When I started my studies in computer science in the year 2000, the first book I bought was not a course book. It was a biography of Alan Turing. That choice — impulsive, instinctive — ended up shaping more of my early career than any syllabus ever did.
A professor had told us the story. Not as a lecture, but as a story — the kind that stays with you long after the class ends. He spoke about the Enigma machine, about Nazi Germany's unbreakable cipher, and about the one man who looked at the "unbreakable" and saw a problem worth solving. By the time he finished, I had one question in my mind: where do I find the book?
The Machine That Was Called Unbreakable
Cryptography is, at its simplest, the art of creating secret codes — ensuring that only authorised people can read your information. Think of it as a lock and key for information. Cryptanalysis is the opposite: the science of breaking those codes, of finding the key when you were never supposed to have it.
During the Second World War, all German military communications depended on the Enigma machine — an electro-mechanical cipher device that scrambled every message through a rotating series of wheels and wiring. The Germans believed, with good reason, that the number of possible configurations was so vast that no human effort could ever crack it. They were right about one thing: no human effort could. It would take something more — a machine built specifically to think faster than human hands could ever turn a dial.
The Enigma machine was a work of genius. Only another genius like Alan Turing could break it.
Alan Turing built the Bombe — an electro-mechanical device that could cycle through the astronomical number of possible Enigma configurations at speed. It did not guess. It eliminated. It worked by logical deduction, exploiting known weaknesses in German operational procedure to narrow the search space until the day's settings revealed themselves. His contribution to the Allied effort is estimated to have shortened the war by two years. The number of lives saved is incalculable.
What struck me — and still strikes me — is that Turing did not just solve a problem. He invented the method of solving it. He saw that the answer required a machine, and so he conceived one. That is not engineering. That is something rarer: the ability to imagine a tool that does not yet exist and then build it.
The Fortunate Detour: Working in Cryptography
My fascination with cryptography was not academic for long. In my studies and in the early years of my career, I was fortunate enough to find an opportunity at a company working directly in cryptography and digital security. I had not planned for it. It found me — or perhaps the biography had quietly positioned me for it.
Most of my work there involved writing Java code capable of parsing, forming, and exchanging information within highly structured message formats. These were not arbitrary formats. They were governed by two families of international standards: Public Key Cryptographic Standards (PKCS) and RFCs — Requests for Comment, the documents that define how the internet actually works at its most fundamental level.
Working with these standards was humbling and illuminating in equal measure. You quickly understood that the digital security you take for granted — the padlock in your browser's address bar, the encrypted message on your phone, the secure login to your bank — is the product of decades of careful, collaborative, sometimes contentious work by some of the best minds in computer science.
The Rulebooks Behind Your Digital Security
Alan Turing's initial work created a baseline — a proof that mathematical reasoning could be mechanised, that complexity could be defeated by structured method. The generations that followed him built on that foundation to formalise cryptography into the standards that govern digital life today.
RFCs — Protocols for the World
RFCs establish standardised methods and protocols to ensure secure and reliable digital communications. They are the foundational agreements of the internet — not laws, but something more durable: consensus among engineers who understood the stakes.
The MD5 Message-Digest Algorithm
A cryptographic hash function that produces a 128-bit fingerprint of any input. Once the standard for checksums and password storage — now retired in favour of stronger alternatives.
HMAC: Keyed-Hashing for Message Authentication
The standard that lets you verify both the integrity and the authenticity of a message. When your API request is signed, HMAC is almost certainly involved.
The Secure Shell (SSH) Protocol Architecture
The foundation of secure remote server access. Every developer who has ever typed ssh user@host is relying on this standard.
The Transport Layer Security (TLS) Protocol Version 1.2
The protocol that makes HTTPS possible — the handshake, the certificate verification, the encrypted channel between your browser and every website you trust.
SHA and SHA-based HMAC
The Secure Hash Algorithms family — SHA-256, SHA-512. The standard behind digital signatures, certificate authorities, and blockchain integrity checks.
Elliptic Curves for Security
Modern asymmetric cryptography — smaller keys, equivalent strength, used in TLS 1.3 and modern certificate infrastructure.
PKCS — The Rulebook for Key Management
Where RFCs define protocols, PKCS standards define the formats and rules for handling cryptographic keys themselves — how they are generated, stored, exchanged, and protected.
RSA Encryption and Signing
The standard that defines how RSA keys work — how to encrypt, how to sign, how to verify. Still in use everywhere from SSL certificates to code signing.
Password-Based Encryption
Defines how to derive a cryptographic key from a password — the standard behind secure password storage and encrypted archives.
Cryptographic Message Syntax
Defines how to sign and encrypt data in a structured, interoperable way. The foundation of S/MIME email encryption and digital certificate chains.
Cryptographic Token Interface
The standard interface for hardware security modules (HSMs), USB security keys, and smart cards — the physical layer of cryptographic trust.
Personal Information Exchange Syntax
The format for bundling certificates and private keys into a single encrypted file. The .pfx and .p12 files you encounter in enterprise certificate management.
What Turing Started
Now, in every digital interaction you have, you can trace a line back through these standards to the problem Turing was trying to solve in 1940. The SSL padlock in your browser — TLS, PKCS #1, SHA. The password manager securing your credentials — PKCS #5, HMAC. The SSH connection your developer opened this morning — RFC 4251, elliptic curves, digital signatures.
Turing did not write RFCs. He did not design PKCS. He died before these standards existed. But he proved that secrecy could be broken by systematic method — and therefore that secrecy, to survive, had to be made formally rigorous. Every standard in this field is, in some sense, an answer to what Turing demonstrated was possible.
I am grateful I bought that biography before my first lecture. It gave me a reason to care about the field before I understood how much of the world depended on it.
That is what great engineering has always been.