|
The conversion of a message or data file
into a form that cannot be understood by unauthorised readers. Encryption is the
technology that makes e-commerce possible because it underline the security
systems used to protect electronic financial transactions. Many forms of
encryption exist, ranging from simple ciphers such as roti13 to
intricate mathematical algorithms.
Whatever their level of
complexity, all encryption techniques require at least one key, which
describes how a message is encoded and how it can be decoded. Single-key
systems, usually called secret key or private key encryption, are
used by algorithms such as des. The problem with single-key systems
is that if the private key held by the sender and recipient of a message
falls into the wrong hands, it can quickly be used to decipher any message.
It also requires a separate key for every transaction or business partner,
so anyone trying to build an e-commerce-based business must generate
millions of different private keys and then find ways of sending them
securely over the internet: an impractical task.
So far, the best solution to this problem is public key
encryption, which relies on a two-key-system. To send a private
message, the recipient's public key, which can be listed in the equivalent
of a phone directory or on a website, is used to encrypt it. Once so
encrypted, only the private key held by the recipient will reveal the
contents of the message. A digital signature works the other
way round, being encrypted with the sender's private key and decrypted with
their public key.
Keys are complex entities, and their usefulness is directly
proportional to their size. The bigger the key, the more secure ("stronger")
is the encryption key size is measured in bits. Adding one bit to the
length of the key doubles the computing power taken to crack it, so a 56-bit
key is theoretically twice as secure as a 55-bit key. Keys measured in tens
of bits are regarded as easily crackable with today's powerful computers,
with some schemes being broken in days or even hours; those over1,000 bits
long are effectively unbreakable, even by the fastest commercially available
computers. Many attempts to break strong encryption schemes now rely on grid
computing techniques, in which many computers can work on the problem
simultaneously.
Strong encryption technologies (the pgp program is a good example)
are already widely available on the internet, often at little or no cost,
and many people routinely use them to protect the contents of their
e-mail communications. For years, governments have been doing their best
to restrict such use of encryption software, arguing that it will place
terrorists, drug smugglers and paedophiles beyond the reach of the law. One
result of the 2001 terrorist attacks on New York and Washington
was to put legislation against encryption back on most governments' agendas
after a period in which controls were being gradually relaxed. In the United
States, a new Domestic Security Enhancement Act was in draft form at the
beginning of 2003; it includes a provision to regulate domestic use of
encryption software. In the UK, the much-criticised regulation of
investigatory powers act already gives authorities the power to monitor
electronic communications and demand the handing over of encryption keys.
opponents of such regulation include campaigners who support individuals'
rights to say what they like discreetly, and e-commerce suppliers, who worry
that their business will be seriously undermined without the ability to
secure financial transactions. |
