Introduction
The sending and receiving of sensitive information is a longstanding need, which has existed for hundreds of years. With the emergence the Internet and its consequent ease of transmitting data in a way accurate and extremely fast, and encryption has become a tool key to allow only the sender and the receiver have access free to information crafted. This article has as objective to make a approach introduction to cryptography, showing the aspects and the most important concepts. We’re going there?
What is encryption?
The term cryptography arose out of the merger of the Greek words “kryptós,” and “gráphein,” which mean “hidden” and “write”, respectively. It is a set of concepts and techniques that aims to encode an information so that only the sender and receiver can access it, preventing that an attacker is able to interpret it. For this, a series techniques are used and many others come with the pass from time to time.
In computing, the techniques of the most well-known involve the concept of keys, the so-called cryptographic keys. This is a set of bits based on a particular algorithm able to encode and decode information. If the receiver the message to use a key incompatible with the key of the issuer, you will not be able to extract the information.
The first cryptographic methods existing used only an encoding algorithm. So, it was enough that the receiver of information knew this algorithm to be able to extract it. However, if an attacker had possession of this algorithm, also could make a process of decryption, the case could capture the encrypted data. There is still another problem: imagine that the person had to send a information encrypted to person B. This last would have to know the algorithm used. Now Imagine that a person C also needed to receive information from The person, however the person C could not find out what is the information to be sent to person B. If person C could capture the information sent to the person B, also would be able to decipher it, because when the person sent his information, the person C also had to know the algorithm used. For the person to avoid this problem, the only solution would be to use a different algorithm for each receiver.
With the use of keys, a sender may use the same algorithm (the same method) to multiple receivers. Just that every one may receive a different key. In addition, if a receiver lose or expose particular key, it is possible to change it, while keeping the same algorithm.
You may have already heard talk of 64-bit key, key 128-bit, and so on. These values express the size of a given key. The more bits are used, the more secure it will be the use of encryption. Explains: if an algorithm can use keys of 8 bits, for example, only 256 keys may be used in the decoding, since 2 raised to 8 is 256. This makes it clear that 8 bits is unsafe, because until a person is able to generate all 256 combinations (though it takes), then imagine a computer! However, if they are used 128 or more bits for keys (make 2 raised to 128 to see what happens), we will have an extremely large amount of combinations, leaving the information encrypted well more secure.
Symmetric keys and asymmetric
There are two types of cryptographic keys: symmetric keys and asymmetric keys. Both are addressed below:
Symmetric key
This is a type of the key more simple, where the transmitter and the receiver make use of the same key, that is, a single key is used in the encoding and in the decoding of the information. There are several algorithms that use keys symmetric, such as DES, IDEA, and RC:
– DES (Data Encryption Standard): created by IBM in 1977, makes the use of 56-bit keys. This corresponds to 72 quadrillion combinations. It is a value absurdly high, but not for a powerful computer. In 1997, this algorithm was broken by the technical “brute force” (trial and error) in a challenge promoted on the Internet;
– IDEA (International Data Encryption Algorithm): created in 1991 by James Massey and Xuejia Lai, the IDEA is that an algorithm that makes use of 128-bit keys and that has a structure similar to DES. Its implementation in software it is easier than the implementation this last;
– RC (Ron”s Code or Rivest Cipher): created by Ron Rivest in the company RSA Data Security, this algorithm is widely used in e-mails and makes use of keys ranging from 8 to 1024 bits. Has multiple versions: RC2, RC4, RC5 and RC6. Essentially, each version differs from the other by working with larger keys.
There are also other algorithms known as AES (Advanced Encryption Standard), which is based on the DES – , the 3DES, Twofish and its variant Blowfish, etc.
The use of symmetric keys has some disadvantages, making that your use is not appropriate in situations where the information is very valuable. To begin with, it is necessary to use a large amount of keys in the event that many persons or entities are involved. Still, there is the fact that both the sender and the receiver must know the same key. The transmission this key from one to the other may not be so secure and fall into “the wrong hands”.
Asymmetric key
Also known as “public key”, key asymmetric works with two keys: a so-called private and another called public. In this method, an emitter you must create an encryption key and send it to the receiver. This is the public key. A another key should be created for decoding. This, the private key, is secret.
For better understanding, imagine the following: The AbbreviationFinder created a public key and sent it to several other sites. When any of these sites you want to submit a information encrypted the AbbreviationFinder you should use the public key in this. When the AbbreviationFinder receive this information, you will only be possible to extract it with the use of the private key, which only the AbbreviationFinder has. If the AbbreviationFinder please send an information encrypted to another site, you must obtain a public key provided by this.
Among the algorithms that use asymmetric keys, have been the RSA (the most known) and the Diffie-Hellman group:
RSA (Rivest, Shamir, and Adleman): created in 1977 by Ron Rivest, Adi Shamir, and Len Adleman, in the laboratories of MIT (Massachusetts Institute of Technology), is one of the algorithms of asymmetric key most used. In it, numbers prime (prime number is one that can only be divided by 1 and by itself) are used in the following way: the two numbers primes are multiplied to obtain a third value. However, discover the first two numbers from the third (or is, to make a factorization) is very laborious. If two prime numbers that are big (really big) are used in the multiplication, you will need to use too much processing to discover them, to make this task practically impossible. Basically, the key private in RSA are the numbers multiplied, and the public key is the value obtained;
ElGamal: designed by Taher ElGamal, this algorithm makes use of a mathematical problem known as the “logarithm discrete” to become secure. Its use is frequent in digital signatures.
There are still other algorithms, such as the DSA (Digital Signature Algorithm), the Schnorr (practically used only in signatures digital) and Diffie-Hellman.
Digital certification
A feature known as digital certification is very used with public keys. This is a medium that allows, for example, prove that a certain electronic document has the same issued by a particular entity or person. The receiver of the information will use the public key provided by the sender to make sure source. In addition, the key is integrated to the document of the form that any change by a third party immediately invalidates.
PGP
PGP is the acronym for a Pretty Good Privacy. It is a encryption software created by Philip Zimmermman in 1991. The intention of Zimmermman was to help in the defense of freedom individual in the United States and around the world, once he realized that the use of computer would be something more and that the right to privacy should be maintained in this environment. For be available free, PGP has become one of the means of encryption the most well-known, especially in the exchange of e-mails.
In PGP, asymmetric keys are used. In addition, to enhance security, the software can perform a second type of encryption through a method known as “session key” that, in fact, is a kind of symmetric key.
A curious fact to be mentioned is that Zimmermman was the target of a the police investigation that lasted nearly 3 years. This is because the American law prohibits the export of cryptographic software without the express authorization of the government. However, on investigation, proved to be that someone without identification and not your own Zimmermman is that distributed the program over the Internet. The PGP then passed to be sent to other countries through a loophole in American law: the new versions had their source code published in books. These are exported from legally, because American law prohibits the export of the software, but the printed code is not considered program.
There are several software based on PGP. For more information, go to the page about PGP on Wikipedia (in English).
Ending
Encryption can only be considered as such if 4 principles basic they are followed up and offered: confidentiality, authentication, integrity of the information and not repudiabilidade (the the sender cannot deny the sending of information). This is why the encryption is a feature so important in the transmission of information via the Internet and, even thus, it is not able to guarantee 100% security,because there is always someone who can develop a way to “break” a cipher. This is why it is that existing techniques are improved and other are created, such as “Quantum Cryptography”. In encryption there are other concepts involved, such as the Function Hashing (used in digital signatures), and applications, such as the above mentioned certification digital.
For those who want to work with computing, encryption it is an interesting area. Obviously, it is necessary to have a lot of affinity with the calculations, after all, as it can be noticed in the article, mathematics is the basis for the concepts that involve the use of encryption.
