So the art and science of creating codes is called cryptography. We're going to have a lot of fun learning basic cryptography in this course. You're going to come out with an understanding of how it all works. But the corresponding art and science of breaking codes is called cryptanalysis. So if you're making codes you're doing cryptography. If you're breaking codes, you're doing cryptanalysis. And it's a good case study as we learn more about cyber attacks and think about them in the context of different taxonomies. Now it turns out there is three strategies that we can follow for cryptanalysis, we'll take them in order. The first is called Ciphertext Only. That's where you the attacker are looking at a stream of encrypted data and you have absolutely no hints as to what is in there. You just see the encryption and you have to come up with some means for breaking the encryption. And in a previous video we said one possibility is you do brute force attacks. You try and decrypt using every key you can think of. Another is to look at the in enciphermen. We call that ciphertext, encrypted text. See if there's something in there that you can figure out to somehow do the reverse of the encryption which we called decryption or cryptanalytic processes. So that's the hardest, ciphertext only is the hardest case of cypher, of cryptanalysis. No hints. Now, there's a second possibility. And that's where you do have a few hints. Can imagine having a piece of paper that has some English text on it. And having next to it the encrypted version of that. And you get hints. You look and you go, so that encrypts to that, I get it. And in computing we think of that more as a challenge response between Alice and Bob. So a lot of times, encryption is implemented as a function. So that one entity, Alice lobbing over a challenge to Bob, and getting back a response, is like sending plain text, and getting the encrypted cipher text back, you follow? If Eve is watching this she sees the plaintext, she sees the ciphertext [SOUND]. It's a hint. It may not give you the whole function, certainly not. But it's a hint, it's not nothing. And we call that case Known Plaintext. So ciphertext only, no hints. Known plaintext, hints. Follow? Now there is a third case. And that's where actually have the encryption function, [LAUGH]. I go break into your building, and [SOUND] I take your encryptor and boom. I drop it down. Now obviously encryptors are not big pieces of equipment, but you get the idea. If I have the encryption algorithm, then I create something known as a code book. That's where I can literally feed input to the encryption function, look at the output, the corresponding encrypted function, the ciphertext, a write it down. And then I feed another input, encrypt it, write that down. And I do that successively, over and over and over and over again, and build up a code book. Now you would think my gosh, if I can build a codebook, I have you. I'd just sit there and build the codebook and I'm done. How do we deal with something like that and what did we say earlier was the type of attack that involves doing things over and over again? Brute force, and how do we deal with brute force? Size, right? The complexity of the algorithm is irrelevant if I'm building a codebook. I don't care how clever your scrambling and transposition and other types of mathematical functions are, if I can just feed things in and read what comes out. But the one thing I can’t deal with is if you’ve made the domain so enormously large that it would take from now until the end of the universe to build the code book. Let me say that again. If I can build a domain size big enough that for you to build a codebook would take from now until the end of the universe, how motivated are you, you even begin? It makes no sense. Size is the way we deal with brute force attack. So, lets keep this three things in mind. We have Ciphertext Only, Known Plaintext and Chosen Plaintext, that third case what we're building Codebook. Obviously Codebook is the easiest of the three. But if I make the domain size big enough, then you're going to have trouble. It's a good case study and thinking through another taxonomy, yet another taxonomy around cyber security. We'll be back in a little bit with another session.
