What is cryptography?
Cryptography is the process of hiding the meaning of a message by applying a mathematical transformation to it (encrypting it). The encryption algorithm is assumed known to everyone, it is only the key that is unknown. Without the key decryption of the message is a hard mathematical task, taking in principle billions of computer years to accomplish with classical computers.
Why use encryption?
Cryptography is used to hide messages from other entities. Who those
entities are depends on what your message is.
If you are a normal computer user the message can be your computer password or credit card details. Encryption is used to prevent anyone between your computer and the computer you are communicating with from reading your message. For example, I am using a secure shell [(ssh)] link to talk to the webserver where this document is stored so that no-one on my local area network can use a packet sniffer such as [Ethereal] to capture my password.
If you are a criminal or terrorist the messages are encrypted to hide them from the state security apparatus.
What is the problem?
The controversy over encryption arises because once a strong algorithm is developed (eg Triple DES, Blowfish, AES, RSA, ElGamel) it is easy to chose a key length long enough to prevent ANYONE from decrypting the message (ignoring weak passwords and rubber hose cryptanalysis). This is fine for the normal computer user but a danger if the same level of protection is available to the criminals (ignoring traffic analysis).
- Make everyone use weak cryptography - reduces the protection of legitimate computer users
Develop methods by which governments can decrypt all messages - quantum computation!
- Crypto Politics
- Computer Security
- [Counterpane Internet Security]
- [Bruce Schneier's Homepage] USA security researcher, author of the books "Applied Cryptography", "Secrets and Lies", "Beyond Fear", ...
- [Ross Anderson's Homepage] UK security researcher, author of the book "Security Engineering"
- [Freedom to Tinker] Ed Felten and Alex Halderman's blog, both are in the Computer Science department of Princeton University.
- [L0pht Heavy Industries]
- [Behind Enemy Lines] analysis of a spammer
- [The Honeynet Project] how to set up a fake network to catch computer intruders