The History of Encryption – Part I
In my role as VP, Security Solutions at Ipswitch, I think about all things related to security. This week, I took a look way back in history to better understand the history of encryption. This is a topic that is making a lot of news today, be it for securing business information such as files and emails or other types of communication.
Modern computer software from email to managed file transfer leverages encryption in order to protect data from prying eyes, a practice that has been employed from the earliest days of mankind, especially in times of war.
As far back as 700 BC, the Spartan military used a device known as a Scytale which relied on a wooden rod that had to be identical in diameter and length at both sender and receiver locations in order to be decrypted (read). This clever concept involved wrapping leather with writing on it around a dowel and then sending it unwrapped so it would appear as gibberish without the “key”. We are Sparta!
In 1467 Leon Battista Alberti invented the first polyalphabetic substitution cipher, I know doesn’t roll off the tongue that easy. This was based on a system of two concentric disks each containing all the letters of the alphabet. By rotating the disks so the letters didn’t match you could substitute each letter in the alphabet for another based, just like a decoder ring in your cereal box!
Another substitution device was invented by the only man said to have accumulated all knowledge of his time, Thomas Jefferson. His device was called the Jefferson wheel. It had 26 cylindrical pieces mounted on an iron spindle, allowing words to be scrambled.
Continuing on with the history of encryption, one of the most famous wartime encryption machines was the Enigma. This was a mechanical device that was invented by German Engineer, Arthur Scherbius in the 1920’s and used by the Germany Navy to send coded messages leading up to World War II.
The Enigma was essentially a 380 bit machine meaning there were 2 to the 380 power possible combinations required to attempt to break the code. As this was a mechanical device, one could cleverly reduce the number of possibilities to be equivalent to a 76 bit device by examining the internal circuitry, a technique (among others) that helped the allied forces decrypt many encrypted messages during the war.
I recently saw a great movie on this topic called the Imitation Game, which I highly recommend!
Moving forward to the modern computer era, a standard known as the Data Encryption Standard (DES) became the federal standard for block symmetric encryption (FIPS 46) in 1977.
DES was based on an algorithm developed by IBM and modified by the National Security Agency (NSA). This was a 56-bit system using 64 bit blocks, so there were 256, or 72,057,594,037,927,936 possibilities. This seems unbreakable, but by the late 1990s modern computers were able to break DES in just a matter of several days due to some loopholes.
Encryption Key Types
There are two primary types of key systems or algorithms that are used to encrypt and decrypt information. They are known as symmetric and asymmetric (also known as public key).
Symmetric-key algorithms uses the same single cryptographic key for both encryption and decryption, similar to the mechanical device we discussed last time called the Scytale. This is the faster method, but delivering the key securely to the third party must be managed to ensure safety.
Asymmetric cryptography or public-key encryption requires the use of two keys, one that is private and another that is public. The public key is used to encrypt data, but does not need to be secured, as data cannot be decrypted without the private key.
Internet standards that rely on public keys include Transport Layer Security (TLS), S/MIME, Pretty Good Privacy (PGP), and GnuPG. Note that different algorithms use different key lengths, where the longer the key the more secure the system as it is harder to break.
To make things even more secure, data is encrypted in blocks, which are a sequence of bits. Common sizes range from 56, 64, 128, 192 and 256. Using 128-bit block sizes is particularly recommended as a better practice when encrypting files larger than 32 gigabytes (up to 256 Exabytes).
AES which stands for Advanced Encryption Standard was developed by two cryptographers from Belgium. The National Institute of Standards and Technology (NIST) standardized and documented this method by publishing the Federal Information Processing Standard 197 (FIPS 197) in 2001 (effective May 26, 2002). This standard has been adopted worldwide for symmetric encryption for data at rest.
AES is a symmetric block cipher, operating on fixed-size blocks of data. This successor to the DES cipher algorithm increases both the block and key size compared with DES, making it more robust. Where DES used 64-bit blocks, AES uses 128-bit blocks. Doubling the block size increases the number of possible blocks by a factor of 264, making it much more secure than the older DES standard.
In addition, while DES supports relatively short 56-bit keys, AES supports from 128, 192 and 256-bit keys. The length of these keys means that brute-force attacks on AES are not possible at this time. A further advantage of AES is that there are no “weak” or “semi-weak” keys to be avoided, a problem which troubled DES.
In 2001, AES 256-bit encryption was approved to become the US federal government standard and has also been approved by the NSA.
While there are other encryption protocols including open source ones such as TwoFish, BlowFish and 3DES, the advantage of working with an international standard is that the increased visibility leads to more testing and an overall more proven system.
AES has undergone rigorous testing and survived numerous hacking attempts for years and still has never been broken. So, insist on AES 256 bit encryption for all your secure data!