Encryption is a process by which a message (called plaintext ) is transformed into another message (called ciphertext ) using a mathematical function and a special encryption password, called the key .
Decryption is the reverse process: the ciphertext is transformed back into the original plaintext using a mathematical function and a key.
The process of encryption and decryption is shown in basic terms in Figure 6.1 . Here is a simple piece of plaintext:
Encryption can make UNIX more secure.
This message can be encrypted with an encryption algorithm known as the Data Encryption Standard ( DES ), which we describe in a later section, and the key nosmis to produce the following encrypted message:
When this message is decrypted with the key nosmis, the original message is produced:
Encryption can make UNIX more secure.
If you tried to decrypt the encrypted message with a different key, such as gandalf, you might get the following:
M-&u=:;M-X^G?M-MM-^MM- M-,M-kM-^?M-R8M-}}pM-?^M^^M-l^ZM-IM-^U0M-D^KM-eM- hM-yM-^M-^]M-mM-UM-^ZM-@^^N
Indeed, the only way to decrypt the encrypted message and get printable text is by knowing the secret key nosmis . If you don't know the key, and you don't have access to a supercomputer, you can't decrypt the text. If you use a strong encryption system, even the supercomputer won't help you.
Encryption can play a very important role in your day-to-day computing and communicating:
Despite these advantages, encryption has its limits:
For all these reasons, encryption should be viewed as a part of your overall computer security strategy, but not as a substitute for other measures such as proper access controls.
There are many different ways that you can use a computer to encrypt or decrypt information. Nevertheless, each of these so-called encryption systems share common elements:
Different forms of cryptography are not equal. Some systems are easily circumvented, or broken . Others are quite resistant to even the most determined attack. The ability of a cryptographic system to protect information from attack is called its strength . Strength depends on many factors, including:
The goal in cryptographic design is to develop an algorithm that is so difficult to reverse without the key that it is at least roughly equivalent to the effort required to guess the key by trying possible solutions one at a time. We would like this property to hold even when the attacker knows something about the contents of the messages encrypted with the cipher. Some very sophisticated mathematics are involved in such design.
You might wonder why you need encryption if you are already using an operating system similar to UNIX that has passwords and uses file permissions to control access to sensitive information. The answer to this question is a single word: the superuser .
A person with access to the UNIX superuser account can bypass all checks and permissions in the computer's filesystem. But there is one thing that the superuser cannot do: decrypt a file properly encrypted by a strong encryption algorithm without knowing the key.
The reason for this limitation is the very difference between computer security controls based on file permissions and passwords, and controls based on cryptography. When you protect information with the UNIX filesystem, the information that you are trying to protect resides on the computer "in the clear." It is still accessible to your system manager (or someone else with superuser access), to a malicious computer hacker who manages to find a fault with your computer's overall security, or even to a thief who steals your computer in the night. You simply can't ensure that the data on your computer will never fall into the wrong hands.
When you protect information with encryption, the information is protected by the secrecy of your key, the strength of the encryption algorithm, and the particular encryption implementation that you are using. Although your system manager (or someone who steals your computer) can access the encrypted file, they cannot decrypt the information stored inside that file.