Exploring Encryption.

Intro

Cryptography ("secret writing") is the study of message secrecy. A major subtopic of cryptography is encryption, the field of encoding data so that it can only be decoded by authorized parties.

A cryptosystem is a system for encrypting original data (aka plaintext) into seemingly illegible data (aka ciphertext), and the decryption of ciphertext back to plaintext. Most cryptosystems involve an algorithm (aka cipher) which translates between plaintext and ciphertext by the use of a key. The cipher is usually public knowledge but the key is known only to the sender and/or recipient.

Cryptography is technically distinct from the popular usage of secret codes. Coding deals with encoding plaintext and decoding codetext, whereas cryptography deals with encrypting plaintext and decrypting ciphertext. More importantly coding works at a high level, the level of meaning (EG: "the ice is slippery" means "begin the project X"), while cryptography works at a low level, the level of letters or bits.

Cryptosystems can be sorted by their usage of keys:

A good cryptosytem is resistant to cryptoanalysis, the field of breaking ciphertext. A key is usually fairly large so that trial-and-error (aka brute force) methods cannot be used to guess the key. A brute force method that uses common values is called a dictionary attack.

Cryptography ciphertext usually looks like it has an encoded message. On the other hand, steganography is cryptography that hides a message in something that does not appear to be a message. This can be as simple as putting a light in a window or by modifying the bits the data file of an ordinary looking picture.

The three basic goals of cryptography are:

While it is practically impossible to hide secrets through software alone, three basic techniques are used to hide secrets via software:

Other software measures can be taken:

Hashing

A hashing algorithm (aka a hash function, a message digest, a fingerprint function, or a compression function) takes a variable length string and converts it into fixed-length value or key (aka a hash). EG: Changes "hello world" into "g8f4".

Sometimes hashes are used because the hash value is more efficient to handle than the string (EG: A SSN instead of a name). Sometimes hashes are used to disguise data (EG: Passwords should be stored as hashes instead of just plaintext).

MECP (Microsoft Enhanced Cryptographic Provider) and MBCP (Microsoft Base Cryptographic Provider) support three hash algorithms:

Here are some simple hashing methods:

Symmetric Keys

Block ciphers encrypt plaintext in n bit blocks, using a k bit key, into 1 of 2n permutations: MnE = E(MnD, k) = 1 of 2n permutations. Decryption uses the same k bit key: MnD = D(MnE, k). Plaintext in a variety of lengths can be encrypted via padding to n bits or by concatenation-like modes of operation or both.

Stream ciphers encrypt plaintext a bit or a byte at a time.

Asymmetric Keys

Usually asymmetric keys utilizes public encryption keys and private decryption keys so as to verify the identity of the receiver as well as send encrypted messages. EG:

In actuality, asymmetric keys are 1000 time slower than symmetric keys. More commonly a hybrid key system is used: asymmetric keys are used to send just a symmetric key, which is then used to send encrypted messages. EG:

Sometimes the encryption key is private and the decryption key is public so as to verify the identity of the sender as well as send encrypted messages. EG:

Once again a hybrid key system is used. Asymmetric keys are used to send just a hash of the message, while the message is sent unencrypted. This combination verifies the identity of a sender and, although the message is unencrypted, the receiver is sure that the message was not tampered with. EG4:

The most popular version of public keys is PGP (Pretty Good Privacy). PGP was developed by Philip R. Zimmermann in 1991. PGP comes in two versions, both of which are available as free and commercial versions:

Certificate Authorities

In order for public keys to work, we the public must trust that the public key is actually tied to who we think it does. A public key is known in this context as a digital certificate or digital ID. The public can verify the digital certificate by checking it against the CA (Certification Authority) that issued the digital certificate. EG: Network Associates (www.NAI.com)  maintains an LDAP/HTTP server for PGP public keys. Verisign is also extremely popular.

A digital certificate usually has more information than just the public key. Many digital certificates conform to the X.509 protocol which has this structure:

CAs also maintain list of digital signatures that have valid dates but have been revoked.

S/MIME

S/MIME (Secure Multipurpose Internet Mail Extensions) is the most popular method for securing email. S/MIME was developed by RSA Data Security, Inc. (www.RSA.com).

Email can be sent as:

Enryption Form

This simple form does a variety of encryption stuff like randomizing, encrypting, and hashing. All the code is client-side JavaScript, so you can view the source code and play with it yourself.










Links

Page Modified: (Hand noted: ) (Auto noted: )