Cryptography Basics
An essential component of IT security involves the use of cryptography. In this chapter we will look at the basics of cryptography and provide an overview of a number of different types of cryptography.
What is Cryptography?
Cryptography describes a process of encrypting information so that its meaning is hidden from those who do not know how to decrypt the information. The concept of cryptography began around the same time that humans learned to communicate language through the written word. Over time many different approaches to cryptography have been used ranging from basic shifting of alphabetical letters to complex mechanical and electronic encryption methods.
It is impossible to overemphasize the importance of cryptography, both in the past and in the context of today's high tech world. The ability to break the encryption used by opposing sides in wars has shifted the balance of power in the world, and without cryptography in computing it would be impossible to perform tasks we take for granted such as securely purchase items on the internet or remotely log into servers from outside a company firewall. Even credit cards would not exist if there was no way to encrypt the data stored on the magnetic strips.
Algorithms
A cryptographic algorithm (also known as a cypher) is a step by step sequence of mathematical calculations used to encrypt and decrypt information. There are currently three different types of cryptographic algorithms, hashing algorithms, symmetric-key algorithms and asymmetric key algorithms.
Hashing Algorithms
A hash is a mathematical algorithm designed to perform one-way encryption. When we say one-way we mean that once the information has been encrypted there is no way to retrieve the original information from the hashed form. Hashing is commonly used in password files and for ensuring that the integrity of data. As an example, a hash may be created for an email message in the form of a Message Authentication Code (MAC). When the message is received the receiver would also generate a hash from the message. If the recipient's hash matches the code which accompanied the message the receiver knows the mesasge is authentic and has not been tampered with during transmission.
The two most common hash methods are as follows:
- Message Digest Service Algorithm - The message digest family of encryption algorithms provide encryption of 128-bits in strength and are designed to be fast and simple. Current standards are MD2, MD4 and MD5.
- Secure Hash Algorithm - SHA is used extensively by the US government and was developed by the National Security Agency (NSA). Two version of SHA have so far been developed - SHA and SHA1. SHA1 provides 160-bit hashing. SHA-1 is more secure than MD5 but involves a slower encryption process.
Symmetric Encryption Algorithms
Symmetric encryption is one of the most basic forms of cryptography and are based on the premise that both the sending and receiving parties are in possession of the key ued to encrypt the data (otherwise known as share secret encryption).
Symmetric key encryption is performed using two methods, block cipher and stream cipher. As the names suggest, block ciphers encrypt data in sections of bits whereas a stream cipher encrypts data one bit at a time until the entire message is encrypted.
A wide variety of symmetric key algorithms are currently in use, the most prevalent of which are described below.
Data Encryption Standard (DES)
DES was originally developed in the 1970's at the behest of the National Bureau of Standards (NBS), now knoen as the National Institute of Standards and Technology.
DES is a block cipher and encrypts data in 64-bit units using a key length of 56-bits. As with other symmetric encryption algorithms, DES uses the same key and algorithm for both encyption and decryption.
Triple DES (3DES)
As may be infered from the name, 3DES (pronounced Triple Des) is an adaptation of DES. Unlike DES, 3DES uses either 2 or 3 keys executes three passes through the algorithm to provide muliple encrytion resulting is a total bit strength of 168-bits.
