Cryptography is the science and art of secret writing - keeping information secret. When applied in a computing environment, cryptography can protect data against unauthorized disclosure; it can authenticate the identity of a user or program requesting service; and it can disclose unauthorized tampering. In this chapter, we'll survey some of those uses, and present a brief summary of encryption methods that are often available in UNIX systems.
Cryptography is an indispensable part of modern computer security.
Knowledge of cryptography can be traced back to ancient times. It's not difficult to understand why: as soon as three people had mastered the art of reading and writing, there was the possibility that two of them would want to send letters to each other that the third could not read.
In ancient Greece, the Spartan generals used a form of cryptography so that the generals could exchange secret messages: the messages were written on narrow ribbons of parchment that were wound spirally around a cylindrical staff called a scytale . After the ribbon was unwound, the writing on it could only be read by a person who had a matching cylinder of exactly the same size. This primitive system did a reasonably good job of protecting messages from interception and from the prying eyes of the message courier as well.
In modern times, cryptography's main role has been in securing electronic communications. Soon after Samuel F. B. Morse publicly demonstrated the telegraph in 1845, users of the telegraph began worrying about the confidentiality of the messages that were being transmitted. What would happen if somebody tapped the telegraph line? What would prevent unscrupulous telegraph operators from keeping a copy of the messages that they relayed and then divulging them to others? The answer was to encode the messages with a secret code, so that nobody but the intended recipient could decrypt them.
Cryptography became even more important with the invention of radio, and its use in war. Without cryptography, messages transmitted to or from the front lines could easily be intercepted by the enemy.
As long as there have been code makers, there have been code breakers. Indeed, the two have been locked in a competition for centuries, with each advance on one side being matched by counter-advances on the other.
For people who use codes, the code-breaking efforts of cryptanalysts pose a danger that is potentially larger than the danger of not using cryptography in the first place. Without cryptography, you might be reluctant to send sensitive information through the mail, across a telex, or by radio. But if you think that you have a secure channel of communication, then you might use it to transmit secrets that should not be widely revealed.
For this reason, cryptographers and organizations that use cryptography routinely conduct their own code-breaking efforts to make sure that their codes are resistant to attack. The findings of these self-inflicted intrusions are not always pleasant. The following brief story from a 1943 book on cryptography demonstrates this point quite nicely:
Modern digital computers are, in some senses, the creations of cryptography. Some of the first digital computers were built by the Allies to break messages that had been encrypted by the Germans with electromechanical encrypting machines. Code breaking is usually a much harder problem than code making; after the Germans switched codes, the Allies often took several months to discover the new coding systems. Nevertheless, the codes were broken, and many historians say that World War II was shortened by at least a year as a result.
Things really picked up when computers were turned to the task of code making. Before computers, all of cryptography was limited to two basic techniques: transposition , or rearranging the order of letters in a message (such as the Spartan's scytale), and substitution , or replacing one letter with another one. The most sophisticated pre-computer cipher used five or six transposition or substitution operations, but rarely more.
With the coming of computers, ciphers could be built from dozens, hundreds, or thousands of complex operations, and yet could still encrypt and decrypt messages in a short amount of time. Computers have also opened up the possibility of using complex algebraic operations to encrypt messages. All of these advantages have had a profound impact on cryptography.
In recent years, encryption has gone from being an arcane science and the stuff of James Bond movies, to being the subject of debate in several nations (but we'll focus on the case in the U.S. in the next few paragraphs). In the U.S. that debate is playing itself out on the front pages of newspapers such as The New York Times and the San Jose Mercury News.
On one side of the debate are a large number of computer professionals, civil libertarians, and perhaps a majority of the American public, who are rightly concerned about their privacy and the secrecy of their communications. These people want the right and the ability to protect their data with the most powerful encryption systems possible.
On the other side of the debate are the United States Government, members of the nation's law enforcement and intelligence communities, and (apparently) a small number of computer professionals, who argue that the use of cryptography should be limited because it can be used to hide illegal activities from authorized wiretaps and electronic searches.
This chapter does not address this question. Nor do we attempt to explore the U.S. Government's claimed need to eavesdrop on communications, the fear that civil rights activists have of governmental abuse, or other encryption policy issues. Although those are interesting and important questions - questions you should also be concerned with as a computer user - they are beyond the scope of this book. Instead, we focus on discussion of the types of encryption that are available to most UNIX users today and those that are likely to be available in the near future. If you are interested in the broader questions of who should have access to encryption, we suggest that you pursue some of the references listed in Appendix D, Paper Sources , starting with Building in Big Brother , edited by Professor Lance Hoffman.