The Life and Death of Passwords: Pre-Computing History
Our documentary, “The Life and Death of Passwords,” explores with industry experts the history of passwords, why passwords have become less effective over time, and how trust is established in a passwordless future. With its release, we’re taking a trip through time, from digging into the early days of passwords to imagining the passwordless potential that lies ahead.
Today: The pre-computing history of passwords — codes and ciphers, the arms race between code makers and code breakers, the Enigma machine, and more.
Today we use passwords to “unlock” access to our most important private information, but even 2,000 years ago people needed a secure way to “lock” and “unlock” secret messages between one another. Since we use more modern methods of encryption for securing information today, understanding at least a tiny bit of how these ancient methods work can help us understand how passwords work today. And we’ve brought an expert along to guide us on this trip through the past.
Simon Singh is the author of “The Code Book,” an international bestseller which takes a deep dive into the history and evolution of secret communication. For starters, we’re going to be using specific terminology that often gets tossed around interchangeably, so we asked Simon to share some working definitions.
“When we talk about secret communication,” Simon explains, “We use words like encryption and encipher and encode, and all of these things are kind of used interchangeably […] a code is where one word is always replaced with a certain symbol, for example, and that’s always the case. One word, one symbol. And encipherment tends to mean that the word is jumbled up and it can be jumbled up in different ways on different occasions."
For an early example of basic encryption, we go back to Rome during the reign of Julius Caesar, who provided one of the best-known ways of keeping communications secret.
As Simon puts it: “A Caesar cipher is a type of simple substitution cipher, and we don’t just replace the letter A with any old symbol or any old letter, we replace A by shifting it down the alphabet. Now a classic Caesar cipher shifts by three places so A becomes B, C, D, A becomes D. And that’s all you do, you just shift every letter down three places.”
Believe it or not, you can still find examples of Caesar ciphers today. If you ever found a decoder ring in your cereal box as a kid, odds are good that it used this method or a slight variation of it. Of course, early ciphers often had a short shelf life, which is why what once protected the battle plans of Caesar has been relegated to a puzzle for children.
Vigenère's cipher was far more complex than Caesar’s cipher, but by adding more randomness and possibilities for each letter’s actual meaning, it’s exponentially harder for a codebreaker to puzzle out what the message means. As a result, Vigenère’s method resisted all attempts to crack it for a very long time.
"Vigenère invents the Vigenère cipher in the 16th century. […] In the Victorian era, the Vigenère cipher is eventually broken and it was broken by Friedrich Kasiski, or at least that's what we thought. It turns out that it was actually broken a decade earlier by a chap called Charles Babbage who's famous today for being the kind of pioneer of mechanical computing, as well as many other things.” - Simon Singh
Almost 300 years — not a bad record. Babbage’s historic contributions to the development of mechanical helped to usher in the beginning of the computing age. And the need for better codes and codebreaking helped bring it even closer, thanks to a historic development known as the Enigma cipher.
In fact, the number of possible combinations provided by the Enigma machine are so large, even if a persistent codebreaker checked one possibility every minute, it would take longer than the age of the universe to check every possibility.
The Enigma machine proved to be a tipping point in encryption, a culmination leaps forward in complexity to the point that humans needed mechanical and, later, digital computers to keep track of and compute the complex algorithms involved in making and breaking these new encryption methods.
For our next stop in the rise and fall of passwords, we need to head to college – MIT, to be specific.
Next in our series on passwordless history: the arms race between code makers and code breakers ushers in the computing era, digital passwords are introduced (and quickly broken), and encryption fixes the security loophole of storing passwords in plaintext.