[X4U] Re: X4U Digest, Vol 15, Issue 23

[David Ledger]

>From: Richard Gilmore <rgilmor at uwo.ca>
>Subject: Re: [X4U] Macintosh security (How to protect files and
>	Applications	for stolen computers)
>To: "A place to discuss Mac OS X for the casual user."
>	<x4u at listserver.themacintoshguy.com>
>Message-ID: <BFA11999.39C4%rgilmor at uwo.ca>
>Content-Type: text/plain; charset=US-ASCII
>
>I saw a Discovery Channel show by a mathematician which was all about
>encryption and I think it said if the encryption uses a public and private
>key it's essentially unbreakable because the key number is so large that it
>would require hundreds of years of computing power to factor them? Such as
>RSA?
>
>Richard

Sort of ...

It's not public/private as such that is very secure, it is the length 
of keys as with any scheme. To decrypt an encrypted document a key 
has to applied to the encrypted file with an algorithm. One way of 
breaking it is to discover the key, the other is to try all possible 
keys - the brute force attack. The larger the key the longer it takes 
to try all all the possibilities. Each extra bit doubles the time.

The main weaknesses of single key encryption is that the key has to 
be known to both sender and recipient. It has to be either 
transported from one to the other or be determinable by both parties 
from shared information. Both of these are risky.

With public/private there are two keys. A file encrypted with one can 
only be decrypted with the other (and not the key it was encrypted 
with). One key is kept secret by the owner (the private key), the 
public key is made publicly available. Anyone wanting to send a 
secret message to the key owner uses that person's public key to send 
it and the owner can then decrypt it. The potential weakness of 
public/private keys is that if anyone ever discoverers a way to 
generate the private key from the public one, it will be dead.

In practice public/private key systems do not encrypt the message 
with the public key, but they use a truly random key (or as truly 
random as the computer system doing the work can manage). This key is 
encrypted with the public key and included with the message. On 
receipt, the private key is used to retrieve the main key. This way 
less CPU time is spent doing maths. As the main key is random it 
cannot be predicted or guessed. A brute force attack is the only way 
to discover the message without the key. Bruce Schneier, in 'Secrets 
and Lies' estimates that  a 128 bit key 'will be secure for a 
millennium' as 90 billion billion key per second cracking system 
would still take a thousand million years to try all keys.

David


-- 
David Ledger - Freelance Unix Sysadmin in the UK.
Chair of HPUX SysAdmin SIG of hpUG technical user group (www.hpug.org.uk)
david.ledger at ivdcs.co.uk
www.ivdcs.co.uk