|
Encryption
Encryption refers to algorithmic schemes that encode plain
text into non-readable form or hypertext, providing privacy.
The receiver of the encrypted text uses a “key” to decrypt
the message, returning it to its original plain text form.
The key is the trigger mechanism to the algorithm.
Until the advent of the Internet, encryption was rarely used
by the public, but was largely a military tool. Today, with
online marketing, banking, healthcare and other services,
even the average householder is aware of encryption.
Web
browsers will encrypt text automatically when connected to a
secure server, evidenced by an address beginning with https.
The server decrypts the text upon its arrival, but as the
information travels between computers, interception of the
transmission will not be fruitful to anyone “listening in.”
They would only see unreadable gibberish.
There
are many types of encryption and not all of it is reliable.
The same computer power that yields strong encryption can be
used to break weak encryption schemes. Initially, 64-bit
encryption was thought to be quite strong, but today 128-bit
encryption is the standard, and this will undoubtedly change
again in the future.
Though
browsers automatically encrypt information when connected to
a secure website, many people choose to use encryption in
their email correspondence as well. This can easily be
accomplished with encryption programs that feature plug-ins
or interfaces for popular email clients.
The most longstanding of these is called PGP (Pretty Good
Privacy), a humble name for very strong military-grade
encryption program. PGP allows one to not only encrypt email
messages, but personal files and folders as well.
Encryption can also be applied to an entire volume or drive.
To use the drive, it is “mounted” using a special decryption
key. In this state the drive can be used and read normally.
When finished, the drive is dismounted and returns to an
encrypted state, unreadable by interlopers, Trojan horses,
spyware or snoops. Some people choose to keep financial
programs or other sensitive data on encrypted drives.
Encryption schemes are categorized as being symmetric or
asymmetric. Symmetric key algorithms such as Blowfish, AES
and DES, work with a single, prearranged key that is shared
between sender and receiver. This key both encrypts and
decrypts text. In asymmetric encryption schemes, such as RSA
and Diffie-Hellman, the scheme creates a “key pair” for the
user: a public key and a private key.
The public key can be published online for senders to use to
encrypt text that will be sent to the owner of the public
key. Once encrypted, the cyphertext cannot be decrypted
except by the one who holds the private key of that key
pair. This algorithm is based around the two keys working in
conjunction with each other. Asymmetric encryption is
considered one step more secure than symmetric encryption,
because the decryption key can be kept private.
Strong
encryption makes data private, but not necessarily secure.
To be secure, the recipient of the data -- often a server --
must be positively identified as being the approved party.
This is usually accomplished online using digital signatures
or certificates.
As
more people realize the open nature of the Internet, email
and instant messaging, encryption will undoubtedly become
more popular. Without encryption, information passed on the
Internet is not only available for virtually anyone to snag
and read, but is often stored for years on servers that can
change hands or become compromised in any number of ways.
For all of these reasons encryption is a goal worth
pursuing.
Encryption is the transformation of data into a form which
is unreadable by anyone without a secret decryption key. Its
purpose is to ensure privacy by keeping the information
hidden from anyone for whom it was not intended, including
those who can see the encrypted data.
Encryption may be used to make stored data private (e.g.,
data that is stored on a potentially vulnerable hard disk),
or to allow a non-secure communications channel to serve as a
private communications channel. Encryption is sometimes
described as the process of converting plain text into
cipher text.
Prevents any non-authorized party from reading or changing
data. The level of protection provided by encryption is
determined by an encryption algorithm. In a brute-force
attack, the strength is measured by the number of possible
keys and the key size. For example, a Triple-Data Encryption
Standard system (3 DES) uses 112-bit or 168-bit keys and,
based on currently available processing power, is virtually
immune to brute-force attacks.
Business to Business VPNs (Extranets) share sensitive data
with multiple organizations, so demand the highest level of
security. This requires public key encryption and/or secure
key exchange, both of which are designed to eliminate the
risk of the key becoming known to an unauthorized party.
Encryption Systems
The
Computer encryption is based on the science of cryptography,
which has been used throughout history. Before the digital
age, the biggest users of cryptography were governments,
particularly for military purposes. The existence of coded
messages has been verified as far back as the Roman Empire.
But most forms of cryptography in use these days rely on
computers, simply because a human-based code is too easy for
a computer to crack.
Most computer encryption systems belong in one of two
categories:
Symmetric-key encryption
Public-key
encryption
Crypto," to use the all-purpose abbreviation for
cryptography, cryptoanalysis, and cryptology, is cool. Just
plain cool. My biggest regret in life is that I never took a
math class past Algebra II, so I really don't know jack
about the mathematical foundations of intense crypto
systems. But boy, do I respect those who do.
If
you're a person who finds crypto textbooks really boring yet
wants to understand this whole crypto bit in the broad
sense, go read Neal Stephenson's Cryptonomicon. Sure, it's
more than 900 pages of quasi-fiction, but it manages to tell
a fascinating story while giving an incredible amount of
insight into modern cryptography.
In
this tutorial, you'll learn something or another about the
common, Web-based uses for the following basic encryption
techniques
Asymmetric key-based algorithms. This method uses one key to
encrypt data and a different key to decrypt the same data.
You have likely heard of this technique; it is sometimes
called public key/private key encryption, or something to
that effect.
Symmetric key-based algorithms, or block-and-stream ciphers.
Using these cipher types, your data is separated into
chunks, and those chunks are encrypted and decrypted based
on a specific key.
Stream ciphers are used more predominantly than block
ciphers, as the chunks are encrypted on a bit-by-bit basis
This process is much smaller and faster than encrypting
larger (block) chunks of data.
Hashing, or creating a digital summary of a string or file.
This is the most common way to store passwords on a system,
as the passwords aren't really what's stored, just a hash
that can't be decrypted.
If
your head's already spinning, stick with me — it does get
better. The following sections will show you the why and how
of real-life data encryption in a Web environment, using PHP
and various other tools such as the mcrypt and mhash
libraries.
|