25 would be like inviting them over to your office and giving them the keys to the filing cabinet and access to a photocopier.

2.2.1 A Brief History of Cryptography

A major tenet of the art and science of cryptography is that the transformation process must be a fairly quick one for the owner of the data the encryptor—otherwise it would be too slow to be useful—yet computationally difficult if intercepted for a hostile third party to reverse. Hence, most algorithms that morph data for security purposes do so in a way that is programmatically complex. In this section, we will explore the world of ciphers from about five thousand feet up. We will cover some of the nastier mathematics that make encryption work, but we aim to do so in a fashion that wont leave you wanting a degree in higher math. The algorithms discussed here fall into three basic categories. The first category of algorithms uses a one-way transformation process to alter the clear text into ciphertext. These transformation programs are typically referred to as hash algorithms. The value of hashes and message digests is that they are easy to compute but hard to reverse, and rarely repeat. Hashes dont normally have keys associated with them, as do the next two types of encryption techniques. The second and third types of encryption algorithms are the private key and public key cryptosystems. There are other common names for these encryption procedures, including asymmetric and symmetric algorithms, or one-key and two-key systems. All these terms refer to the same processes. The hash algorithms briefly discussed in the previous paragraph are sometimes referred to as no-key or zero-key encryption operations because, as the name would suggest, hash algorithms do not use a key. This brings us to the topic of randomness and why pure random numbers are extremely important to the application of these cryptographic concepts. The transmission of encrypted data over a network in a VPN typically requires a key exchange. This means that for each separate transaction between a client and a server, a new set of keys would be produced. Although this may seem unnecessary, it would be disastrous if the same fixed keys were always used and a third party were to gain access to them without the knowledge of either party, or if the message was recorded, cracked, and the keys reused. In essence, the key snoop would be able to decrypt all conversations until the key files were changed, which wouldnt happen unless the parties recognized the attack. To produce a cryptographically strong key on the fly, a computer must have access to a good pool of random numbers. Using something seemingly random, like transformations based on clock time, seconds past a certain fixed date, or other easily obtainable environmental conditions, proves to be an inadequate solution. If the attacker knows that the key generator uses the time of day for the key, it is highly likely that a constrained brute force approach could be used to help narrow the scope of the problem to one that is not computationally infeasible. Now lets discuss network security and the use of encryption with networking protocols to secure a data transit stream. We know that firewalls arent 100 airtight: attackers can still use social engineering like password guessing to gain access, circumvent your routers altogether by dialing in directly, or just stubbornly probe all avenues for entry in an