Monday, April 09, 2007

Writing An "Unbreakable" Code

In Dan Brown's Digital Fortress (see my review), the plot centered on the fact of the NSA having a secret massive super-computer that could try every possible combination of even very large digital keys in a matter of minutes, and thus crack any code. While it's mathematically true that any clear-text message encoded using public key encryption could eventually be cracked given enough time, that presupposes that you started with a clear-text message. In the universe of Digital Fortress, the super-computer (called "Translator") tries every possible key until it finds one that results in clear-text. Presumably it recognizes clear text by doing a dictionary check and looking for recognizable words (which, being a massive super-computer, it could also do very quickly). But what if the originally encrypted content wasn't "clear"? Suppose I had a message I didn't want anyone, including the NSA, to see. I could simply write the message in Double-Dutch, then use standard 128-bit public key encryption, and even the mighty Translator wouldn’t be able to crack it, because it wouldn't recognize when it had succeeded. Even when Translator tried the right key, it would read:
thibisibismibysibecribetmibessibage
which would just look like gibberish, so it would zoom right past it and keep on trying other keys. Brown is aware of this problem, but seems under the misconception that it's very difficult to do.

Technically, Double-Dutch would be a poor choice. The huge preponderance of I's and B's would call attention to themselves and quickly get recognized as noise (even if the cryptographer hadn't learned Double-Dutch in grade school). But you could do something only slightly more complicated, like this:
thinisthismebysegecrinetmniessngage
I took the Double-Dutch algorithm of adding two fill characters before each vowel, but instead of always using "ib", I used letters drawn from another text (e.g., the Bible). Try reading it this way:
thINisTHismEBysEGecrINetmNIessNGage
This is grade-school simple, and yet it's actually very sophisticated in that it doesn't follow any inherent cycle. The fill characters don't repeat, and their insertion points vary with the original text rather than following any set pattern. This would probably be quite enough to bring Translator to its knees. For good measure, you could compress your input using a program like "zip" before encrypting it.

Alternatively, who says that my "clear text" is even text? I could handwrite my message, scan it to a JPEG image, and then encrypt that. Or I could speak my message and capture the audio in a WAV file, zip it, and then encrypt it. Good luck to Translator trying to figure that out. It doesn't take a supercomputer to generate something that a supercomputer would be unable to solve. It just takes a little creativity.

Sunday, April 08, 2007

BOOKS: Digital Fortress

Thanks to my new iPod nano and audible.com, my commute was sped along this past week by listening to Dan Brown's Digital Fortress in audiobook format. Digital Fortress, published in 1998, was Brown's first novel, and initially didn't make much of a splash. His earlier novels have enjoyed a renaissance since his fourth novel, The Da Vinci Code, put him on the map big time. I had thoroughly enjoyed Angels and Demons (his second novel) as much as The Da Vinci Code, and looked forward to Digital Fortress. Though I don't think his first novel equals the other two, the man knows how to twist a plot, and I often found myself lingering in my car even after I'd arrived at my destination, just to hear a bit more. This book is more "techie" than the other two, and while there was a European travel element, it lacked the rich (pseudo)historical detail that gave the other two added dimension. (He did still leave me wishing to see Sevilla, but then I'm a very easy sell on European travel. He didn't create the same intensity of desire as DVC left to see Paris, London, and Edinburgh, or as A&D left to see Rome.) In retrospect, it's easy to see this book as a warm-up to his later works, an early working out of characters, motives, and plot twisting.

The one real distraction for me, as a software engineer, was the inaccuracies, not only in many minor details, but in two major plot premises that sorely tested my willing suspension of disbelief. While Dan Brown is clearly fascinated with cryptography, he also has a lot to learn, and clearly didn't do his homework on this one. (Tom Clancy sets a high bar when it comes to accurate detail.) The premise of the book (and I'm not giving much away, as this comes out very early on), that the NSA has a secret massively multiprocessor computer that can break any code by trying all the possible keys, is quite farfetched. The massive super-computer isn't totally unimaginable, but the notion that it would be so hard to write an "unbreakable code" is loopy. And another key point (again not giving much away), that the NSA's most top secret computers are connected to the Internet, such that their top cryptographers can send and receive Internet email from the most top secret computer, well that's just flat-out ridiculous. Frankly, it's easier for me to believe that Christ might have had a wife and children than it is to believe that the NSA's top secret computers are Internet-accessible.

Despite these large flaws, and the fact that I was often several steps ahead of the characters (NSA's top cryptographers miss an obvious anagram?), I never had it all figured out, and Brown still had interesting surprises in store. From the very first, he knew how to write a rollicking roller-coaster of a tale.

Thursday, April 05, 2007

Windows Vista Pain and Agony

I'm no fan of Macs (twice the money for half the performance, and if their interfaces are intuitive, then I've got a defective intuition), but recent experiences with Microsoft do lend some credence to their appeal. (And their amusing ads sure do hit home.) I recently bought my husband a new PC, because apparently 256Mb of RAM was no longer sufficient for someone who basically just uses AOL and IE. These days, what with Vista and all the bloatware that Windows drags along and the pervasive-ware of Windows apps (is there no such thing as a simple app anymore? must every little thing install itself into my system tray, plug itself in to my explorer toolbar, and start as soon as my system boots?), it seems a hi-speed Pentium-4 processor with 1Gb of RAM is a minimal configuration for your most basic home user. I was curious to see what Vista was like. As I expected, it's got a few cool new gadgets, but it's impossible to find anything because they've rearranged all the menus, control panels, and even the way the explorer looks and works. There's nothing compellingly better about it, it's just different for the sake of being different. (Fortunately, there's a "classic view" option on the Control Panel, at least.)

I did get it set up without too much pain, and aside from the fact that Vista is still bleeding new, and Vista device drivers aren't available for everything yet, it's been running well enough for the first month. Until today. This morning my husband calls me in a panic, saying he can't log in because it's giving him a message saying "Invalid product key - Windows activation required". Vista has a thorough security feature that helps Microsoft stop pirated copies of Windows. They spin it as a protection for the user ("you'll know you've got an authentic copy of Windows"), but of course it's really all about protecting Microsoft. For the user, all it is is something else to go wrong, and when it does, it's a royal pain in the butt to sort out. OEMs like HP/Compaq pre-install Windows and pre-activate it (which entails entering absurdly long strings of digits), sparing their customers a tedious out-of-the-box experience. Unfortunately, Vista has a bug where installing certain software or turning the machine off at the wrong time or various other innocent actions can cause Vista to lose its factory-installed product key, and to think that it's a pirated copy, locking down your computer. Microsoft recognizes this bug and offers a patch for it on their support site. Which would be nifty, except that Microsoft doesn't allow your computer to download anything from its support site unless you're running a "genuine" copy of Windows. So in other words, the only computers that will be able to download the patch are the ones that don't have the bug. How brilliant is that? We tried an option to manually re-enter the product key (a 25-character code found on a sticker near the back of the computer), which failed. So we tried an alternate option to get a "confirmation code" by speaking a 54-digit(!) code into a voice response system. That too failed, and we ended up speaking to a live Microsoft technician. After two more failed attempts, and several reboots, he was able to give us a correct 54-digit code that enabled the computer. (You think a 16-digit credit card number is easy to mix up over the phone, try a 54-digit number!) If we ever have to go through this ordeal again, I will scream.