Cryptography is a method of storing and transmitting data in a form that only those it is intended for can read and process. It is a science of protecting information by encoding it into an unreadable format. Cryptography is an effective way of protecting sensitive information as it is stored on media or transmitted through network communication paths. Although the ultimate goal of cryptography, and the mechanisms that make it up, is to hide information from unauthorized individuals, most algorithms can be broken and the information can be revealed if the attacker has enough time, desire, and resources. So a more realistic goal of cryptography is to make obtaining the information too work-intensive to be worth it to the attacker.

The first encryption methods date back to 4,000 years ago and were considered more of an ancient art. As encryption evolved, it was mainly used to pass messages through hostile environments of war, crisis, and for negotiation processes between conflicting groups of people. Throughout history, individuals and governments have worked to protect communication by encrypting it. As time went on, the encryption algorithms and the devices that used them increased in complexity, new methods and algorithms were continually introduced, and it became an integrated part of the computing world.


Encryption is a method of transforming original data, called plaintext or clear text, into a form that appears to be random and unreadable, which is called cipher text. Plaintext is either in a form that can be understood by a person (a document) or by a computer (executable code). Once it is not transformed into cipher text, human nor machine can properly process it until it is decrypted. This enables the transmission of confidential information over insecure channels without unauthorized disclosure. When data is stored on a computer, it is usually protected by logical and physical access controls. When this same sensitive information is sent over a network, it can no longer take these controls for granted, and the information is in a much more vulnerable state.

Data Encryption

“The process of encryption transforms plaintext into cipher textand the process of decryption
transforms cipher text into plaintext.”

A system that provides encryption and decryption is referred to as a cryptosystem andcan be created through hardware components or program code in an application. Thecryptosystem uses an encryption algorithm, which determines how simple or complexthe process will be. Most algorithms are complex mathematical formulas that areapplied in a specific sequence to the plaintext. Most encryption methods use a secretvalue called a key (usually a long string of bits), which works with the algorithm toencrypt and decrypt the text.

“The key is inserted into the mathematical algorithm and the result is applied tothe message,
which ends up in ciphertext.”


“The key is inserted into the mathematical algorithm and the result is applied tothe message,
which ends up in ciphertext.”

The algorithm, the set of mathematical rules, dictates how enciphering and deciphering take place. Many algorithms are publicly known and are not the secret part of the encryption process. The way that encryption algorithms work can be kept secret from the public, but many of them are publicly known and well understood. If the internal mechanisms of the algorithm are not a secret, then
something must be. The secret piece of using a well-known encryption algorithm is the key. The key can be any value that is made up of a large sequence of random bits. Is it just any random number of bits crammed together? Not really. An algorithm contains a key space, which is a range of values that can be used to construct a key. The key is made up of random values within the key space range. The larger the key space, the more available values can be used to represent different keys, and the more random the keys are, the harder it is for intruders to figure them out.

A large key space allows for more possible keys. The encryption algorithm should use the entire key space and choose the values to make up the keys as random as possible. If a smaller key space were used, there would be fewer values to choose from when forming a key. This would increase an attacker‘s chance of figuring out the key value and deciphering the protected information.


Larger keyspaces allow for more possible keys

If an eavesdropper captures a message as it passes between two people, she can view the message, but it appears in its encrypted form and is therefore unusable. Even if this attacker knows the algorithm that the two people are using to encrypt and decrypt their information, without the key, this information remains useless to the eavesdropper.


The strength of the encryption method comes from the algorithm, secrecy of the key, length of the key, initialization vectors, and how they all work together. When strength is discussed in encryption, it refers to how hard it is to figure out the algorithm or key, whichever is not made public. Breaking a key has to do with processing an amazing number of possible values in the hopes of finding the one value that can be used to decrypt a specific message.

The strength correlates to the amount of necessary processing power and time it takes to break the key or figure out the value of the key. Breaking a key can be accomplished by a brute force attack, which means trying every possible key value until the resulting plaintext is meaningful. Depending on the algorithm and length of the key, this can be a very easy task or a task that is close to impossible. If a key can be broken with a Pentium II processor in three hours, the cipher is not strong at all. If the key can only be broken with the use of a thousand multiprocessing systems, and it takes 1.2 million years, then it is pretty darn strong. The goal of designing an encryption method is to make compromise too expensive or too time consuming. Another name for cryptography strength is work factor, which is an estimate of the effort it would take an attacker to penetrate an encryption method.

The strength of the protection mechanism should be used in correlation to the sensitivity of the data being encrypted. It is not necessary to encrypt information about a friend‘s Saturday barbeque with a top secret NSA encryption algorithm, and it is not a good idea to send the intercepted KGB spy information using Pretty Good Privacy (PGP).

Each type of encryption mechanism has its place and purpose. Even if the algorithm is very complex and thorough, there are other issues within encryption that can weaken the strength of encryption methods. Because the key is usually the secret value needed to actually encrypt and decrypt messages, improper protection of the key can weaken the encryption strength. An extremely strong algorithm can be used, using a large keyspace, and a large and random key value, which are all therequirements for strong encryption, but if a user shares her key with others, these other pieces of the equation really don‘t matter.

An algorithm with no flaws, a large key, using all possible values within a keyspace,and protecting the actual key are important elements of encryption. If one is weak, itcan prove to be the weak link that affects the whole process.


Cryptosystems can provide confidentiality, authenticity, integrity, and nonrepudiationservices. It does not provide availability of data or systems.

  • Confidentiality means that unauthorized parties cannot access information.
  • Authenticity refers to validating the source of the message to ensure the sender is properly identified.
  • Integrity provides assurance that the message was not modified during transmission, accidentally or intentionally.
  • Nonrepudiation means that a sender cannot deny sending the message at a later date, and the receiver cannot deny receiving it.

So if your boss sends you a message telling you that you will be receiving a raise that doubles your salary and it is encrypted, encryption methods can ensure that it really came from your boss, that someone did not alter it before it arrived to your computer, that no one else was able to read this message as it traveled over the network, and that your boss cannot deny sending the message later when he comes to his senses.

Different types of messages and transactions require a higher degree of one or all of the services that encryption methods can supply. Military and intelligence agencies are very concerned about keeping information confidential, so they would choose encryption mechanisms that provide a high degree of secrecy. Financial institutions care about confidentiality, but care more about the integrity of the data being transmitted, so the encryption mechanism they would choose may differ from the military‘s encryption methods. If messages were accepted that had a misplaced decimal point or zero, the ramifications could be far reaching in the financial institution world. Legal agencies may care more about the authenticity of messages that they receive. If information that was received ever needed to be presented in a court of law, its authenticity would certainly be questioned; therefore, the encryption method used should ensure authenticity, which confirms who sent the information.


  • Algorithm: Set of mathematical rules used in encryption and decryption.
  • Cryptography : Science of secret writing that enables you to store and transmit data in a form that is available only to the intended individuals.
  • Cryptosystem : Hardware or software implementation of cryptography that transforms a message to cipher text and back to plaintext.
  • Cryptanalysis : Practice of obtaining plaintext from cipher text without a key or breaking the encryption.
  • Cryptology: The study of both cryptography and cryptanalysis.
  • Cipher text: Data in encrypted or unreadable format.
  • Encipher: Act of transforming data into an unreadable format.
  • Decipher: Act of transforming data into a readable format.
  • Key: Secret sequence of bits and instructions that governs the act of encryption and decryption. Key clustering: Instance when two different keys generate the same cipher text from the same plaintext.
  • Key space: Possible values used to construct keys.
  • Plaintext: Data in readable format, also referred to as clear text.
  • Work factor: Estimated time, effort, and resources necessary to break a cryptosystem.