Home |  Forum |  Submit Software |  Submit Book |  Link to Us |  Contact us  |   Sitemap

  Topics
Software
Books
Network Basics
Glossaries
SNMP
Networking
Links
  Forums
SnmpTools.net forum
  Search for Software

  Other
Submit Software
Submit Book
Link to Us
Contact Us

 


  Visit ActiveSocket Web Site
  Download ActiveSocket Network Communication Toolkit

Secret Key Cryptography - an explanation

Cryptography allows secure communication over a general purpose insecure channel, such as the Internet.As you would imagine, the longer the key length, the more secure the encryption. Going back to our simple cipher, if our single digit key is represented by a letter of the alphabet, a potential hacker only has to try 26 possible combinations in order to crack the cipher using brute force.

Now, if we increased the length of the key and wrote it beneath our original message (repeating the key over and over until it was equal to the length of the message), each character in the key would represent a different shift for the letter above.

Of course, if short keys are used, then repeating patterns may begin to emerge in the message - the most secure method is to use a key the same length as the message itself, but this is impractical in real life situations. Combine long keys with sophisticated algorithms, however (something a little more complex than “shift each letter of the message by the value of the key character beneath”) and you are in business.

Unfortunately, “secret key” or “symmetric key” cryptography (as it is known) clearly relies on both parties involved having access to the same secret key, since the sender uses the key to encrypt the message, and the receiver uses the same key (together with the same algorithm in reverse) to decrypt the message. This naturally introduces a potential problem – how do we ensure that the key is distributed in a secure manner?

If we have regular contact with the person, we can pass the key face to face – you cannot get much more secure than that. In business terms, secret keys (such as bank PIN numbers) are often distributed by mail in special tamper-proof envelopes, or can be encapsulated in hardware devices such as smart cards, where the issuing authority never gives the customer access to the key information at all.

But in the case of one-off Internet transactions with hitherto unknown parties, we do not have that luxury, since as a result of the unique key-pair arrangement between the two parties, it is impossible to exchange data with someone to whom you have not already been “introduced”. Neither of you has a shared secret key, and there is no secure channel over which to exchange one. For this reason, secret key cryptography works best when a single issuing authority is maintaining a service for a user base where there is some kind of registration process that takes place prior to the exchange of information.