A Directory of Security Information: From Policies to Standards

Our FAQ will be expanded on a topic by topic basis, and organized accordingly.  

1) CRYPOGRAPHY FAQ

FAQ1:             What is cryptography?

Cryptography is the process of rendering information unintelligible to anyone for whom it is not intended. The information can be recovered by anyone possessing a piece of secret information called a key.

 The word cryptography is derived from the two Greek words meaning “secret” and “writing”.

 Although the obvious use of cryptography is to implement privacy, its techniques can be applied to authentication, non-repudiation, digital signatures and access control.

FAQ2:             What is cryptanalysis?

Cryptanalysis can be considered to be the techniques and processes brought into play with a view to reversing the work of the cryptographer. For example, if I were to try to read an encrypted message not intended for me, I would use cryptanalysis.

 There are several attacks a cryptanalyst can make, the main ones being:  

• Given only the encrypted text (ciphertext), attempt to find the corresponding plaintext and possible the key as well.

• Given the plaintext and the corresponding ciphertext, attempt to find the key.

 All other attacks are variations on these two.

 The derivation comes from the Greek for “secret” and “taking apart”.

FAQ3:             What is cryptology?

Cryptology comprises both cryptography and cryptanalysis. The term is derived from the two Greek words meaning “secret” and “word”.

FAQ4:             What is secret-key cryptography?

In traditional cryptography, the data is encrypted and decrypted using an algorithm (or process) and a secret quantity known as a key, which is required for both encryption and decryption. This type of cryptography, where the encrypting key is the same as the decrypting key, is known as secret-key cryptography, and the algorithm used is known as a symmetric algorithm.

It is always assumed that the algorithm is in the public domain, and the only secret is the key. In secret-key cryptography the fundamental problem is to ensure that the key remains secret and is shared securely between the legitimate users.

FAQ5:             What is public-key cryptography?

In public-key cryptography, an algorithm is used which has different (but related) keys for encryption and decryption. The algorithm in this type of system is termed asymmetric.

The encryption key can be made public, while the decryption key is kept secret and is never shared. This means that if you have the public key of a particular user, you can send him encrypted messages that only he can decrypt.

Conversely the user can use his secret key to create data that everyone with the public key can verify. If the verification is successful, the verifier can be sure that only the person with the secret key could have created the data to be verified. This is the basis of the digital signature technique.

2) Coming Soon