Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
266
hpr_transcripts/hpr1390.txt
Normal file
266
hpr_transcripts/hpr1390.txt
Normal file
@@ -0,0 +1,266 @@
|
||||
Episode: 1390
|
||||
Title: HPR1390: 02 - Encryption Basics
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1390/hpr1390.mp3
|
||||
Transcribed: 2025-10-18 00:41:55
|
||||
|
||||
---
|
||||
|
||||
Inferno
|
||||
This is a hookah and welcome to our channel.
|
||||
This is a hookah and welcome you to Hacker Public Radio and another and our ongoing series
|
||||
on security and privacy.
|
||||
And what I want to do today is I want to talk about some of the basics of encryption.
|
||||
You know, it's important that we get a handle on some of this.
|
||||
And I think it's nice to understand how we got to where we are with all of this.
|
||||
In my last program, I said that if you do it properly, you can in fact communicate securely
|
||||
and privately and not have it cracked by anyone.
|
||||
But let's start developing some of these ideas.
|
||||
Now we know that the issue of securely sending information without having it read by others
|
||||
has been with us for a long time.
|
||||
One of the earliest examples of this that we know about is Herodotus, who in the fifth
|
||||
century BC was writing about a war between Persia and the Greeks.
|
||||
And in his writings, he mentions a couple of things.
|
||||
One of them was writing a message on a writing tablet and then adding a wax layer on top
|
||||
to hide it.
|
||||
Now writing tablets normally had a wax layer, so that was perfectly reasonable and the
|
||||
message got through.
|
||||
Another one was shaving the head of a messenger, writing something there, waiting until the
|
||||
hair grew back and then sending the messenger on his way.
|
||||
And then when he got where he was going, he'd shave his head again and there would be the
|
||||
message.
|
||||
One hopes they used indelible ink.
|
||||
Now these are examples really of what properly should be called stegonography, which comes
|
||||
from the Greek steganos, which means covered, and gruffae, which means writing.
|
||||
So stegonography is hiding a message in such a way that the observer does not know there
|
||||
is a message at all.
|
||||
Later examples, microdots, you could copy something I know of reading my new piece of film,
|
||||
so small, you could put it into the period of a sentence.
|
||||
In the digital age, we do steganography with things like JPEG images, where you can take
|
||||
the code for the JPEG image and embed a message inside of it that people wouldn't know about.
|
||||
The problem is that once the observer knows about it, it's very easy to defeat the secrecy
|
||||
and grab the message.
|
||||
In World War II, intelligence agencies learned all about microdots and how to find them.
|
||||
Now if you hold a page at a certain angle, the film would cause the light to glint off of
|
||||
it in a way that a normal printing wouldn't.
|
||||
And once you know where to look, there's no secrecy at all.
|
||||
What you want is a way to stop someone from reading your message, even if they physically
|
||||
have it in their possession.
|
||||
And that is what we mean by encryption from the Greek cryptos, which means hidden.
|
||||
It even uses a cipher to turn your message from the one that is read by anyone to a message
|
||||
that should ideally be unreadable to anyone who doesn't know how to decrypt the message.
|
||||
This is also very old.
|
||||
We have an early example, but Julius Caesar wrote about his Gallic Wars, and on that account
|
||||
it's referred to as a Caesar cipher.
|
||||
So this cipher moved each letter of the alphabet a fixed number of spaces.
|
||||
So if you moved everything one letter, for instance, H-A-L-H-L becomes I-B-M.
|
||||
A lot of people commented on that after the movie 2001 came out.
|
||||
If you've ever seen Rott 13, that's a very common Caesar cipher, in that case you just
|
||||
you're Rott is for rotation, so you're rotating everything 13 spaces.
|
||||
So a letter A becomes a letter N, a letter B becomes a letter O, and so on.
|
||||
Now of course this kind of cipher is very easy to decrypt, because you really only need
|
||||
to test a handful of variations once you know what the method is.
|
||||
To make a more secure system of encryption, people next move to a more random and less
|
||||
systematic method, creating what we call substitution ciphers.
|
||||
Here there is no pattern for how the letters are substituted for each other.
|
||||
Now in the United States I often see these in newspapers as brain teas or puzzles.
|
||||
They're generally not that hard.
|
||||
In fact, the Arab scholar Al-Kindy showed the way in the 9th century by demonstrating
|
||||
that language is in fact subject to statistical analysis.
|
||||
In English, for example, the most common letter is E. The second most common letter is T,
|
||||
and so on.
|
||||
The top of this list for English would be E, T, A, O, I, N, S, H, R, D, L, U.
|
||||
So if you had a text that was encrypted using a substitution cipher, your basic technique
|
||||
is to start saying, well what's the most common letter in the text?
|
||||
You know assume it's an E and see where you go.
|
||||
If it's not an E, try a T, blah, blah, blah, and so it's usually not that hard.
|
||||
As I say, they print these in newspapers and they expect people to figure it out.
|
||||
So the next step was taken by an Italian named Bellasso and then later rediscovered by a
|
||||
Frenchman visionary, visionary now gets all the credit.
|
||||
So it's called the visionary square, Sikh transit, Gloria Mundi, poor Bellasso.
|
||||
Now this uses a key word or phrase to essentially change the substitution cipher for each letter,
|
||||
which initially was very hard to break.
|
||||
So you would write your phrase, you know, so let's say your phrase was Monty Python and
|
||||
you'd write that across the top of the square and that's probably not 26 letters.
|
||||
So you'd just repeat it until you'd filled out all 26 letters and same thing down the
|
||||
side and then you take each letter and look at its position there and then go down to
|
||||
the right row and pick that out.
|
||||
So it's more complicated.
|
||||
But Charles Babbage, and yes that's the same Charles Babbage of creating the difference
|
||||
engine, showed that even this could be defeated by statistical analysis.
|
||||
And you know, when you dig into the history of this, statistical analysis is very good
|
||||
way of defeating a lot of these things.
|
||||
But a fellow named Joseph Moborn, so that you could make a completely secure cipher
|
||||
using something called a one-time pad.
|
||||
Now one-time pad, every sheet has a completely random key used to create a visionary square.
|
||||
You make two copies, one for encoding and a duplicate for decoding.
|
||||
Done properly, there is no known way to defeat this type of encryption.
|
||||
But there are problems.
|
||||
First you have to create all of these pads and ship them to all of the people who need
|
||||
to communicate with you.
|
||||
Second, if even one of these pads is ever intercepted in any way, you no longer have any security.
|
||||
Third, it is very laborious, particularly if you need to send a lot of messages.
|
||||
For these reasons, no nation has ever adopted one-time pads for the bulk of its security needs.
|
||||
Now the next step involves mechanical systems of encryption.
|
||||
Now the very first ones were just a simple pair of disks with different diameters.
|
||||
You could rotate one disk to line up the letter A with a different letter on the second
|
||||
disk and then begin encrypting.
|
||||
Another example known to old-timers in the US is something called the Captain Midnight
|
||||
Secret Decoder Ring.
|
||||
But if you think about it, this is really just a simple caesar cipher, although doing
|
||||
it with this mechanical help is certainly more efficient than doing it with pencil and paper.
|
||||
But just after World War II, a German inventor named Arthur Sherbius took this basic idea
|
||||
and solved a lot of the problems to create the enigma machine.
|
||||
This instead of just one disk had six different disks and something that would rotate the
|
||||
settings after each letter was encrypted.
|
||||
So it got really very, very complicated and in fact it was so complicated that the Germans
|
||||
were convinced that it was completely secure and completely unbreakable.
|
||||
Turns out they were wrong.
|
||||
In fact it was Polish cryptanalysts who figured out how to crack the encryption.
|
||||
And they did this because they had the best of all possible motivations.
|
||||
In the 1930s they were looking across the border and saying, all right, these guys are
|
||||
going to invade us.
|
||||
We need to get ready.
|
||||
There's something about necessity being the mother of invention.
|
||||
So the Polish cryptanalysts did in fact crack the enigma code and they did pass their
|
||||
results onto Britain and France.
|
||||
And Britain, once World War II had started, created a fairly mammoth operation at Bledchley
|
||||
Park that decrypted these messages all the way through the war.
|
||||
Now there was, you could certainly say there was some sloppiness in the German implementation.
|
||||
But even if they had gotten rid of the sloppiness, the messages still could have been decrypted
|
||||
though with somewhat more difficulty.
|
||||
Because essentially a mechanical system like the enigma machine has a built-in flaw.
|
||||
No mechanical system can be truly random.
|
||||
And if it isn't random, there will be a crack in the wall that a skillful cryptanalyst
|
||||
can exploit.
|
||||
The Poles and then the British realized that the key lay in mathematics.
|
||||
And so recruited a large number of mathematicians to work on the cryptanalysts, cryptanalysis
|
||||
of these messages.
|
||||
Now the enigma machine was the source of the main cipher used by the Nazis.
|
||||
But there was an even more secure encryption called the Lorenz cipher.
|
||||
And that was the one that was used by Hitler to communicate with his top generals.
|
||||
And that was even hairier.
|
||||
In order to decrypt those kinds of messages, the British created what was essentially the
|
||||
first modern computer.
|
||||
They beat Eniac by several years.
|
||||
If you take a look at a lot of your histories of computing, they'll say that Eniac was
|
||||
the first computer.
|
||||
No, it was Colossus.
|
||||
One of the things we discover here is that the British government had some very, very talented
|
||||
people who were never allowed to publicize what they did.
|
||||
And so a lot of the breakthroughs in both encrypting and decrypting were first invented by the
|
||||
British, but they don't get any credit for it.
|
||||
That's one of those interesting things.
|
||||
So with Colossus, you had the beginning of computerized decryption.
|
||||
And then it was only a short step to computerized encryption.
|
||||
And several people started looking at that.
|
||||
And this is when the NSA and the United States started trying to actively stop the research.
|
||||
A number of researchers just found themselves stymied at every opportunity.
|
||||
They couldn't get the funding, they started having legal problems, what have you.
|
||||
Right after the aftermath of World War II, the US was the dominant country in both computers
|
||||
and crypts analysis.
|
||||
Now this is, again, it's an important point.
|
||||
If the NSA could simply throw computing power at any encryption and break it, they would
|
||||
never have behaved the way they did and still do to this day.
|
||||
This is the very fact that they cannot do so that leads them to weaken the standards
|
||||
and oppose the research.
|
||||
By the 1950s, 1960s, rather, it was clear that computers could create encryption schemes
|
||||
that could not be broken so long as the users did not make a mistake.
|
||||
But the big problem was distributing the keys.
|
||||
That's the same problem if you recall that we had with the one-time pads, which is also
|
||||
a totally secure method, except for that one flaw.
|
||||
The key used to create the cipher is essential.
|
||||
And if I want to send you an encoded and enciphered message, I want to correct that coding.
|
||||
Codes and ciphers are two entirely different things.
|
||||
A code is not an attempt to hide anything.
|
||||
A cipher is, think about Morse code.
|
||||
You're not trying to hide the message, you're just using an encoding scheme.
|
||||
So if I want to send you an enciphered and encrypted message, you have to know what the
|
||||
key is before you can decrypt it.
|
||||
Well, if I send you the key through the mail or email or text message or whatever, anyone
|
||||
can intercept that.
|
||||
So the key is essential in getting it to the people who need these without anyone else
|
||||
getting it to say big problem.
|
||||
Now as it happens, Whitfield, Diffie and Martin Helman, working with a fellow named Ralph
|
||||
Merkel, created what a lot of people call Diffie Helman.
|
||||
That Helman himself has said it should be called Diffie Helman Merkel, because there were
|
||||
three of them working on it, a key exchange algorithm that showed it was possible to securely
|
||||
exchange keys even through a public medium.
|
||||
And Diffie later had the insight that the key could be asymmetric, meaning that the key
|
||||
used to encrypt the message could be different from the key used to decrypt the message.
|
||||
Now this would enable Alice to encrypt the message and send it to Bob using Bob's public
|
||||
encrypting key, and Bob could then decrypt it using his private decrypting key, which only
|
||||
he knows.
|
||||
I was a little sideline here.
|
||||
If you start taking a look at anything involving crypto and secure messages, it's always Alice
|
||||
and Bob.
|
||||
And occasionally someone named Eve who was trying to get in there and intercept the message
|
||||
and do dastardly things.
|
||||
So Whitfield Diffie had the idea that this was theoretically possible.
|
||||
But he couldn't quite figure out how to do it, and it was actually a team at MIT that
|
||||
found a mathematical function to do this.
|
||||
This team was Ronald Revest, Adi Shamyour, and Leonard Edelman.
|
||||
And by their initials, this became known as RSA encryption, and it is still basically
|
||||
the standard in use today.
|
||||
The way it works without going into extremely deep mathematics is by using a one-way function,
|
||||
which is a mathematical function that can operate on a number, but when you get the result,
|
||||
there is no way to go back and see what the initial number is.
|
||||
So using a public key with a one-way function, Alice can post this key on a public site, print
|
||||
the newspaper, put it on handbills, and tack it up all over town, or whatever the heck
|
||||
she wants to do, anyone can use it to encrypt a message to Alice.
|
||||
But the key will never decrypt the message, only her private key can decrypt.
|
||||
So these two keys are generated together as a key pair, and basically it's based on
|
||||
taking two very large prime numbers, a dash of randomness in some interesting mathematics.
|
||||
If you really want to dig into the mathematics of this, I've put a link in the show notes
|
||||
to the Wikipedia page for RSA algorithm, and that'll give you a starting point, and
|
||||
go dive down the rabbit hole.
|
||||
I don't plan to do that.
|
||||
Maybe Charles will.
|
||||
He's better at math than I am, I suspect.
|
||||
So the key to modern encryption is that it is an example of applied mathematics.
|
||||
Every message you write can be encoded using ASCII, again, see the distinction between a code
|
||||
and a cipher?
|
||||
ASCII is a code, so every message can be encoded using ASCII or some other encoding scheme
|
||||
into a series of binary digits, zeros and ones.
|
||||
So that means that any message is equivalent to a number, and any number can be operated
|
||||
on using mathematics.
|
||||
And using mathematics we can determine just how secure it is, and that is why we can
|
||||
have confidence that encryption can be made secure even from government decryption.
|
||||
They may threaten you with jail if you don't reveal the key in civilized countries, or
|
||||
threaten you and your family with torture in a totalitarian dictatorship.
|
||||
But they cannot break the encryption if you don't help them at some point.
|
||||
Again, the bottom line that everyone needs to understand is that if you use this properly,
|
||||
it cannot be decrypted using brute force in any reasonable time.
|
||||
Now when I say brute force, I mean just trying one thing after another.
|
||||
You can do that with computers, but even computers take a finite amount of time to do this stuff.
|
||||
So you can mathematically show that a encryption scheme using a key strong enough, you could
|
||||
set it up that every computer known in the entire world working together would take a
|
||||
billion years working day and night to craft the cipher.
|
||||
I'm going to suggest that's secure enough for our purposes.
|
||||
You know, frankly, if I can just keep the government from looking at my stuff for a hundred
|
||||
years, I mean by that point I'll be dead and I won't care.
|
||||
And the NSA knows this, that's why they've tried very hard to stop this technology getting
|
||||
out.
|
||||
One of the first people to take RSA encryption and put it in a form that people could practically
|
||||
use it was a guy named Phil Zimmerman, author of PGP, and they indicted him for exporting
|
||||
munitions because his code actually escaped from the U.S.
|
||||
As it turns out, he was never successfully prosecuted.
|
||||
And to this day, the NSA rarely tries to brute force any encrypted data because it's
|
||||
hopeless.
|
||||
What they try to do is get the keys, often by legal compulsion, or find a way to weaken
|
||||
the keys as they did with the elliptical curve cipher.
|
||||
So we now have a understanding of the basics and now we can move on in future episodes.
|
||||
We'll start applying some of what we know and maybe talk about some other security topics.
|
||||
But for now, this is Ahuka reminding everyone, please do not forget to support free software.
|
||||
Bye.
|
||||
You have been listening to Hacker Public Radio, where Hacker Public Radio does our.
|
||||
We are a community podcast network that releases shows every weekday and Monday through Friday.
|
||||
Today's show, like all our shows, was contributed by a HBR listener like yourself.
|
||||
If you ever consider recording a podcast, then visit our website to find out how easy
|
||||
it really is.
|
||||
Hacker Public Radio was founded by the digital dog pound and the infonomicum computer
|
||||
club.
|
||||
HBR is funded by the binary revolution at binref.com.
|
||||
All binref projects are proudly sponsored by Lina Pages.
|
||||
From shared hosting to custom private clouds, go to LinaPages.com for all your hosting needs.
|
||||
Unless otherwise stasis, today's show is released under a creative commons, attribution,
|
||||
share a life, free those own lives.
|
||||
Reference in New Issue
Block a user