 So a key part of providing security mechanisms is to use encryption or in general cryptography cryptographic techniques. So we want to talk about what is encryption especially and what other techniques are used to implement our different security services. I think you've all heard of encryption, you've probably some of you may have deliberately used it, maybe encrypted a file and you indirectly use it or you use it on a regular basis when you use a number of network protocols. HTTPS for example accessing a secure web server encrypts your data before it's sent. So in this course we'll not look at the details of how encryption algorithms work but instead just say well what do we mean by encryption? List some of the different algorithms available and present some of the trade-offs and types of attacks. Encryption is used for different security techniques. The key one or I would avoid saying key, the important one is confidentiality. So let's start with that. How do we keep data secret? Encrypt that data. So our aim is to take our confidential information, our message and make sure that unauthorized individuals cannot read that message. That's what data confidentiality is. The way that we do that is we take that confidential information, encrypt it and we'll use an algorithm, an encryption algorithm such that anyone can see the encrypted data. We don't care who sees the encrypted data but the algorithm should be so that only authorized people can decrypt to find the original data and the authorized people will be identified with the use of keys, secret keys for example. Encryption is used for data confidentiality of information being sent across a network. We say sometimes in transit the data is sent across a network but also for data at rest, data stored on a disk for example. So the same concepts are used. I want to encrypt a file that's saved on my hard disk, I encrypt it, I save the encrypted file on my hard disk. Anyone who accesses my hard disk cannot get the original file unless they have the key. Similar, I want to send a data across a network, I encrypt it before I send it. Anyone who intercepts that message like we did with Wi-Fi can see the encrypted message but cannot decrypt it unless they have the key. The same approach is used whether it's saved on a disk or sent across a network. Most of the examples we'll use will be sending across a network. So a simple model is that we think there are two users, the two normal users, A and B. A wants to send a message to B. And A and B want this message to be confidential. That means that when A sends a message to B we don't want anyone else in the world to be able to read that message except B. Of course A can read the message, they create it. And for anyone else in the world we'll represent as just one other user, an attacker, user C in this case. What we'll assume, so user A, their computing device, generates the message and will send something to user B, we will assume that some other user, user C in this case who's performing an attack, can intercept anything sent between A and B. Somehow they can intercept. Somehow they may be that they do the attack on Wi-Fi link. Or somehow maybe they simply go to the computer and get a copy of a file. Or they tap into a wired link or get access to an intermediate device like a router. But the assumption is somehow the attacker can intercept anything sent between A and B. Therefore we can't send the original message between A and B because it will not be confidential. So what we do is we encrypt the message before we send it. User A has the original message that they want to send to B. We refer to that message as plain text. It doesn't have to be text, it can be any format but the name we give this original message is plain text. And what we do before we send that is we encrypt it. We apply an algorithm, an encryption algorithm or a cipher and it takes as an input the plain text and we use a key to encrypt and the output of that algorithm is what we call the cipher text. And it's the cipher text that A sends to B and the encryption algorithm will be chosen such that there's a corresponding decryption algorithm where when user B receives the cipher text they take that as an input, they have a key and they apply the decryption algorithm such that it will produce the original plain text as output. That's the idea. So a couple of points on that normal process. The encryption and decryption algorithms used at A and B go together. That is they're related. Sometimes they're even the same algorithm. They must have the property that if we encrypt a plain text message to get cipher text, if we decrypt that cipher text using the correct key, we must get the original plain text. So the algorithms must return the original plain text. They cannot return something different otherwise they don't work. And the algorithms take as an input a key. In this picture I say that the encryption uses key one and decryption uses key two. They may not be different keys. They may be the same values. So key one and key two may be the exact same value. In some schemes they are the same. In other schemes they are different. From the attacker's perspective the attacker can intercept anything that A sends to B, in this case the cipher text. The attacker wants to find the plain text. That's their aim. They can easily obtain the cipher text. If you have the cipher text you can try and decrypt that cipher text. And this assumes that the attacker knows the algorithm used for encryption and decryption and that will be a common assumption. The attacker knows how we did the encryption and decryption. So assuming the attacker knows the decryption algorithm and they know the cipher text, what do they need to get the plain text? What does the attacker need to get the plain text? They need key. The key two in this case. So an important part here is that key two must be kept secret. If the attacker knows key two in this scheme then they can decrypt very easily and get the plain text. So we'll talk about secret keys. Keys are normally kept secret. In this case user A and B may know the keys. They cannot tell anyone else otherwise the scheme fails. It's not secure. And later we'll talk about some different approaches of how to use secret keys. Even if the attacker doesn't know the key it should be practically impossible for the attacker to either find the key or find the plain text. And if we have an algorithm for encryption and decryption such that the attacker, given the cipher text, cannot find the plain text then we consider that algorithm strong or secure. And there are such algorithms that we consider secure. So we'll list some of them as we go through. So that's our general model for encryption. Encrypt the plain text using one key and the receiver decrypts the cipher text using a potentially different key. It may be the same. In most of the cases we'll see at the start it's in fact the same. Key one and key two are the same. So some terminology we've seen so far. Plain text is the original message. Cipher text is the encrypted or encoded message. Encryption is the process of converting plain text to cipher text, sometimes called encyphering. Decryption is the opposite. A key is used in the cipher or the encryption or decryption. What is a cipher? It's a particular algorithm we use for encryption and decryption. So this block of encryption and decryption we need to have an algorithm there and a cipher is one particular algorithm. Cryptography is the study of algorithms for encryption. So what algorithm do we use for encryption? Well people have studied many different algorithms and tried to work out which ones are best. That's cryptography. Crypt analysis is a study of the techniques for defeating those algorithms. How do we decrypt the cipher text without knowing the plain text or the key in fact should be listed there. So crypt analysis is about how to defeat the algorithms. Cryptography is about how to design new algorithms. Cryptology is a combination of those two areas. A common encryption approach that is used and has been used for many years, maybe thousands of years, is that the key used by both sides is the same. That is key one and key two are the same value. A encrypts the plain text with a key and the algorithm is designed such that it can only be decrypted, the cipher text can only be decrypted if the receiver has the same key. So the keys are the same on both sides. We say the keys are symmetric. We have symmetry between the keys and this is referred to as symmetric key encryption. Any questions yet? We have plenty of space in the front two rows. Symmetric key encryption involves using the same key at both sides. There's a single key is sometimes referred to as simply a secret key or a symmetric key or a shared key. That's one of the more common forms of encryption for confidentiality. We'll see another one later. So for symmetric key encryption, we need a good algorithm. We say a strong encryption algorithm. An algorithm such that if the attacker knows that algorithm and they know the cipher text, they cannot get the key or plain text. And we need that the sender and receiver know the key to be used and that they keep that key secret. If someone else discovers the key, they can easily decrypt. In the study or the analysis that we do, we'll assume that the cipher, that is the algorithm used, is known by the attacker. So the algorithm used to encrypt and to decrypt is known by everyone. The reason we assume that is it's usually easy for the attacker to find that even if they don't know it. And for example, the algorithm may be implemented in your operating system. And everyone knows you can guess which operating system the users are using and it doesn't take much to find out what algorithm they use to encrypt. So normally the cipher is assumed to be known. And at this stage we'll assume that the keys used by user A and B are known by A and B and not known by anyone else. That is they were distributed in some secure manner. That becomes a bit of an issue which will arise when we look at key management. How do we get the key from A to B? At this stage we'll assume that B knows the key that A is using. So what algorithms are used for encryption? How do they work? And again in this course we will not go into the details of those algorithms. We'll touch upon the principles and list some of the algorithms but not look at their designs. But basically encryption uses two main operations, substitution and transposition. And they're very simple. Substitution is you replace one character or one element with some other element. And we'll show a very quick example if we use the English language as our alphabet. And the example of substitution is you have a word you want to encrypt, then you replace one letter, the letter s with some other letter in the alphabet. And the algorithm defines which letter you replace it with. So that's the operation of substitution. And transposition is just rearranging elements. For example you have the letters s, t, e, v, e is the word you want to encrypt. Transposition is an operation that says rearrange those five letters. So maybe you get t, e, v, s, e. That's a transposition operation. And all, well, most ciphers that are used today, they're used today symmetric key ciphers, use a combination of substitution and transposition operations. But they don't just do a single substitution or a single transposition, they use a multiple steps, a substitution, a transposition and then repeat multiple stages. And they refer to as product systems. Let's give an example of those two operations. Very simple ciphers, not secure but easy to demonstrate. First one is the Caesar cipher. And the Caesar cipher is maybe 2,000 years old. And the general approach is that we take, let's say we're using English language as the English alphabet. All of our plain text messages contain characters from a to z. And let's keep it as lowercase only. Then when we have a plain text message with a Caesar cipher to encrypt it, we take each character in the plain text message and shift it k positions to the right, where k is the key. And that will produce our cipher text. So a quick example, everyone seems to be awake and listening. So I'll start with the hard examples, skip the simple ones. Instead of giving you an encryption, I'll give you a way to decrypt. Let's say I give you some cipher text. And here it is. Here's the cipher text. And I give you the key. The value of the key k is 3. In the Caesar cipher and the algorithm or the cipher we're using, there are different ciphers, in this case we're using what's called the Caesar cipher. The Caesar cipher to encrypt takes each letter and shifts 3 positions to the right when we use a key of 3. If the key was 4 it would shift 4 positions to the right. Shifting to the right means if you start with the letter a, shift 3 positions to the right, a to b to c to d. If you encrypt the letter a, the cipher text will be the letter d. Decryption should return the original plain text. Decrypt our cipher text. Decrypt it. Not encrypt in this case because I think you'll find encryption is easy. Everyone told me the quizzes were easy yesterday so we'll start with the hard ones. Decrypt that cipher text and find out what the plain text is. C, I use as a shortcut for the cipher text. K is the key. So what's the plain text? P. Anyone have the answer? Yep. How do you get the answer? Shift to the left to decrypt. If we encrypt plain text we say we shift to the right 3 positions. To get the original plain text back we take the cipher text and shift 3 positions to the left. So take the first cipher text letter v and then in the alphabet, you need to remember the English alphabet, go back 3 positions. What's 3 positions before v make it easier for you? There's the alphabet numbered, maybe a little bit easier. So if we have v go back 3 positions. S. So the first letter of plain text is S. We substitute one letter with another. So this is a substitution operation. And the rule for which letter do we substitute with is well 3 positions to the right to encrypt. It's the opposite. What do we have? v, w, v becomes S, w becomes t, h becomes e. Not so hard that one. So a very simple encryption algorithm or a cipher, called the Caesar cipher, which uses substitutions. Replace one letter with another. And the rule is by k positions, the shift is. If you change the key, you'll get a different output when you encrypt. So that was the original plain text. If we encrypted that plain text with a different key, say a key value of 4, we would get different cipher text. Or from the other perspective, if you decrypted this cipher text with a different key, you'll get different plain text. Let's try. What do we get if we used a key of 4 with the same cipher text? We shift 4 positions to the left to decrypt. R, S. So all we're doing is taking our v, shift at 4 positions to the left. 4. What else do we have? u. And if we used the key value of 4 and decrypted that cipher text, we would have got the plain text R, S, D, U, D. Now these are very short plain texts, but which one do you think is the correct one? Steve. So this is a principle that we'll see arise. When we encrypt something, some plain text with a key, we get cipher text. If you decrypt that cipher text with the correct key, that is the same key in this case, 3, you'll get plain text that makes sense that we can recognize. But if you decrypt that cipher text with the wrong key, it is the wrong key because I actually encrypted using the value of 3. If we use a key of 4, we'll get a plain text value which doesn't make sense. And we'll be able to recognize that. The attacker or the user will be able to recognize something went wrong here. I got cipher text, I decrypted with key 4, I get plain text message that doesn't make sense. But I know someone who encrypts a plain text message will start with a sensible plain text message. That will be a principle that comes up. Decrypting with the wrong key will say random characters and can be recognized as being incorrect. So that's an example of a substitution cipher. Any questions? The purpose of this example is not for you to really remember the cipher, the details are not important, but just to know that this is a substitution. A transposition is when we rearrange letters. We don't replace them from something in the alphabet, we just move them around. That is we take the plain text and move the letters inside the plain text. And a simple one that we'll use quickly is called the rail fence cipher where we have a plain text message and what we do is we write that over K rows. So a key again is K, that will be chosen, maybe 2 rows, 3 rows, more depending on the length. And the cipher text is obtained by reading row by row. That one we'll do just to quickly demonstrate. Let's say we have some plain text and for the demo it needs to be a little bit longer. So here's our plain text message I want to send and we'll choose a key. I want to encrypt that. I use a key. It doesn't have to be the same as the previous one. I'm going to use the same key, key of 3. We'll see why in a moment. But it could have been different. It could have been 4, 5, 2. There's some limits on it. So to obtain the cipher text what we do is we write this plain text in 3 rows. It doesn't have to be in diagonals but you'll see it's a little bit easier to read. H-E-L-L-O, hello. Tell me if I spell it wrong. I wrote it in 3 rows. Why? Because I chose a key of 3. And now the cipher text I read those rows. The cipher text from this encryption is H-L-T-E-C-I, the first row, then the second row and then the third row. So this is a different cipher called the railfan cipher. Very simple cipher for transpositions. This is a transposition cipher because all we're doing is rearranging the letters in the plain text. The set of letters in the cipher text is identical to the set in the plain text. We don't have any new letters in there. So there were two L's in the plain text, there were two L's in the cipher text. So it's just a rearrangement. Whereas with the Caesar cipher we substitute with other letters, potentially other letters. So that's the difference between substitution and transposition. Now these are two of the simplest ciphers and very insecure. They have a number of weaknesses. But that's not the point. The point is that the two operations are demonstrated. How would you break these ciphers? That is, if you're an attacker and you know the cipher text but you don't know the key, how would you find the plain text? Maybe starting with the railfan cipher. If you knew the value of the cipher text, what would you do to try and find the plain text? You don't know the key. You don't know it's three rows. What would you do? Guess what? Guess the key. So there may be a limited value of keys here. It's actually limited by the length of the plain text. If you have a very long plain text, you could, let's say we have a plain text of millions of letters, a very long document, then the number of keys, there are many possible keys. Maybe you can do better than just guessing the key. So yes, you could guess the key, decrypt, see if you get plain text that makes sense. If not, try another key. If not, another key. Can you do it better than that? Write a program. What would your program do? Guess the keys. I want to be smarter than guessing the keys. Not necessarily faster, smarter. Well, turns out that you could look for some patterns in the cipher text based on your knowledge of English and your knowledge that certain characters go together. In English, it's not very often that you have T followed by L in a word. So you could start to look at the expected pairs of letters of the plain text and the expected frequency of letters, especially when you have very long plain text. So if you know something about the patterns of letters that you expect in the plain text, you can actually do analysis and instead of guessing from all the possible keys, you can try just a few and eventually you'll find the plain text. This one's not so hard because it's quite small to guess. Similar to with a Caesar cipher. Yes, you could try all possible keys. How many possible keys are there with this Caesar cipher? How many keys would you try if you had to try them all? We said the Caesar cipher shifts by K positions. What's the largest value of K that we can have? 25 or 26 maybe. That is, you can have K as large as you like, but if K, well think, if K is zero, shift by zero positions, take your plain text, shift by zero positions mean don't shift. The cipher text and the plain text will be the same. That's not very good but it's a possible key. If K is one, shift by one position, if it's two or we did with three, if it's 26, shift, start with the letter A, shift 26 positions to the right and you actually come back to the letter A, which is the same as shifting by zero positions. 27 is the same as shifting by one position. So in fact, with the Caesar cipher there are only 26 possible different keys. So an attacker just has to try all those 26 values. One of them will give them the right plain text. That's called a brute force attack. But again, there are more intelligent attacks and if you analyze, especially with long cipher text, if you analyze the structure of the number of letters, the number of pairs of letters or diagrams, you can quickly do an attack to defeat this cipher. The last thing to demonstrate, we will not demonstrate, but to make ciphers stronger, we saw an example of a substitution cipher and a transposition cipher. Real ciphers in use today don't use those but they use the same principles of substitutions and transpositions and what they do is they have multiple steps. They do a substitution, then a transposition, then another substitution and another transposition and they have it in multiple stages or rounds they're called such that they do it enough times, then it's very, very hard, practically impossible for an attacker to go from the cipher text and work back and get the plain text. So that's what a product system does. We will not go through the example but basically apply the Caesar cipher on your plain text and then apply the rail fence cipher to mix up the letters and then apply the Caesar cipher again and then apply the rail fence cipher again and eventually after multiple applications you'll get a cipher text and it can be seen that that cipher text is very hard to work back to get the plain text without guessing the key and that's the principle that many ciphers are built on today. The attention of those examples is not for you to have to remember those ciphers but understand some of the basic principles of real ciphers. So we saw something about the attacks that can take place. What does the attacker want to do? They want to find the plain text if they only know the cipher text and the algorithm being used they want to find the plain text or the key. Finding the key is often considered better than finding the plain text because if I find the key I can decrypt any subsequent cipher text very easily but in most ciphers today if you can find the plain text or the key it means that algorithm is considered insecure. So if an attacker can take the cipher text and the algorithm and find plain text or key then that's not a good algorithm. We assume the attacker knows the cipher text, they know the algorithm being used, they know if it's the Caesar cipher, if it's the rail fence cipher or something else and in practice they usually know other pairs of plain text cipher text but not the key but was encrypted using the same key. That is the attacker may know that in the past someone took this plain text message, they encrypted it with a cipher with a key and got this cipher text. The attacker knows the pair of plain text and cipher text but they don't know the key and there are ways to get that information and therefore the attacker works with that to try and work back and find the plain text or the key and there are two approaches and we sort of saw them in the previous examples. Try every possible key, it's called a brute force attack. That's the dumb approach but work sometimes but very easy to defend against by making sure that they need to try many possible keys such that it takes too long. The smart approach from the attacker is do some analysis on the cipher text, the algorithm, to try and work out what the plain text or key is but that requires good knowledge of the algorithm and finding weaknesses in the algorithm. That's hard. We will see shortly some statistics or performance of attacks on real algorithms with respect to brute force and crypt analysis. Let's focus specifically now about symmetric key encryption which we've mentioned. Symmetric key encryption is commonly used for confidentiality. The same model before, we take our plain text, I've just introduced some shorthand notation, plain text P, we encrypt it with an algorithm and we take as an input a key K. We get cipher text, we can write it mathematically, we apply the function E as inputs to the key K and the plain text P and as the output we get cipher text and then the receiver decrypts that cipher text using the same key. It's the same value of K here and the algorithms must be designed such that when you decrypt that same cipher text using the same key you'll get the original plain text P. This is called symmetric key encryption because both sides use the same key. Symmetry amongst the key, it's often called a shared secret key or a shared key. A later approach will see that they use different keys. The algorithm used for encryption should be good, we say it should be strong. Strong means that if an attacker knows the algorithm they know cipher text and they even know pairs of plain text cipher text, they should not be able to find the plain text or key within reasonable time and the other requirement here is that the key is known by both sides A and B and is not known by anyone else. If I say it's a secret key and someone else knows it then it's not secret. So we assume no one else knows the key. So we saw a very quick example of the CESA cipher and the railfan cipher, they are not used. They are just to show how to do something on paper. What algorithms are used for encryption and decryption in the past and today? That's what the next few slides will list, just the names of some of the ciphers used so you're aware of them. One of the first and maybe most one of the widely used ciphers in the world was called the data encryption standard, DES, DES. So that was the algorithm for doing the encryption and decryption. Designed in the 1970s, come from IBM and the NSA in the US and became a standard in the US government and therefore widely used in many different countries. The details of it we're not going to cover, maybe pick up on some important things. It used a key length of 56 bits. So our real ciphers that we used today are not operating on letters, A, B, C and D, they're operating on binary values. So our ciphers operate on a sequence of binary values and the keys are measured in bits, so a binary value. So with DES, the effective key length was 56 bits. It was actually 64 bits but eight of them were known or of no relevance to the encryption. And that will be, that was an important or a significant limitation of the cipher as we'll see in a moment. The key size was insecure. So DES was one of the earlier and widely used ciphers but it had a limitation in that the key length was too small and therefore new ciphers have been developed over time. Before we look at them, let's just simply do an encryption with DES. This is just a summary of the DES algorithm. The point of this picture isn't for you to know how it works but to show that it's quite complex compared to the Caesar cipher. Do K positions to the right? Well, that's easy. DES involves very hard to see but involves 16 rounds. 16, we do something, we do it again and we do it again 16 times. And each round involves things like, because it's operating on bits, doing left shifts, shifting the bits to the left, doing permutations. Permutations is another word for transposition. Rearranging bits, moving one bit to this position and the other bit to another position and doing substitutions. It uses S boxes as the concept. The point is that even though it's a very complex cipher compared to the others, it uses the same principles of transpositions, substitutions, one after the other and repeats them all again in the second round and repeats them all again and considered to be a secure design. We cannot go through examples on the board. I'll simply show one using a computer. Let me encrypt a file just to demonstrate. The plain text message I'm going to encrypt is here. So it actually finishes at this point. I've just created a text file. That's our message that we want to encrypt. That's the plain text that no one else should be able to read. And what I'm going to do is just use some software to encrypt it. We're going to use DES and actually before we look at that plain text message, what DES does is it operates on a set of bits at a time. It encrypts a block of bits and then encrypts the next block of bits in that original plain text and it works on 64 bits at a time. DES uses what's called a block size of 64 bits. So if your plain text message is 128 bits, DES encrypts the first 64 bits and then separately encrypts the second 64 bits. If it's not a model of 64 that it can add some padding to make it a model. So the ciphers that are used in practice today use a fixed size block, usually small in terms of 64 bits or 128 bits. How long is our message? Our message is 72 bytes long. DES does not operate on characters. It operates on binary values, on bits. How many bits in this file? It's 72 bytes or 72 characters. With ASCII encoding we represent in our file system, we represent every character with an 8-bit value. Let me zoom out and try that again because it wraps around. That's better. So this is the actual file but in the binary form. The values are not important but just to make it clear that this is the first 8 bits represent the letter uppercase H. So what DES does is takes 64 bits at a time, encrypts it and then produces ciphertext and then does it again for the next 64 bits. So let's encrypt using DES, the data encryption standard and the software I'm going to use to encrypt is called OpenSSL. It's just some freely available software that implements many different encryption algorithms. I'm going to encrypt and the algorithm is actually called DES ECB, just the mode of DES. Minus E to encrypt and we take as an input a file, a message file and we're going to produce as an output some ciphertext, just another file and remember to encrypt you take the plain text as input minus in, message 1 is the plain text so it's the contents of the file will be encrypted and it's going to produce ciphertext as output and also we need a key as input and I'll specify the key using a minus K value and what key value should I use to encrypt? How should I choose a key? What would I choose? 1, okay. What's better than 1? 0 maybe. Alright this software requires a particular length key but let's use 0. 16 zeros, they are actually given in hexadecimal here. 16 zeros is equivalent to how many bits? 16 hex zeros, 1 hex digit is 4 bits. So this is a 64 bit key but I just given it in hexadecimal, it's hard to me to get 64 bits. It's not a good key, we'll talk about a good key later. Now not so important but we also need some initial value here and I'll make it the same. That's the nature of this algorithm, we need to initialize some value and we don't have any padding in this case, no padding. The key points, I'm going to use desk, I'm going to encrypt my message, I'm going to produce ciphertext, that file and this is the key value I'm going to use but given in hexadecimal. There, it just encrypted, produces some ciphertext, we'll have a look in a moment. The ciphertext file is 72 bytes. The plaintext file is also 72 bytes. The encryption algorithm should take our plaintext and produce the same length ciphertext. It doesn't add anything extra, assuming there's no padding necessary or always produce, take 64 bits in and produce 64 bits out. Let's look at the ciphertext. I have to zoom out of it. To look at the ciphertext I'll look at it in a binary format, almost done. That's our plaintext, that's our original message and now the ciphertext. What do you expect to see? Well, here's our set of bits. Look at the ASCII encoding. This software shows the actual binary value in the middle, those eight columns in the middle and at the right hand side it shows the corresponding ASCII encoding. The plaintext message was our hello, this is our super secret message. When we get the ciphertext it has some random looking ASCII characters. The dot means it's an unprintable ASCII character. Some ASCII characters you can't print on the screen. It's not a letter, like backspace and so on. Escape. Do you see any structure in the plaintext message? Look at the sequence of eight bits. What about this pair of these two pairs of eight bits? They are the same. Why are they the same? Because they represent the letter L. L repeats. This is L and L in hello. In fact you see an E here and if you look through you'll probably see the same sequence of eight bits here, the E in super. There's some structure in the plaintext. It's hard to see but if you look closely you'll find that there's no structure in the ciphertext. If you look at these bits there's no obvious structure in there and it's effectively random. And that's the sign of a good cipher. A good encryption algorithm takes your plaintext which is in some structure and produces ciphertext which is effectively random, random looking output. And DESC does that in fact. DESC is a good algorithm in terms of producing random looking output. And the random looking output means that when an attacker gets this ciphertext there's no practical way for them to, if they don't have the key, to work back and get the original plaintext. Because if you take something random you cannot find any structure to find some hints to the plaintext. So the ciphers we use today effectively produce a random output. If you want to attack this ciphertext and find the plaintext if you didn't know the key what would you do? If you didn't know the key and you knew the ciphertext what would you do to find the plaintext? What type of attack? Before we go home today let's answer this. What are you going to do if you want to find the plaintext? Brute force. Good. Brute force. Try all possible keys. How many keys are there? 26. This is not the Caesar cipher. The key length is 64 bits. Effectively 56 bits. Eight aren't used. With 56 bits how many possible keys are there? Two to the power of 56 possible keys. So you need to try two to the power of 56 possible keys. So by making the key length large a brute force attack becomes ineffective for most people. But it turns out 56 bits is still not long enough. It takes a few hours nowadays to try 56 bit keys. So next week we'll look at brute force attacks and look at the limits of what's possible and look at some other ciphers.