As a Xennial, I saw both sides of the development of today’s modern technology. I was young enough when cell phones came out to pick their use up quickly, but old enough to remember when you actually had to use a landline to call your friends and arrange get togethers. As I’ve been studying for the Security + 501 exam, it’s brought me back to something I had nearly forgotten from my childhood: my first exposure to cryptography.
When I was in middle school, passing notes in class was the way you communicated with friends. But it came with a huge risk: The teacher might pick up your note in class and read it out loud for all to hear! The risks to your social standing were high, especially if you were sharing information in the note you’d rather not be made public…like the name of your crush or the name of a teacher your particularly loathed.
In and effort to mitigate this risk, me and a friend of mine came up with what we were sure was an ingenious and groundbreaking idea: a secret code! We would write our notes in the code, and that way if the notes fell into the wrong hands, they couldn’t be read unless you could read the code! We spent almost a full day developing a code, and used it for the rest of the year to communicate with each other. Looking back, I know now that what we were doing was not ingenious or even new…we were using cryptography.
The (Secret) Code
We quickly discovered that we weren’t the only ones in the school who came up with the idea of encoding messages…others had picked it up to. But the code we came up with was unique compared to others that were floating around the school. Some groups were encrypting only certain important information, like the names of crushes. Others were encrypting the entire message. Some were using a number-based encryption where they substituted the letter they wanted with a number of the alphabet (a Substitution Cipher). Some were using something similar to a Caesar Cipher, where you used letters but you rotated them based on a set number so that the message looked like gibberish.
My friend and I thought we were more clever than all of them…we developed an entirely new set of symbols to write our notes. Rather than using letters or numbers, we created an entirely new alphabet of shapes and characters that represented letters. We both had the key, which meant that we were the only ones who could read the encrypted messages. As long as neither of us lost the precious piece of lined notebook paper with the key printed on it, we could communicate in written format with each other during the school day without worry that our messages could be read by others.
The Usability Problem
From the beginning, our cryptography presented some major challenges to use. From the first message we learned that if you wrote the encrypted message single-spaced, it left you no room to decrypt the message unless you wanted to start on a new sheet of paper. To solve this problem, we both decided that when we were using the code, we would always write the message double-spaced, so that the message could be decrypted in the lines between the messages. Problem solved!
Then came the next problem…my friend lost her key. I let her borrow my key to create a new copy, but it did point out another flaw in our system. If either of us lost the key, we lost the ability to communicate until a new key could be made. It was a setback, but not insurmountable in our eyes.
But what ultimately killed our secret note cryptography (besides summer break and my friend’s transfer to a different school due to school district boundary changes), was how long it took to use. Neither of us were ever able to learn the key well enough that we could look at a message and read it. You had to spend what seemed like hours looking up each symbol, decoding it, reading the decoded message, writing a response, encrypting that response with the key, and then sending the message off. That meant that very often messages weren’t getting decrypted or responded to until after school, which meant responses weren’t delivered until the next day. What was the point of trying to communicate in school via passing notes if all of your notes had at least a 24 hour delay?
Cryptography and The Security +
According to the CompTia Security+ 501 Exam Objectives, Cryptography and Public Key Infrastructure represents 12% of the questions on the exam…a not insignificant portion of exam questions. Cryptography for use in computing involves a LOT of complicated math that I admit I don’t have an interest in learning to actually do myself. Luckily, for the Security+, it appears that a basic understanding of the types of encryption and a general idea of how they work is enough.
PBS and Crash Course put out a great video on the basics of cryptography, and all of the things mentioned in the video are also examined in my test prep materials. If you are unfamiliar with cryptography, this video is a great place to start!