Security: We are doomed to repeat it.
November 1, 2017
Some simple yet secure cipher, easily acquired and easily read, should be introduced, by which means messages might to all intents and purposes be “sealed” to any person except the recipient. — Quarterly Review, 1853
As a security consultant, I spend most of my time looking at how other companies implement security. All too often, I see the same problems repeated. It’s as if history is repeating itself.
So I decided to do some research into the history of information security and whether we really haven’t learned anything in almost 200 years. This is the first in a multi-part series looking back at historical technologies that faced the same challenges we face today.
The Telegraph
To learn about the early days of cryptography, security and privacy, I went back to the telegraph. To learn about the telegraph is to understand the modern internet. (The best read about the telegraph is from The Victorian Internet.)
If you wonder why we haven’t learned to prevent injection attacks, you might be surprised that they are 181 years old. In 1836, you learned about the stock market and stock prices via the telegraph. If you were in London and bought stock on the Paris market, you would get an update on pricing via the telegraph at the end of the day.
Some clever market maker inserted fake messages to manipulate the Paris stock market. The idea of integrity didn’t get exist. So they tried encryption.
Encryption
Codes in the telegraph up to this point were more about saving money than confidentiality. You paid by the character. Codes were also good for sending stock quotes. If you couldn’t decipher the code, you couldn’t get the stock price early. Of course, key management was a struggle in the 1800s. Keys were stored in books. And everyone had a decoder book.
Much like today codes (or encryption) was controversial. In the 1850s, countries banned the use of codes except for governments. Instead of insisting on getting a copy of the decryption key (like governments would like today), they outlawed it entirely. It wasn’t until the formation of the International Telecommunications Union in 1865 that governments were no longer allowed to ban codes.
Domain Names
1869 — creation of “nicknames” for telegraph destinations. much like domain names today.