Crytography
Introduction
Do you ever need to:
These are a few questions that can be answered by Cryptography.
As the Internet and other forms of electronic communication become more prevalent, electronic security is becoming increasingly important. Cryptography is used to protect e-mail messages, credit card information, and corporate data.
Table of Contents:
The art of protecting information by transforming it (encrypting it) into an unreadable format, called cyphertext. Only those who possess a secret key can decipher (or decrypt) the message into plaintext. Encrypted messages can sometimes be broken by cryptanalysis, also called codebreaking, although modern cryptography techniques are virtually unbreakable.
Cryptography is the enciphering and deciphering of messages. While cryptosystem is the method of encrypting and decrypting data. In general terms, the algorithm or theory used to encrypt/decrypt data.
Encryption is the process of changing data into a form that can be read only by the intended receiver. While decryption is the process of decoding data that has been encrypted intoa secret format. To decipher the message, the receiver of the encrypted data must have the proper decryption key. In traditional encryption schemes, the sender and the receiver use the same key to encrypt and decrypt data.
Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text
There are two main types of encryption:
Asymmetric encryption, also known as, public -key encryption
Symmetric encryption
An asymmetric encryption is an encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. Symmetric-key systems are simpler and faster, but their main drawback is that the two parties must somehow exchange the key in a secure way. One example of an asymmetric encryption system is the Data Encryption Standard, DES.
Public-key encryption is a cryptographic system that uses two keys opposed to an asymmetric encryption that only uses one common key. The two keys used are -- the public key which is known to everyone and the private or secret key known only to the recipient of the message. An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key. One example of a public-key encryption system would be Pretty Good Privacy, PGP.
Different types of Cryptosystems/Encryptions:
Public Key Cryptography - Secure or House of Cards?
The basis for the security associated with most public key cryptosystems is the difficulty of factoring large integers. This difficulty is not a proven mathematical assumption, however. Because there is a mathematical relation between the two keys, one could theoretically calculate the private key from the public key. The difficulty and thus the time associated with solving these problems grows exponentially with the size of the key. For example, a computer capable of performing 10^10 computations per second would factor a 100 digit number in 10^40 seconds. Considering that 10^17 is the estimated age of the universe, this is a pretty long time to wait. The likelihood of someone creating an algorithm that would make this anything less than an extremely difficult problem is very low. It would seem reasonable then to come to the conclusion that these public key cryptosystems will remain secure. This may not be the case, however, if one considers non-mainstream forms of computing, particularly quantum computing.
Quantum computing can be viewed as massive parralel computing, but instead of having many processors working simultaniosly, one quantum processor does the work. The theoretical power of this type of computing would decrease the time to solve one of these problems to a fraction of a second for any length of key. This would shatter the security public key algorithms. The question is whether it will ever be practical to build a machine to accomplish this, or will it remain theory. Those in the quantum research community claim that it can be done, but there are many that view quantum computing as an insurmountable problem in itself.
The US government is a key player in the cryptography game. The NSA is probably the leading authority on the subject. There is much debate over the role that the government takes and should take when it comes to cryptography. Some of the hot topics are:
Currently, the US government prohibits the export of encryption technology that uses a key that is greater than 56 bits. The gist of the US government’s reasoning is that unbreakable encryption in the hands of the wrong people or governments could threaten US security. Apposers to this view take the stance that this technology is currently readily available worldwide, so why restrict US companies from being able to market their encryption products abroad.
Another hot debate centers over US legislation proposing that users of strong encryption in the US be required to give law enforcement officials access to their secret keys via a "key recovery" system. Opponents liken this to the federal government demanding a copy of the house keys from every family, just in case they need them. Moreover, according to a published report by recognized leaders in cryptography and computer science, it is probably impossible to build an infrastructure that could keep billions and billions of secret keys secure.
Reference: Encryption Bound by Solseig Bernstein
The fact is that DES' key size is too small given the processing power that is available today. Because of this, the National Institute of Standards and Technology has recently solicited candidate
algorithms for the Advanced
Encryption Standard (AES), the follow-on algorithm to DES. They have asked for a
128-bit block cipher that accepts key lengths of 128 bits, 192 bits, and 256 bits.
Candidates will be judged on security, efficiency, and flexibility, and NIST hopes to have
a new standard ready by the end of the century.
Some of the candidates are Triple-DES (a modification of DES), IDEA (used in PGP), RC4 (once a trade secret of RSA), and Blowfish. Blowfish is a symetric key algorithm which boasts that it is a drop-in replacement for DES that is much more secure.
RSA Algorithm Javascript Page
This page describes the RSA algorithm and demonstrates the math behind it with a working
example.
DES
Applet
An example using the DES algorithm.
EECS
graduate student cracks encryption code to win reward
Paper that highlights the limits of an algorithm using a 40-bit key, the longest keysize
allowed for export
Blowfish
for Java Demonstration
Working example of encryption using the freeware Blowfish for Java 1.3. Note: Applet does
not run with JDK 1.2beta.
The Secure Public Networks Act
Senators Kerrey and McCain introduce the Secure Public Networks Act of 1997.