Still working to recover. Please don't edit quite yet.

Difference between revisions of "cryptography"

From Anarchopedia
Jump to: navigation, search
m (Cryptography moved to cryptography: not a proper noun)
m (from infoAnarchy)
Line 1: Line 1:
See also: [[Security]] | [[Encrypting_Your|Encrypting Your]]: [[Encrypting_Your_Mail|Mail]], [[Encrypting_Your_Files|Files]], [[Encrypting_Your_Network_Links|Network Links]], [[Encrypting_Your_Chat|Chat]], [[Encrypting_Your_File_Sharing|File Sharing]]
+
See also: [[Security]] | [[Encrypting Your]]: [[Encrypting Your Mail|Mail]], [[Encrypting Your Files|Files]], [[Encrypting Your Network Links|Network Links]], [[Encrypting Your Chat|Chat]], [[Encrypting Your File Sharing|File Sharing]]
  
 
[[AKA]]: Crypto
 
[[AKA]]: Crypto
  
This is a [[Dangerous|dangerous]] topic. It helps defeat [[Surveillance|surveillance]].
+
This is a [[Dangerous|dangerous]] topic. It helps defeat [[surveillance]].
  
The science of allowing a user to radically change [[Information|information]] in order to conceal the content from third parties. Like any system of security, this science includes the process of searching for its own weaknesses. It is the substitution of [[Character_Set|characters or symbols]] to create an [[Modify|altered]] message that can be reversed to its original form later. Information which has been cryptographically processed is "encrypted". Encryption is now very common, allowing [[User|users]] to [[Trust|trust]] their [[Computer|computer]] [[Communication|communications]] that are, on the [[Internet]], very exposed. There are [http://www.goingware.com/encryption/ many reasons] to use encryption.
+
The science of allowing a user to radically change [[information]] in order to conceal the content from third parties. Like any system of security, this science includes the process of searching for its own weaknesses. It is the substitution of [[Character Set|characters or symbols]] to create an [[Modify|altered]] message that can be reversed to its original form later. Information which has been cryptographically processed is "encrypted". Encryption is now very common, allowing [[user|users]] to [[trust]] their [[computer]] [[communication|communications]] that are, on the [[Internet]], very exposed. There are [http://www.goingware.com/encryption/ many reasons] to use encryption.
  
 
Origin: The Ancient Greek ''kryptein'', meaning "to hide", and ''graphein'', meaning "to write" ([http://www.perseus.tufts.edu/cgi-bin/ptext?doc=Perseus%3Atext%3A1999.04.0057%3Aentry%3D%2360247 source] [http://www.perseus.tufts.edu/cgi-bin/ptext?doc=Perseus%3Atext%3A1999.04.0057%3Aentry%3D%2322826 source]).
 
Origin: The Ancient Greek ''kryptein'', meaning "to hide", and ''graphein'', meaning "to write" ([http://www.perseus.tufts.edu/cgi-bin/ptext?doc=Perseus%3Atext%3A1999.04.0057%3Aentry%3D%2360247 source] [http://www.perseus.tufts.edu/cgi-bin/ptext?doc=Perseus%3Atext%3A1999.04.0057%3Aentry%3D%2322826 source]).
  
=== Properties of Cryptography: ===
 
  
# Encrypted signals may be detected but not understood. Concealing the very existence of the cryptography is [[Obscurity|obscurity]].
 
# Any attempt to discern the encrypted information is considered an [[Attack|attack]] (discussed below).
 
# The word, phrase, characters, or other authentication method that reverses the encryption is called the "[[Key|key]]."
 
# [[Digital_Signatures|Digital Signatures]] are not the same as cryptography but have similar applications and are discussed below.
 
# Encryption is often combined with [[Compression|compression]]. This is because compression works by finding patterns in data and making sure there is only one instance of that data. This makes finding patterns in an encrypted document, and thus finding possible clues about the key, much harder.
 
# Cryptographers are individuals who are very good at [[Mathematics|mathematics]] and this type of science of [[Secret|secret]] [[Text|writing]]. They are also often software [[Developers|developers]].
 
  
 +
== Properties ==
  
Strong cryptography often has legal restraints because of its history in military use. For example, some places (like the USA) considered the export of cryptographic materials to be the same as the export of military weaponry, and laid heavy restriction on such activity. In recent years, this has been relaxed due to foreign commercial competition.
+
* Encrypted signals may be detected but not understood.  Concealing the very existence of the cryptography is [[obscurity]].
 +
 
 +
* Any attempt to discern the encrypted information is considered an [[Attack|attack]] (discussed below).
 +
 
 +
* The word, phrase, characters, or other authentication method that reverses the encryption is called the "[[key]]."  There can be multiple types of keys involved in this process.
 +
 
 +
* [[Digital Signatures]] are not the same as cryptography but have similar applications (discussed below).
 +
 
 +
* Encryption is often combined with [[compression]].  Attacks on encryption often center upon searching for patterns in an encrypted documents and compression helps limit these.  Compression tries to make sure there is only one instance of a given type of data, thus reducing recognizable patterns.  Thus, finding possible clues about the key becomes much harder.
 +
 
 +
* Cryptographers are individuals who are very good at [[mathematics]] and this type of science of [[secret]] [[text|writing]].  They are also often software [[developers]].
 +
 
 +
Strong cryptography often has legal restraints because of its history in military use. For example, some places (like the USA) considered the export of cryptographic materials to be the same as the export of military weaponry (munitions), and laid heavy restriction on such activity. In recent years, this has been relaxed due to foreign commercial competition.
  
 
== [[Attacks]] ==
 
== [[Attacks]] ==
  
# '''[[Cryptography/Attacks|Available methods to reveal encrypted information]]'''
+
* '''[[Cryptography/Attacks|Available methods to reveal encrypted information]]'''
 
+
  
 
=== Computer methods to foil attacks ===
 
=== Computer methods to foil attacks ===
  
 +
Here are three major computer-based methods used to foil attacks.  All have advantages and disadvantages.
  
Here are three major computer-based methods used to foil attacks. All have advantages and disadvantages.
+
* [[Symmetric-Key Cryptosystem]]
# [[Symmetric-Key_Cryptosystem|Symmetric-Key Cryptosystem]]
+
* [[Public-Key Cryptosystem]]
# [[Public-Key_Cryptosystem|Public-Key Cryptosystem]]
+
* [[One-Time Pad Cryptosystem]]
# [[One-Time_Pad_Cryptosystem|One-Time Pad Cryptosystem]]
+
 
+
  
 
=== Libraries ===
 
=== Libraries ===
  
 +
For most cryptography, some type of [[Mathematics|math]] is involved.  Libraries contain mathematical systems, or [[cipher|ciphers]], that mathematically change information to appear as random garbage.
  
For most cryptography, some type of [[Mathematics|math]] is involved. Libraries contain mathematical systems, or [[Cipher|ciphers]], that mathematically change information to appear as random garbage.
+
Of [[Symmetric-Key Cryptosystem|symmetrical]] [[algorithm|algorithms]], there are many including:
  
Of [[Symmetric-Key_Cryptosystem|symmetrical]] [[Algorithm|algorithms]], there are many including:
 
 
: '''Very strong'''
 
: '''Very strong'''
  
#
+
** [[Twofish]] - a losing [[AES]] competition candidate
# [[Twofish]] - a losing [[AES]] competition candidate
+
** [[AES]] - the winner of AES competition, formerly knwon as Rijndael
# [[AES]] - the winner of AES competition, formerly knwon as Rijndael
+
** [[3DES]] - used in [[SSL]], very slow in software
# [[3DES]] - used in [[SSL]], very slow in software
+
** [[RC6]] - another losing AES candidate
# [[RC6]] - another losing AES candidate
+
 
+
  
 
: '''Strong'''
 
: '''Strong'''
 
+
** [[Blowfish]]
#
+
** [[RC4]] - used in [[SSL]]. Contrary to most others on this page a [[stream cipher]]
# [[Blowfish]]
+
# [[RC4]] - used in [[SSL]]. Contrary to most others on this page a [[stream cipher]]
+
 
+
  
 
: '''Weak'''
 
: '''Weak'''
  
#
+
** [[DES]] - used in most older security programs, strong algorithm but keysize two small. Usually slow in software, very fast in hardware.
# [[DES]] - used in most older security programs, strong algorithm but keysize two small. Usually slow in software, very fast in hardware.
+
** [[A5]] - as used in GSM cell phones
# [[A5]] - as used in GSM cell phones
+
 
+
 
+
  
 
One must weight his choice of algorithm based on his performance need and likely attack, however the strongest choices like AES have very fast implementations both in hardware and software.
 
One must weight his choice of algorithm based on his performance need and likely attack, however the strongest choices like AES have very fast implementations both in hardware and software.
  
[[Public-Key_Cryptosystem|Public-key]] [[Algorithm|algorithms]] include:
+
[[Public-Key Cryptosystem|Public-key]] [[algorithm|algorithms]] include:
# [[RSA]] Used for encryption and signature
+
# [[DSA]] Used for signature only
+
# [[Diffie-Hellman]] Used for key-exchange
+
# [[ECC]]
+
  
 +
* [[RSA]] Used for encryption and signature
 +
* [[DSA]] Used for signature only
 +
* [[Diffie-Hellman]] Used for key-exchange
 +
* [[ECC]]
  
[[Digital_Signatures|Digital Signatures]] are used to prove [[Authentication|authenticity]] (you get a strong certitude that the one who generated the message also have the secret key) and [[Integrity|integrity]] (that nothing has been changed in transmission).
+
[[Digital Signatures]] are used to prove [[authentication|authenticity]] (you get a strong certitude that the one who generated the message also have the secret key) and [[integrity]] (that nothing has been changed in transmission).
  
 
=== Key size ===
 
=== Key size ===
  
 +
Different libraries allow for varying levels of [[complexity]], affecting speed and security.  A small bit size can make an algorithm faster but more easily broken.  A large [[bit]] size can make it slow but much more difficult to break.  Also, the higher the bit size, the larger the processed file size will be so a balance is often chosen between strength and convenience.
  
Different libraries allow for varying levels of [[Complexity|complexity]], affecting speed and security. A small bit size can make an algorithm faster but more easily broken. A large [[Bit|bit]] size can make it slow but much more difficult to break. Also, the higher the bit size, the larger the processed file size will be so a balance is often chosen between strength and convenience.
+
Note that [[key]]s that are twice as large in number are not merely twice as difficult to crack. 128-bit keys, for instance, are literally one trillion, trillion (1^10^10) times harder to [[crack]] with [[Brute Force]] than 40-bit keys.
  
Note that [[Key|keys]] that are twice as large in number are not merely twice as difficult to crack. 128-bit keys, for instance, are literally one trillion, trillion (1^10^10) times harder to [[Crack|crack]] with [[Brute_Force|Brute Force]] than 40-bit keys.
+
==== [[Symmetric-Key Cryptosystem]] key size ====
  
==== [[Symmetric-Key_Cryptosystem|Symmetric-Key Cryptosystem]] key size ====
+
: 128-bit keys are usually sufficient for RC4 and 3DES and are commonly used in Web transactions.  Despite 128 bit being very adequate, many Symmetric-Key Cryptosystems now use 256-bit keys by default, regardless of algorithm.
  
: 128-bit keys are usually sufficient for RC4 and 3DES and are commonly used in Web transactions. Despite 128 bit being very adequate, many Symmetric-Key Cryptosystems now use 256-bit keys by default, regardless of algorithm.
+
: Many 40-bit RC4 and 3DES keys must be avoided as they are not secure. They can be broken by a dedicated [[Brute Force]] [[attack]] over the course of a few weeks with a desktop computer.
: Many 40-bit RC4 and 3DES keys must be avoided as they are not secure. They can be broken by a dedicated [[Brute_Force|Brute Force]] [[Attack|attack]] over the course of a few weeks with a desktop computer.
+
  
 
+
==== [[Public-Key Cryptosystem]] key size ====
==== [[Public-Key_Cryptosystem|Public-Key Cryptosystem]] key size ====
+
  
 
: 1024-bit [[RSA]] keys approximately as difficult to crack as a symmetric 128-bit key. [[ECC]] keys can be as secure and considerably shorter than RSA keys. Some public-key programs are available that use exceedingly large key sizes as high as 8192 or 16384 but are, as mentioned above, inconvenient, making the encrypted transmission unnecessarily large.
 
: 1024-bit [[RSA]] keys approximately as difficult to crack as a symmetric 128-bit key. [[ECC]] keys can be as secure and considerably shorter than RSA keys. Some public-key programs are available that use exceedingly large key sizes as high as 8192 or 16384 but are, as mentioned above, inconvenient, making the encrypted transmission unnecessarily large.
  
 
+
Key sizes are often chosen as power of two numbers (e.g. <!-- 64 (<math>Insert formula here</math>), 128 (<math>2^7</math>), 256 (<math>2^8</math>) needs some additional software on the server to work --> 64 (2^6), 128 (2^7), 256 (2^8)) as they can be implemented more efficiently.
Key sizes are often chosen as power of two numbers (e.g. 64 (2^6), 128 (2^7), 256 (2^8)) as they can be implemented more efficiently.
+
  
 
==== Non-math Weaknesses ====
 
==== Non-math Weaknesses ====
 
  
 
Good cryptography is not necessarily the use of smart people or great math. Good cryptography is made up of a program that provides end-to-end security by:
 
Good cryptography is not necessarily the use of smart people or great math. Good cryptography is made up of a program that provides end-to-end security by:
# Encouraging the use of difficult-to-guess, lengthy passwords
 
# Preventing the caching of secure information in an operating system's swap file where it is vulnerable and then using a [[File_Wipe|File Wipe]] for files that have been encrypted to prevent them from being retrieved after deletion
 
# Testing and careful review to ensure software has no failures
 
# Protecting against [[Key-Logging_Attack|Key-Logging Attack]] software
 
  
 +
* Encouraging the use of difficult-to-guess, lengthy passwords
 +
* Preventing the caching of secure information in an operating system's swap file where it is vulnerable and then using a [[File Wipe]] for files that have been encrypted to prevent them from being retrieved after deletion
 +
* Testing and careful review to ensure software has no failures
 +
* Protecting against [[Key-Logging Attack]] software
  
 
==== Openness and Cryptography ====
 
==== Openness and Cryptography ====
  
 +
Many systems of cryptography and its software development are fully available to the public.  [[Trust]] is established in these systems because a [[Closed-Source|closed]] system created by someone else often calls the system into immediate doubt.  Questions such as: does this person had my security needs in mind?  Do they have other motives?
  
Many systems of cryptography and its software development are fully available to the public. [[Trust]] is established in these systems because a [[Closed-Source|closed]] system created by someone else often calls the system into immediate doubt. Questions such as: does this person had my security needs in mind? Do they have other motives?
+
This process of making the details of a system public is called [[open-source]] and is preferable to many security experts because its methods are available to [[peer]]-review and research. For instance, almost all of the encryption library algorithms up for review were open-source at the selection of the Advanced Encryption Standard ([[AES]]) by the National Institute of Standards and Technology ([http://www.nist.gov/ NIST]).
 
+
This process of making the details of a system public is called [[Open-source|open-source]] and is preferable to many security experts because its methods are available to [[Peer|peer]]-review and research. For instance, almost all of the encryption library algorithms up for review were open-source at the selection of the Advanced Encryption Standard ([[AES]]) by the National Institute of Standards and Technology ([http://www.nist.gov/ NIST]).
+
  
 
=== Legal Methods to foil attacks ===
 
=== Legal Methods to foil attacks ===
  
 +
Circumventing encryption is illegal under the US [[DMCA]] law.  It is assumed, however, that most methods of attack are both covert and remote, and cannot actually be enforced.  Still, it is an important method to discourage public revelation of encrypted documents, often making evidence gained through decryption inadmissible in court.
  
Circumventing encryption is illegal under the US [[DMCA]] law. It is assumed, however, that most methods of attack are both covert and remote, and cannot actually be enforced. Still, it is an important method to discourage public revelation of encrypted documents, often making evidence gained through decryption inadmissible in court.
+
A law protecting your encrypted material would seem like a good thing but it really is not, stifling security research and creating ridiculous content-protection laws ala the continuous extension of the [[Mickey Mouse Release Day]]. Most academic and consumer advocates are very against the [[DMCA]].
 
+
A law protecting your encrypted material would seem like a good thing but it really is not, stifling security research and creating ridiculous content-protection laws ala the continuous extension of the [[Mickey_Mouse_Release_Day|Mickey Mouse Release Day]]. Most academic and consumer advocates are very against the [[DMCA]].
+
  
 
==== Cryptography and [[DRM]] ====
 
==== Cryptography and [[DRM]] ====
  
# Digital Rights Management ([[DRM]]) uses cryptography to make it difficult to copy and [[Digital_Signatures|Digital Signatures]] to verify its authenticity.
+
* Digital Rights Management ([[DRM]]) uses cryptography to make it difficult to copy and [[Digital Signatures]] to verify its authenticity.
 
+
 
+
=== Other Software, Cryptographic Libraries ===
+
  
# [[OpenSSL]] | ([http://www.openssl.org homepage]) | very widespread library implementing [[SSL]]/[[TLS]] but it's libcrypto component is also used by many projects like [[OpenSSH]] and [[Mixmaster|mixmaster]].
+
== Other Software, Cryptographic Libraries ==
# [http://botan.randombit.net/ Botan] | [http://www.gnu.org/directory/all/botan. 2618 html GNU Homepage] - ''Botan (formerly OpenCL) is a library of cryptographic algorithms. It includes a wide selection of block and stream ciphers, public key algorithms, hash functions, and message authentication codes, plus a high level filter-based interface. The home page has a list of supported algorithms.''
+
# [http://ccrypt.sourceforge.net/ ccrypt] | [http://sourceforge.net/projects/ccrypt/ Sourceforge Page] | [http://www.gnu.org/directory/all/ccrypt.html GNU Page] - '''ccrypt''' is a utility for encrypting and decrypting files and streams. It was designed to replace the standard Unix 'crypt' utility, which is notorious for using a very weak encryption algorithm. use the [[AES]] algorithm.
+
# [http://kremlinencrypt.com/crypto/algorithms.html Cryptographic Algorithms] - Listing of types
+
  
 +
* [[OpenSSL]] | ([http://www.openssl.org homepage]) | very widespread library implementing [[SSL]]/[[TLS]] but it's libcrypto component is also used by many projects like [[OpenSSH]] and [[mixmaster]].
 +
* [http://botan.randombit.net/ Botan] | [http://www.gnu.org/directory/all/botan.html GNU Homepage] - ''Botan (formerly OpenCL) is a library of cryptographic algorithms. It includes a wide selection of block and stream ciphers, public key algorithms, hash functions, and message authentication codes, plus a high level filter-based interface. The home page has a list of supported algorithms.''
 +
* [http://ccrypt.sourceforge.net/ ccrypt] | [http://sourceforge.net/projects/ccrypt/ Sourceforge Page] | [http://www.gnu.org/directory/all/ccrypt.html GNU Page] - '''ccrypt''' is a utility for encrypting and decrypting files and streams. It was designed to replace the standard Unix 'crypt' utility, which is notorious for using a very weak encryption algorithm. use the [[AES]] algorithm.
 +
* [http://kremlinencrypt.com/crypto/algorithms.html Cryptographic Algorithms] - Listing of types
  
=== Types ===
+
== Types ==
  
# [[Pretty_Good_Privacy|PGP]] and [[GPG]]
+
* [[Pretty Good Privacy|PGP]] and [[GPG]]
# [[OpenSSH]] | [[SSH]]
+
* [[OpenSSH]] | [[SSH]]
# [[SSL]] | [[S/MIME]]
+
* [[SSL]] | [[S/MIME]]
# [[VPN]]
+
* [[VPN]]
  
 +
== Related ==
  
=== Related ===
+
* [[Privacy]] | [[Identity]]
 +
* [[Key Pair]] | [[Public key]] | [[Private key]] | [[Certificate]]
 +
* [[Signature]] | [[Fingerprint]]
 +
* [[Password]]
  
# [[Privacy]] | [[Identity]]
+
* [[Obscurity]] | [[Steganography]]
# [[Public_key|Public key]] | [[Private_key|Private key]] | [[Certificate]]
+
* [[Algorithm]] | [[Programming]]
# [[Signature]] | [[Fingerprint]]
+
* [[File Wipe]]
# [[Password]]
+
# [[Obscurity]] | [[Steganography]]
+
# [[Algorithm]] | [[Programming]]
+
# [[File_Wipe|File Wipe]]
+
# [[Cypherpunk]]
+
<hr />
+
  
=== News ===
+
* [[Cypherpunk]]
  
# [http://www.computerworld.com ComputerWorld] - [http://www.computerworld.com/securitytopics/security/encryption/news/ Crypto News]
+
----
  
 +
== News ==
  
=== Links ===
+
* [http://www.computerworld.com ComputerWorld] - [http://www.computerworld.com/securitytopics/security/encryption/news/ Crypto News]
  
# [http://www.securityfocus.com/ SecurityFocus]' [http://online.securityfocus.com/infocus/1181 Introduction to Encryption]
+
== Links ==
# [http://www.goingware.com/encryption/ Why You Should Use Encryption]
+
# [http://www.offshore.com.ai/security/ Vince Cate's Cryptorebel/Cypherpunk Page]
+
# Bruce Sterling's [http://www.counterpane.com/applied.html Applied Cryptography]
+
# [http://random.mat.sbg.ac.at/links/crypto.html Cryptography and Random Numbers]
+
# [http://www.itmanagersjournal.com/software/04/06/21/196233.shtml How to use cryptography in computer security] - Basics and myths.
+
  
 +
* [http://www.securityfocus.com/ SecurityFocus] - [http://online.securityfocus.com/infocus/1181 Introduction to Encryption]
 +
* [http://www.goingware.com/encryption/ Why You Should Use Encryption]
 +
* [http://www.offshore.com.ai/security/ Vince Cate's Cryptorebel/Cypherpunk Page]
 +
* Bruce Sterling's [http://www.counterpane.com/applied.html Applied Cryptography]
 +
* [http://random.mat.sbg.ac.at/links/crypto.html Cryptography and Random Numbers]
 +
* [http://www.itmanagersjournal.com/software/04/06/21/196233.shtml How to use cryptography in computer security] - Basics and myths.
  
{{infoanarchy2|Cryptography}}
+
{{infoanarchy|Cryptography}}

Revision as of 16:25, 27 June 2006

See also: Security | Encrypting Your: Mail, Files, Network Links, Chat, File Sharing

AKA: Crypto

This is a dangerous topic. It helps defeat surveillance.

The science of allowing a user to radically change information in order to conceal the content from third parties. Like any system of security, this science includes the process of searching for its own weaknesses. It is the substitution of characters or symbols to create an altered message that can be reversed to its original form later. Information which has been cryptographically processed is "encrypted". Encryption is now very common, allowing users to trust their computer communications that are, on the Internet, very exposed. There are many reasons to use encryption.

Origin: The Ancient Greek kryptein, meaning "to hide", and graphein, meaning "to write" (source source).


Properties

  • Encrypted signals may be detected but not understood. Concealing the very existence of the cryptography is obscurity.
  • Any attempt to discern the encrypted information is considered an attack (discussed below).
  • The word, phrase, characters, or other authentication method that reverses the encryption is called the "key." There can be multiple types of keys involved in this process.
  • Digital Signatures are not the same as cryptography but have similar applications (discussed below).
  • Encryption is often combined with compression. Attacks on encryption often center upon searching for patterns in an encrypted documents and compression helps limit these. Compression tries to make sure there is only one instance of a given type of data, thus reducing recognizable patterns. Thus, finding possible clues about the key becomes much harder.

Strong cryptography often has legal restraints because of its history in military use. For example, some places (like the USA) considered the export of cryptographic materials to be the same as the export of military weaponry (munitions), and laid heavy restriction on such activity. In recent years, this has been relaxed due to foreign commercial competition.

Attacks

Computer methods to foil attacks

Here are three major computer-based methods used to foil attacks. All have advantages and disadvantages.

Libraries

For most cryptography, some type of math is involved. Libraries contain mathematical systems, or ciphers, that mathematically change information to appear as random garbage.

Of symmetrical algorithms, there are many including:

Very strong
    • Twofish - a losing AES competition candidate
    • AES - the winner of AES competition, formerly knwon as Rijndael
    • 3DES - used in SSL, very slow in software
    • RC6 - another losing AES candidate
Strong
Weak
    • DES - used in most older security programs, strong algorithm but keysize two small. Usually slow in software, very fast in hardware.
    • A5 - as used in GSM cell phones

One must weight his choice of algorithm based on his performance need and likely attack, however the strongest choices like AES have very fast implementations both in hardware and software.

Public-key algorithms include:

Digital Signatures are used to prove authenticity (you get a strong certitude that the one who generated the message also have the secret key) and integrity (that nothing has been changed in transmission).

Key size

Different libraries allow for varying levels of complexity, affecting speed and security. A small bit size can make an algorithm faster but more easily broken. A large bit size can make it slow but much more difficult to break. Also, the higher the bit size, the larger the processed file size will be so a balance is often chosen between strength and convenience.

Note that keys that are twice as large in number are not merely twice as difficult to crack. 128-bit keys, for instance, are literally one trillion, trillion (1^10^10) times harder to crack with Brute Force than 40-bit keys.

Symmetric-Key Cryptosystem key size

128-bit keys are usually sufficient for RC4 and 3DES and are commonly used in Web transactions. Despite 128 bit being very adequate, many Symmetric-Key Cryptosystems now use 256-bit keys by default, regardless of algorithm.
Many 40-bit RC4 and 3DES keys must be avoided as they are not secure. They can be broken by a dedicated Brute Force attack over the course of a few weeks with a desktop computer.

Public-Key Cryptosystem key size

1024-bit RSA keys approximately as difficult to crack as a symmetric 128-bit key. ECC keys can be as secure and considerably shorter than RSA keys. Some public-key programs are available that use exceedingly large key sizes as high as 8192 or 16384 but are, as mentioned above, inconvenient, making the encrypted transmission unnecessarily large.

Key sizes are often chosen as power of two numbers (e.g. 64 (2^6), 128 (2^7), 256 (2^8)) as they can be implemented more efficiently.

Non-math Weaknesses

Good cryptography is not necessarily the use of smart people or great math. Good cryptography is made up of a program that provides end-to-end security by:

  • Encouraging the use of difficult-to-guess, lengthy passwords
  • Preventing the caching of secure information in an operating system's swap file where it is vulnerable and then using a File Wipe for files that have been encrypted to prevent them from being retrieved after deletion
  • Testing and careful review to ensure software has no failures
  • Protecting against Key-Logging Attack software

Openness and Cryptography

Many systems of cryptography and its software development are fully available to the public. Trust is established in these systems because a closed system created by someone else often calls the system into immediate doubt. Questions such as: does this person had my security needs in mind? Do they have other motives?

This process of making the details of a system public is called open-source and is preferable to many security experts because its methods are available to peer-review and research. For instance, almost all of the encryption library algorithms up for review were open-source at the selection of the Advanced Encryption Standard (AES) by the National Institute of Standards and Technology (NIST).

Legal Methods to foil attacks

Circumventing encryption is illegal under the US DMCA law. It is assumed, however, that most methods of attack are both covert and remote, and cannot actually be enforced. Still, it is an important method to discourage public revelation of encrypted documents, often making evidence gained through decryption inadmissible in court.

A law protecting your encrypted material would seem like a good thing but it really is not, stifling security research and creating ridiculous content-protection laws ala the continuous extension of the Mickey Mouse Release Day. Most academic and consumer advocates are very against the DMCA.

Cryptography and DRM

  • Digital Rights Management (DRM) uses cryptography to make it difficult to copy and Digital Signatures to verify its authenticity.

Other Software, Cryptographic Libraries

  • OpenSSL | (homepage) | very widespread library implementing SSL/TLS but it's libcrypto component is also used by many projects like OpenSSH and mixmaster.
  • Botan | GNU Homepage - Botan (formerly OpenCL) is a library of cryptographic algorithms. It includes a wide selection of block and stream ciphers, public key algorithms, hash functions, and message authentication codes, plus a high level filter-based interface. The home page has a list of supported algorithms.
  • ccrypt | Sourceforge Page | GNU Page - ccrypt is a utility for encrypting and decrypting files and streams. It was designed to replace the standard Unix 'crypt' utility, which is notorious for using a very weak encryption algorithm. use the AES algorithm.
  • Cryptographic Algorithms - Listing of types

Types

Related


News

Links

This article is based on a public domain infoAnarchy article: Cryptography iA