ARCHIVED: What is cryptography, and where can I find more information about it?

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

Cryptography is the science of enabling secure communications between a sender and one or more recipients. It is a centuries-old discipline with documented examples dating back to the time of Julius Caesar. Today, many highly sophisticated and evolved techniques are in the cryptographer's toolbox; all have the intent of providing one or more of these services:

  • Data confidentiality concerns who can read and understand a message that is exchanged between sender and receiver. Confidentiality is achieved through the use of cryptosystems, that is, companion encryption and decryption algorithms that respectively lock and unlock the contents of a message. Prior to encryption, the message is said to be in plaintext form. After encryption, it is usually called ciphertext.
  • Data integrity describes the condition of a message upon receipt, as compared to its original state before transmission. Hostile intermediate parties that handle a message can easily add to, remove from, or modify its contents. Cryptographic integrity checks provide a kind of super-sensitive "mathematical armor" for messages; the slightest tampering causes readily visible chinks to appear.
  • Sender authentication alleviates a problem commonly known as message forgery or message spoofing. Just as a printed memo can easily originate from someone other than its purported sender, so can its electronic counterpart. Of course, the former can be prevented by affixing a handwritten signature to the message; similarly, it is possible to generate a digital signature for an electronic message. Unlike a scribed autograph, however, a digital signature is mathematically infeasible to forge.
  • Non-repudiation of origin empowers a message recipient to unequivocally prove to a third party from whom a particular message originated. In other words, if Alice receives a message from Bob, and their cryptographic method provides non-repudiation of origin, then Alice can prove to Carol that Bob (and not someone other than he) was indeed the sender.

Email applications in particular benefit greatly from these cryptographic techniques. A world-famous program called PGP (Pretty Good Privacy) is available for no cost to qualified Internet participants. PGP runs on most contemporary common platforms, including Unix, Windows, Macintosh, MS-DOS, and VMS. Also attractive to some are the various programs which implement the S/MIME standards or Privacy Enhanced Mail (PEM) standards, such as one called RIPEM. These programs are also available for the prevalent computing platforms. Although you can use PGP, S/MIME, or PEM to securely exchange email within and without the IU computing environment, UITS does not support them at this time.

You can find a wealth of information about cryptography on the Internet. The following links provide a good start: 

  http://www.faqs.org/faqs/cryptography-faq/

  http://w2.eff.org/effector/effect04.05

Additionally, for those most interested in the applications of this important science, UITS recommends Bruce Schneier's landmark book Applied Cryptography (John Wiley & Sons, ISBN 0-471-12845-7, 2nd edition).

Related documents

Avoid getting in trouble with email About secure websites and SSL/TLS certificates

This is document agds in the Knowledge Base.
Last modified on 2023-09-22 17:07:21.