The science of allowing a user to radically change information in order to conceal the content from third parties. Like any system of security, this science includes the process of searching for its own weaknesses. It is the substitution of characters or symbols to create an altered message that can be reversed to its original form later. Information which has been cryptographically processed is "encrypted". Encryption is now very common, allowing users to trust their computer communications that are, on the Internet, very exposed. There are many reasons to use encryption.
- 1 Properties
- 2 Attacks
- 3 Other Software, Cryptographic Libraries
- 4 Types
- 5 Related
- 6 News
- 7 Links
- Encrypted signals may be detected but not understood. Concealing the very existence of the cryptography is obscurity.
- Any attempt to discern the encrypted information is considered an attack (discussed below).
- The word, phrase, characters, or other authentication method that reverses the encryption is called the "key." There can be multiple types of keys involved in this process.
- Digital Signatures are not the same as cryptography but have similar applications (discussed below).
- Encryption is often combined with compression. Attacks on encryption often center upon searching for patterns in an encrypted documents and compression helps limit these. Compression tries to make sure there is only one instance of a given type of data, thus reducing recognizable patterns. Thus, finding possible clues about the key becomes much harder.
- Cryptographers are individuals who are very good at mathematics and this type of science of secret writing. They are also often software developers.
Strong cryptography often has legal restraints because of its history in military use. For example, some places (like the USA) considered the export of cryptographic materials to be the same as the export of military weaponry (munitions), and laid heavy restriction on such activity. In recent years, this has been relaxed due to foreign commercial competition.
Computer methods to foil attacks
Here are three major computer-based methods used to foil attacks. All have advantages and disadvantages.
- Very strong
One must weight his choice of algorithm based on his performance need and likely attack, however the strongest choices like AES have very fast implementations both in hardware and software.
- RSA Used for encryption and signature
- DSA Used for signature only
- Diffie-Hellman Used for key-exchange
Digital Signatures are used to prove authenticity (you get a strong certitude that the one who generated the message also have the secret key) and integrity (that nothing has been changed in transmission).
Different libraries allow for varying levels of complexity, affecting speed and security. A small bit size can make an algorithm faster but more easily broken. A large bit size can make it slow but much more difficult to break. Also, the higher the bit size, the larger the processed file size will be so a balance is often chosen between strength and convenience.
Note that keys that are twice as large in number are not merely twice as difficult to crack. 128-bit keys, for instance, are literally one trillion, trillion (1^10^10) times harder to crack with Brute Force than 40-bit keys.
Symmetric-Key Cryptosystem key size
- 128-bit keys are usually sufficient for RC4 and 3DES and are commonly used in Web transactions. Despite 128 bit being very adequate, many Symmetric-Key Cryptosystems now use 256-bit keys by default, regardless of algorithm.
- Many 40-bit RC4 and 3DES keys must be avoided as they are not secure. They can be broken by a dedicated Brute Force attack over the course of a few weeks with a desktop computer.
Public-Key Cryptosystem key size
- 1024-bit RSA keys approximately as difficult to crack as a symmetric 128-bit key. ECC keys can be as secure and considerably shorter than RSA keys. Some public-key programs are available that use exceedingly large key sizes as high as 8192 or 16384 but are, as mentioned above, inconvenient, making the encrypted transmission unnecessarily large.
Key sizes are often chosen as power of two numbers (e.g. 64 (2^6), 128 (2^7), 256 (2^8)) as they can be implemented more efficiently.
Good cryptography is not necessarily the use of smart people or great math. Good cryptography is made up of a program that provides end-to-end security by:
- Encouraging the use of difficult-to-guess, lengthy passwords
- Preventing the caching of secure information in an operating system's swap file where it is vulnerable and then using a File Wipe for files that have been encrypted to prevent them from being retrieved after deletion
- Testing and careful review to ensure software has no failures
- Protecting against Key-Logging Attack software
Openness and Cryptography
Many systems of cryptography and its software development are fully available to the public. Trust is established in these systems because a closed system created by someone else often calls the system into immediate doubt. Questions such as: does this person had my security needs in mind? Do they have other motives?
This process of making the details of a system public is called open-source and is preferable to many security experts because its methods are available to peer-review and research. For instance, almost all of the encryption library algorithms up for review were open-source at the selection of the Advanced Encryption Standard (AES) by the National Institute of Standards and Technology (NIST).
Legal Methods to foil attacks
Circumventing encryption is illegal under the US DMCA law. It is assumed, however, that most methods of attack are both covert and remote, and cannot actually be enforced. Still, it is an important method to discourage public revelation of encrypted documents, often making evidence gained through decryption inadmissible in court.
A law protecting your encrypted material would seem like a good thing but it really is not, stifling security research and creating ridiculous content-protection laws ala the continuous extension of the Mickey Mouse Release Day. Most academic and consumer advocates are very against the DMCA.
Cryptography and DRM
- Digital Rights Management (DRM) uses cryptography to make it difficult to copy and Digital Signatures to verify its authenticity.
Other Software, Cryptographic Libraries
- OpenSSL | (homepage) | very widespread library implementing SSL/TLS but it's libcrypto component is also used by many projects like OpenSSH and mixmaster.
- Botan | GNU Homepage - Botan (formerly OpenCL) is a library of cryptographic algorithms. It includes a wide selection of block and stream ciphers, public key algorithms, hash functions, and message authentication codes, plus a high level filter-based interface. The home page has a list of supported algorithms.
- ccrypt | Sourceforge Page | GNU Page - ccrypt is a utility for encrypting and decrypting files and streams. It was designed to replace the standard Unix 'crypt' utility, which is notorious for using a very weak encryption algorithm. use the AES algorithm.
- Cryptographic Algorithms - Listing of types
- Privacy | Identity
- Key Pair | Public key | Private key | Certificate
- Signature | Fingerprint