When it comes to encryption, each time you create and send a message, whether encrypted or not, offers the opportunity to learn how the data is randomized, presented, and gain further insight on how the algorithm works. Similar to creating a dossier on an unsub using data collected online, each additional piece of the puzzle, such as a social media account or criminal report, can be vital in understanding the individual, or in this case, the method of encryption (and future decryption). By merely sending the same message over and over while it is encrypted, you are providing more details than required, leading to the collection of data that can be utilized in statistical analysis. Sending the same message twice, one encrypted and one in plain text, can allow an authorized individual to compare how the plain-text message is encrypted, by deciphering the algorithm used to randomize numbers and create decryption sequences.
Furthermore, while obvious, if a message is intended to be encrypted, sending a plain-text message is not recommended as the information in the message will not be secure; additionally, if an unauthorized user notices this as a mistake, I for one would see it as a major weakness, thus creating a target on this individual due to their negligence. Per this week’s readings, plaintext, being the original message which is fed into an algorithm, offers the general guidelines for how the algorithm is turned into ciphertext. Then, through cryptanalysis, a brute-force approach can be potentially used by trying all possible keys until the decrypted data matches the encrypted message (Stallings, 2017). Once the attacker finds the specific algorithm, he/she can then decrypt future messages with ease.
Additionally, if an attacker has access to both the plain-text and encrypted message, they can make certain revelations based on the placement of words, such as the header of emails or the signatures used; this, in turn, helps to quickly decrypt or guess the location of the main body of the messages, reducing the amount of data that needs to be decrypted. The world of cryptology depends on the randomness of numbers, letters, and characters; any deviation from this practice, such as sending the same message in plain text and one that is decrypted, gives an unnecessary helping-hand to those who are attempting to ‘crack the code,’ so to speak.
For this week’s trivia question, the orange book is a literally orange book from the Department of Defense regarding the criteria for rating various security systems utilized in government; this document was published in 1985 and is based on the Bell-La Padula Model (Massachi, n.d.).
Stallings, W. (2017). Network Security Essentials: Applications and Standards (Sixth). Pearson.
Massachi, Sahar. (n.d.). Orange Book – Computer Security – A brief look. (n.d.). Retrieved March 17, 2020, from https://sites.google.com/site/cacsolin/orange-book.
Leave a Reply