Security problems sometimes seem depressingly intractable. The cure? Read about the fascinating people responsible for seminal breakthroughs I recently finished reading “Hedy’s Folly” by the scholar Richard Rhodes. In it he discusses the “most beautiful woman in the world,” 1930s and ‘40s superstar Hedy Lamarr. With her composer friend George Antheil, she invented frequency hopping.Frequency hopping (or spread spectrum) is a technology that underlies the communication transport and security of almost every wireless device we value today, including GPS, cellphones, Bluetooth, satellites, and home wireless networks.I’ve been telling the story of amateur inventor Lamarr in my security and crypto classes as long as I’ve been teaching. It’s a great story of a nonscientist making a discovery that changes society forever. Stories of amateurs solving the world’s hardest problems abound in the computer security and crypto world. Sometimes it’s hard to separate the myths (like the janitor who supposedly became a crypto supersleuth at the NSA) from the real stories, but there are plenty of “average” people who ended leaving a remarkable legacy. The Rosetta StoneOne of my other favorite stories is about Jean-François Champollion, a French philosopher who ultimately solved the riddle of the Rosetta Stone and ultimately deciphered Egyptian hieroglyphics. The Rosetta Stone is a stone tablet written in 196 BCE that contained three different languages of (nearly) the same text: ancient Egyptian hieroglyphics, ancient Greek, and Demotic script.The last two had been decoded, but no one could figure out the hieroglyphics. Champollion, competing against the popular Egyptian historian Thomas Young, was able to figure out that the hieroglyphs were a combination of an alphabet and single characters that represent a word or phrase (called a logograph). Young repeatedly denigrated Champollion’s findings in public, even when presented with irrefutable proof otherwise. It was many years later, after Champollion’s death, that other Egyptian experts realized Champollion was right. I use this story to remind myself that even the popularly accepted experts can be wrong.Even today I see popular computer security experts who give bad advice on topics they don’t know much about. They either feel they are experts or think their “gut feelings” are better than the evidence to the contrary. I guess it’s hard to say, “I don’t know,” when someone begs you for advice or when the press asks you to be an “expert.”Public/private key cryptoPublic/private cryptography underlies almost every digital encryption and signature technology used across the internet. In the 1970s, three men — Whitfield Diffie, Martin Hellman, and Ralph Merkle — together solved the centuries-old problem of how to securely transmit a private encryption key from one location to another, without both parties needing to know a secret at the outset. Diffie presented his idea for public/private key crypto to a group at IBM during a “lunch and learn” brown bag presentation. Although a very smart MIT graduate, Diffie was not a trained cryptographer, so the IBMers discounted what he said and walked out. One of the people told him he sounded like another crazy guy called Martin Hellman (who had worked at IBM and taught at MIT).In point of fact, British cryptographer, Clifford Cocks officially “discovered” public/private key encryption in 1973, but his creation was top secret and not announced publicly until 1997. Thus, Diffie, Hellman, and Merkle discovered it separately, and they’re still given credit for the first public discovery and announcement.Diffie sought out Hellman and, after a little persuading, decided to try and crack the public/private key problem, while adding Merkle to do the math validity checks. Diffie realized computers were not very efficient at calculating large prime numbers. Hence, the Diffie-Hellman public/private key cipher provides protection, because finding/factoring the original two large prime numbers used to create a third number is very difficult for even massive computers. Heroes of Bletchley ParkA key figure in helping to decipher the World War II German Engima ciphers is Joan Clarke. Although Clarke had a double-first degree in math from Cambridge University and been selected to work at Bletchley Park, she was assigned clerical duties and paid less than male code breakers.But her intelligence and attitude showed through, and she became a key code breaker and confidante of Alan Turing, who himself struggled after persecution for being gay. I like this story — it shows how our irrational discrimination only slows down technological progress.The mischievous ravenEdgar Allen Poe was a mischievous amateur cryptographer. Back at the turn of the 19th century, it was common for lovers and people having affairs to declare their love for each other — and to schedule rendezvous in the newspaper using rudimentary cryptography (often simple character substitution). Poe would often decipher the lovers’ messages, then write a humorous or admonishing reply. Alternately, he would respond to one party or the other with a fake message using the same cipher. We should call this a “Poe in the middle” attack.There are hundreds of fascinating stories where ordinary people did extraordinary things and changed the world — or at least added levity. If you are interested in computer security or cryptography, I encourage you to buy and read a few crypto history books. They’re much more fun to read than you might think.Who knows? Maybe a Kardashian will solve quantum crypto one day. Related content news Bug in EmbedAI can allow poisoned data to sneak into your LLMs The vulnerability can be used to deceive a user into inadvertently uploading and integrating incorrect data into the application’s language model. By Shweta Sharma May 31, 2024 3 mins Generative AI Vulnerabilities news OpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools for covert Ops OpenAI’s generative AI tools were used to create and post propaganda content on various geo-political and socio-economic issues across social media platforms, the company said. By Gyana Swain May 31, 2024 4 mins Generative AI news Okta alerts customers against new credential-stuffing attacks Hackers are using credential-stuffing to attack endpoints that are used to support the cross-origin authentication feature. By Shweta Sharma May 31, 2024 4 mins Identity and Access Management Vulnerabilities feature 3 reasons users can’t stop making security mistakes — unless you address them Understanding what’s behind employee security mistakes can help CISOs make meaningful adjustments to their security awareness training strategies. By Ariella Brown May 31, 2024 5 mins Data Breach Risk Management PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe