CRYPTOGRAPHY IS the fundamental technology used to protect information in today's information economy. Not coincidently, it is also responsible for the commercialisation of the Internet. Netscape was able to kick off the Internet revolution because of its SSL encryption technology, a scheme that lets consumers send encrypted credit card numbers over the Internet by just filling out a Web form and clicking a button. Say what you will about the dotcom excesses that followed, but much of what we take for granted on the Internet today simply wouldn't have happened without ubiquitous, easy-to-use cryptography.
Yet despite its importance, it is amazing how much disinformation there is out there regarding cryptography. For example, I recently gave a demonstration of a new e-mail encryption system at a conference sponsored by the National Science Foundation. A professor from a university (that will remain nameless) didn't understand the point of my project. "Isn't all e-mail encrypted?" he asked.
"Well, no, it isn't," I told him. While it's true that practically every e-mail client in use today supports either OpenPGP or Secure/MIME — the two competing standards for encrypting e-mail — it's also true that very few people encrypt their e-mail because doing so is tremendously difficult.
Later, another attendee told me that he didn't bother encrypting e-mail because computers were so fast these days that anybody who wanted to could easily crack a message.
"Well, no, they can't," I said. Although many encryption systems have been "cracked" or "broken" in recent years, the so-called strong cryptography systems used today are generally regarded as unbreakable. Unfortunately, that simple fact hasn't stopped many journalists, academics and business leaders from asserting otherwise. Rest assured: They're wrong.
With so much confusion out there, it's worth devoting some attention to a brief synopsis on encryption and an exposition of its most common myths. Cryptography is a set of mathematical techniques used to lock up information so that it can be unlocked only by a person who has the necessary key or password. Cryptography can also be used to digitally sign or certify information so that you can determine if it was modified without authorisation. If there is no possibility that your data might be eavesdropped upon, stolen, modified or publicised without your permission, then there is no reason to protect your data with cryptography. I've tried hard, however, and I can't think of any information that doesn't fall into the "protect" category.
There are fundamentally two kinds of cryptographic systems. The first, called symmetric, uses the same key to encrypt and decrypt. Think of this key as a password: Anybody who knows the key can access the data. Probably the best-known symmetric system is the Data Encryption Standard (DES). Developed in the 1970s by IBM and the National Security Agency (NSA), DES is still widely used today.
The second kind of cryptography is called public-key cryptography. These systems generally have one key that encrypts and a second that decrypts. The best-known public-key system is the RSA algorithm, named after its inventors Ron Rivest, Adi Shamir and Len Adleman.
Both symmetric and public-key systems use keys, but they use the keys in different ways. With symmetric systems, the 1s and 0s in a binary key are like the metal ridges on a house key: To decrypt an enciphered message, each bit in the key must match perfectly. An attacker who doesn't know the key used to encrypt a message can attempt to "crack" the code by trying every possible combination. That approach, however, becomes increasingly unworkable as the key gets longer (there are roughly 4 billion different keys that are 32-bits long; increase the key to 40-bits long, and you get 250,000 times — or millions of billions — as many keys that need to be searched).
Public-key systems are based on mathematical problems such as factoring large numbers. These problems give the systems their two-key properties; they also leave the systems open to attacks other than an exhaustive key search. As a result, keys used for public-key systems have to be much larger than symmetric keys to get the same level of security.
A few examples can quickly illustrate how this all works. The DES encryption algorithm uses a 56-bit key, which means that there are roughly 72 millions of billions of keys available. If you tried to crack a message encrypted with DES by searching a billion keys a second, it would take 72 million seconds to try them all — roughly two and a half years. As it turns out, modern computers can do much better: In 1999, a network of computers found a DES key in about 22 hours, crunching 245 billion keys per second.Recently, DES was retired in favor of the Advanced Encryption Standard (AES). Instead of a 56-bit key, AES can run with a 128-, 192- or 256-bit key. How long will it be until AES is obsolete? Possibly never. There are 340 billion billion billion billion 128-bit keys; if you had a billion computers, each one of which could crack a billion keys a second — it would still take more than 10 trillion years to try all 128-bit keys. (The sun will turn into a red giant and destroy the earth in 4 billion years or less, so 128-bit keys are probably safe.)
If you started paying attention to information security back in the 1990s, then you likely got an inaccurate view of this whole encryption business. Back then, practically every month saw another front-page story about some encryption system being "cracked" or "broken." Even a message encrypted with the vaunted RSA algorithm fell when enough programmers applied sufficient processing power.
But the truth about modern encryption systems is really quite different from the perception that all of this news coverage helped to create. Back in the 1990s, there was a huge fight taking place between US businesses and the US government. The businesses were selling to an increasingly global market, and their customers wanted to use encryption to protect communications and stored data. But groups within the federal government, including the NSA and the FBI, were themselves actively engaged in a worldwide program of eavesdropping and data monitoring: They didn't want the enemies of the United States to start using strong encryption systems that couldn't be broken.
A 2-Bit Law
Under US federal law and international treaty, encryption systems are considered "dual-use" technology; that is, they have both commercial and military purposes. In the early 1990s, US industry cut a deal with the federal government to allow the export of encryption systems that were restricted to using symmetric keys that were 40 bits in length. Although 40 bits might have provided enough security for routine business communications when the compromise was struck, by the middle of the decade 40 bits was clearly insufficient. To demonstrate the inadequacy, groups of researchers set out to crack messages encrypted with 40-bit keys. Their success didn't prove that any encryption system could be overcome — it just proved the absurdity of the government's 40-bit restriction.
Because symmetric algorithms are faster than public key, most encryption systems today use a combination of the two. The SSL algorithm built into most Web browsers uses RSA to exchange a pair of keys, and RC2 or RC4 for bulk data encryption. The Secure Shell (SSH) remote access system is similar except it uses either Blowfish or 3DES — a version of DES that uses 168-bit keys instead of 56-bit keys — for bulk encryption.
As both SSL and SSH demonstrate, the latest trend in encryption systems is to make the algorithms "pluggable." These days, the same basic software can use a variety of algorithms, usually determined when the program runs. The big benefit of pluggable systems is that they let end users change encryption algorithms without getting new applications. In other words, if a serious bug is found with the Blowfish cipher, it's a simple matter to tell SSH to use 3DES instead.
The primary reason you want to use encryption is to protect valuable information from being eavesdropped on over a network. The first thing to protect is passwords — you should use encryption for your POP (point of presence) mail server, and you should replace Telnet with SSH. Intranets that require passwords should eschew "http" and instead use "https" for all URLs. Follow those basic rules, and anybody using a packet sniffer won't be able to find passwords when he examines your network — sage advice for both wireless networks and wired LANs. Once you've got that working, take a look at cryptographic file systems, which let you set up a specially secured space on your hard drive. You can't stop people from stealing laptops, but you can protect the confidential information contained on them.
The most important thing to realise about encryption is that it's virtually free. Today, support for unbreakable encryption is built into practically every piece of communications software and operating system. If you are not using it, you are making a big mistake.
Simson Garfinkel, CISSP, is a technology writer based in the Boston area. He is also CTO of Sandstorm Enterprises, an information warfare software company.