NetAction's Guide to Using Encryption Software
Defined below are some of the terms used throughout this guide. For a more comprehensive look at cryptography terms, try some of the following sites:
Follow the link from the term to read more about it (often on another site).
- The American Heritage Dictionary defines an algorithm as "a
step-by-step problem-solving procedure, especially an established,
recursive computational procedure for solving a problem in a finite
number of steps." In the context of encryption, an algorithm is the
mathematical formula used to scramble and unscramble data. It
typically has two elements: data (for example, an email message that
you want to encrypt or decrypt) and a key.
- Asymmetric Cryptography (Also known as public key cryptography.)
- Encryption software that requires two keys: a
public key and a private
key. Encryption software users distribute their public key, but
keep their private key to themselves. When someone wants to send an
encrypted message, the sender uses the recipient's public key to
encrypt the message, which can only be decrypted by the person who
holds the corresponding private key. For example, Jack makes public
key A and private key A, and Jill makes public key B and private key
B. Jack and Jill exchange their public keys. Once they have exchanged
keys, Jack can send an encrypted message to Jill by using Jill's
public key B to scramble the message. Jill uses her private key B to
unscramble it. If Jill wants to send an encrypted message to Jack, she
uses Jack's public key A to scramble her message, which Jack can then
unscramble with his private key A. Asymmetric cryptography is
typically slower to execute electronically than symmetric
- Assuring that a message has not been modified in transit or while
stored on a computer is referred to as authentication. It is one of
the objectives of cryptography. (This is referred to as message
authentication or message integrity.) Assuring that a public key
really belongs to a specific individual, or that a specific individual
has the right to send a particular encrypted message is another type
- Back Door
- A "back door" is a software function that allows someone to
decrypt data without the key. In some cases,
software creators intentionally include this function in software.
Software that has a back door is not secure. Read more about this in
the vulnerabilities section.
- A certificate is a data file that identifies an individual,
organization, or business. Certificates are obtained from specialized
certificate-issuing companies such as VeriSign, and can be used to
encrypt data and/or confirm the certificate owner's identity.
- Cipher, Block Cipher, Stream Cipher
- A method of encryption and decryption, a.k.a. encryption algorithm.
A Block Cipher is a method for encrypting data in chunks
(several or many contiguous bits) as opposed to encoding bit-by-bit
like a stream cipher.
A Stream Cipher is a method of encrypting data bit-by-bit,
as opposed to encoding a contiguous chunk of data all at once like a
- Unencrypted text, a.k.a. plaintext.
- The Free On-line Dictionary of Computing defines a
cracker as someone who attempts to gain unauthorized access
to a computer system. These individuals often have malicious
reasons for breaking into a system. (For example, to obtain a
list of Social Security numbers or bank accounts.)
- The testing of cryptography. An algorithm
or program is said to have been cryptanalyzed if cryptographers have tested it for vulnerabilities.
- Digital Signature
- A small piece of code that is used to authenticate
the sender of data. Digital signatures are created with
encryption software for verification purposes. A
private key is used to create a
digital signature, and a corresponding
public key can be used to verify
that the signature was really generated by the holder
of the private key. See asymmetric cryptography.
- Digital Signature Standard (DSS)
- DSS is the U.S. government's standard for authenticating a digital signature.
- FTP (File Transfer Protocol)
- FTP is an old but still widely used method for
sending data across the Internet. The protocol
itself has no security, so any login and password
information is sent as plaintext.
This means that if the login/password transmission is
intercepted the security of any data stored on the FTP
server may be compromised. There are ways to add security
to FTP transmissions, but they require special software
for both the server and the client (the computer that
stores data and the computer that sends and receives data).
Web browsers can also act as FTP clients. If your Web
browser's address bar starts with "ftp://" instead of "http://"
you are connected to an FTP server.
- A specific string of data that is used to encrypt and decrypt
messages, documents or other types of electronic data. Keys have
varying levels of strength. Keys having higher numbers of bits are
theoretically tougher to break because there are more possible
permutations of data bits. (Since bits are binary, the number of
possible permutations for a key of x bits is 2x.) The
specific way a key is used depends on whether it's used with
- A set of keys. In asymmetric encryption software, separate
keyrings are used to store private keys and public keys
- PGP (Pretty Good Privacy)
- PGP is the de facto standard for software encryption. It is
available in a variety of versions, some of which can be downloaded
for free from Web sites, others of which are sold commercially.
Because it is so widely used, PGP is one of the most heavily
cryptanalyzed encryption programs in the world. (This means that
countless cryptographers and programmers have so far been unable to
break it.) Check our reviews page for details.
- Unencrypted text, a.k.a. cleartext.
- Private Key
- Private keys, a.k.a. secret keys, are used in asymmetric
cryptography. One of their primary purposes is to enable someone to
use a public key to encrypt data that can only
be decrypted by the owner of the corresponding private key. Private
keys should not be distributed. See asymmetric
- Public Key
- Public keys are used in asymmetric cryptography. One of their
primary purposes is to enable someone to encrypt messages intended for
the owner of the public key. Public keys are meant for distribution,
so anyone who wants to send an encrypted message to the owner of the
public key can do so, but only the owner of the corresponding
private key can decrypt the message. See
- Secret Key
- See private key.
- Self-Decrypting Archive
- A self-decrypting archive is similar to the
self-extracting archive that is typically used with
software that is downloaded from the Internet. It
contains an archive with one or more files that will
automatically open and decrypt with the appropriate
key or password. The advantage of a
self-decrypting archive is that the recipient doesn't
need special software to decrypt files. Typically, the
self-decrypting archive software prompts the recipient
for a password, and extracts its contents if the password is correct.
- See digital signature.
- SSH (Secure Shell)
- SSH, like Telnet,
is a protocol that allows someone using one computer
to remotely operate another computer. Unlike Telnet,
however, it uses secure (encrypted) transmissions.
- Symmetric Cryptography
- A method of encryption in which a single
key is used to scramble and unscramble
data. One weakness of symmetric cryptography is that the
user has to distribute the key to the recipient without
letting it fall into the wrong hands. The user can do
this by encrypting the key itself, but then another key
will be needed to decrypt the first one. See also asymmetric cryptography.
- Telnet is a protocol that allows someone using one computer to
remotely operate another computer. Like FTP, Telnet
is not secure. Security is possible by using special Telnet
server/client software or an alternative protocol (like SSH).
- Web of Trust
- An informal means of confirming the identity of
someone with whom you communicate electronically.
In asymmetric cryptography, one of the biggest concerns
is ensuring that the person who claims to be John Doe is
really John Doe. Jane Doe can verify that John Doe is really
John Doe by non-electronic means, such as by phone. If Jane
Doe knows that John Doe has taken similar steps to verify that
Jack Smith and Jill Jones are who they claim to be, then Jane
Doe may trust his contacts, as well. This is referred to as a Web of Trust.
Acronyms and terms that you have encountered in this guide that are not listed
here may be encryption standards or algorithms. For more information please
see Appendix B: What are the different kinds
of algorithms that encryption software programs utilize?
Next: Appendix A: "Brute Force"
Cracking | Back to Guide