          
          
                      HOW YOU CAN USE DATA ENCRYPTION
                         TO SAFEGUARD YOUR PRIVACY
          
          
               You can beat the bureaucrats and busy-bodies at
          their own game, with their own technology.  Unless you
          are a computer security specialist, you probably
          haven't thought much about secret codes.  Indeed, why
          should anyone except the military or large,
          multinational corporations be concerned with protecting
          communications and information systems?
          
          Information Superhighway-Men
          
               If you use your PC to communicate with other
          people through networks such as Internet, CompuServe,
          even inner-company e-mail, you leave yourself wide open
          to intruders -- intruders who may read your messages or
          even gain access to the files you store on your hard
          drive.
               Anyone with a PC and a modem has the potential to
          infiltrate any computer system in the world.  Spies,
          tax collectors, and other enemies of your privacy are
          continually developing powerful computer espionage
          techniques.  Anyone may fall prey to the bandits of the
          information superhighway.
               Already, computers have been hooked up to
          interactive systems that combine telephone, fax,
          television and other, more conventional
          telecommunications technologies, thus providing
          unsecured access through a variety of input channels.
               Most of the entryways used by data thieves to gain
          entry to your files can be safeguarded by the
          electronic equivalent of the number lock.  The art of
          disguising messages is called "encryption."  Encryption
          in its most basic form involves techniques such as
          "substitution."  For instance, shift the alphabet over
          two letters (A becomes C, B becomes D, etc.) so that
          "SECRET" becomes "UGETGS."  The original messages is
          the "plaintext"; the disguised message is the
          "ciphertext."  The cryptographic system as a whole is a
          "cipher."  The art of breaking ciphertext is called
          "cryptoanalysis."  Cryptographers and cryptoanalysts
          employ cryptology, a mystery-clouded branch of
          mathematics.
               The message is encrypted with an algorithm, a
          mathematical function.  The cryptographic algorithm is
          a series of steps that turns plaintext into ciphertext
          or vice versa.  Algorithms use a key.  Without the key,
          you can't decrypt the ciphertext.  The key is selected
          from an immense array of possible values.  With a good
          cryptographic algorithm, one way to cryptoanalyze a
          ciphertext is to try all possible keys, known as a
          "brute force" attack.  But imagine trying to unlock
          someone's door with one of 10,000,000,000 available
          keys on the key ring.  Unless you were the kind of
          person who'd win the lottery jackpot 100 times in a
          row, the building would collapse from old age before
          you could open the door.  Cryptography works on the
          same principle.  It is possible to generate algorithms
          that would require more time than the universe has been
          in existence to crack -- even if every computer in the
          world were at your disposal.
               So how would you use a cryptographic algorithm? 
          Let's say that you run your own business, and you want
          your accountant to explain why he didn't deduct the
          cost of your car from your income statement.  You want
          to keep your correspondence private, and not have any
          of your employees listen in.
               First, you hand the key to the accountant in
          person.  Then you return to your computer and encrypt
          your message with the key and send the encrypted
          message to the accountant.  The accountant decrypts the
          key, and repeats the procedure when communicating with
          you.  Anyone intercepting the message will be unable to
          read it.
               This type of cipher is called a "symmetric key"
          algorithm.  The decryption key is the same as (or
          easily derivable from) the encryption key.  The
          advantage of this type of cipher is the case with which
          it may be used.  The problem is that someone may steal
          the key from the accountant, or the accountant may
          intentionally reveal it.  Also, it may be difficult to
          physically transfer the key.
               To solve the security risk inherent to symmetric
          key systems, cryptographers invented "public key"
          systems, which have two keys: an encryption key (the
          public key) and a decryption key (the private key). 
          It's mathematically impossible to derive the private
          key from the public key.  The public key is made
          available in your communications network.  Someone who
          wants to communicate with you uses your public key to
          encrypt messages.  As long as you keep the private key
          private, the system is completely secure.
          
          Secret handshake
          
               Another arrangement is used in message
          authentication.  A message is authenticated with a
          digital signature, the way a written contract is
          validated with a signature.  Without message
          authentication, a crook could pretend to be your
          spouse.  He might convince you that your spouse's car
          has broken down.  You leave your house, only to return,
          alone, to find that it had been robbed.  Digital
          signature algorithms are the reverse of public key
          ciphers.  In this case, the decryption key is public,
          while the encryption key is private.  Only the
          possessor of the key could have authored the message
          bearing the correct digital signature.
               As with encryption algorithms, the security of
          digital signature algorithms lies entirely with key
          management.  If an eavesdropper discovers your private
          key, he can send messages in your name.  If the keys
          are insecure, a cryptographic algorithm is useless.
               Let's say your business uses a public key system,
          or you are encrypting your own files for later use.  A
          good way to store the key is to memorize it.  However,
          the key could easily be compromised if someone were
          looking over your shoulder when you typed in the key,
          or if you were interrogated.  A better way to secure
          your key would be the installation of a magnetic key
          card system.  You could split the key in two, storing
          half in the card and half in the memory of the computer
          itself.  Even were either half compromised, the system
          would remain secure.
               The key-splitting technique should also be applied
          to key distribution.  If you need to send someone a
          symmetric key to set up a two-way communication
          channel, divide it into several pieces.  Send them
          through different channels at different times (in
          person, through the mail, etc.)  Any piece by itself is
          useless.
          
          Electronic locksmith
          
               Ironically, cryptographic algorithms developed in
          secret are the least secure.  Avoid encryption
          producyts that claim to involve "new" or "secret"
          algorithms.  Most of them are simply unable to
          withstand the scrutiny of professional cryptoanalysts. 
          There are several effective, powerful algorithms that
          have been around for over a decade.  While new
          encryption technology may emerge, rendering current
          algorithms obsolete, it is safer to stick with proven
          systems.
               DES (Data Encryption Standard) is an international
          encryption system endorsed by the U.S. government. 
          This is also its major flaw.  There are unconfirmed
          rumors that the U. S. National Security Agency (NSA)
          apparently holds a key to a secret "trapdoor" to the
          algorithm. 
               DES uses a 56-bit key, which would take thousands
          of years to break -- even assuming the existence of
          supercomputers that transcend current limitations. 
          While it is possible to find algorithms with a greater
          key length, the additional security is offset by
          decreased speed and efficiency.  Also, the widespread
          use of DES makes it very convenient to use.
               Electronic data encryption opens up an incredible
          entrepreneurship potential for information-related
          services.  In an electronic marketplace with hundreds
          of thousands of potential clients worldwide, even
          small-scale offers of information, say, a comic strip,
          a bawdy limmerick, or a stock report suddenly become
          marketable.  Encryption could help meter it out
          according to a pay-per-view system.
          
          
          
          
