Intern Blog Series: Maddie’s Zero One Journey Part 2 — Learning About Version Control and Cryptography
By Madeleine Pramoedya, Intern at Zero One Group (ZOG)
ZOG recently launched its Intern Blog Series, highlighting the experiences of summer interns in various divisions. In this series, interns discuss what they have learned and how ZOG is preparing them for the working world.
Welcome to Part 2 of my journey, where I will be blogging about my experiences using Git as a version control system, and experimenting with GPG and asymmetric cryptography to encrypt and decrypt messages. You can read Part 1 of my journey here.
As a biochemistry major, taking part in ZOG internship programme for the past few months has challenged me to develop the necessary IT skills and become a newly-minted engineer. Hopefully, you’ll enjoy the learning experience shared in this post as much as I had when I did it!
Version Control and Git in More Depth
Version control is a system which records changes to a file or group of files so that a user can access specific versions of the file later. One such system is Git, which I have been learning to use and understand this week. The MIT Missing Semester session on Version Control helped me a lot to become familiar with the basic commands in Git. These commands include:
With these commands, I am able to do the basics using Git but it was far more useful for me to also be able to visualise the data model. To do so I used a tutorial website called Learn Git Branching. You can see how the model evolves as you make changes to the repository. For example, below you can see what happens to the model when the command git commit is passed, a new commit (in this case represented as circles) is formed.
$ git commit
What happens if you commit twice?
$ git commit
$ git commit
Every time a commit is made, Git assigns a hash to the new commit. A hash is the identity of the commit and contents of the file or files expressed in hexadecimal notation. The hash can be used to identify a specific commit you want to checkout for example.
What happens if you create a new branch and start committing?
$ git checkout -b bugFix
$ git commit
$ git checkout Master
$ git commit
Here I had to checkout Master to switch back to the Master branch before committing on that branch. The movement is indicated by the * which represents the ‘Head’ which is the pointer that points to the last commit or checkout made. Branching is usually used during software development to make changes to a specific version of the file while allowing other people to make different changes on a separate branch. These changes are usually the addition of a new feature or a bug fix.
How to now merge the branch:
$ git merge bugFix
Security and Cryptography
I also learned a lot about security and cryptography this week. One of the most interesting things that I learned was the concept of password entropy which is a measure of a password’s randomness in bits. This means that the larger the value of entropy the more random the password is and thus stronger it is. A password’s entropy can be measured using this formula:
E = log2(RL)
Where E = password entropy
R = pool of unique characters
L = number of characters in the password
Surprisingly, a password like correcthorsebatterystaple has more bits of entropy (117) than a password like rg8Ql34g (46). In terms of how many bits of entropy is considered enough, for online guessing a password with around 40 bits of entropy is considered to be okay. However, to also be resistant to offline guessing a higher entropy is needed, around 80 bits of entropy or more. This is due to the presence of the dictionary attack method, which is a method to crack passwords through the use of well known words or phrases. Thus even correcthorsebatterystaple could be cracked with this method.
GPG & Asymmetric Cryptography
In terms of cryptography, I spent some time learning about asymmetric cryptography in particular. I set up GPG which stands for GNU Private Guard which is a public key cryptography implementation. It allows for secure communication between two parties and it also allows for each party to verify whether the message received comes from the intended origin. The theory is that the encryption and decryption stages are split into separate processes. The public key is used for encryption, whereas the private or secret key is used for decryption. This thus makes sharing the public key to others safe so long as the private key is secure. In a scenario where two people are attempting to send encrypted documents to each other, each person would have both the other person’s public key as well as their own private key.
At this point, I actually decided to try this out with a friend of mine. This was our process:
- First we both installed GPG and then generated our pair of public and private keys using the command: gpg — gen key in the terminal
- We then also created a revocation certificate to have a way of deactivating our keys in case of a security breach. To do this we used this command: gpg — output ~/revocation.crt — gen-revoke firstname.lastname@example.org
- We restricted permissions to this file using: chmod 600 ~/revocation.crt and then saved a copy of the revocation certificate off our computers in a secure place
- To send each other our public keys, we first exported our public keys into a text file and sent this file to each other. We then imported this file using the command: gpg — import name_of_pub_key_file
- Once imported, we must verify each other’s identity by signing the key we received. This was done using: gpg — sign-key email@example.com
- We sent the signed keys back to each other so if someone trusted my friend and saw that she signed my key then they are more likely to trust me as well. Done using: gpg — output ~/signed.key — export — armor firstname.lastname@example.org and gpg — import ~/signed.key to import
- To encrypt a message we used: gpg — encrypt — sign — armor -r email@example.com name_of_file and then we sent the encrypted file to each other
- To decrypt the message we used: gpg file_name.asc
Besides a bit of fun going through the previous process was quite enlightening to me as I was able to apply the theory behind asymmetric cryptography. I also found out that this method of cryptography along with symmetric cryptography is used in Whatsapp’s end to end encryption which was quite interesting to read about albeit also quite complicated.
Sneak Peak for Part 3 of my Journey
Next week I will be discussing my experience in setting up my text editor (neovim) to work effectively with Python. I will explain the process step by step and also explore the installation of different vim plugins which may be helpful.