lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
98177f3fd5d6c9b184dd33396ae6897969fab561
hpr-knowledge-base/hpr_transcripts/hpr0253.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

265 lines
16 KiB
Plaintext
Raw Blame History

Episode: 253
Title: HPR0253: Encryption
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0253/hpr0253.mp3
Transcribed: 2025-10-07 14:52:34
---
What is this?
Welcome to Hacker Public Radio everyone, my name is Soak, today I'm going to be talking
a little bit about encryption.
Now there are many different types of encryption, such as symmetric, which is the same
key being used to encrypt, as well as decrypt, for example, XOR, A symmetric, which is one
that uses a different key to encrypt and decrypt, for example, PGP with the email public
private keys, and a few others, such as ones that can't be decrypt as such as one way encryption
or hash functions, ZOR, now that's not my brother, hi I'm Soak and this is my brother
ZOR.
ZOR actually stands for exclusive or XOR, it's a logical function, you have NAND, NOT or XOR.
The XOR takes two inputs and gets one output based on those inputs, think of it like a light
bulb with two switches, you turn one or the other one on and the light bulb comes on, but
if you turn both the switches the light goes out.
Logically, NOT plus NOT equals NOT, NOT plus one equals one, one plus NOT equals one, and
one plus one equals NOT.
If you don't know what that means don't worry about it, but logically that's how different
inputs, different outputs.
So if you text and text, turn it into ones and zeros, which it is on computer anyway,
because everything's binary, and XOR it's against a key, which is also ones and zeros,
then you have your encrypted text.
If you XOR, the encrypted text against the key again, the original message comes back
out.
This makes it really easy to encrypt and decrypt, and it's probably one of the simplest
of all symmetric encryption routines.
So if the key was 101 and the message was 111, then 101 XOR with 111 makes an encrypted
message of 010, 101 XOR 1010 gives us 111, the original message back, symmetric, the
same key, encrypts, and decrypts.
Now this can be used in one time paths, now these are really cool because if you keep
the paths secure, if the pad is longer than the message, so the length of the ones and
zeros in the pad is say 120 numbers, and you're encrypting 119, 110 or 47.
If the pad is longer than the message, if the pad is truly random, and if the pad truly
is used only once, it is unbreakable.
Now I don't use that term locally, I'm encryption, few things are actually unbreakable, simply
good enough.
PGP for example, is breakable.
It will take thousands of years to crack it though, so it's good enough, but the time
they crack it, it's so out of date no one cares.
One time paths however are, if you follow the rules, unbreakable.
I understand during the Cold War, Russia actually reused some of the one time paths they
used during the Second World War, and America and all Britain, we kept all the old messages,
and we just tried to move most to crack, I feel them, but that's another story.
They did not follow the rules, so all bets are off.
So let's say I want to break a message.
The first bit is encrypted to a zero, now we need to know if that was a one or a zero
unencrypted.
Now if the pad was a one, the naught plus one is one, if the pad was a zero, the naught plus
naught is zero, we have both possibilities, and there's nowhere of knowing which is right,
because if we continue through every single bit, we get all possible combinations coming
out.
Yes, one of them will be the actual message, but because every single possible combination
is coming out, you're going to get, you know, the works of Shakespeare, you're going
to get all that kind of stuff, infinite monkeys and all that.
So whilst I suppose technically it is broken, because we don't know which one the actual
message is, it is actually broken.
So that's brilliant, XOR is brilliant if you're doing one times pads, but for storing
password it is fairly weak.
If you don't want to obvious what the passwords are, but you're not too bothered about if someone
does break it in, you're just trying to stop people casually glancing, then use XOR,
personally I wouldn't touch it if anything, but one time encryption, but for one time encryption,
it's fantastic.
So that's all I'm going to go on about symmetric encryption, at least for this episode.
I may do more if people want, but I will have to go and read up on it.
So that's all for now, asymmetric.
This is PGP.
Now I'm not going to explain exactly how this is done, because the entire world and their
dogs done it and they've gone through the exact way and the ciphers and how this works
and how that works and all this stuff.
I'm just going to give you a quick analogy and go through it.
Imagine PGP, you have a private and a public key.
Now imagine the private key as the old wax seals, the kings used to use these to use their
signet rings and they have their seal on it, very intricate, no one has to copy it kind
of thing, and you write a note and then you drip wax on it and then you imprint your ring
onto it and you make a seal and no one can copy that.
Imagine that's your private key and the public key is being your house with a less box
on the door.
So I know one can post mail through it, but only you can get it.
So only you have the ring to be able to make the seal.
So if you send a message with the seal on, only you can send it.
Now anyone can read it, but only you could have sent it.
If someone wants to send you a message, they go to your house and pop it in the mailbox.
Now anyone could have actually sent that message.
You don't know who sent it, but only you can read it.
And that's a public and private key with PGP.
If you use two of them together, so if you're only your friends both have public and private
keys, both are using PGP, they sign the note with their seal, send it to your house.
Now only you can read it because it's at your house and only they could have sent it
because of the seal.
To reply, you put your seal on the note to send it to their house and again only you
could have sent it and only they can see it.
This is really cool.
I mean, in theory, it is breakable, but in practice, it's going to take thousands of years
assuming you don't pick password as the password, you pick a very good long password.
So for all intents and purposes, it is good enough.
And also, in case it does get to the stage where people can look at the seal and break it,
the computer power gets big enough if they can break things, you just make it more complicated,
you just make the key longer.
So I think they started off with like 2.56 bit keys and they're dead easy to break now.
So they went to 5.12.24.2048.
In fact, my PGP keys I did, I think, 4.996 just because I could.
That would literally take hundreds of thousands years to break.
So this is going to be good because you can just make the keys longer and longer and that's
it.
So this is going to be good for a long time.
Now one way encryption, this is what one of my lectures called it, nowadays it seems
to come under hash function or cryptographic hash, depending what you look at.
But I'm going to call it one way encryption because this is what it is, you encrypt it,
but it only works one way.
You can encrypt it, but you can't decrypt it.
You can never find out what the original one actually was.
This is using the modulus function.
Now when you're a kid, you're learning how to divide.
You ended up with a remainder, but it wouldn't work out right?
Modulus is simply the remainder.
So 9 divided by 4 is 2, remainder 1.
9 mod 4 is 1.
Now if you try and decrypt that, if we know 1 was encrypted and we knew it was modulus
4, well is it 1 or is it 5 on 9 or 13 or 17 or 21 or 25 or any other modulo 4 plus 1?
It could be anything.
We don't know.
401 could have been.
We have no idea what it was originally, so there is no way to actually decrypt it.
So I'm going to show you a very simple one way encryption.
This is what one of my lectures told me about, at least what I remember him telling me
about.
I did look around on the internet, but there were no real good examples.
They either explain nothing.
One way encryption is one way only you can encrypt, but not decrypt, or they use the level and
maths.
So if you press the Stephen Hawking, we would have to double check his workings because
it was that difficult.
Since I'm trying to explain this to you without having notes in front of you, although
I'm going to try and do show notes to help, I'm going to try and simplify this.
And for reference, MD5 is explained in Wikipedia, firstly.
MD5 presses is a variable length message into a fixed length output of 128 bits.
The input message is broken up into chunks of 512 bit blocks, 1632 bit little Indian integers,
the message is padded so that it's length is divisible by 512.
The padding works as follows.
First a single bit, one is appended to the end of the message.
This is followed by as many zeros as required to bring the length of the message up to 64
bits fewer than a multiple of 512.
The remaining bits are filled up with a 64 bit integer representing the length of the original
message in bits.
The main MD5 algorithm operates on a 128 bit state, divided into 4th to its words to
the noted A, B, C, and D, T. These initialize to certain fixed constants.
The main algorithm then operates on each 512 bit message block in turn, each block modifies
the state.
The processing of a message block consists of four similar stages, termed rounds.
Each round is composed of 16 similar operations based on a non-linear function F, modular
addition and left rotation.
Figure one illustrates one operation within a round.
There are four possible functions F, a different one is used each round.
F, F, brackets, x, y, z, closed brackets equals x and y or not x and z.
G, F, brackets, x, y, z, closed brackets equals x and z or y and not z.
Each, F, brackets, x, y, z, closed brackets equals x, x or y, x or z.
I, open brackets, x, y, z, closed brackets equals y, x or x or not z.
That's just so clear, isn't it?
You can read it and you're kind of, okay, so it sort of does that and zeros and the
length, but it's really confusing, so I'm going to do a really, really, really simple
one.
Now, this wouldn't actually work as a hash function because it doesn't change as much
as a hash function should, but this is one way of storing password.
It's a fairly good word store in passwords.
I believe Unix used to do this back in the 80s and may still do.
Anyway, so this is hopefully a really simple, easy-ton-stand function.
We're going to use three prime numbers now, the bigger the better.
The bigger the prime number, it makes it harder for computers to calculate.
Computers can't divide.
They subtract multiple times.
Now, there's a few shortcuts you can do, but generally they just subtract.
Think long division.
You don't actually divide.
You multiply back to figure out.
The longer the prime numbers are better and with computers being the way they are, you
probably want ones with hundreds of digits and kind of big prime numbers.
For this example though, I'm going to use two, three and five for the first three prime
numbers because we don't count one because it's weird.
This will make the numbers really, really much smaller so you can actually figure them out
in your head.
Now you can choose any three primes, although the first two were multiplied must be more
than the third.
My lecturer said this, and I forget exactly why he said it, but I believe it's because
it makes it possible to decrypt without having to brute force it because it doesn't necessarily
run the modulus.
So by making sure the two multiply up, you force it to use the modulus and force it to make
it one way.
So we take three prime numbers.
I will call them A, B and C for two, three and five, so A is two, B is three, C is five.
A times B, two times three is six, which is more than C, five, so we're good.
So let's encrypt something.
Now let's take one, two, three is our password to say, so we want to encrypt that.
We take the first number in the password one, add it to prime A, two.
That gives us three.
We multiply that by prime B, also three, to get nine, and then modulus by the prime
C, five, to get four.
This is the first part of our encrypted password, so one plus two is three, three times three
is nine, nine, five is four.
Now we can do this for each key, but if we did this separately, then it would mean that
we could have a list of one becomes four, two becomes three, or whatever the answer is,
and each one will work separately.
So what we want to do is we want to hide this a bit more by adding that number in as we
go through to throw off each one.
So we take the first part of our encrypted password, four, and add that into the second
number of the unencrypted password, two, to give six.
And then again, we add prime A to give eight, multiply by prime B to give 24, and modulus
by prime C to get four, that is the second part of the encrypted password.
Part two encrypted plus part three unencrypted plus prime C is four plus three plus two is nine,
multiply nine by prime B gives 27, modulus is this by prime C gives two, so our fully encrypted
password is four, four, two, so one, two, three becomes four, four, two.
Now this would be the same on any system.
So what we can do is add what's known as salt, which is similar to cooking, you have a
basic recipe, but depending on how much salt you add, it changes the flavor.
We add in what's known as salt, or a random number in, or random to this system number,
something that's unique for that system.
We just need to add some salt in, and we just basically need something from a big choice
of numbers.
So you can pretty much, you could even just randomly pick a number from one to a million,
and add that in.
It really doesn't matter, we just need something in there just to throw it off, so they can't
do rainbow tables to break it.
Which is by the way, what Microsoft should have done with Windows XP, but they screwed up.
But that's another story.
So if we wanted to add the salt in, we could do that at the same time as bringing in the
previously encrypted number, add that in with Prime A to get a bit of randomness in
there.
I'm not going to explain that, I think this is complicated enough, but that should make
a pretty good password system, I believe.
Don't quote me on this.
This is my own standing, I have some knowledge, I'm not really, really knowledgeable, so if
someone wants to come down and tell me why this is wrong, please do, I'd love that discussion
because encryption is a bit of a hobby of mine.
I've never done this before, it's a job or anything, so it's just what I've read out on
the internet.
If you're going to use this as a real system, you actually want to use really, really,
really big prime numbers.
I just picked some more ones to make the maths easier.
Of course, there is an interesting quote with storing passwords this way, is that sometimes
other passwords can actually match.
For example, if I was encrypting 628, I would do this quickly, but 6 plus 2 is 8, 8 times
3 is 24, 24 mod 5 is 4, 4 plus 2 plus 2 equals 8 times 3 is 24, mod 5 is 4, 4 plus 2
plus 8 equals 14 times 3 is 42, mod 5 is 2, so 628 and 1, 2, 3 both encrypt into 442.
I believe, actually, if you force the third prime C to be higher than any possible input,
which should be fine if you're using big prime numbers, then this actually reduces this risk
if not removes it.
I know quite sure I haven't sat and figured the maths out of this, but because I used small
prime numbers, I was encrypting 628 and 6 and 8 are of course bigger than the third prime
number.
I think this is why it screws up.
So that is a very simple overview of form and encryption, and encryption in general.
I'm going to stop it there.
I'm going to have to write a bunch of shaneites for this and try and explain this whole
thing as well, but that's about it.
Thank you for listening.
If you've got any questions, you can email me at zooksauro at gmail.com, that's xray
osca kilo echo Sierra osca Romeo uniform at gmail.com, or you can visit me at zook.org, xray
osca kilo echo dot osca Romeo golf.
Thank you for your time, and you've been listening to Hacker Public Radio.
Thank you for listening to Hacker Public Radio, HPR is sponsored by Carol.net, so head
Reference in New Issue View Git Blame Copy Permalink