Background: Didn’t go to college, does some basic database stuff (seems like MS Access: mentioned macros + database management) I: My first question is: what comes to mind when I say the word “encryption”? The first word you said? I: Oh, no, just what kinds of things come to mind. Um, secretive. That is tricky. When I think of encryption, I just immediately think that it’s keeping information from any user except the end user. I: So do you have any experience using encryption? Not too much. There’s been a slight use of encryption, mostly just like base-64 to send full private messages to somebody else that I don’t want anybody else to see or stumble upon a chat log and be like, “Hey, what’s this?” Mostly just to send a specific message to one target. I: If you had to define encryption or explain what it is or how it works, what would you say? To explain encryption, I would say that it would use an algorithm that would multiply out your original message. And on the other side, it would have the exact problem to figure in to decrypt your message. So one side would multiply the letter A by 64 and the other side would divide it by 64 to decrypt it. I: So when you think about encryption or hear that word, what kind of imagery comes to mind? With encryption, more just alphanumeric. Just letters and numbers in what appears to be a random string. Maybe email. I: Why would you say email? Why did that come up? Email mostly because email uses HTTPS like in, say, Outlook. From what I understand, Hotmail encrypts my email under the HTTPS, so if there was any software on my computer that would be scraping anything off my computer, it would not scrape my email. I: That’s pretty much the questions I had on that topic. [Diagramming exercise] --Excerpt-- Just any encryption? I just basically have to build a cipher? I: Entirely up to you, whatever you imagine it looks like. I: Okay, can you explain what’s going on in that first picture? Okay, on that one, I did a simple algorithm for it. The original, the first variable, has 4 letters attached to it. So if the original letter is “T”, that’s the first variable, it’ll add four letters, so it’ll go “U”, “V”, “W”, and end on “X”. And then every letter after that, continue to add 4 to each. The cipher is “+4” basically. I: And how did you decide on that +4? It’s just kind of easy, and it wasn’t a +1 like the second stick figure guy that’s coming up. I figure +4 made it look not exactly like the original message; it was enough off that you would have to know that—well, I guess you could easily work it out on your own, but—but not easily able to determine that “XLMW” is “This”. I: Okay, yeah. So can you explain what’s going on with your stick man there? So the stick man is kind of the same concept. The original, I used variable 1. I will say this is much harder to figure out a sequence to encode it because it’s a regular everyday object, not quite like a word. So the stick figure guy, I did the same, I did a clockwise rotation +1. So where his head would be, his arm ended up, and his left arm ended up where his left leg was. I: So you kind of scrambled the stick man? Yeah, but scrambled in a configurable manner so that he can be unscrambled. I: Okay, couple questions here. First, that stick man. The end product here, where you kind of reconfigured him, do you imagine the output looks like what you have there? I can make out bits and pieces of him, but can’t quite tell what the original was? The stick figure you can probably figure out what he originally looked like *laughs* I: I guess I meant like a jigsaw puzzle. Is that kind of what’s happening here? Breaking it into pieces and scrambling it up? Yeah. I: Okay. With the message from the first part, my next question is: imagine you’re going to encrypt that same message multiple times, is the output the same each time? What do you mean? I: For example, you have that sentence that you’ve encrypted and added the four letters, etc. Now, imagine tomorrow, you’re going to encrypt that same message. Is it going through the same process? Would I choose the same process? I: Imagine that a computer is encrypting it as opposed to you doing it by hand. Do you think it comes ​ ​ out the same each time? Uh, in the example I did, yes. Because it’s a static encryption. It’s just +4. It would be static, come out the same every time. I: So it depends on that pattern that you’re using? Yeah. Now, it would change if you made it dynamic as the day. I just didn’t want to do a really complicated one for the sake of time, but it could have been +4 and then add on the day of the month. So then each day would be dynamic. Well, for 31 days. I: My next question is: imagine you’re—and you mentioned before sending a base-64 encoded message to a friend. So imagine a similar scenario, you want to send an encrypted message to your friend. So your friend gets this message and it’s gobbledygook, how does he know what to do with it? How does he get back the original message? Just in that exact example? There would already be a decoder that he would know. It would be the same, backwork the multiplying factor. I: I guess that’s my question: how does he know what he needs to do? If all you gave him was the message. If I all gave him was a mash of numbers and letters, I would assume he wouldn’t know *laughs* Without the cipher or decryption code, you would just assume that I don’t know. I: Sorry, I guess I’m asking a little vague here. My real question is how do you get him that cipher? Oh, that would be established previous to sending the message. That would be “Here is the special key for me and you, here is the backwork stuff.” It’d be like “I sent you a message, wink wink, why don’t you check your email? Everything is +4.” So you’d just minus 4 essentially. I’d tell him the cipher code way ahead of time so any message we had between us, you’d have to know that it was +4. That’s the elementary version, I guess. I: That makes sense. Now, imagine that you’re a hacker or maybe you’re the government and you’ve intercepted the message. So you have the coded version but not the cipher, you didn’t capture that part. How hard is it to recover the original message, if all you have is the coded part and not the cipher? If you just had a pen and paper, that would take years *laughs* If you had even a regular computer, that would probably still take years. But if you had like a quantum computer, that could maybe take seconds. That would depend on what you were using to decipher the message. I: Okay, so imagine the NSA has the message. Whatever you imagine their capabilities to be, how hard do you think it would be for them? Probably not hard at all. I imagine they have quantum computing, so I assume they’d be able to figure that out fairly quickly. It’s kind of like WWII with them cracking the dynamic ciphers for the cipher typewriters. I: You’re talking about Enigma? Yep. I: Okay, great. So let’s move on to the next part of the interview. We’ve been talking about what encryption is and how it works, now I want to talk about how encryption gets used. Do you think encryption plays any role in your daily life? Yes, definitely. Email. Anything with HTTPS, so pretty much most of the web, especially with Chrome. Most passwords, there’s encryption for it, like 2-step verification. LastPass, they encrypt it to where they don’t even know your password, they don’t give themselves the encryption key. I: Okay, few things there, you brought up a bunch. One, you mention LastPass and an “encryption key”. So what is an encryption key? An encryption key is kind of like a cipher, it’s the solution to what you multiplied out by. It’s either like 128 or 256 encryption. The solution for whatever the gobbledygook if somebody were to look in their files or if they were to look in the files, they’d see the gobbledygook. But they’re not storing your solution to make the gobbledygook into regular English or whatever language you’ve typed in. I: So what form do you think a key is? Is it a list of operations? A list of numbers? What is it? From what I understand about it, some of it is multiplying primes, and I guess that’s why they gave out cash awards to people who find new prime numbers for encryption. I: You mentioned HTTPS, and you also mentioned that at the beginning.