Two-way encryption: Difference between revisions
Pat Palmer (talk | contribs) mNo edit summary |
Pat Palmer (talk | contribs) |
||
(13 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{subpages}} | {{subpages}} | ||
'''Two-way encryption''' is used to | '''Two-way encryption''' is used to obscure the contents of messages being sent back and forth between two end points on the internet. It is ''two-way'' because text messages are encrypted before sending and then decrypted at the other end of the transmission channel. Two-way encryption differs from [[one-way encryption]] (hashing) in which an encrypted string such as a password cannot be decrypted again. | ||
Encryption for a two-way transmission channel is said to be ''symmetric'' or ''asymmetric'', depending on whether a single key is used to encrypt and decrypt (symmetric), or whether two different keys are used, one to encrypt and the other to decrypt (asymmetric). When two keys are available, each end point always keeps its decrypt key secret, but openly sends its encrypt key to strangers so that strangers can send private (encrypted) messages back. | |||
''Asymmetric'' (2-key) encryption is slower than ''symmetric'' (1-key) encryption; it is used only to set up a ''symmetric'' (1-key) transmission channel between two different end points on the internet. | |||
====Private-key encryption==== | ====Private-key encryption==== | ||
[[Symmetric key cryptography| | Symmetric two-way encryption, also known as ''[[Symmetric key cryptography|private key]]'' encryption, is where both the sender and the receiver use the same key to encrypt and decrypt, and no one else is given the key. It was the only kind of two-way encryption publicly known until 1976<ref name=dh2 />, and it has a variety of other names, including ''traditional'', ''shared-secret'', ''secret-key'', or ''conventional'' encryption. In symmetric two-way encryption, both the sender and receiver must have the key, and potential intruders must not be allowed to obtain the key. With this kind of encryption alone, it would not be possible to open up a new secure connection on the internet, because there would be no safe way initially to transmit the shared key to the other end of the connection without intruders being able to intercept it. | ||
One example of a private-key algorithm is DES (Data Encryption Standard). DES uses a 24-character string for a key. The DES key is treated as a | One example of a private-key algorithm is DES (Data Encryption Standard). DES uses a 24-character string for a key. The DES key is treated as a passphrase to derive a 192-bit byte array, which is the actual key. To implement the Triple-DES algorithm, for example, encryption occurs three times: first, the plain text is encrypted; then, the encrypted result is encrypted; and then, the intermediate encryption is encrypted. The output is a 192-bit encrypted string (known as 192-bit encryption). The more bits in the key, the longer it takes a brute-force search to find the key. A 192-bit key has 6.3 x 10 raised to the 57th degree possible keys. A brute-force search of all possible keys would likely take a long time. | ||
One practical consideration for using private key encryption is where, and how, to safely store the key on the computer so that intruders will not be able to obtain it, if they should gain access to the machine. Simply storing the key unencrypted in a file or database is a poor strategy. Hard coding it inside a program is also risky because it could be fished out using a decompiler or debugger. A preferable strategy would be to encrypt the private key and store it in a file that is protected by the file system; this way, only authorized users of the system should be able to read the file. But then, where should one store the key used to encrypt the private key? It becomes a recursive problem. | One practical consideration for using private key encryption is where, and how, to safely store the key on the computer so that intruders will not be able to obtain it, if they should gain access to the machine. Simply storing the key unencrypted in a file or database is a poor strategy. Hard coding it inside a program is also risky because it could be fished out using a decompiler or debugger. A preferable strategy would be to encrypt the private key and store it in a file that is protected by the file system; this way, only authorized users of the system should be able to read the file. But then, where should one store the key used to encrypt the private key? It becomes a recursive problem. | ||
====Public-key encryption==== | ====Public-key encryption==== | ||
Asymmetric two-way encryption, also known as ''public key'' encryption, is where one key (the public one) is used for encrypting and a different key (private to one computer) is used for decrypting. This allows users on a computer network to send their public ''encrypt'' key to strangers, who can then use it to send messages back to them. The keys used in public key/asymmetric systems are quite different from the string keys used for private key/symmetric messaging. An asymmetric key is a structure with eight fields, two for encrypting and six for decrypting. The public version is derived from the private key by copying only the two encrypt fields into a new key version and blanking out the six decrypt fields. | |||
Unlike private key encryption which assumes both sender and receiver already know the private key, public-key exchange allows you to securely issue a key to anyone so that person can then send you encrypted information. Only you can decrypt the information; an intruder with the public key cannot read the encrypted message. | Unlike private key encryption which assumes both sender and receiver already know the private key, public-key exchange allows you to securely issue a key to anyone so that person can then send you encrypted information. Only you can decrypt the information; an intruder with the public key cannot read the encrypted message. | ||
An example of a public-key encryption algorithm is RSA (which stands for Rivest, Shamir, and Adleman, its developers' last names). RSA can encrypt a message of only 116 bytes (58 unicode chars). The primary usage of public-key encryption is to securely pass a private key when first opening a channel across a network. The private key is then installed (hidden), and after this initial setup, all further communication is done by private key encryption, which does not have the same message size limitation as public key encryption (and is also faster). | An example of a public-key encryption algorithm is RSA (which stands for Rivest, Shamir, and Adleman, its developers' last names). RSA can encrypt a message of only 116 bytes (58 unicode chars). The primary usage of public-key encryption is to securely pass a private key when first opening a channel across a network. The private key is then installed (hidden), and after this initial setup, all further communication is done by private key encryption, which does not have the same message size limitation as public key encryption (and is also faster). | ||
Line 25: | Line 23: | ||
<references> | <references> | ||
<ref name= | <ref name=dh2> | ||
Whitfield Diffie and Martin Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory, vol. IT-22, Nov. 1976, pp: 644-654. ([http://citeseer.ist.psu.edu/rd/86197922%2C340126%2C1%2C0.25%2CDownload/http://citeseer.ist.psu.edu/cache/papers/cs/16749/http:zSzzSzwww.cs.rutgers.eduzSz%7EtdnguyenzSzclasseszSzcs671zSzpresentationszSzArvind-NEWDIRS.pdf/diffie76new.pdf pdf]) | Whitfield Diffie and Martin Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory, vol. IT-22, Nov. 1976, pp: 644-654. ([http://citeseer.ist.psu.edu/rd/86197922%2C340126%2C1%2C0.25%2CDownload/http://citeseer.ist.psu.edu/cache/papers/cs/16749/http:zSzzSzwww.cs.rutgers.eduzSz%7EtdnguyenzSzclasseszSzcs671zSzpresentationszSzArvind-NEWDIRS.pdf/diffie76new.pdf pdf]) | ||
</ref> | </ref> | ||
</references> | </references> |
Latest revision as of 08:41, 28 September 2023
Two-way encryption is used to obscure the contents of messages being sent back and forth between two end points on the internet. It is two-way because text messages are encrypted before sending and then decrypted at the other end of the transmission channel. Two-way encryption differs from one-way encryption (hashing) in which an encrypted string such as a password cannot be decrypted again.
Encryption for a two-way transmission channel is said to be symmetric or asymmetric, depending on whether a single key is used to encrypt and decrypt (symmetric), or whether two different keys are used, one to encrypt and the other to decrypt (asymmetric). When two keys are available, each end point always keeps its decrypt key secret, but openly sends its encrypt key to strangers so that strangers can send private (encrypted) messages back.
Asymmetric (2-key) encryption is slower than symmetric (1-key) encryption; it is used only to set up a symmetric (1-key) transmission channel between two different end points on the internet.
Private-key encryption
Symmetric two-way encryption, also known as private key encryption, is where both the sender and the receiver use the same key to encrypt and decrypt, and no one else is given the key. It was the only kind of two-way encryption publicly known until 1976[1], and it has a variety of other names, including traditional, shared-secret, secret-key, or conventional encryption. In symmetric two-way encryption, both the sender and receiver must have the key, and potential intruders must not be allowed to obtain the key. With this kind of encryption alone, it would not be possible to open up a new secure connection on the internet, because there would be no safe way initially to transmit the shared key to the other end of the connection without intruders being able to intercept it.
One example of a private-key algorithm is DES (Data Encryption Standard). DES uses a 24-character string for a key. The DES key is treated as a passphrase to derive a 192-bit byte array, which is the actual key. To implement the Triple-DES algorithm, for example, encryption occurs three times: first, the plain text is encrypted; then, the encrypted result is encrypted; and then, the intermediate encryption is encrypted. The output is a 192-bit encrypted string (known as 192-bit encryption). The more bits in the key, the longer it takes a brute-force search to find the key. A 192-bit key has 6.3 x 10 raised to the 57th degree possible keys. A brute-force search of all possible keys would likely take a long time.
One practical consideration for using private key encryption is where, and how, to safely store the key on the computer so that intruders will not be able to obtain it, if they should gain access to the machine. Simply storing the key unencrypted in a file or database is a poor strategy. Hard coding it inside a program is also risky because it could be fished out using a decompiler or debugger. A preferable strategy would be to encrypt the private key and store it in a file that is protected by the file system; this way, only authorized users of the system should be able to read the file. But then, where should one store the key used to encrypt the private key? It becomes a recursive problem.
Public-key encryption
Asymmetric two-way encryption, also known as public key encryption, is where one key (the public one) is used for encrypting and a different key (private to one computer) is used for decrypting. This allows users on a computer network to send their public encrypt key to strangers, who can then use it to send messages back to them. The keys used in public key/asymmetric systems are quite different from the string keys used for private key/symmetric messaging. An asymmetric key is a structure with eight fields, two for encrypting and six for decrypting. The public version is derived from the private key by copying only the two encrypt fields into a new key version and blanking out the six decrypt fields.
Unlike private key encryption which assumes both sender and receiver already know the private key, public-key exchange allows you to securely issue a key to anyone so that person can then send you encrypted information. Only you can decrypt the information; an intruder with the public key cannot read the encrypted message.
An example of a public-key encryption algorithm is RSA (which stands for Rivest, Shamir, and Adleman, its developers' last names). RSA can encrypt a message of only 116 bytes (58 unicode chars). The primary usage of public-key encryption is to securely pass a private key when first opening a channel across a network. The private key is then installed (hidden), and after this initial setup, all further communication is done by private key encryption, which does not have the same message size limitation as public key encryption (and is also faster).