Chapter 7. Encryption

The study of encryption is called cryptography, from the Greek kryptos meaning "hidden," and graphia, meaning "writing." The process of trying to decrypt encrypted information without the key (to "break" an encrypted message) is called cryptanalysis. The study of code creation and breaking together is sometimes referred to as cryptology. To write something in a cipher so that only those authorized to do so can decode and read it is called encryption.

Encryption is an ancient form of information protection that dates back 4,000 years. Encryption has taken on new significance in the modern computer age. It's a particularly effective way to protect sensitive informationfor example, passwords that's stored in a computer system, as well as information that's being transmitted over radio or microwave channels and communications lines.

By changing or substituting or scrambling the order of letters and words, encryption has through the ages protected communications while they were being transmitted through a hostile environmentusually one involving war or diplomacy. Of course, once the message is received, it must be unencrypted to be meaningful. Thus begins the fascinating story of cryptography, literally "secret writing," much of which forms the basis for computer and network security today.

Hundreds or even thousands of years ago, messages worthy of encryption might have included letters from a battlefield general to the home front. Encryption protected the communication in case the soldier carrying the letter was captured. In modern times, this might mean encrypting an electronic mail message containing sensitive information (of military, corporate, or personal importance) transmitted across a network. Encryption protects the information in case an intruder taps into the network.

Information that's encrypted remains secure even when it's transmitted over a network that doesn't provide strong securityin fact, even if the information is publicly available. In most versions of the Unix operating system, for example, the file containing user passwords stores those passwords in encrypted form. Encryption protects these passwords effectively, to the point that if somebody does access the file, encryption would make it very difficult for an attacker who obtained the file to be able to decipher the passwords.

Because encryption has historically been an expensive method of computer security (expensive in terms of product cost as well as computer time needed to encrypt), it has most often been used to protect only classified or particularly sensitive informationfor example, military information, intelligence information, information about funds transfers, and information about the passwords in a computer system. Encryption is now becoming a more popular and inexpensive method of protecting both communications and sensitive stored data. For example, numerous web browser providers offer an encryption service to users. Inexpensive or free encryption software that can help ensure message security is available for PCs and wireless devices. As awareness of encryption benefits grows, as more laws mandate penalties for failing to protect information, and as encryption technology becomes more accessible and affordable, encryption is likely to be used as a matter of course to protect datawhether it's classified information being transmitted over a network, or ordinary user data stored on an office computer system.

This chapter describes basic encryption techniques and how they're used to protect data. Chapter 8 discusses communications security (of which encryption is an important part) and networking concepts, and elaborates on how encryption fits into overall communications security.

Cryptography is a complex topic. This chapter provides an introduction to basic encryption techniques, but it doesn't try to describe the mathematical basis of encryption algorithms or explore all the complexities of the topic. For detailed information, an excellent reference is Network Security: Private Communication in a Public World, by Charlie Kaufman, Radia Perlman, and Mike Speciner (Prentice Hall).