So the art and science of creating codes is called cryptography.

We're going to have a lot of fun learning basic cryptography in this course.

You're going to come out with an understanding of how it all works.

But the corresponding art and

science of breaking codes is called cryptanalysis.

So if you're making codes you're doing cryptography.

If you're breaking codes, you're doing cryptanalysis.

And it's a good case study as we learn more about cyber attacks and

think about them in the context of different taxonomies.

Now it turns out there is three strategies that we can follow for cryptanalysis,

we'll take them in order.

The first is called Ciphertext Only.

That's where you the attacker are looking at a stream of encrypted data and

you have absolutely no hints as to what is in there.

You just see the encryption and you have to come up with some means for

breaking the encryption.

And in a previous video we said one possibility is you do brute force attacks.

You try and decrypt using every key you can think of.

Another is to look at the in enciphermen.

We call that ciphertext, encrypted text.

See if there's something in there that you can figure out to somehow do the reverse

of the encryption which we called decryption or cryptanalytic processes.

So that's the hardest,

ciphertext only is the hardest case of cypher, of cryptanalysis.

No hints.

Now, there's a second possibility.

And that's where you do have a few hints.

Can imagine having a piece of paper that has some English text on it.

And having next to it the encrypted version of that.

And you get hints.

You look and you go, so that encrypts to that, I get it.

And in computing we think of that more as a challenge response between Alice

and Bob.

So a lot of times, encryption is implemented as a function.

So that one entity, Alice lobbing over a challenge to Bob,

and getting back a response, is like sending plain text, and

getting the encrypted cipher text back, you follow?

If Eve is watching this she sees the plaintext,

she sees the ciphertext [SOUND].

It's a hint.

It may not give you the whole function, certainly not.

But it's a hint, it's not nothing.

And we call that case Known Plaintext.

So ciphertext only, no hints.

Known plaintext, hints.

Follow? Now there is a third case.

And that's where actually have the encryption function, [LAUGH].

I go break into your building, and [SOUND] I take your encryptor and boom.

I drop it down.

Now obviously encryptors are not big pieces of equipment, but you get the idea.

If I have the encryption algorithm, then I create something known as a code book.

That's where I can literally feed input to the encryption function, look

at the output, the corresponding encrypted function, the ciphertext, a write it down.

And then I feed another input, encrypt it, write that down.

And I do that successively, over and over and over and

over again, and build up a code book.

Now you would think my gosh, if I can build a codebook, I have you.

I'd just sit there and build the codebook and I'm done.

How do we deal with something like that and what did we say earlier

was the type of attack that involves doing things over and over again?

Brute force, and how do we deal with brute force?