Apache Security - Ivan Ristic [43]
Cleartext
Data in the original form; also referred to as plaintext
Cipher
The algorithm used to protect data
Ciphertext
Data in the encoded (unreadable) form
Cryptography aims to achieve four goals:
Confidentiality
Protect data from falling into the wrong hands
Authentication
Confirm identities of parties involved in communication
Integrity
Allow recipient to verify information was not modified while in transit
Nonrepudiation
Prevent sender from claiming information was never sent
The point of cryptography is to make it easy to hide (encrypt) information yet make it difficult and time consuming for anyone without the decryption key to decrypt encrypted information.
No one technique or algorithm can be used to achieve all the goals listed above. Instead, several concepts and techniques have to be combined to achieve the full effect. There are four important concepts to cover:
Symmetric encryption
Asymmetric encryption
One-way encryption
Digital certificates
Do not be intimidated by the large number of encryption methods in use. Mathematicians are always looking for better and faster methods, making the number constantly grow. You certainly do not need to be aware of the inner details of these algorithms to use them. You do, however, have to be aware of legal issues that accompany them:
Cryptology is a science that can be used by anyone who wishes to protect his privacy, but it is of special importance to the military, governments, law enforcement agencies, and criminals. Consequently, many countries have laws that limit the extent to which encryption techniques can be used. For example, until recently, U.S. companies could not export symmetric encryption technology supporting keys larger than 40 bits.
Some algorithms are patented and cannot be used without a proper license. Libraries implementing patented algorithms are available for free download (often in source code), but you need a license for their legal use.
Symmetric Encryption
Symmetric encryption (also known as private-key encryption or secret-key encryption ) is a fast encryption method that uses a single key to encrypt and decrypt data. On its own it offers data confidentiality (and to some extent, authentication) provided the parties involved in communication safely exchange the secret key in advance. An example of the use of symmetric encryption is shown in Figure 4-1.
Figure 4-1. Symmetric encryption example
Here are six commonly used symmetric encryption algorithms:
Data Encryption Standard (DES)
Uses a fixed length key of 56 bits. It used to be a U.S. government standard but it is now considered obsolete.
Triple-DES (3DES)
Uses a fixed-length key of 168 bits (112 effective). It was designed to give extended life to DES. Still considered secure.
Blowfish
Uses a variable length key of up to 448 bits. Fast and free.
International Data Encryption Algorithm (IDEA)
Uses a fixed-length key of 128 bits. IDEA is fast, patented, and free for noncommercial use.
RC4
Keys can be anywhere from 1 to 2,048 bits long. (40-bit and 128-bit key lengths are commonly used.) RC4 is very fast and in widespread use. The legal status of RC4 is unclear: it is not free but its unlicensed use appears to be tolerated.
Advanced Encryption Standard (AES)
Keys can be 128, 192, or 256 bits long. AES was chosen by the U.S. government to replace DES and 3DES.
A best encryption algorithm does not exist. All algorithms from the list have been thoroughly researched and are considered to be technically secure. Other issues that need to be taken into consideration are the interoperability, key length, speed, and legal issues. The key-length argument renders DES and 3DES (for new implementations) obsolete. It is widely believed that the minimum secure key length for symmetric encryption today is 80 bits. Encryption of at least 128 bits is recommended for all new applications. Having been adopted