<< BACK TO SUMMARY

Encryption and the Internet

Encryption, of course, is the process of changing information in some way so that it won’t be recognized by someone who intercepts it. The idea is that the proper recipient of the information will have a key, which is a way to decrypt the information or change it back into its original form, but to anyone in between it will appear to say something else or to be meaningless garbage. Methods of encrypting and decrypting messages probably appeared about 5 minutes after the invention of writing, and some of them are very interesting indeed. However, we are going to concentrate on encrypting data to send over the Internet.

As far as the computer is concerned, any block of information is just a big binary number, and the simplest way to encrypt it is to multiply it by another big binary number, called a key. The key is expressed as a string of numbers and letters, since we humans are notoriously poor at remembering long binary numbers. At the other end, the recipient must divide it by the same number to get the original data. In practice we usually use some algorithm other than multiplication, but the basic principle is the same. A key is used to change the data in some way, and then the same key is used to change it back again. This is called symmetric encryption, because the same key is used at both ends.

Even knowing the algorithm, the chance of someone cracking the message without having the key is rather slim. Consider a key with 30 bits. This provides slightly over 1 billion possible combinations (2 to the 30th). The standard today for a secure website is 128 bits, and it would take your average supercomputers a few lifetimes to work through all the possibilities. Symmetric encryption works fine for data stored on your own system, but not so well for sending messages or other information, such as a credit card number, over the Internet. The weakness is that you and the recipient must first communicate to agree on a key, and if someone intercepts that message, all bets are off regarding the security of anything that follows.

The solution to that weakness is a method called asymmetric encryption, also called public key cryptography. In asymmetric encryption there are two different keys, one to encrypt the message and another to decrypt it. The decrypt key is called the private key, and as you might expect it is kept secret. The other key is called the public key, and it can be sent to anyone and everyone who might want to send you an encrypted message. Heck, publish it on your website if you like, or take out a full-page ad in the Times.

Anyone who has your public key can use it to encrypt a message to you. When you receive the message, you (and only you) can decrypt it using your private key. If the message is intercepted it will be meaningless to anyone without your private key, which of course you never divulge to a soul no matter how much you’ve had to drink. In actual fact, you wouldn’t even know your private key, because the whole process is managed behind the scenes, by software on your computer.

Which brings us to the catch with asymmetric encryption. You knew there would be a catch, didn’t you? In order for it to work, everyone encrypting with your public key must use software that is compatible with your decryption software, and that means standards. A standard for this is called a PKI, for Public Key Infrastructure, and at the moment there are several. Internet commerce will take a giant leap forward when everyone agrees on a single standard, and the benefits will be great enough for enough people that we can expect this to happen sometime soon. We’ll keep you posted.

The last form of encryption we’ll mention today is something that you may never knowingly encounter but it’s just too fascinating to pass up. It’s called steganography. The name comes from the Greek words for ‘roof’ and ‘writing’, and it literally means ‘covered writing’. Imagine a digitized photograph where every third (or fifth or eighth) pixel is changed just slightly to encode a one or a zero. The changes would be impossible for the human eye to detect, and even if you knew it had been done you would need special software to dig out the embedded message, which may have had 128-bit encryption before being put into the photo in the first place! The next time some acquaintance e-mails a picture of their pet cat to everyone they know, ask yourself if there might not be a hidden message in that picture, known to only one person on their mailing list.

Disclaimer - The Micro 2000 Tech Tip is a free service providing information only. While we use reasonable care to see that this information is correct, we do not guarantee it for accuracy, completeness or fitness for a particular purpose. Micro 2000, Inc. shall not be liable for damages of any kind in connection with the use or misuse of this information.