ActiveSocket Network Communication Toolkit - SNMP Get/GetNext/Set and SNMP Traps using Visual Basic .NET, Visual Studio .NET, ASP, ASP.NET, PHP, Delphi, ColdFusion and more
Visit ActiveSocket Web Site
Download ActiveSocket Network Communication Toolkit
Secret Key Cryptography - an explanation
Cryptography allows secure communication over a general purpose insecure channel, such as the Internet.As you would imagine, the longer the key length, the more secure the encryption. Going back to our simple cipher, if our single digit key is represented by a letter of the alphabet, a potential hacker only has to try 26 possible combinations in order to crack the cipher using brute force.
Now, if we increased the length of the key and wrote it beneath our original message (repeating the key over and over until it was equal to the length of the message), each character in the key would represent a different shift for the letter above.
Of course, if short keys are used, then repeating patterns may begin to emerge in the message - the most secure method is to use a key the same length as the message itself, but this is impractical in real life situations. Combine long keys with sophisticated algorithms, however (something a little more complex than “shift each letter of the message by the value of the key character beneath”) and you are in business.
Unfortunately, “secret key” or “symmetric key” cryptography (as it is known) clearly relies on both parties involved having access to the same secret key, since the sender uses the key to encrypt the message, and the receiver uses the same key (together with the same algorithm in reverse) to decrypt the message. This naturally introduces a potential problem – how do we ensure that the key is distributed in a secure manner?
If we have regular contact with the person, we can pass the key face to face – you cannot get much more secure than that. In business terms, secret keys (such as bank PIN numbers) are often distributed by mail in special tamper-proof envelopes, or can be encapsulated in hardware devices such as smart cards, where the issuing authority never gives the customer access to the key information at all.
But in the case of one-off Internet transactions with hitherto unknown parties, we do not have that luxury, since as a result of the unique key-pair arrangement between the two parties, it is impossible to exchange data with someone to whom you have not already been “introduced”.
Neither of you has a shared secret key, and there is no secure channel over which to exchange one. For this reason, secret key cryptography works best when a single issuing authority is maintaining a service for a user base where there is some kind of registration process that takes place prior to the exchange of information.