Public Key Cryptography has two main functions: confidentiality (encryption) and authentication.
That is, it keeps your data private, and helps verify that it originated from you. It is a swift, powerful, portable method of high-level computer security. This has applications in fields as diverse as email and electronic commerce.
Encryption is the transformation of data into some unreadable form. Its purpose is to ensure privacy by keeping the information hidden from anyone for whom it is not intended, even those who can see the encrypted data. Decryption is the reverse of encryption ; it is the transformation of encrypted data back into some intelligible form.
Encryption and decryption require the use of some secret information, usually referred to as a key. Thus, you can keep your data private if you encrypt it, as only somebody who has the key will be able to decrypt it. You can then send your message over a public channel, such as the internet, in the confidence that only your recepient will see the actual message. However, this requires that the recepient has the key too. And if you send the key over a public channel, this defeats the purpose of security.
The concept of Public Key Cryptography was introduced in 1976 by Whitfield Diffie and Martin Hellman to address this problem. In this, encryption / decryption is performed using two keys instead of one. This is known as a public key / private key pair. These two are mathematically related, such that data encrypted with one key can only be decrypted by the other. In addition, it is computationally infeasible for an opponent to try and deduce a private key from a public key. Therefore, the problem of key management has been elegantly addressed. All one needs to do is make available one's public key to all and sundry, using any source available to you. People who then want to send you information in a secure fashion only have to encrypt it using your public key. It can then be decrypted only by you, using your private key. Thus, even if the encrypted message falls into the hands of some opponent in transit, your data is still secure.
Public Key Cryptography has yet another application, however. That of authentication. How it works is like this: You take a message which you want to tag as having come from you, and only you. The message is then put through a computation which produces a unique value called a _message digest_. The message digest is then encrypted with your PRIVATE key, and appended to the message. This is called a DIGITAL SIGNATURE. When the message reaches the recepient, he performs the same computation on the message to get the digest. He then decrypts the digital si gnature, using your PUBLIC key, (which you have made available) and compares the two. If they match, he then knows two things:
The message has thus been authenticated.
The combination of these two (security and authentication) ensure that cryptography can lay the foundation of an e-commerce infrastructure.
already addressed above.
Cryptography can be used to regulate access to corporate networks which contain confidential, business-critical data. It is critical that businesses have confidence in the technology involved, that they are sure their data (which is the lifeblood of their enterprise) will not be intercepted by rivals. And unless ubiquitous use of strong cryptography by corporates is encouraged, they will have no incentive to provide it also to their end users.
In addition to the above points, casual and ubiquitous use of strong srypto has the happy effects of helping to protect against virus attacks, networks intrusion, spoofing (unauthorised access by somebody claiming to be an authorised user) etc. This is accomplished by the authentication features explained above.
Weakness of 40-bit cryptography - Deep Crack (cracks 56-bit keys in under a day.) - Security Agencies with specialized cryptanalysis hardware.
DES, which is an outdated encryption standard which has now been phased out, uses 56-bit keys. [ * note that this is not a public key algorithm, and thus a 56-bit key is roughly equivalent to a 512-bit key of an RSA public-key algorithm ]
Previously, due to restrictions imposed by the US government, only versions of DES that used 40-bit keys were exportable outside the US.
However, there is evidence that even 56-bit keys can be broken quite easily. To prove the insecurity of DES, the Electronic Frontier Foundation (EFF) built the first unclassified hardware for cracking messages encoded with it. On Wednesday, July 17, 1998 the EFF DES Cracker, which was built for less than $250,000, easily won RSA Laboratory's "DES Challenge II" contest and a $10,000 cash prize. It took the machine less than 3 days to complete the challenge, shattering the previous record of 39 days set by a massive network of tens of thousands of computers.
Further information about this is available at http://www.eff.org/descracker/
In addition to this, it is certain that security agencies, including those of unfriendly governments, possess specialised hardware that is capable of cracking such insecure ciphers in fractions of a second.
Impossibility of restricting/controlling use by outlaws.
Sophisticated cryptographic algorithms, and software implementations of these algorithms, are available at thousands of sites on the internet, on servers which are physically located in various countries. It is thus infeasible to attempt to control access to these by outlaws. Therefore, restricting access to strong cryptography by law-abiding individuals will have the result of decreasing security of the system as a whole, making it vulnerable to atack by busines rivals, thieves and foreign powers.
Key-escrow as a security threat
Key-escrow as a bottleneck
State of cryptography on the Internet.
Last updated on ... October 18, 2000