Profiles in cryptographic courage

Security problems sometimes seem depressingly intractable. The cure? Read about the fascinating people responsible for seminal breakthroughs

Profiles in cryptographic courage
Wikimedia (Creative Commons BY or BY-SA)

I recently finished reading "Hedy’s Folly" by the scholar Richard Rhodes. In it he discusses the “most beautiful woman in the world,” 1930s and ‘40s superstar Hedy Lamarr. With her composer friend George Antheil, she invented frequency hopping.

Frequency hopping (or spread spectrum) is a technology that underlies the communication transport and security of almost every wireless device we value today, including GPS, cellphones, Bluetooth, satellites, and home wireless networks.

I’ve been telling the story of amateur inventor Lamarr in my security and crypto classes as long as I’ve been teaching. It’s a great story of a nonscientist making a discovery that changes society forever. Stories of amateurs solving the world’s hardest problems abound in the computer security and crypto world.

Sometimes it’s hard to separate the myths (like the janitor who supposedly became a crypto supersleuth at the NSA) from the real stories, but there are plenty of “average” people who ended leaving a remarkable legacy.

The Rosetta Stone

One of my other favorite stories is about Jean-François Champollion, a French philosopher who ultimately solved the riddle of the Rosetta Stone and ultimately deciphered Egyptian hieroglyphics. The Rosetta Stone is a stone tablet written in 196 BCE that contained three different languages of (nearly) the same text: ancient Egyptian hieroglyphics, ancient Greek, and Demotic script.

The last two had been decoded, but no one could figure out the hieroglyphics. Champollion, competing against the popular Egyptian historian Thomas Young, was able to figure out that the hieroglyphs were a combination of an alphabet and single characters that represent a word or phrase (called a logograph).

Young repeatedly denigrated Champollion’s findings in public, even when presented with irrefutable proof otherwise. It was many years later, after Champollion’s death, that other Egyptian experts realized Champollion was right. I use this story to remind myself that even the popularly accepted experts can be wrong.

Even today I see popular computer security experts who give bad advice on topics they don’t know much about. They either feel they are experts or think their “gut feelings” are better than the evidence to the contrary. I guess it’s hard to say, “I don’t know,” when someone begs you for advice or when the press asks you to be an “expert.”

Public/private key crypto

Public/private cryptography underlies almost every digital encryption and signature technology used across the internet. In the 1970s, three men -- Whitfield Diffie, Martin Hellman, and Ralph Merkle -- together solved the centuries-old problem of how to securely transmit a private encryption key from one location to another, without both parties needing to know a secret at the outset.

Diffie presented his idea for public/private key crypto to a group at IBM during a “lunch and learn” brown bag presentation. Although a very smart MIT graduate, Diffie was not a trained cryptographer, so the IBMers discounted what he said and walked out. One of the people told him he sounded like another crazy guy called Martin Hellman (who had worked at IBM and taught at MIT).

In point of fact, British cryptographer, Clifford Cocks officially “discovered” public/private key encryption in 1973, but his creation was top secret and not announced publicly until 1997. Thus, Diffie, Hellman, and Merkle discovered it separately, and they're still given credit for the first public discovery and announcement.

Diffie sought out Hellman and, after a little persuading, decided to try and crack the public/private key problem, while adding Merkle to do the math validity checks. Diffie realized computers were not very efficient at calculating large prime numbers. Hence, the Diffie-Hellman public/private key cipher provides protection, because finding/factoring the original two large prime numbers used to create a third number is very difficult for even massive computers.

Heroes of Bletchley Park

A key figure in helping to decipher the World War II German Engima ciphers is Joan Clarke. Although Clarke had a double-first degree in math from Cambridge University and been selected to work at Bletchley Park, she was assigned clerical duties and paid less than male code breakers.

But her intelligence and attitude showed through, and she became a key code breaker and confidante of Alan Turing, who himself struggled after persecution for being gay. I like this story -- it shows how our irrational discrimination only slows down technological progress.

The mischievous raven

Edgar Allen Poe was a mischievous amateur cryptographer. Back at the turn of the 19th century, it was common for lovers and people having affairs to declare their love for each other -- and to schedule rendezvous in the newspaper using rudimentary cryptography (often simple character substitution).

Poe would often decipher the lovers' messages, then write a humorous or admonishing reply. Alternately, he would respond to one party or the other with a fake message using the same cipher. We should call this a “Poe in the middle” attack.

There are hundreds of fascinating stories where ordinary people did extraordinary things and changed the world -- or at least added levity. If you are interested in computer security or cryptography, I encourage you to buy and read a few crypto history books. They’re much more fun to read than you might think.

Who knows? Maybe a Kardashian will solve quantum crypto one day.

Copyright © 2016 IDG Communications, Inc.

How to choose a SIEM solution: 11 key features and considerations