Cryptographic Tools

The derivation of the word cryptography is from Greek and means literally secret writing . Modern cryptography is still involved in keeping data secret, but the ability to authenticate a user (and hence apply some kind of access control) is even more important.

Although there are many cryptographic techniques and protocols, they mostly fall into one of three categories:

Bulk Encryption

This is the modern equivalent of secret writing . A bulk encryption algorithm uses a key to scramble (or encrypt ) data for transmission or storage. It can then only be unscrambled (or decrypted ) using the same key. Bulk encryption is so called because it is effective for securing large chunks of data. Some common algorithms are Data Encryption Standard (DES), Data Encryption Algorithm (DEA) and RC4. This is also called the symmetric encryption.

Public Key Encryption

This is also a technique for securing data but instead of using a single key for encryption and decryption, it uses two related keys, called public key and private key , which together form what is known as a key pair . As the word  suggests, public keys are made available to everyone, but each entity that holds a key pair should keep the private key as secret. If data is encrypted using one of the keys, it can only be decrypted using the other, and vice
versa.

Public key encryption is a form of asymmetric encryption, because the key that is used to encrypt is different from the key used to decrypt. With this technology, the sender in a secure communication can use the receiver’s public key to encrypt the data, because at that point in time only the receiver can decrypt the data, by using its own private key.

Notice that the public and the private keys are bound by a well known mathematical relationship, so that having one of the two keys it would be theoretically possible to obtain the other one. However, especially when the size of the building block of the keys is very long (for instance, 512 bits), the computational effort required makes the probability of breaking a key very small.

Compared to bulk encryption, public key encryption is more secure, because it does not require the transmission of a shared key that both the parties must hold. However, public key encryption is computationally expensive and is therefore not suited to large amounts of data. For this reason the most common solution, implemented for example in the SSL protocol, is for the two parties (sender and receiver) to use public key encryption to agree on and share a common key. After the common key has been shared using asymmetric encryption, so that only the two parties really know it, then bulk encryption is used. Notice that a common key is shared only for the time of a single connection. After a secure connection is closed, a new connection requires that the two parties agree on a new shared key.

The most commonly-used algorithm for public key encryption is the Rivest, Shamir and Adleman (RSA) system.

Hashing

A secure hash is an algorithm that takes a stream of data and creates afixed-length digest of it. This digest is a fingerprint for the data. A digest has two main properties:

1. If even one single bit of data is changed, then the message digest changes as well. Notice, however, there is a very remote probability that two different arbitrary messages can have the same fingerprint.

2. Even if someone was able to intercept transmitted data and its fingerprint, that person would not be practically able to modify the original data so that the resulting data has the same digest as the original one.

Hashing functions are often found in the context of digital signatures. This is a method for authenticating the source of a message, formed by encrypting a hash of the source data. Public key encryption is used to create the signature, so it effectively ties the signed data to the owner of the key pair that created the signature.