Free Surveillance or Security?: The Risks Posed by New Wiretapping Technologies by Susan Landau Page B

reflected on those
decisions made in the mid-1980s. "And we would have said, 'That's
not within scope; we're building a research network for a research
community .....
    3.3 Cryptography to the Rescue?
    For a long time people believed that once strong cryptography was available, the solution to Internet security would be at hand. While this is not
true-security is much more than simply encryption-it is the case that
cryptography is a basic tool for many Internet security problems. I will
take a brief detour to describe aspects of cryptography that play a role in Internet security; for learning the material in appropriate depth, the interested reader is urged to consult one of the large number of books on the
subject.

    Cryptography, encoding messages so that only the intended recipient
can understand them, is nearly as old as written communication. A Mesopotamian scribe hid a formula for pottery glaze within cuneiform symbols,
while a Greek at the Persian court used steganography, or hiding a message
within another, to send a communication. The fourth century BCE Indian
political classic, the Arthasastra, urged cryptanalysis as a means of obtaining
intelligence. The Caesar cipher, used by Julius Caesar to communicate with
his generals, shifts each letter of the alphabet some number of letters "to
the right." Thus a Caesar shift of 3 would be: a - D, b - E, ... , y - B, z -> C.
    Cryptography holds within itself an inherent contradiction: the system
must be made available to its users, yet widespread sharing of the system
increases the risk that the system will be compromised. The solution is to
minimize the secret part of the cryptosystem. A nineteenth-century cryptographer, Auguste Kerckhoffs, codified a basic tenet of cryptography: the
cryptosystem's security should rely upon the secrecy of the key-and not
upon the secrecy of the system's encryption algorithm.
    The difficulty of breaking a secure system should roughly be the time
it takes for an exhaustive search of the keys. The Caesar cipher, with its
simple structure and simple key-if one can call the "3" of "shift three
letters to the right" the key-is easy to break. More sophisticated ciphers,
including transposition ciphers and more sophisticated substitution
ciphers, were developed in the fifteenth century. By the nineteenth century,
cryptography had become part of popular lore, turning up in such literature as "The Adventure of the Dancing Men" by Arthur Conan Doyle and
"The Gold Bug" by Edgar Allen Poe. Despite its long history, cryptography
was more a curiosity than a valuable tool. Radio and its transformation of
warfare made cryptography important.
    Radio's ability to essentially instantaneously traverse great distances
gave military commanders tremendous flexibility. Generals and admirals
no longer had to be in the thick of battle to learn what was occurring; they
could be updated almost instantly from anywhere reachable by radio from
the field. The advantage of radio communications was that one could
transmit anywhere, but the disadvantage was large: anyone could listen
in." For radio to be beneficial to the military, all field communications
had to be encrypted.
    Ciphering was slow and backlogs of material were common;" the
solution was mechanization. In the period after World War I, there were a number of inventions related to cryptographic encipherment. Gilbert
Vernam, an AT&T engineer, designed a system in which the key was
marked on a tape and fed into an enciphering mechanism, which automatically combined the key with the message.19 The original system developed by Vernam had one flaw: too short a key. The system was vulnerable
to frequency analysis, which relies on the fact that within each language
there is a well-known distribution of letters.20

    An Army major, Signals Corps member Joseph Mauborgne, modified
Vernam's system to produce a very long key. Encrypting with this key,
once and only once-it is known as a