ENCRYPTION FOR DUMMIES

Any person who uses PC and Internet must have heard about logins and passwords. The carefree time of early PCs is never coming back. There are passwords for everything - websites, forums, chats, e-mail, newspaper subscriptions - the list goes on and on. Plus, there are credit card numbers, PIN codes, SSN, bank account numbers and other information. To remember all that, you have to have an exceptional memory. Otherwise, this all has to be written down somewhere. But where? A napkin? A piece of paper? On the back page of last month's report? But what if you have more numbers, like other people's Social Security or bank account numbers. You've got to protect this data, otherwise, it can be easily stolen. Clearly, you need to be able to create encrypted records that can not be deciphered by a hacker or a thief even if they somehow get their hands of these documents.

OK, so obviously you need encryption protection. But, simple encryption means nothing to modern computer thieves who know more about PC security then an average IT-specialist. In order for encryption to be effective, the password has to be "strong" (containing a long combination of letters, symbols and numbers) and the encryption algorithm hack-proof (hack-proof algorithms take hundreds of years to "pick").

This is what cryptography is about - helping the good guys protect their secrets from the bad guys. The list of hack-proof encryption algorithms is not that long - Blowfish, Rijndael (new AES), Twofish, Serpent and a few others. If you encrypt your data with these algorithms, you are using the same protection as the US Department of Defense. And these guys know how to guard their secrets.

These are the password requirements (originally devised by military security specialists):

the password has to be at least 8 characters long;

it absolutely MUST NOT contain any meaningful words, like names, locations and so on;

it must be composed of numbers, letters and symbols, lower and upper case, whenever possible.

Why is that? Code breakers have two tools used in 99% of attacks - Dictionary attack and BruteForce attack. Since there are only about 500000 words, picking a password that contains a word will take less then a day. BruteForce is an attack method when a program randomly generates password from symbols and numbers. If your password contains 8 characters, letters AND numbers, this method will take up to hundreds of years to pick your password.

To help you generate a hack-proof password, there a programs called strong password generators.

Cryptology is a science that studies everything that has to do with codes and passwords. Cryptology is divided into cryptography and cryptoanalysis. The first produces methods to protect data, the second to "hack" them. Whose job is more difficult is hard to say. Most professionals say that a good cryptoanalytic who is good at hacking and cracking codes is capable of coming up with a new stable (meaning hack-proof) algorithm.

So, since cryptography's primary objective is data protection, it provides solutions for four different security areas - confidentiality, authentication, integrity and control of interaction between different parties involved in data exchange. Encryption, in simple terms, is simply converting data into "unreadable" form. This is the primary confidentiality engine - keeping secrets away from people who are not supposed to know them.

Cryptography is by far the most powerful method of information protection. It first appeared thousands of years, but was significantly "fortified" by mathematics within the last fifty years.

Starting from 1950's, cryptography becomes "electronic". It means using electronic machines (computers) to generate and analyze encryption algorithms and protective systems. The use of "electronic memory" lead to the invention of block codes, when information is encrypted or decrypted by blocks. Starting with 1970, cryptography made it to corporate headquarters and stopped being an exclusively military science. As a result, in 1978 the first 64-bit standard called DES appeared. The process cascaded on and now all developed countries have own encryption standards.

Basically, there are two encryption methods that use keys - symmetrical (with a secret key) and asymmetrical (with an open key). Each method employs own procedures, key distribution modes, key types and encryption/decryption algorithms.

Symmetrical method uses a single key for encrypting and decrypting data. These keys are widely used for storing and protecting confidential information, since the keys are not very long and large amount of data can be encrypted very quickly. Many people "compress" data by one of many applications that do that before encryption, since this step significantly complicates cryptoanalysis that is bases solely on the cryptic text. Most advanced programs do that automatically and this parameter is included in encryption options.

Asymmetrical method is not going to be discussed here, because it's primary objective safe information transfer, not storage.

Terminology and encryption algorithms

Encryption algorithm (code) - a math function that encrypts and decrypts data. To encrypt data, one has to provide a key that is made of symbols.

Block codes - the most widespread algorithms, they encrypt data by blocks of certain sizes and transform that data with keys into blocks of the same size.

Blowfish - one of the most powerful block encryption algorithms, developed by cryptography guru Bruce Schneier. Block size is 64 bits, key size - up to 448 bits.

CAST - a rather dependable algorithm with key length up to 64 bits. Developed by C.M. Adams and S.E. Tavares, who offered it at AES competition.

DES - outdated encryption standard used in the USA. Due to security compromises (cracked by any modern computer within 2 days) it was replaced by AES. Developed by National Institute of Standards and Technology (NIST).

GOST - soviet algorithm created by KGB at the end of 1970s. Works with 64-bit blocks. Key length - up to 256 bits. Despite several security holes found, still considered to be rather dependable. Official encryption standard of the Russian Federation.

Rijndael - algorithm, developed by Joan Daemen and Vincent Rijmen. Meets AES standards (Advanced Encryption Standard). Uses blocks of different sizes (128, 192 and 256 bits) and equal-size keys.

Twofish - algorithm that replaced Blowfish, authored by Bruce Schneier as its predecessor. Considered to be hack-proof (no known incidents of code-cracking).

3DES - uses DES algorithm, by is applied three times with different keys, which increases dependability when compared to DES but does not change the situation radically (still vulnerable).

RC4 - a stream encryption algorithm used in many network security systems (for example SSL protocol used in Netscape and Windows NT password encryption). The major advantages of this code is very fast speed and adjustable key size. This algorithm was developed in RSA by Ronald Rivest. RC stands for "Ron's Code" or "Rivest Cipher". Used to be the intellectual property of RSA up to 1995.

Serpent - developed by Lars Ramkilde Knudsen, a famous cryptographer and cryptoanalyst, known for successful cryptoattacks of several popular codes, who worked and lectured in Norwegian, Swedish, and Belgian universities. Currently, Lars is a professor of math at Denmark's Technical University.

Tea - strong algorithm (Tiny Encryption Algorithm). Its most prominent feature is a very small size. Tea is very simple, does not use table values and is optimized for 32-bit processor architecture, which makes it possible to use it with ASSEMBLER, even when the code size is extremely small. The drawbacks include slow work and the need for "data scrambling" since no tables are used.

Dictionary attack - a method of cryptoattack that uses a regular dictionary that contains popular words. This attack method is worthless when "meaningless" passwords are used.

BruteForce - a method of cryptoattack used most often. It was coined "brute force" because an attacker tries to pick the key by randomly combining different symbols, numbers and letters (naturally, this is done by computer). To pick 128-bit key with BruteForce attack, it will take several years on average. The more characters used in the password and/or key the longer it will take to crack the code (up to hundreds of years).