Latest news
Linux Security: Kinds of Encryption
by Mark G. Sobell - Author's Homepage - Thursday, 17 April 2003.
One of the building blocks of security is encryption, which provides a means of scrambling data for secure transmission to other parties. In cryptographic terms, the data or message to be encrypted is referred to as plaintext, and the resulting encrypted block of text as ciphertext. A number of processes exist for converting plaintext into ciphertext through the use of keys, which are essentially random numbers of a specified length used to lock and unlock data. This conversion is achieved by applying the keys to the plaintext by following a set of mathematical instructions, referred to as the encryption algorithm.
Developing and analyzing strong encryption software is extremely difficult. There are many nuances and standards governing encryption algorithms, and a background in mathematics is requisite. Also, unless an algorithm has undergone public scrutiny for a significant period of time, it is generally not considered secure; it is often impossible to know that an algorithm is completely secure but possible to know that one is not secure. Time is the best test of an algorithm. Also, a solid algorithm does not guarantee an effective encryption mechanism, as the fallibility of an encryption scheme frequently lies in problems with implementation and distribution.
An encryption algorithm uses a key that is a certain number of bits long. Each bit you add to the length of a key effectively doubles the key space (the number of combinations allowed by the number of bits in the key-2 to the power of the length of the key in bits) [a 2-bit key would have a key space of 4 (2^2), a 3-bit key would have a key space of 8 (2^3), and so on.] and means that it will take twice as long for an attacker to decrypt your message (assuming that there are no inherent weaknesses or vulnerabilities to exploit in the scheme). However, it is a mistake to compare algorithms based only on the number of bits used. An algorithm that uses a 64-bit key can be more secure than an algorithm that uses a 128-bit key.
The two primary classifications of encryption schemes are public key encryption and symmetric key encryption. Public key encryption, also called asymmetric encryption, uses two keys: a public key and a private key; these keys are uniquely associated with a specific individual user. Symmetric key encryption, also called symmetric encryption, or secret key encryption, uses one key that you and the person you are communicating with (hereafter, referred to as your friend ) share as a secret. Public key algorithm keys typically have a length of 512 bits to 2,048 bits, whereas symmetric key algorithms use keys in the range of 64 bits to 512 bits.
When you are choosing an encryption scheme, realize that security comes at a price. There is usually a trade-off between resilience of the cryptosystem and ease of administration.
Hard to Break? Hard to Use!
The more difficult an algorithm is to crack, the more difficult it is to maintain and to get people to use properly. The paramount limitations of most respectable cryptosystems lie not in weak algorithms but rather in users' failure to transmit and store keys in a secure manner.
Developing and analyzing strong encryption software is extremely difficult. There are many nuances and standards governing encryption algorithms, and a background in mathematics is requisite. Also, unless an algorithm has undergone public scrutiny for a significant period of time, it is generally not considered secure; it is often impossible to know that an algorithm is completely secure but possible to know that one is not secure. Time is the best test of an algorithm. Also, a solid algorithm does not guarantee an effective encryption mechanism, as the fallibility of an encryption scheme frequently lies in problems with implementation and distribution.
An encryption algorithm uses a key that is a certain number of bits long. Each bit you add to the length of a key effectively doubles the key space (the number of combinations allowed by the number of bits in the key-2 to the power of the length of the key in bits) [a 2-bit key would have a key space of 4 (2^2), a 3-bit key would have a key space of 8 (2^3), and so on.] and means that it will take twice as long for an attacker to decrypt your message (assuming that there are no inherent weaknesses or vulnerabilities to exploit in the scheme). However, it is a mistake to compare algorithms based only on the number of bits used. An algorithm that uses a 64-bit key can be more secure than an algorithm that uses a 128-bit key.
The two primary classifications of encryption schemes are public key encryption and symmetric key encryption. Public key encryption, also called asymmetric encryption, uses two keys: a public key and a private key; these keys are uniquely associated with a specific individual user. Symmetric key encryption, also called symmetric encryption, or secret key encryption, uses one key that you and the person you are communicating with (hereafter, referred to as your friend ) share as a secret. Public key algorithm keys typically have a length of 512 bits to 2,048 bits, whereas symmetric key algorithms use keys in the range of 64 bits to 512 bits.
When you are choosing an encryption scheme, realize that security comes at a price. There is usually a trade-off between resilience of the cryptosystem and ease of administration.
Hard to Break? Hard to Use!
The more difficult an algorithm is to crack, the more difficult it is to maintain and to get people to use properly. The paramount limitations of most respectable cryptosystems lie not in weak algorithms but rather in users' failure to transmit and store keys in a secure manner.
Spotlight
The security of WordPress plugins
Posted on 18 June 2013. | Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection.
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
