Changes

A cryptographic algorithm (also known as a ''cypher'') is a step by step sequence of mathematical calculations used to encrypt and decrypt information. There are currently three different types of cryptographic algorithms, ; hashing algorithms, symmetric-key algorithms and asymmetric key algorithms.

A ''hash'' is a mathematical algorithm designed to perform ''one-way encryption''. When we say ''one-way'' we mean that once the information has been encrypted there is no way to retrieve the original information from the hashed form. Hashing is commonly used in password files and for ensuring that the integrity of data. As an example, a hash may be created for an email message in the form of a Message Authentication Code (MAC). When the message is received the receiver would also generate a hash from the message. If the recipient's hash matches the code which accompanied the message the receiver knows the mesasge message is authentic and has not been tampered with during transmission.

* '''Message Digest Service Algorithm''' - The message digest family of encryption algorithms provide provides encryption of 128-bits in strength and are is designed to be fast and simple. Current standards are MD2, MD4 and MD5.

Symmetric encryption is one of the most basic forms of cryptography and are is based on the premise that both the sending and receiving parties are in possession of the key ued used to encrypt the data (otherwise known as ''share shared secret'' encryption).

DES was originally developed in the 1970's at the behest of the National Bureau of Standards (NBS), now knoen known as the National Institute of Standards and Technology.

DES is a block cipher and encrypts data in 64-bit units using a key length of 56-bits. As with other symmetric encryption algorithms, DES uses the same key and algorithm for both encyption encryption and decryption.

As may be infered inferred from the name, 3DES (pronounced Triple Des) is an adaptation of DES. Unlike DES, 3DES uses either 2 or 3 keys and executes three passes through the algorithm to provide ''muliple encrytionmultiple encryption'' resulting is a total bit strength of 168-bits.

In recognition that technological advancements were making DES and 3DES encrrytion encryption vulnerable to attack the National Institute of Standards and Technology (NIST) issued a request for proposal for a new encryption standard to be called the Advance Encryption Standard (AES) which was to use symmetric key cryptography in 128, 192 and 256-bit key strengths. A variety of groups responding with proposals and the NIST ultimately chose an offering put forward by John Daemon and Vincent Rijmen. AES is a block cypher cipher and encrypts data in 128-bit units and uses multiple encryption techniques.

The RC family of ciphers were was developed by Ron Rivest. RC1 and RC3 were never released leaving five variants in current use.

The concept Asymmetric Encryption (also known as ''Public Key Encryption'') was devised in 1975 by Whitfield Diffie and Martin Hellman. and is based on the concept of using a pair of keys, one private and one public. The private key is held by the host or application which is to receive the encrypted data. The corresponding public key is made available to anyone who wishes to encrypt data such that it can be decrypted by the holder of the private key. The cornerstone of public key encryption is the level of difficulty involved in inferring the private key from the public key.

The advantage of asymmetric over symmetric encryption is that the public can key can be safely transmitted over public networks without the risk that its interception will compromise encrypted data. The same cannot, however, be said about symmetric encryption.

The algorithm works by multiplying two very large prime numbers (ideally between 100 and 200 digits in length and of equal length). through Through further mathematical calculations public and private keys are derived.

ECC works on the premise that elliptic curves can be utilized to calculate encryption keys which are difficult to break. The concpet concept of ECC is based on the fact that you can add two points on a curve to arrive at a third point. Two parties wishing to communicate agree on a curve and a point on that curve and perform a number of calculations to arrive at public and private keys.

Now that we have covered the basics of the different cryptography categories and algorithms the next step is to look at some of the uses of cryptography within the context of information technology. Many people associate encryption with the obfuscation of informat information to keep it from being compromised by unauthorized parties. Whilst this is a very common use of encryption it is by no means the only use.

Nonrepudiation is the name given to a technique by which the sender is unable to subsequently deny having sent a message. This is particularly important in the sending of financial instructions. A trader may, for example, send a broker instructions to buy shares shortly before a market crash. In a panic at having bought shares at significantly more than their new value the trader may try to deny having sent the buy order to the broker. Nonrepudiation works on the basis that only the sender is in possession of his or her private key. When the sender uses a private key to sign the message and the recipient uses the senders sender's public key to successfully verify the signature it essentially proves the message was sent by the owner of the private key.

Authentication is the concept of proving user identity, typically in or to establish communication or order to gain access to a system or network.

The most basic form of authentication involves the use of a login name and password. Another form of authentication involves the use of digital certificates (for example when accesses accessing secure web sites).

Once a document has been signed with a digital signature it is essential that a message digest be created using a hash function. This ensures that if the document is modified the change will be detected because the hash will fail verification by the recipient. Asymmetric encryption is also used to verify that the signature was indeed signed by the apparent document sender. To achieve this the hash is typically encrypted using the senders private key. If the recipient is able to decrypt the hash using the senders public key then the message is deemed to be authentic. It will not go unnoticed to those who have read the previous sections that this involves both ''authentication'', ''integrity'' and ''nonrepudiation''.