How Encryption Works
Prime Numbers - Encryption is based on prime numbers - two prime numbers to be exact. When multiplied together, two prime numbers will yield a product that is only divisible by one and itself – and those two prime numbers. These prime numbers are used in a complex algorithm to scramble (encrypt) a message or file. Thereafter, the two prime numbers are needed again in order to unscramble (decrypt) the message or file.
Size of the Prime Numbers - The size of prime numbers used dictate how secure the encryption will be. A message encrypted with prime numbers that are 5 digits in length (40-bit encryption) yields about 1.1 trillion possible results. A message encrypted with prime numbers that are 7 digits in length (56-bit encryption) yields about 72 quadrillion possible results. However using 128-bit encryption (16 digit numbers) yields 340,282,366,920,938,463,463,374,607,431,768,211,456 possible results. Mathematically, It would take a super computer testing 100 billion passwords per second, 107,829 billions years to break 128-bit encryption using brute force. (Today’s fastest chips can handle about 256 million encryptions per second.)
Time Needed To Crack - Mathematically speaking, based upon today’s top computing power 40-bit, 56-bit, 64-bit, and 128-bit encryption could be broken in 1 second, 19 hours, 7 months and 11,000 quadrillion years, respectively. This is why 128-bit encryption is the standard used world wide to protect financial transactions and sensitive data.
| Key Length
(bits) | 1995 | 2000 | 2005 |
| 40 | 68 seconds | 8.6 seconds | 1.07 seconds |
| 56 | 7.4 weeks | 6.5 days | 19 hours |
| 64 | 36.7 years | 4.6 years | 6.9 months |
| 128 | 6.7e17 millennia | 8.4e16 millennia | 1.1e16 millennia |
|
Table of time needed to break certain key sizes using hardware http://www.cs.bris.ac.uk/~bradley/publish/SSLP/chapter3.html |
It has been estimated that 128-bit encryption will be breakable in about 105 to 125 years (by the years 2109 to 2129).
Letters versus Numbers - You might be interested to know that four words selected at random are much more effective than 56 Bit encryption. According to Jeremy Bradley of the University of Bristol, a 7-character password (56-bit) has 1,028,071,702,528 possible results. However four random words yield a total of 390,625,000,000,000,000 possible results. His basis for this claim is explained here: http://www.cs.bris.ac.uk/~bradley/publish/SSLP/chapter3.html.
Symmetric-key versus Public-key
Most computer encryption systems used today fall in one of two categories: Symmetric-key encryption or
Public-key encryption. These concepts are described below:
Symmetric Key - In symmetric-key encryption, each computer has a secret key (code) that it can use to encrypt data that is sent back and forth. Symmetric-key requires that you know which computers will be talking to each other so you can install the key on each one.
Public Key - Public-key encryption uses a combination of a private key and a public key. The public key (makes the message public) is stored only on your computer, while the private key (makes the message private) is given to anyone who wants to communicate securely with you. A very popular public-key encryption utility is called Pretty Good Privacy (PGP), which allows you to encrypt almost anything. This product is discussed below.
PGP (Pretty Good Privacy)
PGP or Pretty Good Privacy was released on June 5, 1991. Developed by Phil Zimmerman, Phil first sent PGP to Allan Hoeltje and then Kelly Goen who in turn released PGP through Internet user groups. This set off an unexpected feeding frenzy. Volunteers around the world offered to help Phil port PGP to other platforms, add enhancements, and generally promote the product.
Fifteen months later, in September 1992, PGP 2.0 was released for MSDOS, Unix, Commodore Amiga, Atari, and a few other platforms, and in about ten foreign languages. Shortly thereafter US Customs took an interest in the case. At first the government tried to build a case against Phil for exporting weapons outside the US, and they frequently harassed him. By doing so the government helped propel PGP's popularity by igniting controversy that would eventually lead to the demise of the US export restrictions on strong cryptography. Today, PGP remains just about the only way anyone encrypts their email. And now there are a dozen companies developing products that use the OpenPGP standard, all members
You can download PGP for free, or purchase a more feature rich version at this web site: www.pgp.com. Here is a quick introduction into using PGP:
To start using PGP, launch the product and start the wizard to generate the encryption keys as shown below:
The PGP wizard shown above walks you through the process of creating your encryption keys.
PGP is based on public key cryptography, a widely accepted and highly trusted public key encryption system, by which you and other PGP users generate a key pair consisting of a 'private key' and a 'public key'. As its name implies, only you have access to your private key, but in order to exchange files with other PGP users you need a copy of their public key and they need a copy of yours. You use your private key to sign the file attachments you send to others and to decrypt the files they send to you. Conversely, you use the public keys of others to send them encrypted files and to verify their digital signatures. PGP won't route your e-mail over a Secure Socket Layer (SSL), but it will be unreadable by anyone other than you and the person to whom it is addressed. Keep in mind that encryption is for the message body only - it does not hide the subject line or the headers.
One popular implementation of public-key encryption is the Secure Sockets Layer (SSL). Originally developed by Netscape, SSL is an Internet security protocol used by Internet browsers and Web servers to transmit sensitive information. SSL recently became part of an overall security protocol known as Transport Layer Security (TLS).
Look for the "s" after "http" in the address whenever you are about to enter sensitive information, such as a credit-card number, into a form on a Web site
In your browser, you can tell when you are using a secure protocol, such as TLS, in a couple of different ways. You will notice that the "http" in the address line is replaced with "https," and you should see a small padlock in the status bar at the bottom of the browser window.
The padlock symbol lets you know that you are using encryption.
Public-key encryption takes a lot of computing, so most systems use a combination of public-key and symmetry. When two computers initiate a secure session, one computer creates a symmetric key and sends it to the other computer using public-key encryption. The two computers can then communicate using symmetric-key encryption. Once the session is finished, each computer discards the symmetric key used for that session. Any additional sessions require that a new symmetric key be created, and the process is repeated.
When PGP was first developed, it was absolutely understood that the only person capable of reading an e-mail encrypted with PGP was the e-mail recipient. Although this is unconfirmed, it is strongly suspected that since PGP was purchased from Phil Zimmermann, its developer, by Network Associates, Inc. (NAI) several years ago, it is quite possible that a 'master key' exists in the hands of both NAI and the U.S. Federal Government. Even with this in mind, PGP is just about the safest and most reliable method of encryption available. PGP Corporation provides the source code for PGP upon request and acceptance of a license agreement. Though not fully open-source, certain elements of PGP subject it to the General Public License so that modifications can be reviewed by customers and cryptography experts.
In October, 2001, NAI put PGP up for sale. With no buyers, in March of 2002 NAI dropped support and development of its PGP desktop encryption software.
On August 19, 2002, NAI sold PGP to PGP Corporation, a newly formed company. The deal gives the new company a line of encryption products based on the PGP algorithm, including PGPmail, PGPfile, PGPwireless, PGPkeyserver, for the Windows and Macintosh operating systems.
A full history of PGP can be found at www.pgp.com/company/pgphistory.html
Though a freeware version of PGP does exist, the End User License Agreement (EULA) is rather restrictive limiting it to home-based non-profit use. Freeware PGP set-up only takes a few minutes, but users should note these facts about the free version of PGP:
- Does not include automatic encryption of email file attachments
- Does not provide plug-in integration with Outlook, Outlook Express, and other email applications
- Does not operate with PGP Admin or other PGP deployment tools
GNUPG www.gnupg.org
Free Software Foundation, Inc. offers GnuPG, (GNU Privacy Guard) a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.
Conclusion
While freeware and open-source software may not be the solution for every company, small to medium size businesses can benefit from the low TCO and the community of users working to improve or enhance the product. Furthermore, cautious companies can purchase the software with included support contracts from distributors to achieve a comparable level of documentation and support as other commercially marketed solutions.
The existence of coded messages (or cryptography) has been verified as far back as the Roman Empire.
RSA: 56-bit crypto too weak - http://news.com.com/2100-1023-204556.html?legacy=cnet
to be aware of danger from any direction. The eyes on either side of a horse's head, for example function in monocular mode. A horse can see all the way around, except for the portion in back that's blocked by its own body. And it has binocular vision over a very small range directly in front. By the way, a horse's vision is roughly 20/30 compared to 20/20 for a human. And it has a limited ability to distinguish colors. 
The prey/predator difference is dramatic in birds. A birder once told me, "There are really only two kinds of birds: raptors and bird feed." A pigeon's field of vision is even greater than a horse's -- nearly 360 degrees, with a very narrow binocular portion in front. And it processes what it sees faster than we can. Like horses, pigeons are very sensitive to any movement.