Cryptography Articles
The URLs listed below all point to the various features in this series on cryptography.
Part 1: The broad view  Part 2: Symmetric cryptography  Introduction  Types of symmetric cipher  Block ciphers  Stream ciphers  Message authentication codes  Examples of symmetric ciphers  DES  IDEA  CAST  The onetime pad  AES  Conclusion  Part 3: Asymmetric cryptography  Introduction  Examples of asymmetric ciphers  DiffieHellman  RSA  Other asymmetric cryptosystems  Hash functions  MD4 and MD5  SHA and SHA1  Conclusion 
Part 4: Cryptography on the Internet  Internet related protocols and mechanisms  RFC  IPSec  SHTTP  SSL  TLS  WTLS  SET  S/WAN  SSH Encrypted email  Part 5: Practical applications  Introduction  Combining cryptographic methods  Digital signatures  Pretty Good Privacy  Covert communication  Steganography  Security mechanisms  SecurID  Smartcards  Biometrics  Electronic transfer of value  Conclusion  Part 6: Miscellaneous issues  Introduction  Attacks and vulnerabilities  Cryptanalysis  Eavesdropping and other attacks  Key management and related issues  Secret sharing  Zero knowledge proofs and special signature schemes  Certificates  Digital timestamping  Conclusion 
Glossary of terms
Term  Definition 

AES  The Advanced Encryption Standard, intended to replace DES. The winner of the competition organized by NIST is Rijndael. 
Algorithm  The model of the rules by which a task, such as encryption or decryption, is carried out. 
Asymmetric cryptography  A recently developed form of cryptography involving two keys, mathematically linked such that one key is used for encrypting plain text, which can then only be decrypted using the corresponding other key; known also as public key cryptography. 
Authentication  The process of verifying identity, authorization and so on, so that something can be trusted. 
Biometrics  The science of using unique physical characteristics to establish identity. 
Birthday attack  A particular form of bruteforce attack named for the fact that in a group of 23 people, the probability of two or more sharing the same birthday is greater than 1 / 2. 
Blind signature scheme  A method allowing digital signing of documents without the contents being known to the signer. Block A sequence of bits of fixed length. 
Block cipher  A type of symmetric cipher that breaks down the plain text into blocks, encrypting these in turn. 
Brute force attack  A process whereby up to every possible value is tried until a match is found (Also known as an exhaustive search). 
CBC  Cipher Block Chaining; a process whereby a plain text block is XORed with the previous cipher text block before being encrypted. 
Certifying authority (CA)  An organization or individual who creates digital certificates; also known as certificate authority. 
CFM  Cipher Feedback Mode, a block cipher mode whereby it's implemented as a selfsynchronizing stream cipher. 
Cipher  An encryptiondecryption algorithm. 
Cipher text  Data that has been encrypted. 
Clear text  See plain text. 
Collision  The situation where two different texts return the same hash value from the same algorithm. 
Covert channel  A communications medium that is hidden or is seemingly not used for transferring data. 
Cracker  A person or computer program that attempts to defeat computer security measures, including cryptography. 
CRL  Certificate Revocation List; a list of certificates that have been revoked and so are no longer valid. 
Cryptanalysis  The process whereby an attempt is made to break cryptography whether by analysis or some other means. 
Cryptosystem  A cipher together with all possible plain texts, cipher texts, and keys. 
Dictionary attack  A form of brute force attack, possibly modified selectively by probability, whereby words or phrases are tried in sequence. 
Digital certificate  An electronic document authenticated by a trusted public key and providing confidence that the public key specified is correctly associated with the identified individual or organization and has not been compromised; often known simply as a "certificate." 
Data Encryption Standard (DES)  The formal description of the Data Encryption Algorithm, developed by IBM and adopted by the U.S. Government as a formal standard in 1977. 
Decryption  The process of transforming cipher text into plain text. 
DiffieHellman  The first publickey algorithm, published in 1976, and named after the authors. 
Digital cash  Electronic representation of cash, typically presented in mixedvalue "coins" capable of being used anonymously. 
Digital envelope  A mechanism for enclosing cipher text and its associated session key in an encrypted form protected by another key, typically, but not necessarily, a private key. 
Digital signature  A process of linking a document mathematically to a particular private key; note that this is not the same as linking a document so signed to a particular individual. 
Digital timestamp  A process of linking mathematically a document to a particular date and time. 
Electronic money  See Digital cash. 
Encryption  The process of transforming plain text into cipher text. 
Entropy  In mathematics, a measurement of the amount of uncertainty or randomness. 
Exhaustive search  See brute force attack. 
Factor  Any number that divides an integer; for example, the factors of 15 are 5 and 3. 
Factoring  Here the process of breaking down a large integer formed of two prime numbers into those primes. 
Hacker  A person, often of considerable experience, with skills in writing and modifying software, particularly in arcane areas; used erroneously as a synonym for cracker (qv). 
Hash function  A function designed to give a fixedlength output (typically 128 or 160 bits in cryptography) from text input of variable and arbitrary length. 
IETF  Initialism of the Internet Engineering Task Force, a body responsible for many of the Internet standards. 
IPSec  The IETF's security additions specifications providing for authentication, integrity, and privacy services at the IP datagram layer. 
ISO  Acronym of the International Standards Organisation, the function of which is given by its name. 
Kerberos  A trusted thirdparty authentication protocol associated with key delivery mechanisms; developed at MIT. 
Key  The general name used for a string of bits which, when used with a cipher, determines the relationship between given plain text and associated cipher text. 
Key escrow  The process whereby a third party holds a key in trust against some agreedupon eventuality. 
Key length  A measure of the number of bits in a given key; note that although increasing the key length gives added security, it's not appropriate to compare the lengths used with one cipher with those in another and, in general, that key lengths in symmetric ciphers do not equate directly with key lengths in asymmetric ciphers. 
Key pair  In asymmetric cryptography, the public and private keys together. 
Key recovery  A feature designed to allow messages to be recovered even if a key has been lost. This might involve key escrow, back doors into a system, or other methods. 
MAC  Acronym for Message Authentication Code. 
Message digest  A (virtually) unique value associated with a given message, typically generated by applying a specialized hash function. 
MIME  Multipurpose Internet Mail Extensions, an Internet mail standard that offers a way to exchange text in multiple languages using different character sets. 
Modular arithmetic  A form of arithmetic whereby integers leaving the same remainder when divided by the modulus are considered equal. 
Modulus  An integer used for division in modular arithmetic. 
NIST  Acronym for the U.S. agency, the National Institute of Standards and Technology, charged with, among other things, producing cryptography standards. 
NSA  The initialism of yet another U.S. government agency, the National Security Agency, which busies itself checking out foreign electronic and other communications. 
Number theory  The area of mathematics involved with investigating the properties of numbers and their relationships. 
One time pad  Also known as the Vernam cipher and considered unbreakable although not easy to manage; the key consists of a random selection of bits exactly as long as the message itself and with which it is XORed. 
Password  A string of printable characters intended to be used as a key of some sort in controlling access to files or systems. A passphrase is, as the name suggests, similar but longer, and consists of several words. 
Plain text  Data before encryption. 
Prime number  Any integer greater than 1 that is divisible only by 1 and itself; 2, 3, and 5 are prime numbers, 4 is not. 
Private key  The secret key in an asymmetric system. It's used for the encryption process when creating digital signatures and for the decryption process when viewing received messages. 
PRNG  PseudoRandom Number Generator, a mechanism used in a computer system to create, in as nondeterministic a manner as possible, a seed value from which a pseudorandom number will be derived. 
Public key  The widely publicized component of an asymmetric key pair. It's used in contrary manner to the private key. 
Public key cryptography  See asymmetric cryptography. 
Random number  A number that is produced quite independently of its generating criteria. It's extremely difficult to have a computer generate a truly random number and so pseudorandom numbers, which are made as nondeterministic as possible, are used. 
Repudiation  The denying that some action was performed; hence "nonrepudiation" is used as a property of systems that can show unequivocally that some action was indeed carried out as purported. 
Revocation  The cancellation of the validity of a certificate. 
RFC  Request For Comment, an IETF document used as a means for disseminating information and consulting with users. 
RSA algorithm  A widelyused asymmetric cryptosystem based on a factoring problem. The initialism derives from the names of the developers, Ron Rivest, Adi Shamir, and Leonard Adelman. 
Secure channel  A means of conveying information from one source to another such that it's protected from third party access. 
SHTTP  Secure Hypertext Transfer Protocol. 
S/MIME  Secure MIME. 
SSH  Secure Shell, an IETFproposed protocol for securing the transport layer. 
SSL  Secure Socket Layer, a protocol developed by Netscape to provide secure communication during an Internet session. 
Secret key  In symmetric cryptography systems, a single key that is used for both encryption and decryption. 
Secret sharing  Typically applied to keys, whereby a key is split in such a way that a minimum number of pieces taken from the total possible need to be combined to provide access; for example, access might be given by combining at least five of eight elements. 
Session key  Key generated for use during a single session of encryption and subsequently discarded; this will typically be a secret key. 
SET  Secure Electronic Transmission, a standard developed principally by the VISA and MasterCard consortia and intended to provide security in the area of bank card information interchange. 
SMTP  Simple Mail Transfer Protocol, widely used for sending email. 
Smartcard  A small device, typically plastic and of the size of a credit card, which has a computer chip used for storing and processing small amounts of information. 
Stream cipher  A secret key algorithm that processes a stream of bits one bit at a time. 
Substitution cipher  A generally simple mechanism whereby plain text characters are replaced with other characters to form the cipher text. 
S/WAN  Secure Wide Area Network, an initiative intended to support VPNs. 
Symmetric cryptography  The providing of encryption/decryption facilities depending on the use of the same secret key for each. 
Symmetric key  An alternative name for secret key. 
Transposition cipher  Another generally simple mechanism whereby the plain text characters remain unchanged but their order is transposed in some way. 
TLS  Transport Layer Security, an IETF draft similar to SSL and intended to provide communications privacy over the Internet. 
Vernam cipher  See one time pad. 
VPN  Virtual Private Network, a means of allowing secure network use between remote systems but across a public network such as the Internet. 
WAP  Wireless Access Protocol. 
Weak key  One of a number of keys that may produce regularities in cipher text, or may otherwise offer poor security, so allowing relatively easy breaking of the encryption. 
WTLS  Wireless Transport Layer Security, the security layer protocol in the WAP architecture. 
XOR  An abbreviation for exclusive XOR, a logical operation returning true if two values compared are different and returning false if they're the same. Used in bitwise operations 1 XOR 0 or 0 XOR 1 gives 1 and 1 XOR 1 or 0 XOR 0 gives 0. 
Reading List
A wide range of books on cryptography is available from bookshops, libraries which haven't been reduced through misguided management policies and lack of funds to stocking only meretricious junk, and from various online sources. The following book titles are a few that are particularly useful but there are many more. Journals such as Scientific American, Wired and others also publish useful articles on aspects of cryptography.
Biham, Elia, and Shamir, Adi, Differential Cryptanalysis of the Data
Encryption Standard. Springer Verlag, ISBN
0387942939
Cheswick, William R. and Bellovin, Steven M.,
Firewalls and Internet Security.Addison Wesley,
ISBN 0201924803
Diffie, Whitfield, and Landau, Susan Eva,
Privacy on the Line. MIT Press, ISBN
0262041677
Kahn, David, The Codebreakers.
Scribner, ISBN 0684831309
Kaufman, Radia Perlman, and
Spencer, Mike, Network Security: Private Communication in a Public
World. Prentice Hall, ISBN 01306145661
Kiblitz,
Neal, A Course in Number Theory and Cryptography. Springer
Verlag, ISBN 0387942939
Menezes, Alfred J., van Oorschot, Paul C. and
Vanstone, Scott, Handbook of Applied Cryptography. CRC
Press, ISBN 0849385237
RSA Laboratories, Frequently Asked
Questions about Today's Cryptography. Available online from
the RSA site, qv.
Rubin, Geer and Ranum, Web Security
Sourcebook. John Wiley & Sons, ISBN 047118148X
Schneier, Bruce, Applied Cryptography. John Wiley &
Sons, ISBN 0471117099
Schneier, Bruce, Secrets and Lies;
Digital Security in a Networked World. John Wiley & Sons,
ISBN 0471253111
Smith, Richard, Internet
Cryptography. Addison Wesley, ISBN: 0201924803
Resources
 Suppliers of desktop application software password crackers
 Information on laws and legislation affecting cryptography
 Certicom, includes links to their elliptic curve cracking challenge
 Information on legal aspects of cryptography
 Electronic Frontier Foundation, has links to cryptanalysis and cracking tools and actions
 Linux free S/WAN site
 FSecure Corporation, formerly Data Fellows, with useful articles and white papers
 G E Boyd's How to do just about anything by email
 Shareware secure email program for Macs
 HushMail, secure email progam
 IACR, references to cryptographic conferences and research
 IBM's report of their new cryptography algorithm
 Institute of Electrical and Electronic Engineers
 RFC on the OpenPGP message format
 ISO
 International Telecommunications Union
 Network Associates' site, one source for PGP
 NetBSD paper on IPSec with NetBSD
 NIST reference page to AES
 RSA Security, includes links to many relevant pages and sites
 Ralf Senderek's paper on ADKs in PGP
 Miscellaneous articles on and links to security and cryptography matters
 Visa and Mastercard, Information on SET
 Virtual Private Network Consortium site
 Electronic payment methods and systems
 Information on WAP and WTLS
Comments
Dig deeper into Tivoli (service management) on developerWorks
 Service management overview and communities
 Products and downloads
 Resources and demos
 Technical library (tutorials and more)
 Forums

developerWorks Premium
Exclusive tools to build your next great app. Learn more.

developerWorks Labs
Technical resources for innovators and early adopters to experiment with.

IBM evaluation software
Evaluate IBM software and solutions, and transform challenges into opportunities.