SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


The Basics of Cryptology


The Basics of Cryptology

Author
Message
Kenneth Lee
Kenneth Lee
SSC-Enthusiastic
SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)

Group: General Forum Members
Points: 125 Visits: 1

My understanding of how public/private keys work is a little different. The sender uses the public key to encrypt and send the data to the receiver. The receiver uses the private key to decrypt the message. The two keys are related to each other because each can encrypt and the other decrypt the message, but they are used individually.

On secure E-mail, both sides have public/private keys. First it is encrypted with the sender's private key, then it is encrypted with the receiver's public key. The receiver has to supply a password that decrypts his personal private key, decrypts the message using that private key and then uses the sender's public key to decrypt the plain text message.


Mike C
Mike C
SSCrazy
SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)

Group: General Forum Members
Points: 2601 Visits: 1168

Thanks for the feedback!

Yeah, I saw the typo in the image after Douglas pointed out the Asymmetric Encryption typo. I also mis-spelled "voila" as "viola" early on. That's what I get for trying to edit these things late at night without enough caffeine in my system [My kingdom for a Mountain Dew!]

You are right of course SQL Server can be configured to use SSL to secure communications between clients and servers. The reason I glossed over the Asymmetric Encryption discussion was because this article is really a further explanation/continuation of the toolkit article, and the toolkit provides only Symmetric Encryption tools. I do believe Asymmetric Encryption needed to be mentioned to round out the discussion, but I found out pretty quickly that a decent treatment of Asymmetric Encryption really would take a full article by itself. And that article would really have to delve into the mathematics, which I was trying to avoid in this introductory article.

For those interested in pursuing the asymmetric encryption model, the Schneier book gives a very nice treatment of the asymmetric encryption, including several excellent examples of how it works in the real world (or, in some cases, how it should work...). Wikipedia also has several articles on asymmetric encryption, RSA and SSL.


Mike C
Mike C
SSCrazy
SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)

Group: General Forum Members
Points: 2601 Visits: 1168

Yup, thanks for keeping me honest! I don't know what's wrong today - must be a full moon. The public and private keys both share a common modulus, which is used in both the encryption and decryption process; therefore the receiver only needs the private key to decrypt the message.

For secure e-mail, are you talking about PGP? If I recall correctly, PGP uses symmetric encryption to encrypt a message, and then uses asymmetric public-key encryption to encrypt the symmetric key, which is then sent with the message.

Thanks!


Kenneth Lee
Kenneth Lee
SSC-Enthusiastic
SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)SSC-Enthusiastic (125 reputation)

Group: General Forum Members
Points: 125 Visits: 1
Actually, I don't know what I'm talking about. This was how I understood MS Outlook worked. I could easily be totally wrong. PGP sounds like it could be the method being used and I misunderstood how it worked.
Mike C
Mike C
SSCrazy
SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)

Group: General Forum Members
Points: 2601 Visits: 1168

Yeah I think PGP is actually a third-party add-on; I had to roll a version for a bank back in the day on the old ColdFusion platform.

I believe Outlook uses PKI - S/MIME, which means you have to install the proper certificates that contain the Public Key to send, and have your private key installed to receive, encrypted e-mail using Outlook. I'm not sure you have to enter an additional code/key when you receive the e-mails (unless you've added a password to your personal folders), although you do have to have the proper certificates installed.


Mike C
Mike C
SSCrazy
SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)

Group: General Forum Members
Points: 2601 Visits: 1168

Thanks Chris, I wrote this as an introductory article to the subject and I'm glad you found it interesting. I submitted one more on this topic that is a short intro to the mechanics of modern encryption algorithms. It goes into a little more detail about the theory and implementation of computer encryption. I hope you find that one useful as well.

Thanks again!


veer
veer
SSC Rookie
SSC Rookie (45 reputation)SSC Rookie (45 reputation)SSC Rookie (45 reputation)SSC Rookie (45 reputation)SSC Rookie (45 reputation)SSC Rookie (45 reputation)SSC Rookie (45 reputation)SSC Rookie (45 reputation)

Group: General Forum Members
Points: 45 Visits: 3

"Discussions never End" -veer

Keep up the great work and use the feedback from all others and come out with more articles on this subject.

THanks in Advance...

"Every Initiation process has the biggest resistance that is why they need extra Energy" -Veer


Brian Hickey
Brian Hickey
Grasshopper
Grasshopper (12 reputation)Grasshopper (12 reputation)Grasshopper (12 reputation)Grasshopper (12 reputation)Grasshopper (12 reputation)Grasshopper (12 reputation)Grasshopper (12 reputation)Grasshopper (12 reputation)

Group: General Forum Members
Points: 12 Visits: 129

Interesting article and well done. There is a cryptographic time warp, however. I read the article today - 8/10/2006 and all comments are from 2005 - LOL!

Next article might be about generating your own application key (Banks - as the author certainly knows) require certain basic levels of encryption on data fields and we can generate many good keys to encrypt and decrypt with (3DES as one example). All we need is a seed and a vector and we can generate some really awesome encryption.


Mike C
Mike C
SSCrazy
SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)

Group: General Forum Members
Points: 2601 Visits: 1168
Hi Brian,

For some reason I'm not receiving emails from my threads here anymore (need to check my settings I guess), so I didn't see this one until just now. I've actually written an article on SQL 2005 encryption that talks about the ANSI X9.17 standard and how SQL 2005's encryption parallels its key security model. SQL 2005 has the ability to take a password/passphrase and "mangle" it using hash functions and a bunch of bit level manipulations to generate keys that are quite un-reverse-engineerable.

Generating your own encryption keys is a heckuva subject to get into though Random number generation functions in most computer languages aren't considered to be up to the task of generating encryption keys, and to do the job right you'd need some specialized software or hardware. I've done some work in the area with various algorithms - one of my favorites is the "Twister" random number generation algorithm, because it is simple and does a decent job (it was created by professional statisticians). I believe Schneier points out in his book though, that if you want true random numbers you really have to hook your computer up to some sort of subatomic particle detection device and rely on Heisenberg's uncertainty principle to do the rest

If I have time one day I'll pull together information on some of these approaches and maybe put together some sample key generation code as well.

Thanks!
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search