Encryption

Heather McKnight and Kenya Woods

Updated: 4/3/2000

Encryption is the use of codes to make communications unreadable. Once a message is encrypted, it can only read by the intended recipient. The recipient uses a "key," to decrypt the message, to decode it and transform the data back into its original, readable form. For all but the simplest types of encryption, a mathematical formula called an algorithm allows this to happen.

Once employed primarily by the military, today encryption is used extensively by businesses, the government, and private individuals who want their email messages protected from prying eyes. This is especially true on the Internet, where email messages are routed around open networks &emdash; sometimes aroundthe world &emdash; on the way to their destinations. Without encryption, these messages are like postcards dropped into the mail, easily read by anyone who happens to see it. With encryption, no matter who comes in contact with the message, it is unreadable, except by the intended recipient who can decode it.

A Brief History of Encryption

 

Encryption actually has a long history &emdash; a very long history: According to David Kahn's The Codebreakers, the first example of cryptography occurred around 1900 BC in Egypt. And people have been using codes of various complexity ever since to disguise of all kinds of messages. In fact, Thomas Jefferson himself developed an elaborate code system, earning him the title of father of U.S. cryptography (the science of encryption). Cryptography became a serious issue when the telegraph was invented, and it was heavily pursued during the Second World War, when digital computers were invented to crack codes. (Many people feel the Allies might not have won the war were it not for their unbreakable code system &emdash; which turned out to be nothing high-tech at all; rather it consisted simply of Navajo Indians exchanging messages in their native language!)

Until the 1960s, the right to create and break codes was thought to belong to the government. It is believed that the NSA, the secret U.S. spy agency, was responsible for protecting classified information, and for decoding foreign communications. However, in the late '60s, IBM established a cryptography research group, and developed an encryption system named "Lucifer," which became a successful commercial product. "Lucifer" was controversial, for many in the government felt the private sector did not need or deserve cryptography.

Other companies also began developing encryption systems, and there soonarose a need for a common encryption standard. In 1973, the National Bureau of Standards (now known as the National Institute of Standards and Technology, or NIST) selected the Data Encryption Standard algorithm (known as DES) to serve as this common standard.

 

DES (Data Encryption Standard) (working, 4/3, HMM)

DES employed a 56-bit encryption key. (An "encryption key" is a phrase used to encrypt a message.) A 56-bit key was a strong one at the time -- there are 472,058,000,000,000,000 (or 2 to the 56th power) possible combinations thatmight be used to "unlock" such a key! A message encrypted with DES should take a long time to crack! Yet, despite its sophistication, when DES was authorized in 1976 for use on all "unclassified" government communication, many people worried that the government could still gain unwarranted access to private communications. These suspicions did not prevent DES from being adopted, and it is now the standard used by banks to wire funds and operate ATM machines. Though technically unbreakable in 1976, DES is now essentially obsolete.

 

RSA (working, 4/3, HMM)

In 1977, as an alternative to DES, Ron Rivest, Adi Shamir, and Leonard Adelman introduced RSA, a "public key" encryption standard. (The name was created from the initials of their last names.) Improving on DES's single key structure, RSA provided double keys. A user generates both of these keys; one of them &emdash; the "public key" &emdash; is distributed openly, like a phone number, posted to an Internet Public Key Server. Anyone can use this public key to send encrypted email to the key's owner, who then uses his or her second, "private key" to decrypt the message.

 

PGP (working, 4/3, HMM)

But RSA proved to be unwieldy, its operations too complex for anything but scientific computers. So in 1986, programmer Phil Zimmermann set out to create a program that would allow the implementation of RSA on lowly PCs.

The result was Pretty Good Privacy, a 128-bit public key encryption program. PGP was the subject of intense debate and even legal action when it was posted on the Internet for the world to see &emdash; and download &emdash; violating U.S. export law. 

PGP is now available both in commercial and freeware products and is one of the most widely used encryption programs on the Internet

Advantages and Disad

vantages (did not work, 4/3, HMM)

Government Policy on Encryption

Current U.S. policy restricts the export of strong encryption hardware or software products with keys greater than 40 bits long--determined to be gravely inadequate by numerous experts. The current Administatration proposal, which would allow the export of 56-bit encryption, is viewed as not meeting the needs of U.S. companies to conduct business in a secure manner with their suppliers, their business partners, their customers, and even their affiliated companies outside the United States.

 The Safe Act ensures that all Americans use escrow, by prohibiting the domestic manufacture, sale and importation of any encryption product unless the government is given immediate acces to the plaintext of communications and stored files without the knowledge of the user. It further requires that any encryption product manufactured or sold in interstate commerce, or imported into the United States, shall include features that permit immediate access (pursuant to appropriate judicial process) to the plaintext of communications or electronic informationencrypted by such product without the knowledge or cooperation of the person using such product.

Gives law enforcement the tools need they need and to ensure that the American people have the access to unregulated domestic encryption. Under the Markey-White Amendment, domestic encryption cannot be regulated by the Federal government or by the States. The Markey-White Amendment creates a National Electronic Technologies Center (NET Center)which would assist law enforcement in research and would provide assistance to federal, state,and local law enforcement agencies in coping with encryption encountered in the course of investigations. The amendment also would direct the National Telecommunications and Information Administration (NTIA) to conduct a study of the implications of mandatory key recovery, such as the cost associated with mandatory key recovery. The amendment also gets tough on criminals who use encryption to commit or hid their crimes by doubling the fines and penalties for the use of encryption in the furtherance of a federal felony. The amendment passed 40-11.

Future of Encryption

ITAR Controversy

http://strobe.weeg.uiowa.edu/~dlehman/6k180/Group10/Future.htm (did not work, 4/3, HMM)

The future of commercial encryption

http://roscoe.law.harvard.edu/HyperNews/get/courses/techseminar96-13/7.html (did not work, 4/3, HMM)

Tetrads: Future Data Encryption

http://edie.cprost.sfu.ca/~hempell/tetrad/pgp.html (working, 4/3, HMM)

Why is Encryption Important to You?

http://strobe.weeg.uiowa.edu/~dlehman/6k180/Group10/importance.htm (did not work, 4/3, HMM)