Recently I read the exciting historical novel “Der Kaffeedieb” (The Coffee Thief) by Tom Hillenbrand. You learn a lot about the Orient and Occident, diplomacy, networking and, of course, the importance of coffee at the end of the 17th century. One topic in particular fascinated and surprised me, however: the importance and nature of encrypting messages and data exchanged across countries and continents.
Data security – an important topic even in antiquity
Today, in times of globally increasing cybercrime, data security is a topic concerning companies and private individuals alike. Often we are not aware that it was already important in antiquity and experienced another heyday in early modern Europe from the middle of the 17th century. The novel vividly presents these times of awakening, exploration, discovery, inventions and increasing networking and mobility. In this political intrigue, cryptology played an important role and was applied and developed with devotion. Looking at today’s world, one could roughly say that data security was a top-level management priority. While today’s Chief Information Security Officer holds a central position in the company, even then basic cryptology knowledge was part of decision-makers’ tools of the trade.
Whereas in the past the encryption of data was essentially relevant for diplomats, royal courts, companies and the military, today it is a challenge for most of us. For private individuals, the focus is on one question in particular: How do I protect my private data so that nobody can access it or steal my identity? This is a topic that is becoming ever more important with the increasing number of services on offer, such as electronic patient files.
A secure password: the first hurdle
Right from the start, I often stumble over a what should actually be just a minor hurdle – the creation and administration of my private passwords. And obviously I am not the only one: Again and again we read that the most frequently assigned passwords are “123456” or “Password” and the like. Earlier this year, one of my passwords even turned up in a leak of millions of data. Fortunately it was old and no longer in use. But this made it very clear to me how important it is to make my passwords secure for the long term. Trade journals provide recommendations for this. Excellent passwords should be as long as possible to delay the cracking of the password; for each account an individual password should be used and if possible passwords should be changed regularly. That sounds doable – but as so often is the case, the trick is in the detail.
Because – and from my point of view this is the biggest challenge – how do I remember these excellently secure passwords? Which approach do I use to give them a system? Or should I store them in one of the various recommended password safes? What if such a safe is cracked? Or what if I misplace the master password, the key to my password safe?
A look back – also interesting for today
Designing, sending and storing the key for decrypting the messages in such a way that nobody could crack or use it was a challenge in early modern times as well. This is why the key was sent separately from the message or a different code was used as the basis for encryption. It’s actually quite similar to the type of two-factor authentication recommended today.
Things got complicated, however, when a decryption key was lost or didn’t arrive. This could mean that encrypted documents couldn’t be deciphered for days or even weeks. Case in point: the Westphalian Peace Congress in 1648. The negotiations almost were delayed by two weeks because the emperor’s envoy did not have the decryption key with him. As a result, the imperial approval of the negotiations could not be deciphered at first, and a messenger had to be sent from Osnabrück to Vienna to fetch the decryption key. Fortunately, after two days of intensive work, the imperial envoy was able to crack the code at the Congress, so that it was no longer necessary to wait for the messenger to return to continue the negotiations.
Today it is much easier to reset forgotten or misplaced passwords. And that’s a good thing. Nevertheless, this makes me feel uncomfortable and I have the feeling that I have no access control to my data.
What remains after this brief excursion into the past? In addition to the pleasure of having read an entertaining novel, for me it is the insight that although techniques and applications are changing, the core requirements for us humans remain the same – and a look back can also be interesting for today and the future.
And for my own password security? I have found a system that I can use to remember my passwords, and I have also finally accepted the recommendation of our internal IT experts at TÜV Rheinland to store my passwords in a password safe. I just hope that nobody will find the master password under my keyboard…