is… public.

If the marks on our mail fit the compartment, that mail is sent from us. If the marks don’t fit, then that mail isn’t genuine. This is possible because each private key and each compartment with each set make unique marks.

 

Qualified Electronic Signature

We imagine that we have an exceptionally malicious neighbour nerby our house. They are a very, very malicious neighbour. If they are planting liquied manure on our property and sending rumours about our (probaly) affairs they probably don’t overlook an occasion to inform the local goverment that we are sending fake letters. Yes, he can try to undermine that the signatures on our letters aren’t our true signatures. We know the truth of course, but so what? Will the local goverment believe us?

The goverment has doubts about this situation. Because the signatures on our letters can be signatures of our neightbour as well. How does the goverment know that our box really belongs to us? We can steal the set (box and key) from our neightbour’s fance for example and then our letters are signed by our key but earlier this set is belong to the neightbour.

In this situation, we must use a qualified electronic signature. But… what’s this? Assume that we have the house and the fence but don’t have the set of box and keys yet. So, we must buy this of course. This is so simple. But, before buy this we must hire some trusted and high esteemed persons. This well known, famous and trusted persons (no politicians, of course) will be a witnesses to our buying the set. The prestige of these persons is guaranteed that we are legally the buyer of our new set. They can confirm in the future that our set (with special parameters that they know) is really ours, because they were a witnesses while we were buying it.

Of course, some people from these trusted persons also can sell the set with their guarantee and prestige – this is a similar situation with identical effects of legal implications.

After we have bought this we have the confirmed set. So now, our malicious neighbour has a big problem – the authenticity of our set is confirmed by the trusted, famous persons (certificate authority – CA). He can’t undermine it to the goverment’s face because the goverment is also a trusted party.

 

Unqualified Electronic Signature

The Qualified Electronic Signature is confirmed by guaranteed and by prestigious trusted persons and organizations, so it has a big power in the sight of law.

The Unqualified Electronic Signature is almost the same, but the guarantee and a prestige doesn’t exist or is confirmed by uncommon, unknown or suspicious persons (like a drunk man from off-licence shop) or confirmed by simply oneself. For example – I promise that this was my set, that it is my set now and that it will be my set in the future, and I never had any other before. You can trust me, can’t you? ;-)

Some people and institutions might believe us, if we have the unqualified electronic signature, but some musn’t of course even if we would have been an Angel. This is the difference between the two types of electronic signatures.

 

Supermodern document shredder – The TrueCrypt world

Nowadays the protect information is important. Few people are aware of this. Each piece of information today is important and valuable. There is no unimportant or worthless information. A person who captures important information about us can use it for ill will.

Many people have experienced it already. Some people have lost their computers during police raid. These people may be guilty of something but the hand of justice isn’t perfect of course – an innocent person also can be victim of police mistake. All of these persons probably are very happy that they think the police are searching now for their data (e-mails, history of visited webpages, private documents, photos – porno also).

In this situation we should trust mathematic science, not people. It’s time to describe the program which using the power of cryptography and is nightmare even for military and inteligence services. Welcome to the TrueCrypt world

You image that there exists a very supermodern document shredder. The shredder has thousands of blades, and these blades can cut the paper on bilions in bilion ways, for bilions parts. It sounds creepy for data which the paper contains.

Because the shredder is supermodern, it can also… recovers the paper after the destruction of it for bilions of parts. This is possible because the shredder is supermodern (very important of course) and it requires to enter the program which this program introduces it how to destroy the paper. The program to destroy is a password of course – our shredder requires us to enter this program before the destruction  the paper. Default program to destroy doesn’t exists.

If you known the program (and the password) and you have the pieces (the encrypt container) you can recover all of the paper after the destruction – the shredder can fold the paper into the form which it had before the destruction. Of course if someone wants to steal the pieces… then he has particulary nothing, because it is extremely difficult to read some data from bilions parts of the A4 paper. Our shredder (truecrypt) with our program to destroy (the password) knows how recover the data from the pieces (encrypt container). Of course, if we have the pieces and we can give the shredder a completelly wrong program – it causes that the shredder will recover SOMETHING strange (for example: a blank paper aeroplane if we are lucky) but never the real paper and the data on it. It sounds amazing, isn’t?

Of course, if the program is very simple, ordinary, well known or something like that – bad people can try to guess it and may be successful recovers the data from the pieces. So the programs is important.

 

Hidden container

The cryptograhy world is the world of a constant war. The war between two forces: forces which are try to hide the informations perfectly, and forces which are try to uncover this informations. The war is the engine of the cryptography development. The „invisible” part of TrueCrypt (hidden container) feature is one of the newest weapons in the war.

Sometimes life can supprises us. A wrong person can be sure that we are using the supermodern document shredder. These people may know how the supermodern document shredder works. So, they won’t believe us that we don’t know the program if we have the pieces container. They can threaten us until we give our program (the password) for our pieces. What now? What we can do?

Our shredder can helps us even in this situation. You imagine that we have an A4 paper with very important data. The paper has important data on one side – the other side has some unimportant data (for example: a letter from a lover) – but these both sides exist on one A4 paper. Now, you imagine that our shredder can destroy the paper using with 2 programs at the same time. After the destruction of the pieces it looks like as typical  pieces – nobody can recognizes how these pieces arose. But these pieces can be recovered as two ways depending on the program used (the password)

First way to recover only the first side of the A4 paper, the second side is completely blank as if it never had any data before.

Second way to recover the data on the second side of the  A4 paper and now the first side is completely blank. That’s very simple.

So, as you can look – you can decrypt your data due to force by someone or by law, but you can also still hide your important data. This is the hidden container power. This feature of our supermodern document shredder is important in strange countries (like United Kingdom) in which countries you must decrypt your data due to regulation law, even disclosure of this data may be dangerous for you.

Leave a Reply

You must be logged in to post a comment.