July 25, 2005 at 6:49 pm
Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/columnists/mcoles/thebasicsofcryptology.asp
August 10, 2005 at 2:12 am
Nice article.
An excellent book on the whole subject is "The Code Book" by Simon Singh ISBN: 0385495323. (I think he also presented a four-part miniseries on Channel4 UK on the subject). It is more of a history book than a techie book but does explain how all of the codes/ ciphers work including the Enigma (with diagrams!)
August 10, 2005 at 2:12 am
Great article. Nice to see a not so SQL-intensive article, but still showing how SQL can be used in this context. Good stuff 🙂
August 10, 2005 at 2:33 am
Good Read.
I don't know much on the subject and found it very interesting, think you've inspired me to find out abit more.
Thanks,
Chris.
August 10, 2005 at 5:36 am
The title of the article mentions the word "cryptology," yet the article discusses "cryptography." Similar yet distinctly different words.
I got confused, so I did some quick web searching. For those who desire further illucidation, this is what I found:
From Google:
The science of cryptology is the science of secure communications.
From Wikipedia:
The study of how to circumvent the use of cryptography is called cryptanalysis, or codebreaking. Cryptography and cryptanalysis are sometimes grouped together under the umbrella term cryptology, encompassing the entire subject.
Craig
August 10, 2005 at 7:39 am
Yes, I forgot to add a title when I submitted it, so Cryptology was added to the title afterwards. Cryptology includes both Cryptography (securing messages) and Cryptanalysis (defeating cryptography/"codebreaking"). I think the title was probably chosen because it covers both Cryptography and Cryptanalysis, although I do focus more on the Cryptography side.
Thanks!
August 10, 2005 at 7:51 am
Thanks for the reference! I read Singh's book myself a few years ago and found it very entertaining and informative. If I recall correctly, he also discusses the future of cryptology: 'quantum cryptology'. Unfortunately I've lost my copy (I think I loaned it to someone and never got it back), so I didn't reference it for this article; but I'd definitely recommend it to anyone who wants to know more about the history of cryptology. Here's a link to it at Amazon: http://www.amazon.com/exec/obidos/tg/detail/-/0385495323/qid=1123680339/sr=8-2/ref=pd_bbs_sbs_2/103-0153168-7501472?v=glance&s=books&n=507846
He also has another book, "Fermat's Enigma", about how one of the world's hardest mathematical problems was solved. It's very good as well. Here's that link: http://www.amazon.com/exec/obidos/tg/detail/-/0385493622/qid=1123680339/sr=8-3/ref=pd_bbs_sbs_3/103-0153168-7501472?v=glance&s=books&n=507846
Thanks again!
August 10, 2005 at 8:42 am
A typo was discovered by Douglas Chrystall in the article. In the section on Asymmetric Encryption, I wrote:
"You encrypt a message with your public key, and it can be decrypted by the receiver using your publicly available public key and their private key."
I meant to write:
"You encrypt a message with the receiver's public key, and it can be decrypted by the receiver using their private key."
Thanks for the catch Douglas!
August 10, 2005 at 2:08 pm
Nice intro to a very complex field.
I particularly enjoyed your timeline image.
Another further reading book I would add for those who love details is
Making, Breaking CODES: An Introduction to Cryptology. ISBN 0-13-030369-0
http://vig.prenhall.com/catalog/academic/product/0,1144,0130303690,00.html
Another good book like the The Code Book mention in an earlier post is:
Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age.
I find it goes into more details about the break through of Asymmetric Encryption how its relevant to the key distribution problem.
August 10, 2005 at 2:47 pm
If Douglas hadn't caught it, I would have mentioned your public/private error. In your image, (Figure 4) you have "Marian Rejewski beings work...1932" That would be "...begins work..."
OK SSL (Secure Sockets Layer) doesn't involve SQL directly, but I'm a little surprised you didn't include that in your Asymmetric Key section, because it is a heavy user of this technology to encript client data that may eventually be stored in a SQL DB.
August 10, 2005 at 3:06 pm
My understanding of how public/private keys work is a little different. The sender uses the public key to encrypt and send the data to the receiver. The receiver uses the private key to decrypt the message. The two keys are related to each other because each can encrypt and the other decrypt the message, but they are used individually.
On secure E-mail, both sides have public/private keys. First it is encrypted with the sender's private key, then it is encrypted with the receiver's public key. The receiver has to supply a password that decrypts his personal private key, decrypts the message using that private key and then uses the sender's public key to decrypt the plain text message.
August 10, 2005 at 3:18 pm
Thanks for the feedback!
Yeah, I saw the typo in the image after Douglas pointed out the Asymmetric Encryption typo. I also mis-spelled "voila" as "viola" early on. That's what I get for trying to edit these things late at night without enough caffeine in my system [My kingdom for a Mountain Dew!]
You are right of course SQL Server can be configured to use SSL to secure communications between clients and servers. The reason I glossed over the Asymmetric Encryption discussion was because this article is really a further explanation/continuation of the toolkit article, and the toolkit provides only Symmetric Encryption tools. I do believe Asymmetric Encryption needed to be mentioned to round out the discussion, but I found out pretty quickly that a decent treatment of Asymmetric Encryption really would take a full article by itself. And that article would really have to delve into the mathematics, which I was trying to avoid in this introductory article.
For those interested in pursuing the asymmetric encryption model, the Schneier book gives a very nice treatment of the asymmetric encryption, including several excellent examples of how it works in the real world (or, in some cases, how it should work...). Wikipedia also has several articles on asymmetric encryption, RSA and SSL.
August 10, 2005 at 3:36 pm
Yup, thanks for keeping me honest! I don't know what's wrong today - must be a full moon. The public and private keys both share a common modulus, which is used in both the encryption and decryption process; therefore the receiver only needs the private key to decrypt the message.
For secure e-mail, are you talking about PGP? If I recall correctly, PGP uses symmetric encryption to encrypt a message, and then uses asymmetric public-key encryption to encrypt the symmetric key, which is then sent with the message.
Thanks!
August 11, 2005 at 1:00 pm
Actually, I don't know what I'm talking about. This was how I understood MS Outlook worked. I could easily be totally wrong. PGP sounds like it could be the method being used and I misunderstood how it worked.
August 11, 2005 at 8:49 pm
Yeah I think PGP is actually a third-party add-on; I had to roll a version for a bank back in the day on the old ColdFusion platform.
I believe Outlook uses PKI - S/MIME, which means you have to install the proper certificates that contain the Public Key to send, and have your private key installed to receive, encrypted e-mail using Outlook. I'm not sure you have to enter an additional code/key when you receive the e-mails (unless you've added a password to your personal folders), although you do have to have the proper certificates installed.
Viewing 15 posts - 1 through 15 (of 18 total)
You must be logged in to reply to this topic. Login to reply