Re: So-so top-level review of crypto role in IS

Adam Cain (acain@ncsa.uiuc.edu)
Wed, 4 Sep 1996 22:50:04 -0500


This article serves as a good reminder of how dangerous a little knowledge
can be.

> The key is the algorithm or mathematical formula that encodes the message
> itself. It must be sent to the message recipient so the message can be
> decoded, hence the term key.

Ummm......

> The size of the key, measured in bits, determines how complex the algorithm
> is and how tough the code is to crack. The state of the art for encryption
> technology used exclusively within the United States is 1,024 bits. However,
> the maximum size key that is allowed to be exported is 40 bits.

I think this reporter needs a few more bits.

> Keys come in two flavors: symmetrical, or public key model; and asymmetrical,
> or public key/private key model.

Survey says.....BZZZZZZT!!

> A symmetrical key uses the same algorithm to encode and decode a message.
> This is the technique used by the public key encryption program Pretty Good
> Privacy (PGP).

Uh oh, I think I see where this is going.... Julie, stop typing for a second...

> PGP assumes what security experts call the peer trust model. That is, the
> sender knows and trusts the receiver and is therefore perfectly comfortable
in
> sending the key on its way. Herein lies the "pretty good" part of the
> privacy. Although the algorithm itself makes the message difficult to crack,
> the key exchange is only pretty good when compared with other methods.
>
> On the other hand, the great advantage to PGP is that it creates no key
> management overhead, which is the biggest drawback of asymmetrical keys.

Damn, too late. Ok, don't move -- who knows how far down that chasm goes!
I'll go get a rope...

> RSA uses
> a technology that is actually an adaptation of the decade-old National
> Institute of Standards and Technology's peer-trust Data Encryption Standard
> (DES), still used in many products. DES is a method of grabbing random keys
> for each encryption task, rather than using the same key repeatedly.

and for heaven's sake, stop smoking that!

> Enter the certificate, also called the digital signature.

Oh brother...look, here's the rope. You know what to do. I gotta get
back to my own planet before anyone notices.