Welcome
Fertile questions for the Security chapter of “How to Learn Computer Science”.
Thank you for buying my book! This page discusses the content in the “Security” chapter and answers the “Fertile Questions” I asked there. There are no perfect answers, however: you may even disagree, but the point of a fertile question is to make you think.
Here are the questions, and my suggested answers. Do you agree?
What came first, encryption or computer networks?
Encryption. Secret messages are as old as communication itself. Caesar was known to encrypt messages to his armies using a cipher that bears his name. Persian scholar Al-Kindi wrote a book on cracking codes back in the 9th Century. And…
When Mary, Queen of Scots, plotted in 1586 to assassinate her cousin, Queen Elizabeth I, she replaced letters and common words with symbols in her messages to her co-conspirator Anthony Babington (see figure 10.2). Sadly for Mary, Elizabeth’s spymaster Francis Walsingham and his cryptanalyst (codebreaker) Thomas Phelippes knew about frequency analysis and were able to decipher the messages.
“How to Learn Computer Science” page 198
How important were computers in winning World War II?
Absolutely vital. Some analysts believe the incredible efforts of the codebreakers at Bletchley Park shaved two years off the length of the war.
Colossus could crack a Lorenz message in mere hours, which proved vital in the preparation of the D-Day landings in Normandy on 6 June 1944. Success required Hitler to believe the invasion was planned to take place hundreds of miles north-east at the Pas-de-Calais. A vast deception campaign of dummy tanks, decoy air strikes and disinformation passed by double agents proved successful.
“How to Learn Computer Science” page 200
Will quantum computers break traditional encryption, and is this a big issue?
Yes and Yes!
It’s estimated that cracking an AES 128-bit key would take current computers 10<superscript>18<end superscript> years, which is millions of times the age of the universe. However, there are fears that quantum computing could successfully crack key-exchange mechanisms such as Diffie-Hellman within the next 20 years, which would cripple global communications, so the race is on to find the next big encryption advance.
“How to Learn Computer Science” page 201
Nobody can guess my password, so I’m safe from hackers, right?
No. Passwords can be brute-forced or stolen, which is why it’s good to turn on “two-factor authentication” or 2FA, sometimes called multi-factor authentication (MFA) or Two-step verification.
We’re all familiar with the password. A password is “something you know” – one of the three basic factors of authentication. The other two are “something you have”, like a mobile phone, and “something you are”, like a fingerprint or retina pattern.
Combining two of these factors is called two-factor authentication (2FA) and it massively improves security, because a hacker might guess your password, but won’t have your smartphone, and cannot fake your fingerprint or retina scan (yet!). (Goole and Microsoft have gone with the phrase “2-step verification” just to confuse us all). Without 2FA, passwords – just like encryption keys – are vulnerable to brute-force attacks that try all possible values until one works. This is likely to be successful if the password is short or matches a dictionary word.
“How to Learn Computer Science” page 202
If I’ve got antivirus software, why do I still need to patch software?
Virus-writing is big business, ransomware netted criminals around 3/4 billion US dollars in 2021 (link). New and sophisticated malware is being created constantly, with the ability to change its “signature” – the fingerprint that malware detectors are looking for. It’s vital that you keep updating software to remove the vulnerabilities that malware tries to exploit.
Antivirus programs work by looking for a pattern of bytes that identifies a virus, known as the “virus signature”. But modern malware can mutate, changing its signature to avoid detection. This means antivirus is not enough: we need to prevent the malware arriving in the first place, and fix the vulnerabilities it could exploit.
“How to Learn Computer Science” page 205
Developers should just get the system working, security features can be added later. True or false?
False. Security should be designed-in from the start. Coding in a structured fashion, following naming conventions and best practices makes bugs and security holes easier to spot. Building in security features like encryption and access levels at the start of a new development is far easier than bolting it on later.
The JavaScript that makes websites interactive is known as “browser-side code” because it runs in the browser. If a website does anything complex, however, it might run some code on the server instead; this is known as “server-side code” or “back-end code”. If any of this code is poorly written, it could be exploited by hackers. That’s why programmers often check each other’s code for bugs during “code reviews”, and why open-source software – with its source code visible to the whole world – is often considered more secure than proprietary code.
“How to Learn Computer Science” page 206
How to Teach Computer Science 
You must be logged in to post a comment.