Cryptology is the science that studies encryption systems. With their help, users can classify messages using one of hundreds of combinations known to the world. This is necessary in order to hide the data from public viewing.
The technology was first used in ancient Rome. With the development of writing and mathematical sciences, algorithms began to be used that contributed to the emergence of new types of encryption. The information security system is used for the following purposes:
- creating puzzles;
- classification of documents and negotiations;
- counteracting data theft during correspondence.
Cryptography systems are widely used by special and intelligence services of countries. Using their own algorithms, they transmit strategically important information.
The second people for whom text encryption is in demand are commercial structures. Negotiations and project development are often hidden from competitors using encryptors at the initial stages.
The last group of users are ordinary citizens. It is not prohibited at the legislative level to encrypt your own letters using available encodings. Messengers use algorithms with created keys to protect the transfer of information between users.
Types of ciphers
The basic principle of operation of any type of encoding is an encoder and a decoder. Information is sent from one device in converted form, to another it is received and converted into the desired text. To encode and decode information, you will need to exchange a key. It helps to decode the letter.
By type of information, all available encryption methods are divided into:
- symmetrical;
- asymmetrical.
Depending on the chosen method, a different procedure is used for developing the code and converting it according to the selected data hiding system.
Symmetrical
Symmetric text encryption methods include encryption systems using a pre-developed key. Only persons conducting private correspondence with each other should know it. To quickly convert the received information, the key must already be on hand or indicated in the message itself.
As a result, users first need to obtain the source key code itself, and then use it to begin decrypting the received message. The steps to create a coded message for the sender are performed in reverse order. First, a key is generated using an algorithm. Next, the letter is generated using the selected encryption method.
Asymmetrical
The difference with the symmetric encryption method is the keys. The coding method is done using open code. It is freely available.
To decode the message you will need a second key. It is private and only the participants in the correspondence know it. The method is often used in instant messengers and email services. It will not be possible to decode information without a closed code. It is formed by negotiators.
Hash functions
Keyless algorithms are typically used to compute hash or convolution functions. A hash function converts an array of input data of an arbitrary length into an output bit string of a specified length. The beauty of this conversion is that if the object has changed, its hash function will also be adjusted.
Let's look at this using the example of the openssl utility installed on Linux. For example, we have a text file containing “this is simple text”:
Let's calculate the hash function from this file using the md5 algorithm:
Now let's change the contents of the file:
Please note: we added a new line (“but changed”) to the file, recalculated the hash of the file, and it became different. That is, if the contents of the file change, the hash function will not remain the same. This can be used to monitor the integrity of critical files: if their hash changes, the system administrator will receive an alert. Or to check whether the file has been completely downloaded: if so, its hash will be published on the site.
On Windows, I recommend the Sigcheck utility from the Sysinternals package to calculate the hash. For example, let's calculate the md5 hash value from the PsExec.exe file:
Another option is to use the certutil utility that comes pre-installed in Windows. Let's use it to calculate the md5 hash value from the PsExec.exe file:
You can also download the openssl package for Windows OS. Download the archive for the desired processor architecture from here, unpack it and go to the bin directory in the console. We need the openssl.exe file:
Now we have access to almost all the features of the openssl package on Windows. For example, calculate the hash, as we did in the previous examples for Linux (don’t forget about absolute and relative paths to files):
It is better to move the package to the C:/OpenSSL directory, and the openssl.cnf configuration file from the bin directory to the OpenSSL directory. Let's avoid mistakes like in the screenshot above:
Now let's look at the implementation of cryptographic algorithms.
Encryption groups
Types of information encoding are divided into algorithms and methods. All of them consist of three large groups:
- replacement;
- rearrangement;
- combination.
These groups include smaller subspecies. In total, more than twenty types of data encoding are known. Each direction is used for entertainment or protection of messages. Based on the presented methods, using an already developed algorithm, it is possible to create your own type of encryption.
How does encryption work using iMessage as an example?
Perhaps Apple can be classified as one of those companies that are most concerned about the confidentiality of their users' data. Encryption and security in Apple products is at a high level.
You can understand this by understanding the operating principles of one of the services - iMessage.
So you've decided to use iMessage. We registered an Apple ID, went into settings and turned on the service.
On the iOS device, two pairs of keys are immediately created: public and private. Yes, yes, iMessage works using an asymmetric type of encryption.
The private pair remains in the device’s memory, while the public one is sent to Apple servers.
Well, iMessage is enabled. You open the Messages app, select a recipient, and start writing a message. In the meantime, the service checks for the recipient's public key, which is attached to the Apple ID account. Having found it, the subscriber is highlighted as available for sending messages through the service.
The message is written, you click Send. The message is immediately copied and encrypted using the private key stored on the device, linked to the public key and sent to the recipient.
The encrypted message arrives on the recipient's device. It is tied to the sender's public key and requires decryption. Meanwhile, the same encrypted copy is deleted on the server.
Despite the fact that the user has already “physically” received the message, he does not know about it, since he has not received any notifications. The device begins decryption. The reverse encryption algorithm is enabled. Using a known public key and a private key stored on the device, the message is decrypted.
It is impossible to read it without the presence of the device itself, even if the message is intercepted. When the message is decrypted, the user receives a notification. And then the whole process is repeated again and again.
Replacement ciphers
The encoding method does not change the written text in sequence. When using a key, the entire alphabetic and numeric values change.
This encryption group includes three types of encoding:
- monoalphabetic;
- bigram;
- polyalphabetic.
Replacements occur according to pre-established rules according to the algorithm and method. Both digital and alphabetic information can be encoded.
Monoalphabetic ciphers
In this encoding method, the character is changed to another one. Additionally, groups can be changed to an equal number of letters or numbers. The method is easy to read even without a generated key. To decode, you will need to conduct a frequency analysis.
To do this, the number of characters in the ciphertext is counted. These numbers are then divided by the number of letters in the alphabet used in encoding. At the end, the resulting frequency of each letter is compared with the standard one.
Based on the presented method, nine common letter encryption methods are used, which will be discussed further. For decoding without a key, a table is compiled according to the frequency of keys.
Random code
The combination used in the random shuffling method allows you to create a table to replace each symbol in a chaotic order. A convenient method will be for encoding short messages.
Using the compiled table, you can encrypt 33 letters of the Russian alphabet with 8.683317618811886*10 to the 36th power in the number of options. It will take a lot of time to encode a large text file.
Keyword
Allows you to encode words written at the beginning of a line in the table.
Important! When choosing a word, it is necessary that all the letters in it are not repeated.
The entered keyword will be highlighted in the table. If necessary, it can be encrypted using a mathematical method. The method is often found in puzzles and riddles. To decrypt, you will need to combine the frequency letters and numbers in the code word in a table and write them in order. Depending on the density and frequency of letters, there may be several words for the entire table.
Atbash
The method was originally used by the Jews to encrypt the Hebrew alphabet. Literally the name comes from four letters:
- Aleph;
- Tav;
- Beth;
- Shin.
The encoding method is also hidden in the name. In order, the indicated symbols are built in the following order - first, last, second, penultimate. The word or phrase used for encoding is replaced at the specified location of each character.
ROT1
The designation is translated from the English abbreviation as “move the alphabet one letter forward.” The method is found in children's puzzles. Encoding applies only to words and phrases. To get the answer, it is enough to move each letter forward in the encoded message.
Caesar Cipher
The cipher was named after the Roman emperor. He invented it to conduct secret correspondence with his commanders. The offset method described above is used to hide the message. The difference lies in the number of moves. The encoded letter must be replaced by the one in front of it.
Note! You can shift the position of the letter at your own discretion. If the Russian alphabet is used, then the number of offsets can be up to thirty-three.
ROT5
The principle of substitution is used. The peculiarity of the method is that only numbers are encoded. To change, the order of replacement is five positions forward or backward. The method can be used in combination with other methods that use the conversion of letters into numbers.
ROT13
Used to encrypt letters of the Latin alphabet. The method is common in the English-speaking segment of the Internet to hide information published on thematic portals.
For encoding, the alphabet is divided into two groups of thirteen characters, writing them one below the other. Each letter is replaced thirteen steps forward or backward.
ROT18
Combined method. The encryption rules use the techniques of the ROT 5 and ROT 13 methods described above. When encoding, both vertical and horizontal methods are used to replace all letters. Applies only to Latin.
ROT47
To encode information, you will need the first 47 characters from the ASCII table. It contains not only letters and numbers. Includes symbols and punctuation marks. The combination is used to encode messages and addresses to Internet resources. The movement is carried out with an offset by the selected number of positions in the table from 1 to 47 characters.
Polybius Square
The developer of the coding method was Polybius, after whom the method was named. He lived in the 3rd century BC and was a Greek historian and commander. The cipher is carried out according to the principle of a chessboard.
To encrypt, we enter all the letters of the alphabet into a square divided into cells or a rectangle. If there are more letters than cells, it is allowed to enter two symbols into one cell. For encoding, the desired letter is taken and moved to the specified number of positions in this line down or up.
Each direction can be divided into a number of characters by coordinates. In this case, it is enough to write the top and bottom. For encoding, a pair of numbers is written down, indicating the address of the letter in the table.
Poetic cipher
Coding follows a similar principle. A square is drawn up, divided into cells by steps. The lines of the poem are written into them with a break and indentation for each line.
If the end of a line of verse is not included in the square, it is removed. If there is space left, the next line is entered. The letters Ё, И, Х, Ш, Ш, Ъ, E are not involved in coding. This should be taken into account when composing a message in rhyme. The number of vertical and horizontal lines in a square is 10X10.
Rus Lat
A simple and fast way to encode information using the keyboard. Her canvas will be considered both an encoder and a decoder.
To replace a character, you will need to change the layout and write the word in another language. Next, noting the location of each letter, reverse replacement is carried out.
Litorrhea
Used in Old Russian writing. Divided into two types:
- simple;
- wise.
In the first method, the letters E and E are combined. The remaining 32 symbols are divided into 2 groups of 16 pieces. They replace the upper letter with the lower one and vice versa.
The second method involves an arithmetic operation. Only vowels or consonants are encrypted. They have their own number. It is possible to obtain a coordinate encryption table by solving an arithmetic example.
Bigram encryption
The algorithm uses the double square encryption method. For this, two pairs of letters are used. According to the coordinate system, the values of each coded syllable are calculated.
Depending on the method, coding rules are established. When using a group of letters, their position and offset options are determined equal to the number of cells in each square.
Playfair cipher
To use it, you will need to create a table of 5X5 cells for the Latin alphabet or 6X6 for the Russian alphabet. The information is filled in and encoded using manual, symmetrical input of each pair of letters into the free squares in the table.
Next, the cells are filled with letters from the keyword. In the remaining free space, letters that do not appear in order in the keyword are written. The direction of a phrase or word can be any when written. For decoding, the reverse order is used. The keyword is found, and from it an inversion occurs towards each pair of letters.
Double Wheatstone square
Two tables are used at once. The text direction is used along the first horizontal line of groups of letters. Next, the message is divided into blocks one letter at a time. The first block contains the first letter from the group, the second - the second.
Letters located on the same line remain in the same place when rearranged. You can only crack or decode the code if you have a computer. The manual method cannot be translated.
Polyalphabetic ciphers
This group includes several ciphers that use the simple substitution method. A cyclic method of encrypting information using different groups of characters is used.
With this method, each specific letter of the encoded phrase can have its own encryption algorithm applied.
Vigenère cipher
Includes a sequence consisting of several Caesar ciphers. For each of them, its own character offset value is indicated.
When encoding, a table of squares is used. Letters are entered into it according to the specified alphabet characters in the encrypted message. The larger the table, the easier it is to determine the number of repeated phrase shifts and their directions.
Gronsveld cipher
The second of the coding variations according to the Vigenère system. The difference is that a multi-character number is used instead of a keyword.
The selected number indicates the number of shifts made when encrypting a message in the table and the order in which they are written in cells.
Book cipher
Used for encoding large text. The book serves as the key. The number of the word on the selected page will correspond to the location of the letter in the table.
Often a dictionary is used when using the method. The position of the letter establishes a coordinate system. According to page number and word number.
Other disk encryption programs for Windows and Mac OS
In addition to the options described above, you can use other solutions:
TrueCrypt
At first I wanted to use this program instead of VeraCrypt. Its capabilities are more than enough for both domestic and professional use. TrueCrypt can:
- Encrypt containers. You can encrypt only the necessary information to use a small storage medium.
- Encrypt disk partitions.
- Encrypt the entire disk or flash drive.
In 2014, support and development of TrueCrypt was discontinued; the latest version of the program only allows you to decrypt data, without the ability to encrypt. A recommendation to switch to BitLocker appeared on the official website. Since TrueCrypt was one of the most popular free data encryption programs, this gave rise to many rumors about pressure on software developers. This is indirectly confirmed by the fact that an independent security audit, for which more than $60,000 was raised, did not find critical vulnerabilities in the latest versions of the program.
Today, the unofficial site is the project https://truecrypt.ch.
Fans of conspiracy theories are in doubt - which is better? Don't use BitLocker because it's very suspicious that the former official website links to it? Or not to use TrueCrypt, what if the intelligence services specially created a new “rebel” site and stuffed “bookmarks” into the source code that allow you to decrypt the encrypted data?
However, you can download TrueCrypt for Windows, MacOS, Linux on the website:
The site has an English-language support forum where newbie questions are regularly answered.
I admit, my choice was influenced by a common household factor - I don’t want to re-encrypt several disks in case TrueCrypt suddenly stops updating or is incompatible with the latest versions of Windows OS (in the screenshot above you can see that Windows 10 is no longer listed in the download list).
Therefore, I chose VeraCrypt, as, in my opinion, the most promising branch of TrueCrypt. The project is constantly evolving:
But I think you will agree with me – everything still looks suspicious, right? Who could write on Wikipedia that VeraCrypt is more resistant to possible NSA attacks, if not an NSA officer on duty?
FireVault and FireVault 2 for MacOS
Owners of Apple laptops and computers can use the official FireVault program for encryption. Essentially, this is an analogue of BitLocker, only for MacOS. The disadvantage of the first version, used in OS versions up to and including Mac OS X Snow Leopard, is the ability to encrypt only the user’s home folder. The second version of the program has been used since OS X Lion and allows you to encrypt the entire disk.
Detailed Russian-language instructions for encrypting the boot partition are provided on the official website.
If your version of Mac OS allows you to encrypt only your home folder, you can use TrueCrypt or VeraCrypt and create an encrypted partition.
CipherShed
Just like VeraCrypt, CipherShed is a fork of TrueCrypt. Supports Windows, Linux and Mac OS.
The main disadvantage is below:
Not very user-friendly, in four years the installer could have been released.
DiskCryptor
The official website seems to have come to us from the 2000s:
From the moment I chose the encryption program (and this was 3 years ago) nothing has changed. Including the fact that the main page indicates OS compatibility for version 0.9, and version 1.1 is offered for download. I didn’t start guessing “Will the latest version of the program encrypt the latest version of Windows” then, and I don’t advise you now.
The program may be useful for owners of PCs with older versions of Windows OS, which is why it is included in this list.
Permutation ciphers
The second group of information encoding uses the reinstallation not of symbols, but of phrases. In this case, different algorithms and rules can be used depending on the alphabet and volume of the message.
More specific coding systems use substitution of individual characters in a sentence. When working with encoding, the user can immediately determine the number of sentences and spelled letters in it.
Simple rearrangement
When coding, a person independently chooses the principle of rearranging letters or phrases. This could be a number or the direction of the letter. To decrypt, you will need to find out the key and the rule by which symbols were replaced in a sentence or text.
The transposition method can also be used here. Each individual sentence can be written in reverse - backwards. Each individual word in the text can be encrypted using this principle, or the method can be combined with the simple placement of phrases or words.
Transposition is used for table coding. The source text is written vertically. For encryption, it is drawn horizontally or vice versa. The picket fence method is a simplified version of transposition. The sentence is written on two lines. The first line contains even letters, the second line contains odd letters.
Single permutation by key
For encoding, the text is entered into a 9X9 table. An identical one is made nearby. The first part contains a code phrase or sentence.
In the second, each letter is converted into a number. Encoding is done by offset or replacement. A key is used for this. As a result, the resulting encrypted form of the phrase is written out line by line.
Double permutation
Superimposed on a single one. An already encrypted message is encrypted again. Both columns and rows can be entered. In the second case, the table size is deliberately selected larger than in the first case of encryption.
Route rearrangement
This is a more complex type of transposed table. The difference lies in the direction in which the information in the table is read.
To decode the message, you will need to know the direction in which the code word was hidden. A chessboard is often used. Instead of indicating a direction, a figure with a rule for moving across the field is marked.
Permutation "Magic Square"
It consists of a square, the cells of which contain sequential natural numbers. The method was invented in China. It is important that the bit depth in natural numbers ultimately corresponds to the writing sequence and location in the table.
Attention! Decoding is used in a direction based on the encoded word and key. The larger the square, the larger the number written in it will be.
Rotating grid
The lattice consists of several squares. They are filled in with numbers and have spaces. The directional encryption method is considered permutational.
The arrangement of empty cells should be such that when the squares are moved, there are no gaps left in their place. For coding, a square with letters is placed under the grid with the compiled numbers.
When you shift the top layer and rotate it, a specific letter will be displayed in the empty cells. It is necessary to direct the grid so that exactly the appropriate letter for the encrypted word falls into the empty window.
Your digital safe
The most convenient solution for encrypting files on a computer today is to create a “container” that is visible in the system as a separate disk. You can save or copy any information to this disk, you can work with it from any program, it is essentially no different from a flash drive or hard drive partition, which is why it is convenient.
An important “but” - in fact, the container is a separate large file on your hard drive, access to which is organized through a special program, for example Kaspersky PURE. Any file saved to this special drive will be encrypted on the fly and written to a shared container file.
File storage can
see by any outsider, it can even be stolen (copied). But this will give an attacker or just a curious person absolutely nothing - the file contains only a jumble of characters, and you can spend many years trying to figure out a password that turns this file into a disk with readable files.
For an encrypted container to effectively protect your information, you need to follow a few simple rules:
- the encryption key (password) is the only protection of information from outsiders. It should be very long, difficult to pick up, and, in general, durable. Tips on choosing a strong password can be found in this post;
- All confidential information must be stored on the storage disk;
- All information on the disk is accessible to anyone who knows the password. If you have different groups of information for different users, create several vaults with different passwords;
- Do not keep the storage disk constantly connected, otherwise files can be stolen from it in the same way as from a regular disk. Connect the disk while working with important data and disconnect it immediately after completion;
- the information on the encrypted disk will be lost entirely if the container file is even slightly damaged. Regularly back up the container file;
- Be sure to use comprehensive computer protection to protect your password from Trojan applications and keyloggers. An active spy reduces password protection to nothing.
Combined ciphers
The latest message encoding method uses different options for hiding information. This could be a table offset or Morse code. The encoded information is converted into a numerical value and transmitted via an encrypted signal via radio equipment.
Combining encryption methods creates a message that is resistant to hacking. It is worth considering that the decoder must know in advance the method of encoding information and transmitting it. Typically, such methods do not pass a key value or hint to the decoder.
Seven troubles - one answer
As we see, there are many threats, and from each of them you can come up with your own way of protecting yourself: isolate your computer in a locked bedroom, put a PIN code to turn on your smartphone, and so on. But if you protect information not by physically isolating it, but so that only the owner can read it, the results will be more reliable and comprehensive. Absolutely all of the listed troubles - big and small - could not have happened if important information, intended not for all eyes, had been stored in encrypted form.
Sometimes you encounter encryption without even thinking about it—for example, when you log into Gmail or an online banking site using HTTPS, you are communicating with the bank through an encrypted channel. Encryption is also built into the most popular cellular communication standard today, GSM. But today we will focus on something else - encrypting data stored on a computer or smartphone.
