Transcript from the "Cryptography" Lesson
[00:00:00]
>> [MUSIC]
[00:00:04]
>> Douglas Crockford: I told you that story because I want to introduce you the Kerckhoffs. Kerckhoffs was an amazing guy. After the bulletproof thing exploded, things went really bad for him, his health suffered and it just, it went bad. But just before he got involved with them, he wrote the first book about modern cryptography.
[00:00:24] Prior to Kerckhoffs, cryptography was understood as the science of secret codes, generally codes written on pieces of paper. Kerckhoffs reinvented cryptography based on electronic communication because they were now sending messages through the telegraph and the properties of the telegraph are radically different from the properties of paper. And he worked this stuff out and came up with a set of principles which are still understood to be true today.
[00:00:53] He was one of these amazing thinkers who's just so smart and so far ahead of his time. So one of the things he wrote is called The Kerckhoffs Principle and he said the design of a system should not require secrecy and compromise of the system should not inconvenience the correspondents.
[00:01:13] So let me demonstrate what he's talking about here. So we have two correspondents Alice and Bob and they need to communicate and they don't want to be observed while they're doing that. So they have a cryptographic system. In this cryptographic system, Alice takes her message, her plain text and puts it in an encryption machine.
[00:01:35] She also puts a key into the encryption machine and out comes a cipher-text. She then transmits the cipher-text to Bob and it's entirely possible that that wire is being observed and anybody can see it. Bob receives the cipher-text, he puts it in his decryption machine which may be identical to Alice's encryption machine and also puts in the same key, which they exchanged in a prior meeting, and that allows him to obtain the plain text and this is basically how all cryptographic systems work.
[00:02:10] The thing that Kerckhoffs said which was so amazing was that there are no secrets in the encryption machine. The only secret in the system is the key and I still see people today, academics who are saying, we should try to keep as much of our system private as we can in order to frustrate the attackers.
[00:02:32] Kerckhoffs said no, just protect the keys, that's all you have to do. And he was right and he was right because there is no security in obscurity. And it turns out the more secrets you have, the harder they are to keep and just keeping the keys safe is really hard.
[00:02:51] So you should focus all of your attention on that. There are some people who take The Kerckhoffs Principle so far as to say we should publish everything about our system except our keys, the good thing about that attitude is you're never confused about what are the important secrets in your system.
[00:03:14] So cryptography is not security but the way that cryptographers think about problems Is a really useful way of thinking and we should think like that too. So I'm gonna try to teach you to think like a cryptographer. I'm gonna do that by teaching about a cryptographic system called the One Time Pad.
[00:03:32] This is the only cryptographic system which is guaranteed to be truly unbreakable. In all other cryptographic systems, if you have enough time and enough computer power, eventually you can brute force, try every key and eventually you'll break the system. Not possible with a system, guaranteed unbreakable which is pretty nice.
[00:03:51] There are rumours that the hotline between the White House and the Kremlin is encrypted with the One Time Pad. So this is how it works. We have a number of rules that we have to follow. The first one is that the key must always remain secret. This is true of every cryptographic system.
[00:04:09] Number two, the key must be at least as long as the plain text. Now this is really unusual. In most cryptographic systems, the key is some fixed size and the messages tend to be much longer than the key. This one says the key has to be at least as long as the message.
[00:04:27] Then the cypher text is obtained by Exclusive-ORing the plain text and the key. That is the algorithm. That is the implementation of the system, so it's really, really simple. So let me demonstrate it to you. This my plain text. This is the JSON logo. I'm using it because I can.
[00:04:44] Usually you think of a plain text as being a text, but this is an array of ones and zeros, right? So we can encrypt that. This is my key. The key is the same size as the message. I'm going to Exclusive-OR them together and if I do this correctly, you should not see any sign, any ghost, any whisper of the original message.
[00:05:06] If a message is completely obscured, hidden in the noise, then I have encrypted it correctly. The next rule says that the key must be perfectly random or cryptographically random. Getting that kind of randomness is hard. Now I went to a lot of trouble to get that into my key.
[00:05:25] So let me show you what happens if you don't. So this is a key, it looks just like the key I showed you first, except I made this one in Photoshop with a noise filter, okay and Photoshop's noise filters are not guaranteed to be cryptographically random. So if I Exclusive-OR my plain text with this weak key, you can see it, right?
[00:05:49] It's leaking through. This is what crypt analysts are looking for when they're breaking codes. They're looking for any kind of pattern, any kind of signal that's leaking through the noise. You are breaking an unbreakable code with your brain, and you're not even working hard at it. And the reason you're able to do that is your visual system is extremely effective at separating signal from noise, and that's what crypt analysts do when they're trying to break a code.
[00:06:20] The next rule is so important, it is the name of the system. A key must never be used more than once. So the metaphor for how the system is used is I will print two identical books of random numbers. I will keep one, I will give you the other one.
[00:06:37] When I want to encrypt a message to you, I will take the first sheet, I will tear it out, I will encrypt with it, I will then destroy it. When you receive the message, you will take the corresponding sheet out of your book, you will decrypt with it, and you will destroy it.
[00:06:52] You will never use it again. That's why it's called the One Time Pad. So what happens if we violate that rule? So this is a picture of me. This was taken in Istanbul. I'm using it because I can. This, you'll recognise is the first key that I showed you.
[00:07:10] This is the first good key and I'm going to encrypt my picture with that and again, it's completely hidden. I'm now going to Exclusive-OR this one with the first cipher text that I obtained. And what happens is because they each are Exclusive-ORed with a key, the key will cancel out and I'm left with the two messages Exclusive-ORed with each other and there is no security in that.
[00:07:39] So cryptography is not security, but cryptography can teach us stuff about security. It's something I've found is that often we think incorrectly about how to use cryptography. If I'm looking at someone's system and there are obvious security vulnerabilities in them and I point them out to the architect, the architect's first response is, we need to encrypt something.
[00:08:03] That turns out not to work. But thinking like cryptographers, that does work and one of the tools that they use for thinking is they have a cast of characters who they use for reasoning about their systems. We've already met Alice and Bob. They are standard characters in the cryptographic show, but there are lots of other characters.
[00:08:24] For example, there is Eve. Eve is an eavesdropper. Eve might have a packet sniffer and Eve might be NSA for example. Eve is looking at everything that's going between Alice and Bob, and Eve is hoping to accumulate enough stuff that eventually she'll have enough information to break their system or at least be able to observe the pattern of their communication and do a traffic analysis.
[00:08:53] Then there is Mallory. Mallory can do man in the middle of it, man in the middle attacks. Mallory might be operating a public hot spot, and so Bob connects to Mallory's network thinking that he's gonna connect to Alice, but he's actually connected to Mallory. Mallory connects to Alice and Bob tries to log in.
[00:09:14] Mallory asks Bob, what's your password, Mallory connects to Alice. Alice says what's your password, Mallory gives Bob's password to Alice. Now he tells Alice, please transfer my funds. Mallory says to Alice, please change my password. Mallory says to Bob, I'm sorry we're down right now, please come back later.
[00:09:32] Is that something we should be worried about? Yeah, we should be worried about that, yeah. And then finally in my own practice, I have a character I call Satan. Satan is totally malicious. He was very, very powerful, he is very, very smart, he's very, very determined. And he's financed, he's got the tools and he wants to hurt us and our customers.
[00:09:58] The approach that some people take to him is to say well, we won't let him connect to us. You know if you're Satan, you can't connect. That's called a blacklist and that doesn't work. On the Internet, it is so easy to create new identities that you can't do that because he'll just be somebody else.
[00:10:19] So the other approach is we will allow everybody to connect to us who is not Satan. That's a white list and that doesn't work either in this case. The only thing that works is recognising that Satan is going to connect to us and he is going to do to us and our customers whatever we allow him to do to us and our customers.
[00:10:42] And so we have a responsibility to do everything right so that the capabilities that we give to Satan are so limited and so weak that he cannot cause us harm. That is the only thing that works. Nothing else works. So because of that, security must be factored into every decision we make.
[00:11:06] Everything we do has security implications and can either make things better or worse for Satan. One big source of insecurity is the idea that we'll go back and make it secure later. It's very common that engineers who are building something will think the hard part is going to be to get the systems to boot, or the boxes to talk, or the pixels on the screen.
[00:11:28] Once we've done that, 2,0 will go back and add security. Turns out that doesn't work. Security is a really hard thing to retrofit. You need to get the stuff right at the beginning and all along all the time. You can't add security just as you can't add reliability.
[00:11:48] These are things that have to be removed. That you have to remove insecurity. You have to remove unreliability. You can't add them. Having survived to this point does not guarantee future survival. Everybody who does business on the web has been under attacked since the beginning of the web and they have not destroyed us yet, but that does not guarantee that they won't and so you have to always remain vigilant.
[00:12:16]
>> Douglas Crockford: The impossible is not possible, so don't expect impossible means to protect you. If a measure is not effective, it is ineffective, and we should not be wasting any time or attention on it. Don't attempt to prohibit what you can't prevent. And what you don't prevent, you allow.
[00:12:39] False security is worse than no security because if you know you're not secure, you'll be cautious and if you think you're secure and you're not, you will be reckless.