Cryptography: A Brief History

The need to convey information in a secure manner has existed for thousands of years. For as long as people have needed to communicate, other people have wanted to undermine any efforts to secure that information. You might think that you don’t have information important enough for anyone to want to steal, but that is where you are mistaken.

Apathy regarding information security is a problem for all of us. It permeates everyday life at home, at the workplace, and in every aspect of human interaction. Irresponsible ownership of data (no matter to whom that data belongs) is the cause of many leaked emails, data, and other damaging information. The rise of WikiLeaks and the Edward Snowden incident go to show that information is indeed power.

Whatever side of the fence you are on with regards to the Snowden leaks, a few things should be evident.

• Governments will and do actively surveil the public. This includes emails, phone calls, and Internet data.
• Government intelligence agencies do cooperate to share information with each other (British intelligence shared intercepted global emails, Facebook posts, calls, and Internet history with the NSA).
• The agencies responsible for collecting data have vast budgets and almost limitless resources.

If you think that you are very careful with your own data, unfortunately the same cannot be said of organizations that store your data and personal information. In 2016 alone, the list of notable institutions hacked is indeed very alarming. Here are a few of the more notable breaches:

• Feb. 8, 2016—University of Central Florida data hack.
• Feb. 9, 2016—U.S. Dept. of Justice data hack.
• March 3, 2016—700 Snapchat employees phished.
• March 10, 2016—Premier Healthcare data breach after a password-protected (but nonencrypted) laptop was stolen and data of 200,000 patients (including financial info) stolen.
• May 11, 2016—Wendy’s data breach that leaked customer card data.
• May 17, 2016—LinkedIn data breach in 2012 resulted with the information (117 user email and password combinations) posted online.
• Aug. 12, 2016—Oracle’s MICROS POS system data breach.
• Sept. 2, 2016—Dropbox revealed that 68 million usernames and passwords were breached in 2012 (considerably more than initially reported in 2012).
• Sept. 22, 2016—Yahoo announced that account information from 500 million users was stolen in 2014, making it the largest data breach in history at the time.
• Nov. 3, 2016—Cisco’s Professional Careers website leaked the personal information of job seekers because of a faulty security setting.
• Nov. 13, 2016—AdultFriendFinder.com was hacked and had more than 400 million members’ account information leaked online.
• Dec. 14, 2016—Yahoo announced that another data breach in 2013 compromised the personal information of one billion Yahoo accounts, making it the biggest data breach in history.

With the price of information at a premium and with a legion of black hats chomping at the bit to get their hands on that information, where does the buck stop? It stops with you, the software developer. The very fact that you are reading a document that discusses cryptography is a very positive indication that the security of user information is important to you.

Securing a user’s personal information is not the job of someone else. It is your job. If you, as a developer, can decrypt the information stored in the database of the system you are working on, then so can anyone else. If a password is all there is standing between user data and unauthorized access, then the system has a serious vulnerability.

Here is a shortened (incomplete) history of cryptography. For the full list, refer to https://en.wikipedia.org/wiki/Timeline_of_cryptography.

BCE

• 36th century—Cuneiform, or wedge-shaped writing, is invented by the Sumerians.
• 600-500—Atbash substitution cipher used by Hebrew writers to encode words. Some found in the Bible, such as Sheshach, which means Babylon.
• 400—Herodotus uses steganography to send a message to Aristagoras.
• 100—Roman shift cipher known as Caesar’s cipher is used. Named after Julius Caesar, who used it.

CE

• 801-873—Techniques for breaking monoalphabetic substitution ciphers are developed by mathematician Al-Kindi.
• 1355-1418—Ahmad al-Qalqashandi writes the Subh al-a 'sha, which included a section on cryptology.
• 1450-1520—The Voynich manuscript (named after Wilfrid Voynich, who purchased it in 1912) is a mysterious and as yet undeciphered document written in an unknown writing system.
• 1795—Thomas Jefferson invents the Jefferson disk cipher.
• 1854—Playfair cipher invented by Charles Wheatstone.
• 1919—Edward Hebern invents the first rotor machine.
• 1943—The cipher-breaking machine Heath Robinson is completed at Bletchley Park.
• 1974—The Feistel network block cipher design is developed by Horst Feistel.
• 1976—DES is approved as a standard and, in January 1977, is published as a FIPS standard for the US.
• 1977—The public-key cryptosystem RSA is invented.
• 1992—MD5 is first published.
• 1995—SHA-1 hash algorithm is published by the NSA.
• 1997—OpenPGP specification is released and a message encrypted with DES is cracked for the first time.
• 2001—Rijndael algorithm is selected as the U.S. Advanced Encryption Standard.
• 2004—MD5 is shown to be vulnerable to collision attacks.
• 2013—Speck and Simon, which are a family of lightweight block ciphers, is publicly released by the NSA.
• 2014—The website TrueCrypt.org is suddenly and mysteriously taken down by its developers without explanation. Later audit by Steve Gibson found the departure of TrueCrypt to be well planned and concluded that the application is still safe to use.
• 2017—Google successfully performs a collision attack against SHA-1.