How to use cryptography in computer security
Cryptography is the mathematics underlying computer security. While a Ph.D. in cryptography is hardly a requirement for keeping one's systems secure, an understanding of the basics helps in decision making about security, both for system administrators and IT managers. In this article, I present a non-technical overview of a few key concepts in cryptography that are relevant to consumers of security solutions. I then look at some widespread myths about cryptography, and give some advice on practical matters relating to cryptography.
Encryption. Suppose your company has a confidential database which you wish to backup offsite with a storage provider. This is a typical application of encryption. An encryption algorithm, or a cipher, takes the data and a small key (think of it as a phassphrase) and produces garbled data. For someone who doesn't have the key, there's no way to make sense of the garbled data (more precisely, doing so would take an insane amount of time), but if you have the key, you can easily get the original data back. So you retain the key and send the garbled data to the backup provider.
By Arvind Narayanan at IT Manager's Journal
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.