Revision as of 20:23, 14 June 2003 edit 216.150.138.150 (talk) No edit summary ← Previous edit		Revision as of 20:26, 14 June 2003 edit undo Evercat (talk \| contribs) Extended confirmed users 16,532 edits m don't use no double negatives Next edit →
Line 4: Unsurprisingly, the study of hiding messages from others has been accompanied by the study of how to read such messages when one is ''not'' the intended receiver; this area of study is called ''[[cryptanalysis]]''. People involved in such work, and with cryptography in general, are known as cryptographers (or for those in the other school, '''cryptologists'''). The original information being sent is usually called the ''plaintext''. ''[[Encryption]]'' is the plaintext-to-garble conversion, and ''[[decryption]]'' is the garble-to-plaintext conversion. One main type of encryption is called ''[[code \| encoding]]'' (yielding ''codetext''), after which the receiver decodes the codetext. The other is called ''[[cipher \| enciphering]]'' (yielding, naturally, ''cyphertext''), after which the receiver decyphers the cyphertext. The exact operation of the encryption and decryption is controlled by one or more [[Cryptographic key\|keys]]. Cryptography has four main goals, though they are nearly always concealed beneath a blanket of marketing speak in commercial products. Examining any proposed crypto system with these in mind, and ignoring the marketing blather, will be a very useful exercise in the real world. They are: # message ''confidentiality:'' Only the authorised recipient should be able to extract the contents of the message from its encrypted form. In addition, it should not be possible to obtain information about the message contents (such as a statistical distribution of certain characters) as this makes cryptanalysis easier. # message ''integrity:'' The recipient should be able to determine if the message has been altered during transmission. Line 19: :1) a computer program on a local system, :2) a computer program on a 'nearby' system which 'provides security services' for users on other nearby systems, :3) or -- what most people assume is "obviously" meant -- a human being using some computer system. Even in this case, the human ~~doesn't~~does not actually encrypt or sign or decrypt or authenticate anything. At most, when all is right in the world, the user instructs a computer program to encrypt or sign or ... This buffering of human action from actions which are thought to have 'been done by a human' is a source of problems in crypto system design and implementation. Such problems are generally quite subtle and correspondingly obscure. Often, even to practicing cryptographers. When confusion on these points is present (at the design stage, during implementation, or by a user), unintended failures in reaching each of the stated goals can occur quite easily, often without notice to any human involved, and even given perfect algorithms, superb and provably secure system design, and error free implementation. Such failures are most often due to extra-cryptographic issues; each such failure demonstrates that good algorithms and good protocols alone do not provide 'security'. Instead, careful thought is required regarding the entire system design -- and too often, this is absent in practice with real-world crypto systems.

Cryptography: Difference between revisions