Tales from the encrypt
Summary Description RSA, SSL, PGP? It might as
well be a secret code! 5 Minute Guides tackles digital
encryption.
Author
Publication
Roullas Top10 Simon Vandore
Newswire
No
Editorial InformationArticle Location
http://www.newswire.com.au/0005/5mg11.htm
Article Topic 5 Minute Guides, Encryption
Story Order
Story Group 000514
Post Date 11/05/2000 09:03 AM Status Posted Entered by Simon
Vandore on 10/05/2000 01:23 PM
ImagesLead Picture
Heading Image
Content
Introduction
Body
How does digital encryption work?
Encryption is basically the use of a secret code to disguise
something, such as a document. The simplest example would be A =
1, B = 2, C = 3 and so on. Complicated codes were often used
during World War II to deliver battle plans.
Old-fashioned 'symmetric' encryption uses the same key code to
encode and decode a message. However, symmetric encryption has
one problem: you need to manually tranfer the code to the
receiver. During the War, encryption codes were susceptible to
interception en-route.
Modern 'asymmetric' or 'public key' encryption carried out on
computers solves this by using a publicly available key code to
encrypt the message, and a private key to decrypt it. Anyone can
find out your public key and send you an encrypted item, but the
private key is only ever held by you, so the message can only be
decrypted by you. The mechanism for sharing public keys is known
as a public key infrastructure.
Digital encryption can be used to disguise more than just a
document -- it can be applied to pictures, sound, or even all
data passing through a network.
OK, now tell me about the acronyms. RSA? SSL? PGP?
The RSA algorithm, the most commonly used form of public key
encryption today, was invented in 1978 by Ron Rivest, Adi Shamir,
and Leonard Adleman. RSA Security owns the algorithm and licenses
it to software companies like Netscape, Microsoft and Lotus.
Most online shopping sites on today's Internet use Secure Sockets
Layer (SSL) for credit card transactions, a means of encrypting
Web communication invented by Netscape. SSL uses RSA and
pre-existing 'digital certificates' to validate the transaction.
A certificate is another encrypted file issued by a certification
authority (CA) or 'trusted third party' containing details about
the identity of its owner.
PGP (standing for Pretty Good Privacy) is a public key encryption
program written by Phil Zimmerman in the US. It brought RSA to
the masses, and the spooks to Zimmerman's door.
Why is encryption controversial?
Governments and defence forces around the world see strong
encryption as a threat, as it enables their enemies to reliably
evade detection and hide information. In some countries, the
export of strong encryption technologies is strictly controlled
as they are considered 'weapons grade'. Phil Zimmerman was
initially pursued by the US authorities for making his PGP
software available online. Some products are exported with
low-grade encryption, but made available locally using stronger
encryption.
Some people are really into this stuff. The study of encryption
is called cryptography, and on the Internet there is a virtual
community of people, known as 'cypherpunks', interested in the
social and political impacts of modern cryptography. They often
don't see eye-to-eye with their respective governments. It's a
matter of personal privacy versus perceptions of national
security.
Why do some things have 56-bit key encryption, and others
128-bit or even 2,048-bit?
Each bit added to a key makes it an order of magnitude more
secure. But encryption and decryption use more processing power
where larger keys are involved, so a balance must be struck.
The only way to crack open something encoded with a good public
key security system is a 'brute force' attack. Large amounts of
computing power must be applied over many hours, days or even
months to try all possible combinations of keys and crack the
code. Brute force is often used to crack commonly used 48-bit or
56-bit keys, but higher order of magnitude keys are considered
reasonably safe . . . unless you believe the conspiracy theorists
who say the CIA has supercomputers that can crack most security.
Generate your 1,024-bit PGP key now!
Related MaterialsRelated Articles
Related Links
Bulletin SummaryTales from the encrypt
RSA, SSL, PGP? It might as well be a secret code! 5 Minute Guides
tackles digital encryption.
WAP Summary
Cross-Publishing InformationShort Headline
5 Minute Guide: Tales from the encrypt
Clipping Information
Corporate IT Yes This field should be marked 'Yes' for any story
of interest to corporate readers
CIT Lead No Newswire Lead No Section Lead No (These fields are
controlled by all those handy buttons and agents)