# Cryptography is Hard

I love stories like this - http://www.theregister.co.uk/2011/03/22/ba_jihadist_trial_sentencing/ Briefly stated a group of would be terrorists rejected all suggestions that they use professionally developed cryptography and went ahead and developed their own. They assumed that because the existing cryptography was known to western “infidels” that it would be less secure than something they invented on their own. So they “invented” a simple letter substitution cypher of the type that has been known (to others) and used (by many) for over 2,000 years. Worse yet, for them, it is a very easy to break cypher. So they were found out.

Cryptography is hard. There are no two ways around that. Lots of people think they are far more clever than they really are – anyone who spends time around teens knows of many examples. The history of cryptography is long and varied. From hiding messages (shave a head, write a message on it and send the person out when the hair is back) to book cyphers (send the page, line, and word number in a specific shared book) to substitution cyphers (Enigma was a very sophisticated example) to intricate public key encryption systems (often using really large numbers and heavy math) and all sorts of mixes and variations. The science and math for breaking codes is also pretty far along having grown in parallel with creating cryptography. And yet still, sometimes, people with just a little knowledge think they can do better than what has already been done.

This doesn’t mean that playing with codes and cyphers is useless for amateurs. To the contrary, it can be a great learning experience. I have written about cryptography several times in this blog over the years (some links below). I think this is a great topic for students to learn about algorithms, about security on a wider scale, and about how computers can be used to facilitate cryptography both in the using and the breaking. As long as they don’t think that just using a computer (the terrorists in that example above used Excel to encode and decode messages) makes things secure.

Oh I found this VB.NET wrapper for the .NET framework cryptography classes (HashAlgorithm, SymmetricAlgorithm) for working with strings and files if you want to try some serious encryption in VB. The Code Project has a number of articles and resources about cryptography in .NET. See also Simple encrypting and decrypting data in C#

One last thought. I am starting to think that using cryptography in ways similar to how these terrorists used Excel might make for some interesting projects to help student expand their idea of what is possible with Excel. Has anyone tried something like that? A bit out of the box but maybe a great way to make some advanced features of Excel more interesting to learn.