|
|
Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs
Page 6 of 7
There are several block ciphers, including the data encryption standard (DES). DES will be replaced by advanced encryption standard (AES).(See the sidebar, "AES: Crypto Algorithm for the Twenty-first Century.") Meanwhile, Triple DES (3DES or DESede), an improvement over DES, serves as a replacement until the AES is adopted. In DESede, the encryption procedure follows an encode, decode, and encode process using different keys in sequence, effectively increasing the key's length.
Unlike symmetric ciphers that involve the use of the same key for encryption and decryption, asymmetric ciphers involve the use of different keys in such a way that:
Ek1(M) = C, where k1 is the encryption key Dk2(C) = M, where k2 is the decryption key
Asymmetric ciphers have the essential property such that:
Dk1(Ek2(M)) = M
In asymmetric ciphers, the communicating parties do not have to share the same key. However, the keys k1 and k2 are mathematically related for the encryption and decryption processes to work in conjunction.
Asymmetric key ciphers are also referred to as public key cryptography since they involve the notion of a public key. A public key is freely available, whereas a private key is a secret. In a network of users, each user has his or her own public key published in a commonly accessible directory.
Whitfield Diffie and Martin Hellman and independently Ralph Merkle introduced public key cryptography in the mid-1970s. The security of public key algorithms is based on the difficulty of deducing plaintext from the ciphertext without knowledge of the key and the difficulty of deducing the private key from the public key.
It's important to understand that discussion of public and private keys in most literature can get confusing since many articles appear to use the same keys for encryption and decryption, but it's implicit in the discussion that one of them is the private key and the other the public key.
Another point to note is that when using multiple algorithms, multiple keys are required since the keys are unique to the algorithm.
Both digital signatures and certificates, discussed below, rely on public key cryptography.
Digital signatures, much like real-life signatures, provide proof of authenticity of the sender and the integrity of the message. Digital signatures can be used for nonrepudiation -- the sender cannot deny that he or she signed it. Digital signatures need to be unforgeable and not reusable to be successful, and the signed document must be unalterable.
The basic digital signature protocol is:
Since signing large documents is time consuming, quite often only a hash of the message is signed. The one-way hash and the digital signature algorithm is agreed a priori. The original message is sent with the signature. The receiver verifies the signature by decrypting the hash with the sender's public key and matching it with the hash generated against the received message. Figure 1 below illustrates the signature generation and verification process. That scheme also has a nice effect of keeping the document and the signature separate.