28 An example of a hash would be to take an input password, multiply it by 3.1415, divide by e 2.71828, mod the result by 7654321, and take the middle eight bytes. It would certainly be nasty to reverse this process without knowing anything about it. The NISTs National Institute of Standards and Technology proposed message digest function hash is called SHA, which stands for Secure Hash Algorithm. Ron Rivest hes the R in RSA created a set of hash algorithms, MD2 through MD5, which stand for Message Digests.

2.2.4.2 Secret key systems

The secret key cryptosystem takes as input a message of a variable length and a secret key by which the message is transformed into the ciphertext. In fact, from a distance the transformation is very similar to the hash algorithms. An important distinction is that a separate user-controlled variable is supplied to help encipher the data. Further, where the hash algorithm creates a fixed length result from a variable length input, the secret key system operates on successive fixed blocks of input using the fixed length key to produce a variable length result. Hash systems are for one-way checks, and secret key systems preserve the entire clear text so that the original text can be produced when needed. Because the secret key used in the equation is of a fixed length, using a key that is too short reduces the overall security of the system. Imagine using a key that is one byte long 8 bits; it shouldnt take a cryptoanalyst too long to run through the 256 possible keys that could be used to decrypt the data. Since the operation of encrypting the message uses fixed blocks of input, using a message block size of one byte would also be insecure because the cracker would only have to create a table of clear text to ciphertext pairs, once he knows that he could send his own data through the algorithm. As with hashing systems, the secret key system is designed to take a variable length clear text input and produce a random-looking similarly sized output. Further, changing the input by only one bit should change the output so that there is no way to trace a transformation from bit to bit. The randomness of the ciphered message suggests that at any given time, about half of all the bits in the resulting sequence are on and the other half are off. Secret key cryptography uses algorithms that effectively disperse the bits completely across the resulting output, and then mix them up by looping multiple times so that it becomes impossible to trace a given bit through the process and have any idea of what happened to it along the way. Typically, during the encryption process, there are several operations that can be found in use, including the substitution of input bits for other input bits, and the swapping of bit positions with other bit positions. DES, which stands for the Data Encryption Standard, was developed in 1977 by the National Bureau of Standards for low-grade U.S. government work and commercial applications. The standard was based on work done earlier by IBM that was codenamed the Lucifer Cipher. DES uses a 64-bit key, but trims the last bit off each of the eight bytes 8 bits each as a parity check, making the actual key size only 56 bits. Originally, DES was designed to be used in a hardware-only implementation, but since there has been phenomenal growth in semiconductor speeds in just the last few years, it is now just as practical to conduct in software. This was obviously beyond the intentions of its designers, who had their own agendas in mind. 29 IDEA, the International Data Encryption Standard, was originally developed by Xuejia Lai and James Massey of ETH Zuria. Contrary to DES, IDEA was designed to be much more efficient when implemented as a software application. Instead of operating on a 64-bit message block size, with a corresponding 64-bit key size, the IDEA code uses a 128-bit key to transform a 64-bit message block into a 64-bit result. Although the algorithm is very new compared with DES and even other secret key systems, it has proven to be quite secure, and probably superior to DES in the long run. Both DES and IDEA are similar in that they operate on data one chunk at a time, performing mathematical transforms based on substitutions and permutations.

2.2.4.3 Public key cryptosystems

Public key systems, on the other hand, are a collection of ciphers that do many different things. Some do digital signatures, some do key exchange, some do authentication but no encryption, and some do everything. However, they all have one general concept in common: there are always two components that are used for operation on the input data. One of the components is the private piece and one is dubbed the public piece. An interesting nugget of trivia is that it is irrelevant which actual piece is which mathematically, since the two are inverse operations of one another. The thing that separates the two is that the private piece is the part that is secreted away, while the other is distributed. Distributing both pieces would be like giving away your secret key with each bit of encrypted data you send.

2.2.4.4 Diffie-Hellman

The Diffie-Hellman algorithm, generally regarded as the oldest public key system, was based on the problem of how two entities could agree on a secret by using only public channels. It was the genesis of RSA, which we will discuss next, but it provides only a bare skeleton of secret exchange. Diffie-Hellman supports neither encryption nor digital signatures. You might be wondering, without those features, what value could it have? The Diffie-Hellman algorithm is typically used for quick key exchange. When software is programmed to change its key values every once in a while, or even with every transaction, having a quick way of producing a secret key that both parties know, even by using only a public channel, is required. This is where Diffie- Hellman excels. Imagine two famous people at either end of a restaurant, passing notes to each other that anyone can read along the way. These notes contain the information necessary for the two parties to agree upon a secret key, but its done so that no one looking at the slips of paper could know what that secret was. Nifty trick, eh? The Diffie-Hellman algorithm is based on a principle involving the concept of a strong prime number. Diffie-Hellmans weakness is that even though two parties can establish a secret key in a public arena, there could be a masquerader who effectively middlemans between the two parties, completely unobserved. By placing himself in the path, and by catching the right messages, the middleman doesnt need to actually know the secrets, but he can masquerade as the other by misdirection. Suppose an interloping party lets call him M could listen to party As initial request to B, and respond with Ms code pretending to be B. Further, M could copy the message, replace his code for As, and forward the message on to B to establish a faked conversation that way as well. In this manner, M would have successfully exchanged two secrets one with both A and B but without the knowledge of either. A and B think they are talking to each other, but they are really talking indirectly through M.