Thursday, May 8, 2014

The journey from learning PGP to Operation Redshift

Start out with philosophy or with numbers, that was the question.

The answer, as is the case so often on this blog was "neither". Start with a teaser, a few comforting words, hence the title with the teasing Operation Redshift.

Being around computers for too long can seriously warp your view of the world. Fiddling with bits and bytes is something many of "us" enjoy but most people find boring or plain weird.

As the information industry makes its way out of the age that corresponds to the early days of cars - when you had to be a mechanic to get anywhere driving the thing - the information super highways have become popular and will soon get their toll booths.

It is funny how we attribute magic qualities to computers and software and, at the same time, find bugs so huge that the barn doors are too small for them to get out.

And then there is privacy. Where those who have it, tell us we don't need it.

If only the National Rifle Association would adopt privacy tools as digital arms and claim 2nd Amendment protection for them!

On second thought, no, not a good idea. If the police can suspect everybody to carry a gun, all you get is insecure lawmen. Sorry, but that rolled up newspaper could have hidden a gun.

So, it was kind of refreshing to stumble on a presentation at re:publica 2014 where safe computing was presented with arguments we have heard for safer sex in a world with AIDS.

Encryption as the condom of the digital world.

Which brings us to Operation Redshift and the analogous old time sheep gut condom.

For some odd reason, we vaguely remember reading about the substitution cipher a long time ago. Was it in school, was it in a techie magazine? It does not matter.

When we read that an American agency sent out a recruiting tweet using a substitution cipher teaser, we smiled, not smirked, smiled.

We had already emailed out highly encrypted cat pictures under the paradigm 'well, if you want to collect something, we can help', then switched to opening the ascii files and doing a few search and replace operations before sending. And double encrypted ones, too. 

Operation Redshift:
The question now became what can we do with a substitution cipher?

Use the hard work somebody smarter than us has already done. Apply it to the ascii output out of a regular PGP encryption run? It takes only a few lines of code to shift a PGP sequence like hQGMAyShudTVn7l2AQv9H7Dr6kUDFIEkZ to the left or right by a number of ASCII characters. And nobody is any the wiser.

Since we have no idea what we are doing, do not use this for anything other than cat pictures.

No comments:

Post a Comment