# Discussion Problem

The following is a passage from Sun Tsu's book The Art of War:

There are three ways in which a sovereign can bring misfortune upon his army:

By commanding the army to advance or retreat, being ignorant of the fact that it cannot obey. This is called hobbling the army.

By attempting to govern an army in the same way as he administers a kingdom, being ignorant of the conditions that obtain in an army. This causes restlessness in the soldiers' minds. Humanity and justice are the principles on which to govern a state, but not an army; opportunism and flexibility, on the other hand, are military rather than civic virtues.

By employing the officers of his army without discrimination, through ignorance of the military principle of adaptation to circumstances. This shakes the confidence of the soldiers.1

Does this apply to an organization with computers that are under attack, or are expected to be attacked? How?

## Outline for the Day

1. Classical Cryptography
1. polyalphabetic: Vigenère, fi(a) = (a + ki) mod n
2. cryptanalysis: first do index of coincidence to see if it's monoalphabetic or polyalphabetic, then Kasiski method.
3. problem: eliminate periodicity of key
2. Long key generation
1. Running-key cipher: M = THETREASUREISBURIED; K = THESECONDCIPHERISAN; C = MOILVGOFXTMXZFLZAEQ; wedge is that (plaintext,key) letter pairs are not random (T/T, H/H, E/E, T/S, R/E, A/O, S/N, etc.)
2. Perfect secrecy: when the probability of computing the plaintext message is the same whether or not you have the ciphertext
3. Only cipher with perfect secrecy: one-time pads; C = AZPR; is that DOIT or DONT?
3. DES
4. Public-Key Cryptography
1. Basic idea: 2 keys, one private, one public
2. Cryptosystem must satisfy:
1. given public key, CI to get private key;
2. cipher withstands chosen plaintext attack;
3. encryption, decryption computationally feasible [note: commutativity not required]
3. Benefits: can give confidentiality or authentication or both