CRYPTOGRAPHIC TECHNIQUES |
|
Computer encryption is based on the science of cryptography, which has been used
throughout history.
Encryption is the procedure used in cryptography to convert plaintext into cipher
text that cannot be understood by unauthorized people. Before the digital age, the
biggest users of cryptography were governments, particularly for military purposes
|
Based on the purpose of encryption, there are many methods and algorithms to achieve it:
- File encryption is usually done by using private/public key methods
Private/public key encryption algorithms are very strong, key length varies from 1024 to 4096 bits.
- For VPN traffic encryption, the most used encryption algorithm is 3DES which is based on DES but
the date is encrypted 3 times with DES and then sent on the wire. New algorithms such as AES can use
keys from varying from 128 to 256 bits. AES128 is significantly faster and more efficient than 3DES
(although 3DES has a key size of 168bits)
|
Most computer encryption systems belong in one of two categories:
- Symmetric-key encryption
- Public-key encryption
|
|
|
| In symmetric-key encryption, each computer has a secret key (code) that it
can use to encrypt a packet of information before it is sent over the network to
another computer. Symmetric-key requires that you know which computers will be
talking to each other so you can install the key on each one. Symmetric-key
encryption is essentially the same as a secret code that each of the two
computers must know in order to decode the information. The code provides
the key to decoding the message |
|
|
Public-key encryption uses a combination of a private key and a public
key. The private key is known only to your computer, while the public key is
given by your computer to any computer that wants to communicate securely
with it. To decode an encrypted message, a computer must use the public
key, provided by the originating computer, and its own private key.
To implement public-key encryption on a large scale, such as a secure
Web server might need, requires a different approach. This is where digital
certificates come in. A digital certificate is basically a bit of information
that says that the Web server is trusted by an independent source known as
a certificate authority. The certificate authority acts as a middleman that
both computers trust. It confirms that each computer is in fact who it says
it is, and then provides the public keys of each computer to the other.
|
|
|
A popular implementation of public-key encryption is the Secure Sockets Layer (SSL).
Originally developed by Netscape, SSL is an Internet security protocol used by Internet
browsers and Web servers to transmit sensitive information. SSL has become part of an
overall security protocol known as Transport Layer Security (TLS).
In your browser, you can tell when you are using a secure protocol, such as
TLS, in a couple of different ways. You will notice that the "http" in the
address line is replaced with "https", and you should see a small padlock in
the status bar at the bottom of the browser window.
|
|
|
| The key in public-key encryption is based on a hash value. This is a value that is
computed from a base input number using a hashing algorithm. Essentially, the hash value
is a summary of the original value. The important thing about a hash value is that it
is nearly impossible to derive the original input number without knowing the data used
to create the hash value. |
Symmetric Key