SAPITOS SALTARINES

Cryptography converts readable data into gibberish, with the ability to recover the original data from that gibberish. The first flavor of crypto is called symmetric-key. In this approach, an algorithm uses a key to convert information into what looks like random bits. Then the same algorithm uses the same key to recover the original data.

Pao-Chi is a sales rep for a company that makes printing machinery. He sells to newspapers, magazines, independent printing houses large and small, and even universities. His product line includes presses, tools, replacement parts, repair services, and training. The end of the quarter is coming up in a couple of weeks, and he’s just received a memo from Gwen, the vice president of sales. The company is having difficulty “making its numbers,” the memo says. Then it outlines a new, complex pricing policy.

This new policy lists the asking prices for all their products and also indicates the lowest prices sales reps are allowed to negotiate. In the past, they’ve based the amount of the discounts they give on the size of the order, expectations of future sales with a given client, and other factors. But now, the memo states, sales reps have the authority to give even big- ger discounts.

Pao-Chi wants to closely limit who has access to this information. If potential customers knew how far he was willing to go in discounting, they would have the edge in negotiations. Existing customers might demand rebates, and competitors would gain knowledge that could aid

them in winning contracts. In addition, stock analysts or business reporters could report the company’s slow sales this quarter, affecting its reputation.

How can Pao-Chi and Gwen keep this memo secret? They could choose not to let it leave the office, or maybe Pao-Chi could simply memorize it. But it’s more than 20 pages long and too complex to memorize, and he’ll need to consult it while trying to make a sale.

So Pao-Chi keeps an electronic copy of the memo on his laptop, and takes steps to protect the file. In Chapter 1, we saw that typical protection techniques are not sufficient. Pao-Chi can lose his laptop, or someone might steal it or simply look through the files while he’s at lunch. To pro- tect the file, he decides to encrypt it.

Let’s say Pao-Chi buys a computer program to encrypt sensitive files. When running the program, he simply flips the switch to “Encrypt” and feeds the file to the program (see Figure 2-1). When the file comes out of the program, it looks like gibberish. If intruders get their hands on it, they will have no idea what it means.

Chapter 2

16

Figure 2-1

If you feed your sensitive files to an encryption program, you get what looks like gibberish

original form. The program has just such a feature: he flips the switch to “Decrypt,” feeds in the gibberish, and out comes the file in its former con- dition.

But there’s one problem with this scenario. If intruders are able to obtain the encrypted file, surely they can obtain the program that con- verts it back. Even if they can’t, where can Pao-Chi safely store the pro- gram? If he can keep the program out of the hands of attackers, why not store his file there as well?

No, he doesn’t have a place where he can keep the encrypting and decrypting program safe. And if Pao-Chi has access to it, he must assume that attackers can gain access. That’s why he uses encryption in the first place. By itself, an encryption machine cannot protect secrets. Pao-Chi needs additional protection.

That additional protection is a secret number. If he feeds the file anda secret number to the program, the program will encrypt the file. Until the program has a secret number, it will not run. To decrypt the file, Pao-Chi must present the gibberish and the same secret number (see Figure 2-2).

Figure 2-2

To get encrypted gibberish, you feed sensitive data and a secret number to the encryption machine. To recover the file, you flip the switch to “Decrypt” and then feed it the gibberish and the secret number

If an attacker somehow obtains a copy of the gibberish and feeds it to the program for recovery, it won’t work. The program asks for the number, which the attacker does not know. It’s possible to try numbers at random (or to try all possible numbers systematically), but every time a wrong number is inserted, the application simply spits out different gibberish (see Figure 2-3). Chapter 2

18

Even though someone can use the same program Pao-Chi used, it never re-creates the original file without the secret number. Even if the attacker guesses a number close to the original number, even if it is off by only 1, the program will not produce anything close to the correct encrypted file.