|
ENCRYPTION
Encryption refers to algorithmic
schemes that encode plain text into
non-readable form or cyphertext,
providing privacy. The receiver of the
encrypted text uses a “key” to decrypt
the message, returning it to its
original plain text form. The key is the
trigger mechanism to the algorithm.
Until the advent of the Internet,
encryption was rarely used by the
public, but was largely a military tool.
Today, with online marketing, banking,
healthcare and other services, even the
average householder is aware of
encryption.
Web browsers will encrypt text
automatically when connected to a secure
server, evidenced by an address
beginning with https. The server
decrypts the text upon its arrival, but
as the information travels between
computers, interception of the
transmission will not be fruitful to
anyone “listening in.” They would only
see unreadable gibberish.
There are many types of encryption
and not all of it is reliable. The same
computer power that yeilds strong
encryption can be used to break weak
encryption schemes. Initially, 64-bit
encryption was thought to be quite
strong, but today 128-bit encryption is
the standard, and this will undoubtedly
change again in the future.
Though browsers automatically encrypt
information when connected to a secure
website, many people choose to use
encryption in their email correspondence
as well. This can easily be accomplished
with encryption programs that feature
plug-ins or interfaces for popular email
clients.
The most longstanding of these is called
PGP (Pretty Good Privacy), a humble name
for very strong military-grade
encryption program. PGP allows one to
not only encrypt email messages, but
personal files and folders as well.
Encryption can also be applied to an
entire volume or drive. To use the
drive, it is “mounted” using a special
decryption key. In this state the drive
can be used and read normally.
When finished, the drive is dismounted
and returns to an encrypted state,
unreadable by interlopers, Trojan
horses, spyware or snoops. Some people
choose to keep financial programs or
other sensitive data on encrypted
drives.
Encryption schemes are categorized as
being symmetric or asymmetric. Symmetric
key algorithms such as Blowfish, AES and
DES, work with a single, prearranged key
that is shared between sender and
receiver. This key both encrypts and
decrypts text. In asymmetric encryption
schemes, such as RSA and Diffie-Hellman,
the scheme creates a “key pair” for the
user: a public key and a private key.
The public key can be published online
for senders to use to encrypt text that
will be sent to the owner of the public
key. Once encrypted, the cyphertext
cannot be decrypted except by the one
who holds the private key of that key
pair. This algorithm is based around the
two keys working in conjunction with
each other. Asymmetric encryption is
considered one step more secure than
symmetric encryption, because the
decryption key can be kept private.
Strong encryption makes data private,
but not necessarily secure. To be
secure, the recipient of the data --
often a server -- must be positively
identified as being the approved party.
This is usually accomplished online
using digital signatures or
certificates.
As more people realize the open
nature of the Internet, email and
instant messaging, encryption will
undoubtedly become more popular. Without
encryption, information passed on the
Internet is not only available for
virtually anyone to snag and read, but
is often stored for years on servers
that can change hands or become
compromised in any number of ways. For
all of these reasons encryption is a
goal worth pursuing.
Encryption is the transformation of
data into a form which is unreadable by
anyone without a secret decryption key.
Its purpose is to ensure privacy by
keeping the information hidden from
anyone for whom it was not intended,
including those who can see the
encrypted data.
Encryption may be used to make stored
data private (e.g., data that is stored
on a potentially vulnerable hard disk),
or to allow a nonsecure communications
channel to serve as a private
communications channel. Encryption is
sometimes described as the process of
converting plain text into cipher text.
Prevents any non-authorized party
from reading or changing data. The level
of protection provided by encryption is
determined by an encryption algorithm.
In a brute-force attack, the strength is
measured by the number of possible keys
and the key size. For example, a
Triple-Data Encryption Standard system
(3 DES) uses 112-bit or 168-bit keys
and, based on currently available
processing power, is virtually immune to
brute-force attacks.
Business to Business VPNs (Extranets)
share sensitive data with multiple
organizations, so demand the highest
level of security. This requires public
key encryption and/or secure key
exchange, both of which are designed to
eliminate the risk of the key becoming
known to an unauthorized party.
Encryption Systems
The Computer encryption is based on
the science of cryptography, which has
been used throughout history. Before the
digital age, the biggest users of
cryptography were governments,
particularly for military purposes. The
existence of coded messages has been
verified as far back as the Roman
Empire.
But most forms of cryptography in use
these days rely on computers, simply
because a human-based code is too easy
for a computer to crack.
Most computer encryption systems
belong in one of two categories:
Symmetric-key encryption
Public-key encryption
Crypto," to use the all-purpose
abbreviation for cryptography,
cryptoanalysis, and cryptology, is cool.
Just plain cool. My biggest regret in
life is that I never took a math class
past Algebra II, so I really don't know
jack about the mathematical foundations
of intense crypto systems. But boy, do I
respect those who do.
If you're a person who finds crypto
textbooks really boring yet wants to
understand this whole crypto bit in the
broad sense, go read Neal Stephenson's
Cryptonomicon. Sure, it's more than 900
pages of quasi-fiction, but it manages
to tell a fascinating story while giving
an incredible amount of insight into
modern cryptography.
In this tutorial, you'll learn
something or another about the common,
Web-based uses for the following basic
encryption techniques
Asymmetric key-based algorithms. This
method uses one key to encrypt data and
a different key to decrypt the same
data. You have likely heard of this
technique; it is sometimes called public
key/private key encryption, or something
to that effect.
Symmetric key-based algorithms, or
block-and-stream ciphers. Using these
cipher types, your data is separated
into chunks, and those chunks are
encrypted and decrypted based on a
specific key.
Stream ciphers are used more
predominantly than block ciphers, as the
chunks are encrypted on a bit-by-bit
basis This process is much smaller and
faster than encrypting larger (block)
chunks of data.
Hashing, or creating a digital summary
of a string or file. This is the most
common way to store passwords on a
system, as the passwords aren't really
what's stored, just a hash that can't be
decrypted.
If your head's already spinning,
stick with me — it does get better. The
following sections will show you the why
and how of real-life data encryption in
a Web environment, using PHP and various
other tools such as the mcrypt and mhash
libraries.
http://www.justvb.net/it/ |