Security Considerations 147 There are two types of
Security Considerations 147 There are two types of encryption: symmetric encryption and public-key encryption. Symmetric Encryption Symmetric encryption, also referred to as secret-key encryption, uses the same key for encryption and decryption of data. Data Encryption Standard (DES) is a common example of this method. DES is a complex algorithm developed by IBM in the 1970s and approved by the U.S.Bureau of Standards in 1976.While it s relatively easy to crack this 56-bit algorithm (the DES Challenge III, a cracking effort sponsored by RSA Data Security, lasted for only 22 hours until the encrypted message was deciphered), it can still be used to encrypt non-critical data. Some data just needs to be hidden from normal system users and not be encrypted in a cryptographically secure way it s a matter of cost versus benefit. Using symmetric encryption, both sender and receiver of an encrypted message have to know the secret key phrase (the password). If only two people are involved in the exchange of messages, this is no problem. But consider a system with 100 subscribers, any of whom should be able to communicate in secret with the others. If the system used a single key phrase, user Joe couldn t verify in a secure manner that a message had been sent by user Jane.To allow this,every user would need to have a distinct key phrase and every user would need to know all the other users key phrases. Ninety-nine key phrases from others to manage, let alone remember that doesn t sound like fun at all. The main problems of secret-key cryptography are that the number of key phrases increases with the number of users in the system, and that each user must keep as many keys as there are users. Public-Key Encryption Consider the 100-user system just discussed in the preceding section. Instead of requiring 99 other users to know his secret key, Joe makes a key publicly available and maintains one private,secret key.Any of the 99 other users could now use the public key to encrypt a message and send it to Joe and only Joe could decrypt it with his private key.There is an obvious flaw in this system:We ve lost authentication.Joe won t know who sent him the message because any user could have encrypted it.The sender of a message therefore needs to sign it with his private key so that the recipient can check it against the sender s public key to guarantee authenticity and integrity of the data.This system is called public-key cryptography, and the two most well-known algorithms for it are Diffie-Hellman and RSA (RSA stands for Rivest, Shamir, and Adleman, the inventors of the RSA cryptosystem). The main advantage of public-key over secret-key cryptography is the increased level of security and convenience. Private keys need never be transmitted to another party by contrast, secret-key cryptography requires the exchange of the secret key over a communications channel, raising the possibility for an attacker to discover the key by eavesdropping during transmission.
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP MySQL Web Hosting services