Two-way encryption: Difference between revisions

From Citizendium
Jump to navigation Jump to search
mNo edit summary
 
(13 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{subpages}}
{{subpages}}
'''Two-way encryption''' is used to obtain privacy when messaging back and forth between two end points.  It is ''two-way'' because text messages are both encrypted ''and'' decrypted, as opposed to [[one-way encryption]] where the obscured message cannot be decrypted.
'''Two-way encryption''' is used to obscure the contents of messages being sent back and forth between two end points on the internet.  It is ''two-way'' because text messages are encrypted before sending and then decrypted at the other end of the transmission channel.  Two-way encryption differs from [[one-way encryption]] (hashing) in which an encrypted string such as a password cannot be decrypted again.  


Two-way encryption is called ''private key'' when which both the sender and the receiver use the same key both to encrypt and decrypt, and no one else is given the key.
Encryption for a two-way transmission channel is said to be ''symmetric'' or ''asymmetric'', depending on whether a single key is used to encrypt and decrypt (symmetric), or whether two different keys are used, one to encrypt and the other to decrypt (asymmetric).  When two keys are available, each end point always keeps its decrypt key secret, but openly sends its encrypt key to strangers so that strangers can send private (encrypted) messages back.  


Two-way encryption is called ''public key'' when one key is used for encrypting and a different key is used for decrypting. This allows users on a computer network to send their ''encrypt'' key to strangers, who can then use it to send messages back to them. ''Public-key'' encryption is slower than ''private key'' encryption, and it cannot process large amounts of data, so it is used only to set up a ''private key'' channel between strangers across the internet.
''Asymmetric'' (2-key) encryption is slower than ''symmetric'' (1-key) encryption; it is used only to set up a ''symmetric'' (1-key) transmission channel between two different end points on the internet.


====Private-key encryption====
====Private-key encryption====
[[Symmetric key cryptography|Private key encryption]] requires only one key.  That key can be used either to encrypt or decrypt a message.  Both the sender and receiver must have the key, and third parties (potential intruders) must be prevented from obtaining the key.  Private-key encryption may also be called ''symmetric'', ''traditional'', ''shared-secret'', ''secret-key'', or ''conventional'' encryption.  This was the only kind of two-way encryption publicly known until [[1976]]<ref name="dh2"/>.  With this kind of encryption alone, it would not be possible to open up a new secure connection on the internet, because there would be no safe way initially to transmit the shared key to the other end of the connection without intruders being able to intercept it.   
Symmetric two-way encryption, also known as ''[[Symmetric key cryptography|private key]]'' encryption, is where both the sender and the receiver use the same key to encrypt and decrypt, and no one else is given the key.  It was the only kind of two-way encryption publicly known until 1976<ref name=dh2 />, and it has a variety of other names, including ''traditional'', ''shared-secret'', ''secret-key'', or ''conventional'' encryption.  In symmetric two-way encryption, both the sender and receiver must have the key, and potential intruders must not be allowed to obtain the key.  With this kind of encryption alone, it would not be possible to open up a new secure connection on the internet, because there would be no safe way initially to transmit the shared key to the other end of the connection without intruders being able to intercept it.   


One example of a private-key algorithm is DES (Data Encryption Standard).  DES uses a 24-character string for a key.  The DES key is treated as a pass phrase to derive a 192-bit byte array, which is the actual key.    To implement the Triple-DES algorithm, for example, encryption occurs three times: first, the plain text is encrypted; then, the encrypted result is encrypted; and then, the intermediate encryption is encrypted.  The output is a 192-bit encrypted string (known as 192-bit encryption).  The more bits in the key, the longer it takes a brute-force search to find the key.  A 192-bit key has 6.3 x 10 raised to the 57th degree possible keys.  A brute-force search of all possible keys would likely take a long time.
One example of a private-key algorithm is DES (Data Encryption Standard).  DES uses a 24-character string for a key.  The DES key is treated as a passphrase to derive a 192-bit byte array, which is the actual key.    To implement the Triple-DES algorithm, for example, encryption occurs three times: first, the plain text is encrypted; then, the encrypted result is encrypted; and then, the intermediate encryption is encrypted.  The output is a 192-bit encrypted string (known as 192-bit encryption).  The more bits in the key, the longer it takes a brute-force search to find the key.  A 192-bit key has 6.3 x 10 raised to the 57th degree possible keys.  A brute-force search of all possible keys would likely take a long time.


One practical consideration for using private key encryption is where, and how, to safely store the key on the computer so that intruders will not be able to obtain it, if they should gain access to the machine.  Simply storing the key unencrypted in a file or database is a poor strategy.  Hard coding it inside a program is also risky because it could be fished out using a decompiler or debugger.  A preferable strategy would be to encrypt the private key and store it in a file that is protected by the file system; this way, only authorized users of the system should be able to read the file.  But then, where should one store the key used to encrypt the private key?  It becomes a recursive problem.
One practical consideration for using private key encryption is where, and how, to safely store the key on the computer so that intruders will not be able to obtain it, if they should gain access to the machine.  Simply storing the key unencrypted in a file or database is a poor strategy.  Hard coding it inside a program is also risky because it could be fished out using a decompiler or debugger.  A preferable strategy would be to encrypt the private key and store it in a file that is protected by the file system; this way, only authorized users of the system should be able to read the file.  But then, where should one store the key used to encrypt the private key?  It becomes a recursive problem.


====Public-key encryption====
====Public-key encryption====
In ''public key'' encryption, a user has their computer produce two different keys: one key is the “public” key used only for encryption, and the other key is the "private" key used only for decryption. The public key can only be used to encrypt, and the user sends this public key to a stranger.  The stranger uses the public key to encrypt messages and send them back to the user, who then uses the private key to decrypt the received message.  ''Public key'' encrypion is also sometimes called ''asymmetric'' encryption.
Asymmetric two-way encryption, also known as ''public key'' encryption, is where one key (the public one) is used for encrypting and a different key (private to one computer) is used for decrypting. This allows users on a computer network to send their public ''encrypt'' key to strangers, who can then use it to send messages back to them.  The keys used in public key/asymmetric systems are quite different from the string keys used for private key/symmetric messaging.  An asymmetric key is a structure with eight fields, two for encrypting and six for decrypting.  The public version is derived from the private key by copying only the two encrypt fields into a new key version and blanking out the six decrypt fields.


Unlike private key encryption which assumes both sender and receiver already know the private key, public-key exchange allows you to securely issue a key to anyone so that person can then send you encrypted information.  Only you can decrypt the information; an intruder with the public key cannot read the encrypted message.
Unlike private key encryption which assumes both sender and receiver already know the private key, public-key exchange allows you to securely issue a key to anyone so that person can then send you encrypted information.  Only you can decrypt the information; an intruder with the public key cannot read the encrypted message.
The keys used in "public key" systems are quite different from the string keys used for "private key" systems.  In "public key" systems, each key is a structure with eight fields.  The private key has all the fields populated (six are used for decrypting, and two for encrypting).  The public version is derived from the private key by copying only the two encrypt fields into a new key version and blanking out the six decrypt fields.


An example of a public-key encryption algorithm is RSA (which stands for Rivest, Shamir, and Adleman, its developers' last names).  RSA can encrypt a message of only 116 bytes (58 unicode chars).  The primary usage of public-key encryption is to securely pass a private key when first opening a channel across a network.  The private key is then installed (hidden), and after this initial setup, all further communication is done by private key encryption, which does not have the same message size limitation as public key encryption (and is also faster).
An example of a public-key encryption algorithm is RSA (which stands for Rivest, Shamir, and Adleman, its developers' last names).  RSA can encrypt a message of only 116 bytes (58 unicode chars).  The primary usage of public-key encryption is to securely pass a private key when first opening a channel across a network.  The private key is then installed (hidden), and after this initial setup, all further communication is done by private key encryption, which does not have the same message size limitation as public key encryption (and is also faster).
Line 25: Line 23:
<references>
<references>


<ref name="dh2">
<ref name=dh2>
Whitfield Diffie and Martin Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory, vol. IT-22, Nov. 1976, pp: 644-654. ([http://citeseer.ist.psu.edu/rd/86197922%2C340126%2C1%2C0.25%2CDownload/http://citeseer.ist.psu.edu/cache/papers/cs/16749/http:zSzzSzwww.cs.rutgers.eduzSz%7EtdnguyenzSzclasseszSzcs671zSzpresentationszSzArvind-NEWDIRS.pdf/diffie76new.pdf pdf])
Whitfield Diffie and Martin Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory, vol. IT-22, Nov. 1976, pp: 644-654. ([http://citeseer.ist.psu.edu/rd/86197922%2C340126%2C1%2C0.25%2CDownload/http://citeseer.ist.psu.edu/cache/papers/cs/16749/http:zSzzSzwww.cs.rutgers.eduzSz%7EtdnguyenzSzclasseszSzcs671zSzpresentationszSzArvind-NEWDIRS.pdf/diffie76new.pdf pdf])
</ref>
</ref>


</references>
</references>

Latest revision as of 08:41, 28 September 2023

This article is a stub and thus not approved.
Main Article
Discussion
Definition [?]
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

Two-way encryption is used to obscure the contents of messages being sent back and forth between two end points on the internet. It is two-way because text messages are encrypted before sending and then decrypted at the other end of the transmission channel. Two-way encryption differs from one-way encryption (hashing) in which an encrypted string such as a password cannot be decrypted again.

Encryption for a two-way transmission channel is said to be symmetric or asymmetric, depending on whether a single key is used to encrypt and decrypt (symmetric), or whether two different keys are used, one to encrypt and the other to decrypt (asymmetric). When two keys are available, each end point always keeps its decrypt key secret, but openly sends its encrypt key to strangers so that strangers can send private (encrypted) messages back.

Asymmetric (2-key) encryption is slower than symmetric (1-key) encryption; it is used only to set up a symmetric (1-key) transmission channel between two different end points on the internet.

Private-key encryption

Symmetric two-way encryption, also known as private key encryption, is where both the sender and the receiver use the same key to encrypt and decrypt, and no one else is given the key. It was the only kind of two-way encryption publicly known until 1976[1], and it has a variety of other names, including traditional, shared-secret, secret-key, or conventional encryption. In symmetric two-way encryption, both the sender and receiver must have the key, and potential intruders must not be allowed to obtain the key. With this kind of encryption alone, it would not be possible to open up a new secure connection on the internet, because there would be no safe way initially to transmit the shared key to the other end of the connection without intruders being able to intercept it.

One example of a private-key algorithm is DES (Data Encryption Standard). DES uses a 24-character string for a key. The DES key is treated as a passphrase to derive a 192-bit byte array, which is the actual key. To implement the Triple-DES algorithm, for example, encryption occurs three times: first, the plain text is encrypted; then, the encrypted result is encrypted; and then, the intermediate encryption is encrypted. The output is a 192-bit encrypted string (known as 192-bit encryption). The more bits in the key, the longer it takes a brute-force search to find the key. A 192-bit key has 6.3 x 10 raised to the 57th degree possible keys. A brute-force search of all possible keys would likely take a long time.

One practical consideration for using private key encryption is where, and how, to safely store the key on the computer so that intruders will not be able to obtain it, if they should gain access to the machine. Simply storing the key unencrypted in a file or database is a poor strategy. Hard coding it inside a program is also risky because it could be fished out using a decompiler or debugger. A preferable strategy would be to encrypt the private key and store it in a file that is protected by the file system; this way, only authorized users of the system should be able to read the file. But then, where should one store the key used to encrypt the private key? It becomes a recursive problem.

Public-key encryption

Asymmetric two-way encryption, also known as public key encryption, is where one key (the public one) is used for encrypting and a different key (private to one computer) is used for decrypting. This allows users on a computer network to send their public encrypt key to strangers, who can then use it to send messages back to them. The keys used in public key/asymmetric systems are quite different from the string keys used for private key/symmetric messaging. An asymmetric key is a structure with eight fields, two for encrypting and six for decrypting. The public version is derived from the private key by copying only the two encrypt fields into a new key version and blanking out the six decrypt fields.

Unlike private key encryption which assumes both sender and receiver already know the private key, public-key exchange allows you to securely issue a key to anyone so that person can then send you encrypted information. Only you can decrypt the information; an intruder with the public key cannot read the encrypted message.

An example of a public-key encryption algorithm is RSA (which stands for Rivest, Shamir, and Adleman, its developers' last names). RSA can encrypt a message of only 116 bytes (58 unicode chars). The primary usage of public-key encryption is to securely pass a private key when first opening a channel across a network. The private key is then installed (hidden), and after this initial setup, all further communication is done by private key encryption, which does not have the same message size limitation as public key encryption (and is also faster).

Notes

  1. Whitfield Diffie and Martin Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory, vol. IT-22, Nov. 1976, pp: 644-654. (pdf)