In Victorian England, people often communicated by placing ads in the paper. Stamp tax was increased during the Napoleonic Wars, and the price of postage could add up to more than a worker’s daily wage. Personal ads, on the other hand, were free.

Ad placements could avoid the cost of letter delivery, but the downside is that everyone can read your messages. To keep communications private, correspondents used coded text.

Early ciphers relied on simple substitution, replacing single letters according to a fixed system. Charles Babbage and his buddies Sir Wheatstone and Lord Playfair would decipher strangers’ messages to mess with them. Playfair recorded one such instance:

On Sundays we generally walked together, and used to amuse ourselves by deciphering the cipher advertisements in The Times. An Oxford student who was in a reading party at Perth was so sure of his cipher that he kept up a correspondence with a young lady in London. This we had no difficulty in reading. At last he proposed an elopement. Wheatstone inserted as an advertisement in The Times a remonstrance to the lady in the same cipher, and the last letter was, “Dear Charlie, write no more, our cipher is discovered!”

This is what we call a man-in-the-middle attack. A postal letter is sealed to prevent interlopers from getting all up in your business, but an ad in the paper is a public broadcast, protected only by the hope that no one will understand it but the intended recipient.

Today, pretty much everything we do on the internet is public broadcast, and a modern-day Wheatstone might insert a message asking the young lady for her bank account password. More commonly, malicious internet service providers like ATT and Charter examine your web traffic and inject ads into your browser.

The good news is, encryption technology is much better now than it was in Wheatstone’s day. It’s no coincidence that unbreakable encryption was invented just after the advent of radio communications, where everything is a public broadcast.

During WWI, the French got their asses kicked, but had the foresight to destroy their telegraph lines upon retreat. This forced the advancing German army to communicate by radio, and gave the Allies plenty of messages to decode.

A weakness of substitution ciphers is that if the codebreaker figures out the pattern used for substitution, the whole message is revealed. Joseph Mauborgne of the US Army figured out that if the pattern was random, the code would be unbreakable. That seems obvious now, but random substitution was such a great idea that it was used to encrypt messages on the Moscow-Washington hotline until the 70s.

Now, when we create passwords, they’re usually not random strings. But the server that stores your password will combine it with a random salt and then hash it. That way, even if the database is breached, the hacker can’t actually access the passwords. The random salt is important, because a hashed password without salt can simply be looked up in a hash table. LinkedIn famously neglected to do this, so hackers got to the plaintext passwords and then applied the same login to break into users’ accounts on other sites. Same thing happened with Yahoo hack.

And that’s why we should never reuse our passwords.

Like this: Like Loading...