[Guest Blog: Encryption Basics]

July 18th, 2007

Binary Star

Binary Star

Encryption Basics

A little About Me.

My name is Binary Star and I’m a pretty hardcore geek. Programming is my calling and that’s where my handle came from. Other than that, I’m just another denizen of the internet. I’m the first Guest blogger Comrade’s had, and so I wasn’t entirely sure what I should even write about. I decided that I should do something that can be useful for the geek and non-geek. So the topic I’ll write about is the basics behind encryption and what’s the best options to pursue. First, the fundamentals.

There are various methods of encryption; there’s hashing algorithms, symmetric and asymmetric cryptography. And they all have their pros and cons. What are the viable options for you? Essentially, it depends on what you’re attempting to use it for.

Hashing

For one, hashing is pretty intense and a damn solid method of encrypting data, MD5 or the even better SHA do this quite well. Hashing has it’s limitations in that it doesn’t actually encrypt data in a form that can be decrypted. And thus you can’t encrypt your hard-disk in a Hash to keep it from teh Fedz. You probably should have known that by now.

Symmetric Key

Differentiating between this and Asymmetric is mildly difficult and relating them in real terms is equally as difficult, but I’ll try and do my best. Symmetric-key algorithms work by having, essentially, one key (or two keys that are trivially different) that encrypts and decrypts data. This works, essentially like a speak-easy of the early 1900s. There is one passphrase to get in, and people share that one phrase. Once you speak the phrase you are admitted. Likewise, knowing the key you can easily be the door-guard and sit and authenticate newcomers.

The standard Alice-and-Bob analogy for sending a secret message to Bob, and getting a different secret message in return, over the Postal Service is as follows:

Alice first puts the secret message in a box, and locks the box using a padlock to which she has a key. She then sends the box to Bob through regular mail. When Bob receives the box, he uses an identical copy of Alice’s key (which he has somehow obtained previously, maybe by a face-to-face meeting) to open the box, and reads the message. Bob can then use the same padlock to send his secret reply.

Now, how does that match up security wise? Well, they are susceptible to various different attacks, the known-plaintext attack being the most prominent, and rather simple cryptanalysis. Known-plaintext attacks work in that if you encrypt data of your choosing, as the attacker, then you have access to both the plaintext and ciphertext of the same data, and you can derive the cipher by noticing the difference.

Best Symmetric Algorithm in my mind is: AES

Asymmetric Key

A little more complex to understand, there also exists Asymmetric Key Algorithms in which the Encrypting Key and Decrypting Key are different. They are linked, but you cannot mathematically derive one from the other.

The Alice-and-Bob analogy for the same situation as before this time Asymmetric, is as follows:

First, Alice asks Bob to send his open padlock to her through regular mail, keeping his key to himself. When Alice receives it she uses it to lock a box containing her message, and sends the locked box to Bob. Bob can then unlock the box with his key and read the message from Alice. To reply, Bob must similarly get Alice’s open padlock to lock the box before sending it back to her.

How does that compare to Symmetric security wise? The key difference is that Alice and Bob never need to share their keys. This is important in stopping the keys from getting intercepted along the path. Also, if by some chance someone did get a hold of Bob’s Key they could decrypt Alice to Bob communications, but they couldn’t touch Alice to Charlie communication because Charlie would be providing Alice with a different lock.

It’s weakness is no different than standard encryption in that it can always be brute-forced. However, there’s a really intense amount of computing required, and the longer the key the longer the time required.

Best Asymmetric Algorithm in my mind is: RSA or Elliptic Curve

What do you use?

It all boils down to hybridization. You use one to complement the other, for instance having a shared key that is encrypted. The shared key is decrypted by a group each with their own Private Key, so that it’s secure, but then they receive the public key they aren’t burdened by the slow conversations that result from an entirely Asymmetric Key system.

So, what tools?

PGP
GPG
XeroBank Browser
EFS
Bestcrypt

In closing, if there are any questions direct them at the comments here.