TheWorldJournal.com - Technology

Encryption Technology Conceals Data From Would-Be Cyber Thieves
By Dan Calloway, TheWorldJournal.com

Encryption, the science of concealing information from third parties to keep it the property of only the sender and the receiver, has been used in fields as diverse as warfare and poetry. Encryption seeks to conceal information that, if divulged, would be harmful to the sender or the receiver. When encryption succeeds, you can make purchases over the Internet without worrying about using your credit card number. When encryption fails, as in the case of the World War II Japanese "Purple" naval code, battles (and wars) are lost.

Today, encryption is no longer the province of clever puzzle makers. Encryption is now performed by powerful computers using powerful software. Exactly how powerful that software is permitted to be, and whether anyone but the sender and receiver of the encrypted information has a right to see that information has led to a long, complex debate between privacy advocates and law enforcement. Before looking at that issue, we need to learn more about how encryption works.

There are a variety of types of encryption, but all of them work on a basis far beyond the simple substitution ciphers beloved of mystery writers or provided for a few minutes of amusement in the Sunday paper.

All forms of computer-based encryption use some sort of encryption algorithm (an algorithm is a computer program designed to perform a specific task). These algorithms, such as Blowfish, IDEA, and RSA are, surprisingly enough, not secret. Why not? According to the online article "Public Key Encryption Technology," which is available at Invisible Data Systems http://www.incrypt.com/crypto.html...the algorithms themselves are not secret and have been published in the scientific literature: any expert could examine the algorithm for its reliability. Another advantage of employing published algorithms is the comfort customers gain from knowing that the vendor does not have a 'back door' or a spare (master) key.

If the methods for encryption aren't kept secret, then what keeps e-commerce, e-banking, encrypted e-mail, and other secret documents and transactions secret as they fly across cyberspace? The encryption keys that unlock the encrypted data are kept secret, and they are made difficult to guess by their very size. The strength of encryption is measured in bits, and the more bits there are in the encryption key, the harder the encryption is to crack.

How Bit Size Affects The Strength of Encryption. A gym locker's combination lock is a very simple example of encryption; there are many combinations of numbers that are wrong but only one combination that opens the lock. Safecrackers who can feel the lock's tumblers fall into place can crack a combination lock quickly. But given enough time, anyone could open a combination lock by carefully trying every possible combination until finding the one that was correct.

By increasing the number of bits used to encrypt the message, the effect is the same as if a safecracker had to find more than three numbers in the combination. The more numbers that must be located, the longer it takes to open the lock.

How many combinations are possible in today's typical encryption methods? A 40-bit key has over 1 trillion combinations (1 followed by 12 zeros). A 56-bit key has over 72 quadrillion combinations (1 followed by 15 zeros). A 128-bit key has over 240 undecillion combinations (1 followed by 36 zeros). Is 128-bit encryption uncrackable? It would certainly seem to be so. According to e-commerce digital certificate provider Verisign (see them at http://www.verisign.com/), "If the technology applied to crack the 40-bit encoded message in eight hours were applied to break a 128-bit encoded message, it would take more than 2 trillion years."

Does Encryption Matter to You? Encryption matters to everyone who uses an Internet connection for any type of e-commerce or Web-based transaction, such as e-mail retrieval. If you've ever seen "https://" at the beginning of a Web address instead of just "http://," or if you've seen the closed padlock symbol at the bottom of your browser's window, you've been using a secure connection that's encrypted.

How Secure Is Your Browser? If you are reside outside of the United States or Canada, you were once limited to 40-bit versions of these programs; however, a 1997 revision to the law increased the encryption strength to 56 bits. Many people in the United States and Canada may also be using weak versions of browsers out of simple ignorance or just because of the extra steps required to download the strong encryption versions. Since 56-bit encryption has over 72 quadrillion possible combinations (as compared to just over 1 trillion with 40-bit encryption), this sounds like a big improvement. But is it?

RSA Security (see them at http://www.rsasecurity.com) has sponsored a series of cracking contests with two purposes in mind: to see how quickly export versions of cryptography could be broken and to encourage standardization on strong (128-bit) forms of encryption for all uses. The 128-bit versions of cryptography, as predicted, is still unbreakable. How about the current "good enough for export" 56-bit version? In the January 1999 DES Challenge III contest, 56-bit U.S. government standard Data Encryption Standard (DES) encryption was broken in 22 hours and 15 minutes (less than one day).

If you can use a 128-bit encryption version of a Web browser or other encryption program and don't, you're exposing your information to a measurable degree of risk. Upgrade your browser to be safe! You can check your browser's encryption strength (Internet Explorer 4 or 5) by opening the browser and clicking on Help > About Internet Explorer. In IE 5.0 and 5.01 you can even upgrade the encryption strength directly from the browser at this location.

There are two basic types of encryption employed in cryptography: Symmetric and Asymmetric. Symmetric (or secret) encryption requires that two copies of the same key be shared to encrypt and decrypt a message. If a hacker gets a copy of the secret key, the messages are vulnerable to theft. That's why asymmetric-key encryption is often used to send keys. The second and preferred means of data encryption is referred to as asymmetric. Asymmetric (or public) encryption uses two keys that are mathematically related. The public key encrypts the message, but only the private key can decrypt it. This type of encryption is not as vulnerable to theft from a hacker because only one person holds the private key. This form of data encryption is utilized in PGP email and data encryption. I highly recommend you download your free copy of this program from Network Associates, Inc.'s website at http://www.nai.com or from the PGP homepage at http://www.pgp.com/.

© August 5, 2000

<![if lt IE 4]> <script src="http://servedbyadbutler.com/adserve/;ID=132676;size=120x600;setID=49329;type=js" type="text/javascript"> </script> <noscript> <a href="http://servedbyadbutler.com/go2/;ID=132676;size=120x600;setID=49329"> <img src="http://servedbyadbutler.com/adserve.ibs/;ID=132676;size=120x600;setID=49329;type=img" border="0" height="600" width="120" alt=""></a> </noscript><![endif]>

Since 1999 © TheWorldJournal.com, All rights reserved. Student Media Network For the best advertising rates at TheWorldJournal.com (120x600 - new banner format by the Interactive Advertising Bureau), click here. Back to top	e-mail: info@theworldjournal.com sales: sales@theworldjournal.com