Cryptography: What is it?
Most people view cryptology as the romantic science of coding and decoding secret messages, especially during times of war. We envision men and women sitting in darkened rooms, oblivious to anything but decoding communication from the enemy, just like within the U.K.'s famous Bletchley Park during World War II. Today's cryptology borrows from computational science and number theory. The Greek root word crypto means hidden or secret in English. Cryptology is divided into cryptography and cryptoanalysis. Designing cryptosystems which code and decode messages concerns cryptography. Cryptoanalysis breaks cryptosystems. Even as a child working the cryptograms on the back of cereal boxes gives a rousing sense of accomplishment when the code is finally broken. The world views deciphering covert messages as thriller material, exciting, and the fodder of spies from Julius Caesar to the Navajo code talkers communicating between American vessels during World War II.
What are the techniques in Cryptography?
In ancient times, letter manipulation and digital substitution worked well as few could read. As information became easier to communicate throughout the centuries, messages became more complex. Today, we live in the digital age where messaging is less personal, usually mathematical, and instant. Thus encryption and other cryptographic techniques rely on computers to keep secret messages secret. Cracking a code is based on terabytes, not brute force and tenacity.
Algorithms are the foundation of today's cryptographic techniques. Standards include encryption algorithms, hash functions, and stream ciphers, all called cryptosystems. Cryptosystems are either secret-key or public-key cryptography. A key is a parameter, a small piece of information that determines the algorithm's functional output. Without it, the algorithm is useless. Secret-key, or symmetric cryptography, uses the same key for encryption and decryption, whereas the public cryptosystem uses both a public and a private key. This is known as asymmetrical cryptography. The DES or Data Encryption Standard is a well-known secret-key cryptosystem. RSA, an acronym using the surnames of the inventors, is the most popular public-key standard.
- Cracking a Medieval Code
- Cryptographic Standards
- Types of Cipher Systems
- Block & Stream Ciphers and Hash Algorithms
How is Cryptography used in the real world?
Virtually all electronic devices engage some form of cryptographic application. Basic cryptographic applications serve security: communications, identification, and authentication. E-commerce, e-mail, key recovery, computer security, and remote access are advanced applications. Keys are generated randomly and by producing keys that are both unknown and unpredictable, security is easier to maintain. Keys have short lives. Each time one is used, ciphertexts are generated. By enabling limited lifetime keys, it is much tougher for criminals to use cryptanalysis to infiltrate your electronic system. This is especially apparent in the Wassenaar Arrangement that seeks to ensure that exported technologies and other goods are not used for military or national destabilization purposes.
What is Key Management in regards to Cryptography?
Those keys of information or parameters used in the cryptographic algorithms must be securely managed to remain secret. Key management means that the keys must be securely generated, distributed, and stored. Most public-key attacks take aim at the management level, not the algorithmic level. Digital certificates of authenticity must be issued securely without danger of infiltration by hackers and other attacks. Certificates are not issued unless that condition is met so that the public key cannot be compromised. The shorter life cycle of a key allows for damage control if it is compromised.
- Applied Cryptography
- NIST Key Management Guidelines
- Tutorial: Keys and Their Management
- Personal Digital Certificates
What are some laws concerning cryptography?
Cryptographic laws can be nebulous because they vary from country to country and deal with such issues as privacy, importing and exporting different types of software; and are not specifically spelled out, but attached to other issues. Law is construed more as policy and guidelines unless there is a crime involved. Computer hacking, identity theft, privacy issues, corporate, national, and international espionage are some of those crimes and issues that mandate law enforcement. Thus any law directly related to cryptography is implicit, less than explicit.
- Cryptography Policy Guidelines
- Export Policy and Regulations
- International Cryptography Control Maps
- Legally Conducting Cybersecurity Research
- Electronic Frontier Foundation Legal Victories
Further Resources
If you are interested in reading more about cryptology, please visit these: