An Introduction to Cryptographic Authentication and Encryption

If you are on the Internet then you more than likely have used encryption whether you knew it or not.  Logging into the Gmail™ webmail service or your bank more than likely involves setting up an encrypted path between your web browser and the web server that is hosting the site.  When done correctly all the information that is passed over the Internet is secure against eavesdroppers that may be watching the information pass across the network.  Fortunately for most of us, the process of setting up this secure communication path is seem-less.  It hasn’t always been this way, however.

Cryptography has been around for thousands of years.  Always evolving, today’s cryptography wouldn’t even be recognizable a hundred years ago.  We can, however, look back to the early times and see traces of what we now know as SSL, AES, and other schema standards that we use today.  A hundred years ago battlefield commanders used a simple letter-replacement encryption schema to obscure messages sent to troops in faraway lands.  These messages needed to be meaningless to anyone intercepting the message on its way to the distant point but be easily decoded by the person of whom the message was intended.

Back then these messages were considered mostly safe and cryptanalysis, or the attempt to break the encryption, was done by hand and took a longer period of time than the message was valid.  The 1920s saw a change to the type of encryption being used.  Arthur Scherbius’s Enigma machine, made it possible for businesses to create a more-secure cipher to communicate information over telegram or other medium.  No longer were messages secured with a cipher that could be broken by trying 26 combinations.  Once the Germany military made changes to the machine the number of possible combinations exploded to 158 quintillion!  It would have seemed that messages secured using this machine would be safe forever.  Unfortunately two problems plagued the system that still haunt encryption experts today: cryptanalysis and communicating the key.

Communicating one’s key has been somewhat remedied by technology but technology has also benefited cryptanalysis to the detriment of many ciphers.  When the Polish Cipher Bureau broke the Enigma encryption in 1932 the beginning of mechanical, computerized if you will, cipher breaking was seen.  Since then computers take aim at cipher-text to try to recover the key, message contents, or both.  Depending on the cipher used and the key strength, some messages can be decoded in a matter of minutes or hours.  New ciphers are constantly being developed and evaluated to combat the ever-growing threat.

It should also be noted that it took several minutes, depending on the length of the message, to both encrypt and decrypt a message.  Now days encryption and decryption of messages happen in real-time.  No longer are people only securing messages but rather they are able to encrypt entire data transfers over the Internet without much effort.  Many new applications have been developed to help remedy problems such as verifying the integrity of information.  New ways of creating more secure algorithms are also being developed.

Over the next few months we’ll be providing an overview of cryptography, some of the implementations that are most common, and explain some of the technologies behind this sometimes mysterious means of communicating.  Topics covered will be:

  • Hashing
  • Symmetric Encryption
    • Cryptographic algorithms, keys and key-size recommendations (NIST)
  • Asymmetric Encryption
    • Cryptographic algorithms, keys and key-size recommendations (NIST)
  • Uses of hashing and encryption
    • WiFi networks (WPA, WEP), VPNs, OpenPGP, SSL/TLS

One thought on “An Introduction to Cryptographic Authentication and Encryption

  1. Pingback: Symmetric Encryption | Red Hat Security

Comments are closed.