1 2 3 4 5 6 7 8

Holmes in "The Dancing Men": who could ever forget Holmes's well-known listing of those frequencies, ETAOIN SHRDLU (also famous as the copyeditor of the Computer Underground Digest)? Zimmermann brought the message back decoded the next day.

The story illustrates more than the insecurity of simple substitution ciphers. A truism you hear uttered frequently by the cryptographic community is that if you want to write a good cryptographic system, you must first have learned to break such systems. Understanding what methods are used to break the locks is important in understanding what weaknesses to avoid in constructing them. Zimmermann's schoolmate could have added a layer of difficulty by, for example, first translating his message into another language, or possibly by using multiple symbols for each letter of the alphabet and choosing randomly which to use at any given point. Those possibilities lead to a corollary: cryptanalysis, the science of cracking codes and ciphers, is much harder and more time-consuming than encrypting messages once you have the code designed because you may have to try multiple methods of attack.

Zimmermann was studying computer science at Florida Atlantic University in Boca Raton when he discovered the usefulness of computers in encryption. The basis remains the same: garbling the message so it can't be read by anyone except the intended recipient. But computers make it possible to implement systems that are much more difficult to crack than anything a human could do unaided.

The basis of any encryption system is an algorithm, a mathematical term for a procedure--in this case, a procedure by which data can be encrypted. Letter substitution is a very simple example of an algorithm. A key specifies exactly how you use the algorithm to code the text, just as a single type of lock can be designed to use many individual keys, none of them interchangeable. In general, the longer and more complex the key, the more difficult and time-consuming the encryption is to crack. Someone with enough time and money to buy the most powerful hardware may be able to mount what's called a "brute-force" attack, where every possible key is tried until one works. In designing or choosing a cryptographic system, you have to assess how long that would take and how much effort (both yours and the cracker's) and cost it's worth to defend the information you're protecting. Like securing your house against burglars, you may not be able to keep out someone who's truly determined, but if you slow the intruders down enough they may move on to someplace easier to penetrate.

Until the mid-1970s encryption schemes relied on the key's being kept secret and out of the hands of all but the sender and recipient of the message. If the two parties, by cryptographic convention known as Alice and Bob, were geographically separated or unknown to each other, arrangements had to be made--say, sending a courier with the briefcase handcuffed to his wrist--to transmit the key securely from one to the other and verify identities before any exchange of encrypted data could usefully take place. This type of system had other risks, notably to the courier. For public data networks such as the Internet, such a system is too unwieldy to allow the kind of seamless exchange of protected data that everyone wants; it simply can't facilitate unplanned, secure communications between strangers.

But in 1976 two researchers at Stanford University, Whitfield Diffie and Martin Hellman, came up with a radically new approach, which they dubbed public-key cryptography, that eliminated this first step. In Diffie's and Hellman's original description, known as the Diffie-Hellman key exchange, each user had a secret key, and when two users wanted to talk securely in real time, the two keys would provide information from which a private single-session key could be generated to encrypt the conversation in both directions. It's a bit as if you spoke one secret language and your correspondent spoke another, and a computer could from these concoct a unique mix for transmission that, since it would only be used once, would