The History of Encryption
700 BC Scytale
The Spartan military used scytales to send sensitive missives during times of battle. Both sender and recipient had a wooden rod of the exact diameter and length. To encrypt a message, the sender tightly wound a piece of leather or parchment around the stick and wrote a message on it. The unwound leather was sent to the recipient, who could only read a message once it was tightly wound around his own scytale. Anyone else would see disarranged letters with no meaning.
1467 Alberti cipher
Leon Battista Alberti invented and published the first polyalphabetic substitution cipher, changing the course of encryption forever. The Alberti cipher was comprised of two metal discs on the same axle, one inside the other, which involved mixed alphabets and variable rotations.
1797 Jefferson wheel
Invented by Thomas Jefferson while he was George Washington's secretary of state, the wheel consisted of 26 cylindrical wooden pieces threaded onto an iron spindle. The letters of the alphabet were inscribed on the edge of each wheel in random order. Turning them would scramble and unscramble words. The recipient would spell out the coded message on his wheel and then look for the one line of letters that made sense. The U.S. Army used this encryption device again between 1923 and 1942.
1943 Enigma machine
Building on the work of Polish cryptanalysts, Bletchley Park - Britain's main decrpytion establishment during WWII - was set on decrypting the Enigma machine, a series of related electro-mechanical rotor cipher machines used by the Nazi military. It was considered unbreakable, as the Nazis changed the cipher every day. The Bletchey Park team, which included the father of modern computing, Alan Turking, capitalized on the machine's one fundamental flaw: No letter could be encrypted as itself. Armed with this information and Turing's Bombe machine, which greatly reduced the time required to crack Enigma, pretty soon the Allied forces knew the Wehrmacht's every move.
1961 First computer password
Developed by MIT's CTSS (Compatible Time-Sharing System), when computer time was scarce, extremely expensive and limited to research institutions. CTSS employed the first password and username method of user authentication - and may have been the first system to experience a password breach. In 1966, a software bug jumbled up the system's welcome message and its master password file, so that anyone who logged in was presented with the entire list of CTSS passwords.
1979 DES invented
The National Bureau of Standards invented DES (Data Encryption Standard) using state-of-the-art-56-bit encryption. At the time, it was so strong, not even super-computers could crack it. Indeed, DES was the standard for almost 20 years - until the Electronic Freedom Foundation broke the DES key in 56 hours in 1998. A year later, they reduced that time to just over 22 hours.
1985 Videocipher II
HBO, Cinemax, and others began using a TV satellite scrambling system based upon DES called Videocipher II, making late-night watching of wavy-lined R-rated movies the pastime of an entire generation. A tremendous black market emerged for descramblers, and six years after TV scrambling technology's debut, it was estimated that only 10% of dish owners were paying subscribers.
The cult classic introduces the mainstream to Phreaking, computer viruses, and general hacking culture, just as the consumer web starts heating up - and data encryption becomes ever-more relevant.
1997 AES is developed
The National Institute of Standards and Technology developed AES (Advanced Encryption Standard), which is still used today. 128-bit encryption takes 2 to the 55th power (or 2*55 years) to crack. A device that could check a billion billion (1018) AES keys per second (if such a device could ever be made) would in theory require about 3x10*51 to exhaust the 256-bit key space. (That's 174,449,211,009,120,120,166,087,753,728 years.)
As online spam grew, AltaVista chief scientist Andrei Broder and his colleagues developed a filter that generates an image of random text that machine vision systems cannot read, though humans can. In 2009, Luis van Ahn at Carnegie Mellon updated the concept with extra layers of security that measured up to more evolved spam and hacking practices. With ReCAPTCHA, words became even harder for machines to read, thanks to increase waviness and features like lines running through the text.
2006 Rise of identity theft
Hacking and identity theft became big business as more and more people join the Internet, adding increasingly large amount of personal data to the web. One of the largest data thefts in recent times took place on networks belonging to the T.J. Maxx and Marshall's department stores: as many as 45 million credit and debit card numbers were stolen between 2005 and 2007, highlighting how hackers can breach decrypted data networks.
2009 State-sponsored hack
Although never proven, the Chinese government is blamed for attacks that breached the security of Silicon Valley companies like Google and Yahoo and their users.
2011 Year of the hacker
Advanced Persistent Threats (APTs) emerged: well-funded, coordinated groups of hackers pursuing specific agendas. 70 million Sony PlayStation users were hacked; so were 200,00 Citibank customers. Facebook revealed that 600,000 of its accounts were being compromised each day. And 2012 promises to be more of the same. This January, Zappos was hacked in a big way: 24 million customers' names, e-mails, phone numbers, addresses, and partial credit card numbers were exposed.
2012 Personal data lockers
Personal data lockers have emerged as a way to make the most of the Internet while remaining safe. By centralizing storage of personal data -- from payment information and passwords to ID numbers and receipts -- in one locally-encrypted place that only the user can access, the data is as secure as possible, while remaining conveniently under his or her control. No one else can decrypt the data -- not even purveyors of the technology or the government can get to it. In a sense, personal data can now go wherever a user wants it to go, but nowhere else.