Chris's Cryptography Page
What is Cryptography?
Cryptography is the study of encoding information so that it can only be used (deciphered) by authorised parties. Scrambling files based on passwords is a common example of cryptography in practice. The process of scrambling the file is called encryption, and the process of decoding the file, yielding the original, intelligible information, is known as decryption. The scrambled file itself is often called ciphertext.
The general idea is that decrypting a cipher is trivial if you know the key, but infeasibly difficult if you don't. (To get an idea of what "infeasibly" really means, or if you're just concerned about the amount of wasted, idle CPU time in your computer, have a look at the distributed.net project.)
So?
Well, as electronic communications become the norm and electronic commerce takes off, effective security and authentication will become a necessity for everybody. It is remarkably easy to intercept e-mails, credit card numbers, and other sensitive data as they make their way through the Internet.
For many people and organisations, it is essential that a) they be able to communicate without the possibility of their information being used by unauthorised parties, b) it can be guaranteed that the information has not been tampered with since it was issued, and c) that it can be verified that the source of the information is who they say they are. In a nutshell, we need to be assured of the security, integrity, and authenticity of information, particularly when transmitted over the Internet, and cryptography makes this so.
I think this must be where I blah on for a bit:
Symmetric Encryption
With conventional (symmetric) encryption, the same key (say, a password) is used for both encryption and decryption, meaning that if I want to send you a secret message, we both have to know the key. This is generally not very effective, because a) if we have a secure channel to discuss what key to use, we don't need encryption anyway, and b) if we don't have a secure channel to decide on the key, we might as well not bother because anyone could intercept both the key and the encrypted message, and could decipher the message.
Asymmetric Encryption
Asymmetric or public-key cryptography, on the other hand, uses (surprise) asymmetrical methods for encryption/decryption. The asymmetry arises because different (but "complementary") keys are used for encryption and decryption. These keys are generally known as public and secret keys, where the public key can be used only to encrypt (and can therefore be made widely available), and the secret key is used only to decrypt. In the case of the well-known PGP (Pretty Good Privacy) cryptography software, the secret key comprises both a non-human-readable data block and a user-defined passphrase.
Suppose you want to send me a message privately using PGP's asymmetric encryption. You use my public key in the encryption process. The resulting ciphertext can only be decrypted using both my secret key (stored on a secure digital medium somewhere) and my passphrase (stored only in my brain) in combination. Even if someone steals my secret key, they still need my passphrase to decrypt ciphertext intended "for my eyes only". It doesn't matter who gets my public key, because all they can do with it is encrypt.
The public-key approach has a second major advantage: authentication. This works a little bit like encryption in reverse. If I have some data, and I want to prove that it originated from me, I can "sign" it digitally using my secret key and passphrase in combination. If I then send you the data and the signature, you (or anyone with my public key) can use my public key to verify that it was indeed me that signed the data, and (equally importantly) that the data has not been altered at all since I signed it. Obviously, this is immensely more reliable than a written signature, plus it is tamper-proof. Like public-key encryption, public-key authentication only works one way: no-one can use my public key to decrypt or sign, only to encrypt or authenticate. Good, n'est-ce pas?
So what's steganography, then?
Steganography is concerned with the concealment of information. The use of steganography goes way back. More soon.
Software
As far as I know, the most popular public-key cryptography software is Phil Zimmerman's PGP (Pretty Good Privacy), which is free, available for pretty much any platform you can think of, and is generally really good. Be careful about where you obtain it (or any cryptographic technology) - cryptography technology is regarded as a munition by the United States government, and, as such, its unauthorised export (from the U.S.) is prohibited. It is of course available from many other places in the world.
Questions, comments or complaints? Send me an e-mail!
(E-mail address munged for anti-spam effect; just delete the ".nospam")
This document last modified and © 1999-01-01
This page has been accessed 
times, apparently.