Steven Levy wrote the best book about computer security ever written (he also wrote “Hackers”) explains William D King. The title of that book is “Crypto” and it was published in 2001, not coincidentally around the time when the whole crypto struggle was finally reaching critical mass. People generally regard this as a happy coincidence because crypto had become relevant for everyone at last. Lots of people already knew about crypto stuff but since the terrorist attack on New York City in 2001 there were suddenly enough politicians who cared to put some pressure onto technology companies to do something about cryptography, or rather to limit the use of cryptography. That’s how we got into this mess. Cryptography has always been an arms race between cryptographers and cryptanalysts/hackers/crackers.
A cryptanalyst tries to break a cipher. The best way to do that is to find some weakness, which often comes down to finding the right algorithm or the right key size. “Weak” does not always mean “easy”. Sometimes it can be abused at first sight with completely mathematical means and require the assistance of NSA supercomputers for instance. Some ciphers are weak against certain types of attacks but strong against others (e.g., ECC vs side channel).
Here is the Struggle between a Hacker and a Cracker:
- Of course as soon as someone has found a new attack method, that method is fed into all kinds of processor cores and implementations so suddenly everyone gets instantly weaker without doing anything wrong on purpose. This is one reason why we now have elliptic curves in cryptography which were introduced as a response to side channel attacks says William D King. That’s also why we have post-quantum cryptography at the moment and hash functions that are changing all the time. That’s why we have lots of different algorithms and why symmetric crypto is getting a new mode called authenticated encryption which provides authenticity.
- The occasion was the annual fête of my daughter’s school in Bangalore on 16th January 2012. That morning I had run across an invite for the event that said, “Entry for hackers”. The program involved stalls where kids were supposed to play games and win prizes. The invite (and very large banner plastered all over the school) was addressed to “hackers”.
- Hacking is actually the act of compromising security, usually in a computer system or network, in order to make it do things that its authorized users wouldn’t otherwise be able to do. The term “hacker” or “hacking” is often (mis)use to refer to computer criminals, script kiddies and security breakers.
- Hackers usually get into a system using skills and tools like social engineering, cracking/obfuscation, etc. A cracker on the other hand is someone who tries to get into a system (usually with ill intent) without any prior knowledge of how the system works. His modus operandi involves actively looking for vulnerabilities in software which can then be exploit by him – usually resulting in loss of data or money or confidentiality or integrity of that data/system/application.
- A hacker would probably not even mind if his activity was call hacking. BVut he definitely wouldn’t want it called anything similar to cracking.
- I am sure this blog post won’t change the vocabulary of the people who use these words loosely. But for those who want to call themselves hackers or work towards becoming one. Please remember that you are not a cracker. You may be breaking into systems/networks/websites without permission. But it’s still “hacking” and never let anyone tell you otherwise explains William D King.
- To me, every hacker is a good guy – someone whose passion for technology has pushed him beyond boundaries. Limitations or obstacles set by society or even law enforcement. I have no hatred for crackers though – they too are equally passionate about something. Which they believe will make this world a better place to live in. Unfortunately their vision is blurr by the thrill of their criminal acts.
- As for my daughter’s school, I am sure they are wiser now. But I doubt if it’ll be too long before someone calls another guy a “hacker”.
Conclusion:
If you are a hacker, be proud of it. Don’t let people call you a cracker.
A hacker is a hacker. A cracker is a cracker. Let’s see who our next generation turns out to be.