The URLs listed below all point to the various features in this series on cryptography.
Part 1: The broad view | Part 2: Symmetric cryptography - Introduction - Types of symmetric cipher - Block ciphers - Stream ciphers - Message authentication codes - Examples of symmetric ciphers - DES - IDEA - CAST - The one-time pad - AES - Conclusion | Part 3: Asymmetric cryptography - Introduction - Examples of asymmetric ciphers - Diffie-Hellman - RSA - Other asymmetric cryptosystems - Hash functions - MD4 and MD5 - SHA and SHA-1 - Conclusion |
| Part 4: Cryptography on the Internet - Internet related protocols and mechanisms - RFC - IPSec - S-HTTP - SSL - TLS - WTLS - SET - S/WAN - SSH -Encrypted e-mail | Part 5: Practical applications - Introduction - Combining cryptographic methods - Digital signatures - Pretty Good Privacy - Covert communication - Steganography - Security mechanisms - SecurID - Smartcards - Biometrics - Electronic transfer of value - Conclusion | Part 6: Miscellaneous issues - Introduction - Attacks and vulnerabilities - Cryptanalysis - Eavesdropping and other attacks - Key management and related issues - Secret sharing - Zero knowledge proofs and special signature schemes - Certificates - Digital timestamping - Conclusion |
| AES | The Advanced Encryption Standard, intended to replace DES. The winner of the competition organized by NIST is Rijndael. |
| Algorithm | The model of the rules by which a task, such as encryption or decryption, is carried out. |
| Asymmetric cryptography | A recently developed form of cryptography involving two keys, mathematically linked such that one key is used for encrypting plain text, which can then only be decrypted using the corresponding other key; known also as public key cryptography. |
| Authentication | The process of verifying identity, authorization and so on, so that something can be trusted. |
| Biometrics | The science of using unique physical characteristics to establish identity. |
| Birthday attack | A particular form of brute-force attack named for the fact that in a group of 23 people, the probability of two or more sharing the same birthday is greater than 1 / 2. |
| Blind signature scheme | A method allowing digital signing of documents without the contents being known to the signer. Block A sequence of bits of fixed length. |
| Block cipher | A type of symmetric cipher that breaks down the plain text into blocks, encrypting these in turn. |
| Brute force attack | A process whereby up to every possible value is tried until a match is found (Also known as an exhaustive search). |
| CBC | Cipher Block Chaining; a process whereby a plain text block is XORed with the previous cipher text block before being encrypted. |
| Certifying authority (CA) | An organization or individual who creates digital certificates; also known as certificate authority. |
| CFM | Cipher Feedback Mode, a block cipher mode whereby it's implemented as a self-synchronizing stream cipher. |
| Cipher | An encryption-decryption algorithm. |
| Cipher text | Data that has been encrypted. |
| Clear text | See plain text. |
| Collision | The situation where two different texts return the same hash value from the same algorithm. |
| Covert channel | A communications medium that is hidden or is seemingly not used for transferring data. |
| Cracker | A person or computer program that attempts to defeat computer security measures, including cryptography. |
| CRL | Certificate Revocation List; a list of certificates that have been revoked and so are no longer valid. |
| Cryptanalysis | The process whereby an attempt is made to break cryptography whether by analysis or some other means. |
| Cryptosystem | A cipher together with all possible plain texts, cipher texts, and keys. |
| Dictionary attack | A form of brute force attack, possibly modified selectively by probability, whereby words or phrases are tried in sequence. |
| Digital certificate | An electronic document authenticated by a trusted public key and providing confidence that the public key specified is correctly associated with the identified individual or organization and has not been compromised; often known simply as a "certificate." |
| Data Encryption Standard (DES) | The formal description of the Data Encryption Algorithm, developed by IBM and adopted by the U.S. Government as a formal standard in 1977. |
| Decryption | The process of transforming cipher text into plain text. |
| Diffie-Hellman | The first public-key algorithm, published in 1976, and named after the authors. |
| Digital cash | Electronic representation of cash, typically presented in mixed-value "coins" capable of being used anonymously. |
| Digital envelope | A mechanism for enclosing cipher text and its associated session key in an encrypted form protected by another key, typically, but not necessarily, a private key. |
| Digital signature | A process of linking a document mathematically to a particular private key; note that this is not the same as linking a document so signed to a particular individual. |
| Digital timestamp | A process of linking mathematically a document to a particular date and time. |
| Electronic money | See Digital cash. |
| Encryption | The process of transforming plain text into cipher text. |
| Entropy | In mathematics, a measurement of the amount of uncertainty or randomness. |
| Exhaustive search | See brute force attack. |
| Factor | Any number that divides an integer; for example, the factors of 15 are 5 and 3. |
| Factoring | Here the process of breaking down a large integer formed of two prime numbers into those primes. |
| Hacker | A person, often of considerable experience, with skills in writing and modifying software, particularly in arcane areas; used erroneously as a synonym for cracker (qv). |
| Hash function | A function designed to give a fixed-length output (typically 128 or 160 bits in cryptography) from text input of variable and arbitrary length. |
| IETF | Initialism of the Internet Engineering Task Force, a body responsible for many of the Internet standards. |
| IPSec | The IETF's security additions specifications providing for authentication, integrity, and privacy services at the IP datagram layer. |
| ISO | Acronym of the International Standards Organisation, the function of which is given by its name. |
| Kerberos | A trusted third-party authentication protocol associated with key delivery mechanisms; developed at MIT. |
| Key | The general name used for a string of bits which, when used with a cipher, determines the relationship between given plain text and associated cipher text. |
| Key escrow | The process whereby a third party holds a key in trust against some agreed-upon eventuality. |
| Key length | A measure of the number of bits in a given key; note that although increasing the key length gives added security, it's not appropriate to compare the lengths used with one cipher with those in another and, in general, that key lengths in symmetric ciphers do not equate directly with key lengths in asymmetric ciphers. |
| Key pair | In asymmetric cryptography, the public and private keys together. |
| Key recovery | A feature designed to allow messages to be recovered even if a key has been lost. This might involve key escrow, back doors into a system, or other methods. |
| MAC | Acronym for Message Authentication Code. |
| Message digest | A (virtually) unique value associated with a given message, typically generated by applying a specialized hash function. |
| MIME | Multipurpose Internet Mail Extensions, an Internet mail standard that offers a way to exchange text in multiple languages using different character sets. |
| Modular arithmetic | A form of arithmetic whereby integers leaving the same remainder when divided by the modulus are considered equal. |
| Modulus | An integer used for division in modular arithmetic. |
| NIST | Acronym for the U.S. agency, the National Institute of Standards and Technology, charged with, among other things, producing cryptography standards. |
| NSA | The initialism of yet another U.S. government agency, the National Security Agency, which busies itself checking out foreign electronic and other communications. |
| Number theory | The area of mathematics involved with investigating the properties of numbers and their relationships. |
| One time pad | Also known as the Vernam cipher and considered unbreakable although not easy to manage; the key consists of a random selection of bits exactly as long as the message itself and with which it is XORed. |
| Password | A string of printable characters intended to be used as a key of some sort in controlling access to files or systems. A passphrase is, as the name suggests, similar but longer, and consists of several words. |
| Plain text | Data before encryption. |
| Prime number | Any integer greater than 1 that is divisible only by 1 and itself; 2, 3, and 5 are prime numbers, 4 is not. |
| Private key | The secret key in an asymmetric system. It's used for the encryption process when creating digital signatures and for the decryption process when viewing received messages. |
| PRNG | Pseudo-Random Number Generator, a mechanism used in a computer system to create, in as non-deterministic a manner as possible, a seed value from which a pseudo-random number will be derived. |
| Public key | The widely publicized component of an asymmetric key pair. It's used in contrary manner to the private key. |
| Public key cryptography | See asymmetric cryptography. |
| Random number | A number that is produced quite independently of its generating criteria. It's extremely difficult to have a computer generate a truly random number and so pseudo-random numbers, which are made as non-deterministic as possible, are used. |
| Repudiation | The denying that some action was performed; hence "non-repudiation" is used as a property of systems that can show unequivocally that some action was indeed carried out as purported. |
| Revocation | The cancellation of the validity of a certificate. |
| RFC | Request For Comment, an IETF document used as a means for disseminating information and consulting with users. |
| RSA algorithm | A widely-used asymmetric cryptosystem based on a factoring problem. The initialism derives from the names of the developers, Ron Rivest, Adi Shamir, and Leonard Adelman. |
| Secure channel | A means of conveying information from one source to another such that it's protected from third party access. |
| S-HTTP | Secure Hypertext Transfer Protocol. |
| S/MIME | Secure MIME. |
| SSH | Secure Shell, an IETF-proposed protocol for securing the transport layer. |
| SSL | Secure Socket Layer, a protocol developed by Netscape to provide secure communication during an Internet session. |
| Secret key | In symmetric cryptography systems, a single key that is used for both encryption and decryption. |
| Secret sharing | Typically applied to keys, whereby a key is split in such a way that a minimum number of pieces taken from the total possible need to be combined to provide access; for example, access might be given by combining at least five of eight elements. |
| Session key | Key generated for use during a single session of encryption and subsequently discarded; this will typically be a secret key. |
| SET | Secure Electronic Transmission, a standard developed principally by the VISA and MasterCard consortia and intended to provide security in the area of bank card information interchange. |
| SMTP | Simple Mail Transfer Protocol, widely used for sending e-mail. |
| Smartcard | A small device, typically plastic and of the size of a credit card, which has a computer chip used for storing and processing small amounts of information. |
| Stream cipher | A secret key algorithm that processes a stream of bits one bit at a time. |
| Substitution cipher | A generally simple mechanism whereby plain text characters are replaced with other characters to form the cipher text. |
| S/WAN | Secure Wide Area Network, an initiative intended to support VPNs. |
| Symmetric cryptography | The providing of encryption/decryption facilities depending on the use of the same secret key for each. |
| Symmetric key | An alternative name for secret key. |
| Transposition cipher | Another generally simple mechanism whereby the plain text characters remain unchanged but their order is transposed in some way. |
| TLS | Transport Layer Security, an IETF draft similar to SSL and intended to provide communications privacy over the Internet. |
| Vernam cipher | See one time pad. |
| VPN | Virtual Private Network, a means of allowing secure network use between remote systems but across a public network such as the Internet. |
| WAP | Wireless Access Protocol. |
| Weak key | One of a number of keys that may produce regularities in cipher text, or may otherwise offer poor security, so allowing relatively easy breaking of the encryption. |
| WTLS | Wireless Transport Layer Security, the security layer protocol in the WAP architecture. |
| XOR | An abbreviation for exclusive XOR, a logical operation returning true if two values compared are different and returning false if they're the same. Used in bitwise operations 1 XOR 0 or 0 XOR 1 gives 1 and 1 XOR 1 or 0 XOR 0 gives 0. |
A wide range of books on cryptography is available from bookshops, libraries which haven't been reduced through misguided management policies and lack of funds to stocking only meretricious junk, and from various online sources. The following book titles are a few that are particularly useful but there are many more. Journals such as Scientific American, Wired and others also publish useful articles on aspects of cryptography.
Biham, Elia, and Shamir, Adi, Differential Cryptanalysis of the Data
Encryption Standard. Springer Verlag, ISBN 0387942939
Cheswick, William
R. and Bellovin, Steven M., Firewalls and Internet Security.Addison
Wesley, ISBN 0201924803
Diffie, Whitfield, and Landau, Susan Eva, Privacy
on the Line. MIT Press, ISBN 0262041677
Kahn, David, The
Codebreakers. Scribner, ISBN 0684831309
Kaufman, Radia Perlman, and
Spencer, Mike, Network Security: Private Communication in a Public World.
Prentice Hall, ISBN 01306145661
Kiblitz, Neal, A Course in Number Theory
and Cryptography. Springer Verlag, ISBN 0387942939
Menezes, Alfred J.,
van Oorschot, Paul C. and Vanstone, Scott, Handbook of Applied
Cryptography. CRC Press, ISBN 0849385237
RSA Laboratories, Frequently
Asked Questions about Today's Cryptography. Available on-line from the
RSA site, qv.
Rubin, Geer and Ranum, Web Security Sourcebook. John
Wiley & Sons, ISBN 047118148X
Schneier, Bruce, Applied Cryptography. John
Wiley & Sons, ISBN 0471117099
Schneier, Bruce, Secrets and Lies;
Digital Security in a Networked World. John Wiley & Sons, ISBN
0471253111
Smith, Richard, Internet Cryptography. Addison Wesley,
ISBN: 0201924803
- Detailed information on
Kerberos
- Information on MIME
- Draft specification of TLS 1.0
- Suppliers of desktop application software
password crackers
- Information on laws and legislation affecting
cryptography
- Paper on the risks of key recovery,
escrow, etc.
- Certicom, includes links to their elliptic curve cracking challenge
- Counterpane, the company founded by Bruce Schneier and Tom Rowley; holds Ferguson and
Schneier's critical evaluation of IPSec among much other useful information
- Information on legal aspects of cryptography
- Electronic Frontier Foundation, has links to cryptanalysis and cracking tools and actions
- Linux free S/WAN site
- FSecure Corporation, formerly Data Fellows, with useful articles and white papers
- G E Boyd's How to do just
about anything by e-mail
- Shareware secure e-mail program for Macs
- HushMail, secure e-mail progam
- IACR, references to cryptographic conferences and research
- IBM's report of their new
cryptography algorithm
- Institute of Electrical and Electronic Engineers
- IETF PKI, working group home page for X.509
- RFC on the OpenPGP message format
- ISO
- International Telecommunications Union
- Information on Mondex
- An open-design, open-source cryptography
project, aimed at defeating the UK's RIP Act, part 3, as well as the US's Carnivore
implementation and similar government initiatives
- Network Associates' site, one source for PGP
- NetBSD paper on
IPSec with NetBSD
- NIST reference page to AES
- RSA Security, includes links to many relevant pages and sites
- Ralf Senderek's
paper on ADKs in PGP
- SSH Communications Security information on SSH
IPSec Express toolkit
- Miscellaneous articles on and links
to security and cryptography matters
- Visa and Mastercard, Information on SET
- Virtual Private Network Consortium site
- Electronic
payment methods and systems
- Information on WAP and WTLS
Murdoch Mactaggart is a freelance writer and business consultant who writes on software development, the Internet, and on business and management issues around these areas. Whether readers can make accurate sense of what he writes is a moot point but, flexible though he tries to be, he generally sticks to English rather than introducing languages of his own making. Contact him at IBMDev@TextBiz.com.
Comments (Undergoing maintenance)
Table of contents
Tags
Use the search field to find all types of content in My developerWorks with that tag.
Use the slider bar to see more or fewer tags.
Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere).
My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).
Use the search field to find all types of content in My developerWorks with that tag. Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere). My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).
Popular article tags |
My article tagsSkip to tags list
Popular article tags |
My article tags