This tip is excerpted from Microsoft Windows 2000 Security Handbook, by Jeff Schmidt and Dave Bixler, published by Que. More of this excerpt can be found on the InformIT Web site.
Let's begin by looking at the two main types of encryption available today.Private Key Cryptography
In private key (also called symmetric key) cryptography, a single key is used for both encryption and decryption. Private key algorithms are generally very fast and easily implemented in hardware, so they are commonly used for bulk data encryption.
There are two general categories of private key algorithms: block and stream cipher. A block cipher encrypts one block of data at a time. DES is an example of a block cipher. A stream cipher encrypts each byte of the data stream individually.
One major drawback of private key cryptography is how to handle the distribution of the keys. Before you can send encrypted data to another person, that person must be in possession of your secret key. Issues like how does the key get distributed securely? And how can you use secret keys if anyone you have shared your key with can decrypt your message, even if it wasn't intended for them? Let's look at a quick example of this issue, since it is central to the issue with secret key cryptography.
Let's take three friends, Susan, Laura and Amy. Susan loves to gossip, and she wants to be sure no one can read the gossip she sends around. Since her best friend in the world (this week) is Laura, Susan sends her secret key to Laura. They have a grand old time passing encrypted gossip back and forth. Time passes and Susan now has a new best friend, Amy. Susan gives Amy her secret key. Susan and Amy now spend most of their time gossiping about Laura, again using encrypted messages. This goes on for a while, when by accident Amy sends Laura one of Susan's encrypted messages. It's some horrible, untrue gossip about Laura. Since Susan shared her secret key with Laura, Laura is able to decode the message and sparks fly. Extend this example to the business or government world, and you have an issue. Fortunately, Public Key Cryptography has the answer to this dilemma.Public Key Cryptography
Public Key cryptography was invented in 1975 by Whitfield Diffie and Martin Hellman. It is rumored that the NSA had come up with the idea in the mid-1960's, but the truth remains classified. The concept of public key cryptography involves the use of two distinct but mathematically related keys. The first key, the public key, is not secret and can safely be shared with anyone. This key is used to encrypt data meant for the owner of the second key. The other key in this method of encryption is a secret key, which can be used to decrypt any messages encrypted by the public key. This process will also work the other direction. Messages encrypted with the secret key can be decrypted with the public key. Messages encrypted with the public key cannot be decrypted using the public key, which is how this type of encryption differs from the Secret Key cryptography discussed in the last section. The set of keys used in Public Key encryption is commonly referred to as a key pair. The underlying principal to this method of encryption is the fact that the public and secret keys are mathematically related. This relationship allows the encryption and decryption to work.
The power of this encryption is it eliminates the preliminary exchange of secret keys that plagues Private Key encryption. You can publish your public key on the cover of the National Enquirer and your message traffic is still secure. In fact, many people include their public key in their e-mail signature blocks. The whole point of this method is that public keys are just that, public. Share them with as many people as you need, and your data remains secure.
One other benefit of Public Key cryptography is the fact that it provides the underlying architecture used in digital signatures, digital certificates and Public Key Infrastructures. These technologies are fueling the e-commerce industry, by providing scalable, strong and manageable encryption methods for conducting business.
There is a cost to this method of encryption however. Public Key encryption generally runs anywhere from 100 to 1000 times slower than the equivalent secret key encryption, due to the overhead associated with the calculating of the mathematical relationship between public and private keys.
In the "friends" example listed above, if Laura had in fact received an encrypted e-mail from Amy using Susan's public key, Laura would have not been able to decrypt the message.
Related book Microsoft Windows 2000 Security Handbook
Author : Jeff Schmidt and Dave Bixler
Publisher : QUE
ISBN/CODE : 0789719991
Cover Type : Soft Cover
Pages : 800
Published : Aug. 2000
Windows 2000 Security Handbook covers NTFS fault tolerance, Kerberos authentication, Windows 2000 intruder detection and writing secure applications for Windows 2000. Co-author Jeff Schmidt has helped develop, and is a consultant for Microsoft on the code for security development of Windows 2000.