home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Shareware Overload Trio 2
/
Shareware Overload Trio Volume 2 (Chestnut CD-ROM).ISO
/
dir33
/
privacys.zip
/
HOW.TXT
< prev
next >
Wrap
Text File
|
1994-10-26
|
10KB
|
174 lines
HOW YOU CAN USE DATA ENCRYPTION
TO SAFEGUARD YOUR PRIVACY
You can beat the bureaucrats and busy-bodies at
their own game, with their own technology. Unless you
are a computer security specialist, you probably
haven't thought much about secret codes. Indeed, why
should anyone except the military or large,
multinational corporations be concerned with protecting
communications and information systems?
Information Superhighway-Men
If you use your PC to communicate with other
people through networks such as Internet, CompuServe,
even inner-company e-mail, you leave yourself wide open
to intruders -- intruders who may read your messages or
even gain access to the files you store on your hard
drive.
Anyone with a PC and a modem has the potential to
infiltrate any computer system in the world. Spies,
tax collectors, and other enemies of your privacy are
continually developing powerful computer espionage
techniques. Anyone may fall prey to the bandits of the
information superhighway.
Already, computers have been hooked up to
interactive systems that combine telephone, fax,
television and other, more conventional
telecommunications technologies, thus providing
unsecured access through a variety of input channels.
Most of the entryways used by data thieves to gain
entry to your files can be safeguarded by the
electronic equivalent of the number lock. The art of
disguising messages is called "encryption." Encryption
in its most basic form involves techniques such as
"substitution." For instance, shift the alphabet over
two letters (A becomes C, B becomes D, etc.) so that
"SECRET" becomes "UGETGS." The original messages is
the "plaintext"; the disguised message is the
"ciphertext." The cryptographic system as a whole is a
"cipher." The art of breaking ciphertext is called
"cryptoanalysis." Cryptographers and cryptoanalysts
employ cryptology, a mystery-clouded branch of
mathematics.
The message is encrypted with an algorithm, a
mathematical function. The cryptographic algorithm is
a series of steps that turns plaintext into ciphertext
or vice versa. Algorithms use a key. Without the key,
you can't decrypt the ciphertext. The key is selected
from an immense array of possible values. With a good
cryptographic algorithm, one way to cryptoanalyze a
ciphertext is to try all possible keys, known as a
"brute force" attack. But imagine trying to unlock
someone's door with one of 10,000,000,000 available
keys on the key ring. Unless you were the kind of
person who'd win the lottery jackpot 100 times in a
row, the building would collapse from old age before
you could open the door. Cryptography works on the
same principle. It is possible to generate algorithms
that would require more time than the universe has been
in existence to crack -- even if every computer in the
world were at your disposal.
So how would you use a cryptographic algorithm?
Let's say that you run your own business, and you want
your accountant to explain why he didn't deduct the
cost of your car from your income statement. You want
to keep your correspondence private, and not have any
of your employees listen in.
First, you hand the key to the accountant in
person. Then you return to your computer and encrypt
your message with the key and send the encrypted
message to the accountant. The accountant decrypts the
key, and repeats the procedure when communicating with
you. Anyone intercepting the message will be unable to
read it.
This type of cipher is called a "symmetric key"
algorithm. The decryption key is the same as (or
easily derivable from) the encryption key. The
advantage of this type of cipher is the case with which
it may be used. The problem is that someone may steal
the key from the accountant, or the accountant may
intentionally reveal it. Also, it may be difficult to
physically transfer the key.
To solve the security risk inherent to symmetric
key systems, cryptographers invented "public key"
systems, which have two keys: an encryption key (the
public key) and a decryption key (the private key).
It's mathematically impossible to derive the private
key from the public key. The public key is made
available in your communications network. Someone who
wants to communicate with you uses your public key to
encrypt messages. As long as you keep the private key
private, the system is completely secure.
Secret handshake
Another arrangement is used in message
authentication. A message is authenticated with a
digital signature, the way a written contract is
validated with a signature. Without message
authentication, a crook could pretend to be your
spouse. He might convince you that your spouse's car
has broken down. You leave your house, only to return,
alone, to find that it had been robbed. Digital
signature algorithms are the reverse of public key
ciphers. In this case, the decryption key is public,
while the encryption key is private. Only the
possessor of the key could have authored the message
bearing the correct digital signature.
As with encryption algorithms, the security of
digital signature algorithms lies entirely with key
management. If an eavesdropper discovers your private
key, he can send messages in your name. If the keys
are insecure, a cryptographic algorithm is useless.
Let's say your business uses a public key system,
or you are encrypting your own files for later use. A
good way to store the key is to memorize it. However,
the key could easily be compromised if someone were
looking over your shoulder when you typed in the key,
or if you were interrogated. A better way to secure
your key would be the installation of a magnetic key
card system. You could split the key in two, storing
half in the card and half in the memory of the computer
itself. Even were either half compromised, the system
would remain secure.
The key-splitting technique should also be applied
to key distribution. If you need to send someone a
symmetric key to set up a two-way communication
channel, divide it into several pieces. Send them
through different channels at different times (in
person, through the mail, etc.) Any piece by itself is
useless.
Electronic locksmith
Ironically, cryptographic algorithms developed in
secret are the least secure. Avoid encryption
producyts that claim to involve "new" or "secret"
algorithms. Most of them are simply unable to
withstand the scrutiny of professional cryptoanalysts.
There are several effective, powerful algorithms that
have been around for over a decade. While new
encryption technology may emerge, rendering current
algorithms obsolete, it is safer to stick with proven
systems.
DES (Data Encryption Standard) is an international
encryption system endorsed by the U.S. government.
This is also its major flaw. There are unconfirmed
rumors that the U. S. National Security Agency (NSA)
apparently holds a key to a secret "trapdoor" to the
algorithm.
DES uses a 56-bit key, which would take thousands
of years to break -- even assuming the existence of
supercomputers that transcend current limitations.
While it is possible to find algorithms with a greater
key length, the additional security is offset by
decreased speed and efficiency. Also, the widespread
use of DES makes it very convenient to use.
Electronic data encryption opens up an incredible
entrepreneurship potential for information-related
services. In an electronic marketplace with hundreds
of thousands of potential clients worldwide, even
small-scale offers of information, say, a comic strip,
a bawdy limmerick, or a stock report suddenly become
marketable. Encryption could help meter it out
according to a pay-per-view system.