Glossary
Block Cipher: Rather than encrypt data a bit at a time, often termed a stream cipher, the algorithm is applied to the data a block at a time. To ensure that identical blocks of data are not encrypted in precisely the same way, often the ciphertext from the previous block is used by the algorithm to further alter the encrypted output. Often in encrypted data streams, the same message may appears several times in a relatively short time period, so steps are taken to ensure this does not produce identical ciphertext that will be more susceptible to attack. For example, at the start of each message an initialisation number derived from a random number generator may be fed to the encryption algorithm to ensure identical messages do not produce the same ciphertext.
Key: A key is a variable value in cryptography that is taken by the algorithm and applied to the unencrypted message to produce an encrypted message or ciphertext. Logically, a key is also required for the algorithm to decrypt ciphertext and retrieve the original message. The longer the key, the more difficult it will be to break the code.
A private key, often known as a secret key, is a key that is only known to the trusted parties involved in the communication. The risk with this system is that if either party loses the key or it is stolen, the security is compromised.
PKI (Public Key Infrastructure) is an example of asymmetric cryptography and uses a combination of private and public keys. The public key can be used to encrypt text, but the ciphertext can only be decrypted using the private key. The private key is never shared or sent across the Internet, but you can freely distribute your public key, so that people can send you encrypted email. Public keys can also be stored in directories that are accessible over the Internet. A number of companies supply and maintain the PKI infrastructure; the leaders are RSA, Verisign, GTE CyberTrust, Xcert, and Netscape.
PGP: Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt e-mail over the Internet and send digital signatures. PGP is available as both freeware and as commercial packages. PGP was developed by Philip R Zimmermann in 1991 and is an asymmetrical algorithm that uses a private and a public encryption key. There are two public key versions of PGP and they are Diffie-Hellman, which can be distributed freely, and RSA/IDEA, which requires a licence fee. When sending digital signatures, PGP uses a hash algorithm whose output is based on the user's name and other specific information. The RSA version uses the MD5 algorithm while the Diffie-Hellman version uses the SHA-1 algorithm.
DES (and triple DES or 3DES): The Data Encryption Standard (DES) was developed by an IBM team around 1974 and adopted as a US national standard in 1977. Triple DES is a minor variation of this standard. It is three times slower than regular DES, but can be billions of times more secure if used properly. Triple DES enjoys much wider use than DES because DES is so easy to break with today's rapidly advancing technology.
Triple DES was the answer to many of the shortcomings of DES. Since it is based on the DES algorithm, it is very easy to modify existing software to use triple DES. It also has the advantage of proven reliability and a longer key length that eliminates many of the shortcut attacks that can be used to reduce the amount of time it takes to break DES.
Triple DES takes three 64-bit keys, for an overall key length of 192 bits. The procedure for encryption is exactly the same as regular DES, but it is repeated three times, hence the name triple DES. The data is encrypted with the first key, decrypted with the second key, and finally encrypted again with the third key.
IDEA: IDEA (International Data Encryption Algorithm) was developed in Switzerland and uses a block cipher with a 128-bit key. It is one of the best of the public encryption algorithms and is considered very secure.
MD5: MD5 is a digital signature algorithm that is based on the attached message with a 128-bit fingerprint unique to the message data. There are two earlier algorithms MD2 and MD4, the former was optimised for 8-bit processors while the latter and MD5 were optimised for 32-bit processors. While MD4 was considered quite fast there was some criticism of its security, so MD5 was developed as a more secure extension, although it is slower than MD4.
AES: Advanced Encryption Standard (AES) is a symmetrical encryption algorithm developed at the request of the National Institute of Standards to replace DES to secure unclassified material for US Government agencies. It is growing in popularity in the commercial sector. The algorithm uses block encryption, with the blocks 128 bits in size and encryption key sizes of 128, 192, and 256 bits as a minimum.
Blowfish: Blowfish is an encryption algorithm that is unpatented and available free for all uses. It can be used as a DES replacement and uses a variable length key from 32 bits to 448 bits. Its main advantage over DES is that it's optimised for 32-bit processors and is significantly faster.
Subscribe now to Australian Technology & Business magazine.
