# Problem 7: Cryptography 101

Cryptography fascinates the inner thief in almost everyone, from children who have tried to steal a cookie while their mothers were not looking, to professionals attempting to steal secrets. This interview question is a good one to discuss for a 45 minute hour to determine if a candidate understands the basic principles of cryptography as opposed to security.

[Note for the reader: We do not intend to have many specialty questions in this series. Given the number of jobs in IT that relate somehow to “security,” it seemed wise to present one question about the computer science flip-side, which is cryptography. ]

### Problem Summary:

Syferlock, Inc. makes a software product that provides additional security for authentication by conventional passwords. If you have pondered the security risks of passwords stored in the browser, or the possibility that someone watches over your shoulder as you type in your PIN at the magic money machines, then you have considered how easy it is to lose the level of protection afforded by basic passwords.

Syferlock’s product shows a substitution pad as a method for scrambling your PIN. Consider Pad #1. Suppose your PIN is that most famous of all taxicab numbers, and that your substitution rule is to choose the number from the 12 o’clock position of each number on the PIN pad. In that case, you would type in 5204. We will call 5204 the encrypted password, and your undisclosed password the plaintext password.

The substitution numbers, i.e., the red and blue numbers, are generated with a good, long period pseudo-random number generator. The each pad you see will undoubtedly be different from its predecessor, so if a thief observes you type in 5204, the thief would not be able to use it on the next pad to be shown because the pad will have changed. The fact that the encrypted password changes prevents loss of the plain text password by this method of observation.

In fact, 5204 corresponds to a few other numbers and rules:

• 7390 using numbers from the top left corner.
• *245 using numbers from the bottom right corner.
• 2960 using numbers from the bottom center.
• …and so on.