Programmer's View

            "$_='while(read+STDIN,$_,2048) {$a=29;$c=142; if((@a=unx"C*",$_)[20]&48) {$h=5;$_=unxb24,join"",@b=map{xB8,unxb8, chr($_^$a[--$h+84])} @ARGV;s/...$/1$&/;$d=unxV,xb25,$_;$b=73;$e=256| (ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=($t=255)& ($d>>12^$d>>4^$d^$d/8))<<17, $e=$e>>8^($t&($g=($q=$e>>14&7^$e) ^$q*8^$q<<6))<<9,$_=(map {$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100) [$_/16%8])&110;$t^=(72, @z=(64,72,$a^=12*($_%16-2?0:$m&17)) ,$b^=$_%64?12:0,@z)[$_%8]}(16..271)) [$_]^(($h>>=8)+=$f+(~$g&$t)) for@a[128..$#a]}print+x"C*",@a}'; s/x/pack+/g;eval" -- D e C S S in PERL
            What you see above is a crypto program. How many people do you think would understand half of the above? How many people even care? This is how hard it is to make your own program.

            Lots of people agree on this issue, here is a quote from Lucky Green--
"The present need for security products far exceeds the number of individuals capable of designing secure systems. Consequently, industry has resorted to employing folks and purchasing "solutions" from vendors that shouldn't be let near a project involving securing a system."

Well educated people also take this view., David Wagner PhD, sci.crypt, 19th Oct 02.--
"What makes you think you can invent a good cipher if you have no expertise in the subject? Maybe you can, but it's not terribly likely. Imagine how you would react if your doctor told you "You have appendicitis, a disease that is life-threatening if not treated. We have a time-tested cure that cures 99% of all patients with no noticeable side-effects, but I'm not going to give you that: I'm going to give you a new experimental treatment my cousin dreamed up last week. No, my cousin has no medical training. No, I have no evidence that the new treatment will work, and it's never been tested or analyzed in depth -- but I'm going to give it to you anyway because my cousin thinks it is good stuff."
You'd find another doctor, I hope. Rational people leave medical care to the medical experts. The medical experts have a much better track record than the quacks."
And, even if you did resort to doing something there would still be bad people who find a way to hack (even if it takes several years). So, why not jus dissallow connections, or rewrite the internet? Bruce Scheier says this--
"The problem isn't the Internet. The problem is the horribly insecure computers attached to the Internet. I would rather rewrite Windows than TCP/IP."

            This last question is the one that I settled down to answer on a Tuesday afternoon. As soon as I got home, I put my bike inside the garage, and walked upstairs to sit at my overly crowded desk, and got to work on my computer. I had already made a simple computer program in a standard computer language called C (most people don't even know what C is, never mind what the program above does).

            The first steps to making the program were just making an outline of how I want to encrypt and decrypt the text. In the beginning, I wanted something that would add a certain value to the numerical value of the text characters, changing the text characters. I wracked my brain for the skills instruction I learnt last summer at a programming course, and looking up certain commands on the internet, I soon came to the conclusion that it was impossible, or at least hard and not very useful.

            After I realized this fact, I went to a more convenient method of encrypting. This method involved taking the 1st, 2nd, 3rd, etc. characters of the text, and encrypting them using a different key (arrangement of the bottom letters in the form of regular alphabet on top, and scrambled alphabet on the bottom). This method worked very well, and the text is saved in a file called "encrypt.txt". The program runs like this (I copied this from the command line where the program runs. Please ask me if you want a copy of the program, I would be happy to give you one.) :
            "Would you like to: 1. encrypt text using Under Tytal (my name for the program) into encrypt.txt, or
2. decrypt text from the file encrypt.txt using Under Tytal.
1 or 2?
1
Please enter in the text:
iamusingthisprogramfortheisearch
The encrypted text is as follows:
iznfhrmtgsrhkiltiznuligsvrhvzixs
Commence with writing into file encrypt.txt?
1 for yes, 0 for no.
1

Thank you for using Under Tytal ciphering machine
Please press any key and enter to exit this program."

This was the text in encrypt.txt
"iznfhrmtgsrhkiltiznuligsvrhvzixs"

I ran the program to decrypt the text:
"Would you like to: 1. encrypt text using Under Tytal (my name for the program) into encrypt.txt, or
2. decrypt text from the file encrypt.txt using Under Tytal.
1 or 2?
2
Do you want to 1. display decrypted text on the screen,
2. copy decrypted text to decrypt.txt, or
3. Do both 1 and 2.
1, 2, or 3?
3
The decrypted text is as follows:
iamusingthisprogramfortheisearch
Thank you for using under Tytal ciphering machine
Please press any key and enter to exit this program."
This was the text in decrypt.txt:
"iamusingthisprogramfortheisearch"
            In my opinion, the program came out well, because I was able to encrypt, decrypt, and also put it into a text document. Although the program works well enough to satisfy me, the maker, it would not be enough for commercial use, because even I could create a program that cracks it, though it would take me a long time to make.

            This brings me to my first point, which is: the world of computers requires protection, but few people can do it without a strong background in mathematics. In the modern world, cryptography is very advanced, which is a good thing, but it also means that to compete with the hackers, the cryptography has to be extremely good. A few people, perhaps 3-4, could easily accomplish this, but they would require equipment that costs a small fortune, and time that no one has. To pay for the equipment alone, the program would have to be costly, a definite disadvantage to the public.

            There are two programs available (well, one is just a website, but it uses a program) that are free and useful in encryption for the general public. The first of these programs, PGP, is one using the public key encryption method, but I didn't get to investigate this program, because the encrypted text is hidden from the user.

            The second one, Spam Mimic has a more bizarre approach to encrypting text. Instead of the traditional method where the encrypted text is just gibberish, with Spam Mimic, it encrypts the message as Spam so that when someone sends the encrypted text, it just looks like regular junk, and not something of importance. Using this method, it is hard to know whether it is just spam, or encrypted text, whereas with PGP, the text is defiantly of importance. Here is the "explanation" of Spam Mimic, that can be found on their website, www.spammimic.com:
"There are terrific tools (like PGP and GPG) for encrypting your mail.
            If somebody along the way looks at the mail they can't understand it. But they do know you are sending encrypted mail to your pal.
The answer: encode your message into something innocent looking.
Your messages will be safe and nobody will know they're encrypted!"
            "There is tons of Spam flying around the Internet. Most people can't delete it fast enough. It's virtually invisible.
This site gives you access to a program that will encrypt a short message into Spam. Basically, the sentences it outputs vary depending on the message you are encoding. Real Spam is so stupidly written it's sometimes hard to tell the machine written Spam from the genuine article."
Just to experiment, I encrypted this message using Spam Mimic: " I am using this program for my I-search."
            This is the encoded text: "Dear Friend , Especially for you - this red-hot intelligence . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our mailing list . This mail is being sent in compliance with Senate bill 1622 ; Title 1 ; Section 307 ! This is not a get rich scheme ! Why work for somebody else when you can become rich within 56 DAYS ! Have you ever noticed nobody is getting any younger and nobody is getting any younger . Well, now is your chance to capitalize on this . We will help you SELL MORE and increase customer response by 200% ! You can begin at absolutely no cost to you ! But don't believe us . Mrs Simpson of Connecticut tried us and says "My only problem now is where to park all my cars" . We are a BBB member in good standing . We BESEECH you - act now . Sign up a friend and you'll get a discount of 20% . Cheers ! Dear Internet user , This letter was specially selected to be sent to you . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our mailing list . This mail is being sent in compliance with Senate bill 1816 , Title 6 , Section 301 ! THIS IS NOT MULTI-LEVEL MARKETING ! Why work for somebody else when you can become rich in 76 months . Have you ever noticed more people than ever are surfing the web and nobody is getting any younger . Well, now is your chance to capitalize on this . WE will help YOU process your orders within seconds plus deliver goods right to the customer's doorstep . The best thing about our system is that it is absolutely risk free for you . But don't believe us ! Prof Anderson of Wisconsin tried us and says "I was skeptical but it worked for me" ! We are licensed to operate in all states ! So make yourself rich now by ordering immediately ! Sign up a friend and you get half off . Best regards ! Dear Cybercitizen ; You made the right decision when you signed up for our mailing list . We will comply with all removal requests . This mail is being sent in compliance with Senate bill 1624 , Title 5 , Section 306 ! Do NOT confuse us with Internet scam artists . Why work for somebody else when you can become rich within 97 DAYS ! Have you ever noticed nobody is getting any younger & nobody is getting any younger ! Well, now is your chance to capitalize on this . WE will help YOU process your orders within seconds and sell more . You can begin at absolutely no cost to you . But don't believe us ! Mrs Anderson who resides in Virginia tried us and says "I was skeptical but it worked for me" . We are licensed to operate in all states . You will blame yourself forever if you don't order now ! Sign up a friend and you'll get a discount of 40% . Warmest regards !"
            This is what it looks like when it is decoded: "I am using this program for my I-search."


            There are many reasons that most people wont even go near programming a crypto program is that the first step involves spending at least half a year getting to know, and learn a programming language. Even after you know the programming language, you have to develop a way to encrypt and decrypt information that isn't easy to break. After that, you are faced with the problem of distribution: have someone convert it into a program in internet language, make a site that just uses the program, or make it a downloadable file? Can you see why there aren't many free crypto programs?

            I tried searching for other free cryptography programs, but unfortunately, I could not find any, and after fifteen minutes of searching, I gave up. This lack of resources in the area of cryptography indicates that it is a market that is mostly populated by the big companies, who use it for their own purposes, and don't offer it to the general public. During my on-site-observation, I learnt a great many things about the current state of affairs with cryptography, and also gained some knowledge about good crypto systems.