What is cryptography?
Cryptography is the process of hiding the meaning of a message by applying a mathematical transformation to it (encrypting it). The encryption algorithm is assumed known to everyone, it is only the key that is unknown. Without the key decryption of the message is a hard mathematical task, taking in principle billions of computer years to accomplish with classical computers.
Why use encryption?
Cryptography is used to hide messages from other entities. Who those
entities are depends on what your message is.
If you are a normal computer user the message can be your computer
password or credit card details. Encryption is used to prevent
anyone between your computer and the computer you are communicating with
from reading your message. For example, I am using a secure shell
[(ssh)]
link to talk to the webserver where this document is stored so that
no-one on my local area network can use a packet sniffer such as
[Ethereal] to capture my password.
If you are a criminal or terrorist the messages are encrypted to hide
them from the state security apparatus.
What is the problem?
The controversy over encryption arises because once a strong algorithm is developed (eg Triple DES, Blowfish, AES, RSA, ElGamel) it is easy to chose a key length long enough to prevent ANYONE from decrypting the message (ignoring weak passwords and rubber hose cryptanalysis). This is fine for the normal computer user but a danger if the same level of protection is available to the criminals (ignoring traffic analysis).
Possible solutions
- Make everyone use weak cryptography - reduces the protection of legitimate computer users
Develop methods by which governments can decrypt all messages - quantum computation!
- Crypto Politics
- [Cryptome]
-
- Computer Security
- [Counterpane Internet Security]
- [Bruce Schneier's Homepage] USA security researcher, author of the books "Applied Cryptography", "Secrets and Lies", "Beyond Fear", ...
- [Ross Anderson's Homepage] UK security researcher, author of the book "Security Engineering"
- [Freedom to Tinker] Ed Felten and Alex Halderman's blog, both are in the Computer Science department of Princeton University.
- [L0pht Heavy Industries]
- [Behind Enemy Lines] analysis of a spammer
- [The Honeynet Project] how to set up a fake network to catch computer intruders