If you’ve been following along, you know what a Caesar cipher is. The Vigenère cipher takes that and modifies it by being polyalphabetic, which means it uses multiple substitution alphabets. The main tool to use for encrypting and decrypting is known as the tabula recta and is depicted below.

The tabula recta consists of the alphabet written out 26 times in different rows. Each of these alphabets is then shifted by one letter compared to the previous alphabet. Sound familiar? They correspond to the 26 possible Caesar cipher alphabets. So how does the Vigenère cipher actually use this table? Let’s use our example from before where Caesar is trying to tell his generals this message.

YOU WILL ATTACK AT DAWN AND TAKE NO PRISONERS

Now let’s pick a key to use to encrypt and decrypt the message. Note that the key is an actual word and not just a number to shift by. Let’s use the following word as the key.

CAESAR

You use this key in the following way to encrypt the message. Repeat the key over and over for the length of the message and line it up to the letters like so.

YOU WILL ATTACK AT DAWN AND TAKE NO PRISONERS
CAE SARC AESARC AE SARC AES ARCA ES ARCAESARC

Then use the tabula recta to encrypt the message. Find the row with the plaintext letter and the column with the key letter, this results in the encrypted letter. For example find row “C” column “Y” their intersection is letter “A” thus the first letter in the encrypted message is “A.” In the image the Red segment represents step 1, the blue section indicates step 2, and the green letter is the result.

Follow the same principles for the rest of the message to get the encrypted message which is this.

AOY OICN AXLATM AX VANP ARV TRME RG PIKSSFEIU

Let compare that to the Caesar cipher encoded message.

CSY AMPP EXXEGO EX HEAR ERH XEOI RS TVMWSRIVW

Both look like a garbled mess to the normal onlooker, however trying to decrypt the message encrypted with the Vigenère cipher is exponentially more difficult to crack, both the message and the key.
Similar to encryption, decryption follows a similar method. Find the key letter row, then find the encrypted letter within that row. The column in which that resides is the decrypted letter. For example, go to row “C.” Then find the letter “A” within that row. Then look at the column that letter is in, which is “Y.” In the image above used for encryption, the red section represents step 1, the green letter is step 2, the blue line is step 3, which results in the blue letter. Following this principle, you can decrypt the message back to “ATTACK AT DAWN AND TAKE NO PRISONERS.” In my next post I will use the described principles, a part of the encrypted message, and plaintext (decrypted) message to derive the key programmatically.

Now that you know how encryption works, I will explain the most basic of ciphers, the Caesar Cipher. The Caesar cipher was used by Julius Caesar, thus the name, to communicate to his generals in a safer way than the message being in plain text. The cipher itself is a simple substitution or “shift” cipher. The cipher is executed by picking a number then simply shifting the message by that number of letters. This image demonstrates a shifting of 3 places.

For example, here is the alphabet, and here is the resulting alphabet with a shift of 3 letters.

Regular Alphabet  :   ABCDEFGHIJKLMNOPQRSTUVWXYZ
Encrypted Alphabet:   DEFGHIJKLMNOPQRSTUVWXYZABC

To expand upon this example here is a message Caesar might have said:

YOU WILL ATTACK AT DAWN AND TAKE NO PRISONERS

The message the general’s would have received would look like this if the shift value was 4:

BRX ZLOO DWWDFN DW GDZQ DQG WDNH QR SULVRQHUV

By using the modified alphabet above you can both encrypt and decrypt this message. While this is horribly insecure and easily decoded by today’s standards, it seems like it worked to some degree in Caesar’s time. This was probably because most people were illiterate and those that could read would dismiss it as an unreadable foreign language. As ancient as this cipher may seem, it was used as late as 1915 by the Russian army. They chose to do so because it would allow the troops to understand the messages more easily. Unfortunately for them, it was just as easily decoded by their enemies. Convenience often gets in the way of security but that will be covered at a later time. I hope this helped you understand the basics of the Caesar cipher. In my next post, I will talk about the Vigenère cipher, and how to crack it, which is a more complex version of the Caesar cipher.

Below is a presentation I did about 3 years ago on encryption. I talk about the difference between symmetric and asymmetric encryption, DMCA, cold boot attack, and much more. Below is the PowerPoint presentation and the corresponding video of the presentation. I apologize for the quality it was recorded with a web cam from a distance while presenting to the class.

I have been fascinated by computer security and vulnerability discovery ever since I was a kid. While what is described below isn’t really a “vulnerability” in the program, it certainly compromises one of the main aspects. At one point I was trying to figure out a way to bypass my parent’s internet restrictor, CyberSitter. It was not for the purposes you might be thinking of, CyberSitter had the ability to enable and disable the internet based on the time. Being a “gamer” since I was 4, I played an online RPG into the wee hours of the next morning. I discovered a few loopholes in this software to enable the internet. One of them was that if I managed to get connected, I wouldn’t get disconnected when the time threshold was passed. If I did end up getting disconnected and it was passed “the time” I wouldn’t be able to connect. That is, unless I changed the windows time to before the cut off. Using these two workarounds I was able to exploit the program to allow me to play at any time I wanted. Granted, the time automatically changes back after it realizes it has been changed, but thanks to the first mentioned workaround it didn’t matter unless disconnected. Now that I am a little more computer savvy, I can even go a step further and change the BIOs time to whatever I wanted, but that would be very noticeable.

Prior to trying this I tried to end the process “Cyb2k” which was obviously Cyber Sitter; however, the coders were smart enough to have it automatically restart itself if ended. I thought of editing the startup programs to not run Cyb2k on startup, but this can cause a problem in the aspect of not being noticeable to the people who put the system in place. If someone reboots or decides to check the logs or whatever, the process won’t be there and raise suspicion. Now, until recently I didn’t really know all of the capabilities of Cyber Sitter. This program is a major invasion of privacy in my opinion. It can do everything from blocking sites, to logging instant messages. Yes, it intercepts messaging protocols and logs every word into an encrypted file. This seems to go from the realm of safeguarding the user to straight up spying. How much invasion is acceptable? A question that has been debated and will continue to be debated for a very very long time.

After my old posts and database were accidentally deleted by my hosting company, I need to resurrect my website. I will be working on some new posts in the coming days.