Encryption Systems
Most encryption systems consist of a lock and key. The lock is the encryption of your files, or data in transit, and the key is some password, ID, or certificate that only you possess. The security of the key is important and typically is left up to you, the user, to protect.
That brings us to the question of what makes encryption strong. It might seem that the algorithm or cipher determines the strength of the encryption system. This is partially true because a good algorithm is important. However, the strength of the encryption system should not depend on the secrecy of its algorithm. In fact, a strong algorithm is typically one that is widely known, and has been widely studied and attacked by knowledgeable cryptanalysts. In other words, no problems should exist with making an encryption algorithm public. In fact, it is considered good practice when developers release their encryption algorithms for public scrutiny. This shows that they are willing to accept any criticism to make their algorithm stronger.
When encryption algorithms are not made public, they are strongly questioned and often cracked. A clear example of this happened in 1999, when the CSS (Content Scrambling System) was developed to encrypt DVD movies. The hope of its creators was that CSS would prevent people from copying DVDs and reselling them on the black market. However, by depending on an encryption scheme that was kept largely private, their plans were quickly foiled when they released CSS-protected DVDs. Some young hackers from Norway quickly reverse engineered the encryption and created DeCSS, a software program to undo the protection of CSS. When DeCSS was made publicly available on the 2600 Magazine Web site, a legal controversy quickly ensued.
What determines the strength of encryption? The strength of a cryptosystem is largely dependent on the size and security of its keys. The key should be at least 64 bits (128 bit is preferable) for symmetric key systems, and larger for public key systems (these are discussed in the next section).
The security of the secret key is what really determines the strength of the system in the end. The type of secret key used depends on the software program being used. Some programs will store the secret key in a file. Others will just use a password for the key. Others still will use a combination of a secret key file and a password. This is where the human factor plays a large role. The ability for a human to keep his password and secret key well protected is critical. Exercise the following precautions to keep your secret key safe:
Do not write down passwords.
Keep the secret key file in a protected location on the hard drive.
Do not distribute the password or secret key to anybody else.
Symmetric Versus Public Key Cryptography
Two common types of encryption algorithms are in use today. The one you choose depends on your needs because each is well suited for different scenarios.
With symmetric key algorithms, the same key that is used to encrypt a message is the key used to decrypt it. Think of it as having just one house key but two people in the house who need to lock and unlock the door. You both have to share that one key. Symmetric key systems are designed to be fast and easy to implement. They have been around longer than public key systems, and it is evident when you realize just how many more symmetric key algorithms exist than public key algorithms.
An inherent problem exists with symmetric key systems, however. If you and I want to encrypt/decrypt the same electronic document, for example, a secure exchange of the secret key is required. Do I e-mail it to you? Snail mail it? Hand deliver it? Tell it to you over the telephone? Unless I hand deliver it to you, I am making the transfer vulnerable to a man-in-the-middle attack and jeopardizing our secret. A man-in-the-middle attack means that someone can intercept the key, copy it, and pass on the original communications to the intended person. If I mailed the key or password to you via the postal service, someone could get the letter, open it, read the key, seal it again, and send it on its way to you without either of us knowing. With symmetric keys, it is up to both of us to keep it safe from prying eyes. Using the same house lock example, if you lock the door and I come home and need to unlock the door, we would need to exchange the key securely for me to unlock the door. Leaving the key under the doormat for me to use is an insecure key exchange. Getting the key to the other person securely is the main problem.
Public key algorithms attempt to solve the problems of secure key exchange. In 1976, Whitfield Diffie and Martin Hellman at Stanford University proposed a public key encryption system that was made practical by Ron Rivest, Adi Shamir, and Leonard Adleman at the Massachusetts Institute of Technology. The technology was known as RSA (after the first letters of the creators' last names). In a public key cryptosystem, a public key is used to encrypt the data, and a private, or secret key, is used to decrypt it. The public key is so named because it can be made publicly available without jeopardizing the security of the system or the private key. The private key, also referred to as a secret key, is so named because it is meant to stay secret, or private, to the person who uses it. For a full description and illustration of public key cryptography, refer to the Chapter 8 section on PGP.
The terminology with these two encryption systems can be confusing. People often refer to the symmetric key algorithms as either the private key or the secret key algorithm. You will notice some overlap in terms when discussing public systems; however, rest assured that the two cryptosystems are completely different. The concept of the secret key, however, is more or less the same between them. The secret key is the magic wand used to encrypt and decrypt data.
Again, in a public key cryptosystem, the public key encrypts the data, and the private key decrypts it. Why would anybody want such a system? The system has many real-world advantages over the symmetric systems. For the majority of us who want an easy-to-manage means of sending and receiving encrypted files and e-mail, public key systems are great. Additionally, public key systems have another advantage over symmetric key systems—they allow for the creation of digital signatures.
Perhaps Alice wants to send Bob some private information. It could be financial information, a Christmas shopping list, or an e-mail message. Alice wants to make sure that the data is encrypted and that the data maintains its integrity without being modified in transit. First, Alice would obtain Bob's public key. She would obtain that key from a public server or directly from Bob, and she would use that key to encrypt the file. Remember that encrypting this file with Bob's public key means it is encrypted until Bob gets it. At this point, no one else can decrypt it, not even Alice. Only Bob with his secret private key can decrypt this message. Assuming that no one else has Bob's private key, Alice is now sure that up until the point when Bob decrypts the message, no one else can read or tamper with the original message. If the message were tampered with, Bob's private key would not be able to decrypt the message.
How can Bob be sure that it is really Alice who created the original message? After all, anyone can obtain Bob's public key from a key server and send him a message. Digital signatures address this issue of authenticity. In our example, Alice would “sign” her message by encrypting the message (or just some text) with her private key. Now Bob must not only decrypt the message with his private key, but he must also decrypt Alice's digital signature with her public key. That proves that the message really came from Alice. Because Alice's public key decrypted the message, only Alice could have encrypted the message. Note that up to this point, anyone can decrypt this portion of the message because anyone can get Alice's public key. However, the only person who can decrypt the rest of the message is Bob with his private key. This is a simple but elegant method of providing authenticity, integrity, and secrecy.
Attacks Against Encryption
People who want to crack encryption systems have options ranging from brute-force key guessing to finding a weakness in the encryption software. Different attacks can exist for symmetric key and public key.
Several methods of cracking encryption include the following:
Password guessing
Finding and stealing private keys
Exploiting flaws in encryption software
Exploiting flaws in the operating system
Publicly known versus secret techniques
Password guessing is simple to do and works fairly often. In a cryptosystem that uses a password for the secret key, you need to plan extra hard to create a strong password that will not be forgotten. Consider that many people use the same password for everything—ISP access, e-mail, bank account, and so on. You, of course, are not one of these people, right?
Many ciphers today have encryption strength comparable to their key size in bits. Therefore, bigger key sizes can translate to stronger encryption. The most effective attacks are not done by people who are trying to crack the encryption, but instead by people who are trying to exploit weaknesses in the implementations of the encryption software you choose. People will try to exploit mistakes you might have made in the way you operate your computer and encryption software. For example, you should not leave copies of your secret key file in multiple places on your computer. The main benefit of having a secret key is that you need to secure only a single key. Only one key needs to be protected and secured on your system. You can even keep it on a floppy disk for further security. Some other key mechanisms require multiple keys, which are harder to keep track of.