Editor's note: This article originally appeared on May 22, 1998. !()
It's always been difficult to keep secrets. It's even more difficult when necessity forces you to write those secrets down and move them around the Internet, whose open systems make it easy for eavesdroppers to glance at the information we send over the wires.
| Encryption is at the heart of most digital commerce done over the Internet. |
The email you send on the Net is essentially a digital postcard. A nosy mailman or neighbor can glance at what's written on it as it visits the many stops along the route from the sender to the receiver's mailbox. We currently rely on the sheer volume of traffic to keep our email private-- security by obscurity. Not exactly the best way to ensure that sensitive information doesn't get widely distributed to the wrong people.
So how are we going to get any measure of privacy on the Internet? The answer lies in an arcane science known as cryptography.
Cryptography is the process of storing information in a form that appears "scrambled" or hidden from all but authorized viewers. The original message, known as plaintext, is scrambled using a software application called an encryption engine. The engine takes this plaintext and applies other data (usually mathematic) known as a key to create the scrambled message, which is called ciphertext. To unscramble the ciphertext, the recipient needs to have access to the key and decryption software.
The encryption process can be as simple as substituting numbers for letters: A=1, B=2, C=3 and so on. You would then provide the key to the people whom you wanted to read the encrypted text.
Most forms of encryption used for military purposes in the first half of the century involved a more complicated kind of substitution, but it was essentially the same process. In World War II the German forces used a mechanical encryption tool known as the Enigma machine, which transposed letters of the alphabet. The Allies broke the Enigma machine code thanks to the work of Polish and British mathematicians.
Limitations of encryption
With modern encryption, plaintext tends to be scrambled by computers using complex mathematic algorithms that are only theoretically breakable by a concerted effort involving supercomputers over a long period of time. So far, no encryption has proven absolutely secure, just practically secure.
But there's a problem with this kind of cryptography: How do you get the key to the people to whom you want to send encrypted messages? Ideally, you'd physically hand the key to the person with whom you wanted to communicate. But that isn't practical in most cases, especially for commercial transactions like Internet shopping or international communications between people who have never met. The problem is compounded by the fact that in order to be sure that people whom you had previously sent messages to wouldn't be able to read messages you didn't want them to see, you'd need a new key for each transaction.
That's where a relatively new form of encryption enters the picture: public key encryption, invented in the early 1970s by Whitfield Diffie and Martin Hellman. Previously, cryptography was a closely guarded science practiced by governments and a handful of shady characters with quasi-govermental roles. Its applications were largely military with only a few business uses. With public key encryption, cryptography exploded right alongside the personal computer revolution.
Public key encryption
In most encryption, the key for encrypting a message is the same as the key for decrypting it. What public key encryption does is to split the key into two parts: a public key (widely distributed and available in public directories) and a private key (held as private, like your ATM PIN code).
Someone using your public key to encrypt a message to you is assured that only you can read that message, decrypting it using your private key. You never have to meet that other person or worry that they can read other messages encrypted with your public key. They can only "lock" the message they send, not "unlock" it.
This public key can be used for another purpose, however. Messages encrypted using your private key can be decrypted by this public key, creating what's called a "digital signature" that can be used to verify the authenticity of digital exchanges.
The importance of cryptography
Encryption is at the heart of most digital commerce done over the Internet. However, encryption tools haven't been particularly intuitive. To make encryption easy to use, it needs to be transparent to users. So the standards organizations that control the Net's protocols are trying hard to push the encryption technology right into the network itself. In the meantime, only a few commercial products exist for consumer use.
Part of the reason for the slow spread of encryption is that, under pressure from law enforcement agencies that view strong encryption as a threat to their ability to investigate crimes and terrorism, the goverment has classified this technology under the same export restrictions reserved for weapons and munitions. But privacy advocates and business interests point out that the technology is already available internationally, and imposing restrictions on them is simply closing the barn door after the horses have gone.
In any case, more and more of our private information is making its way into public places, thanks to the spread of the Internet and other digital networks. When used to secure information ranging from credit cards to love letters, encryption allows a modicum of privacy in an increasingly public world. Cryptography is no longer a spy-vs-spy tool, but the cornerstone of an emerging digital marketplace.
Cryptography as a science has been shrouded in the dark cloak of espionage and war, but that's not all it's been used for.
| Crypto, in the form of Navajo codetalkers, has even made an appearance on The X-Files. |
Crypto techniques were employed to decipher Mayan hieroglyphs.
It was an intellectual toy to Elizabethans like Sir Francis Bacon, who wrote an essay on ciphers, created a kind of cipher that bears his name, and led a few academics to believe he was responsible for some (if not all) of Shakespeare's plays.
Cryptography was used during the 1930s and 1940s on radio shows like Captain Midnight for prizes like the Ovaltine Secret Squadron Decoder ring. The show would broadcast "secret messages" that could only be unscrambled using the required decoder ring, one of the most popular premium prizes of all time.
Crypto, in the form of Navajo codetalkers, has even made an appearance on The X-Files. So now you know it's hit the mainstream.
Mayan Hieroglyphs and cryptography
Bacon as the author of Shakespeare's plays
TheBestVPN.com - Software to keep your data secure