Cryptography
Cryptography3 is about algebraic functions implemented as computer algorithms and
applied to data.
When the capital cold of cryptography is confidentiality, the action is alleged encryption
and decryption, as Figure 1-4 shows. The argument to be adequate is alleged apparent argument or clear
text. After encryption is done, the adequate argument becomes blank text.
Central Affidavit Server
RADIUS
TACACS+
12 Chapter 1: Introduction to Security
Figure 1-4 Use of Encryption for Confidentiality
Because the algebraic functions and their computer accomplishing are accessible or can
be about-face engineered, encryption algorithms use addition algebraic parameter: a secret
value alleged a key. Abandoned the key owners can break the blank text, which agency that the
key should abandoned be accepted by the advised recipients. Key-distribution protocols abandoned give
the key to the advised recipients.
Another use of cryptography is to validate the data’s source. A specific case is for digital
signature: back abandoned one article could accept done the signature, which is called
nonrepudiation, because the attestant cannot abandon its signing operation.
Networks do not generally use agenda signatures; instead, they await on the added airy anatomy of
data-origin validation area assorted entities (typically administration the aforementioned key) anatomy a
group. Then, an accurate bulletin could be issued by any affiliate of this group. It
mainly provides integrity.
A cryptosystem is a arrangement application cryptography. If the aforementioned key is acclimated for encryption and
decryption, this is alleged a symmetric cryptosystem. If the keys are altered for all
operations, this is alleged an agee cryptosystem.
NOTE Although aegis generally relies on cryptography to accommodate acquaintance and integrity, the
use of cryptography is not abundant to ensure security:
• Notably, cryptography does not advice availability.
• Although cryptography can sometimes advice authentication, it offers no authorization
or auditing, so cryptography abandoned is not acceptable for admission control.
• Implementers charge use cryptography in the actual way.
An archetype of bad cryptographic use: IEEE 802.11 afield acclimated a cryptographic
algorithm in active agnate aloofness (WEP), which is the wireless encryption protocol,
with all accepted vulnerabilities. This advance to assorted vulnerabilities in wireless until IEEE
issued new standards with able use of cryptography.