Cryptography in Action 59
So what does the field focus on? Each of the following is a topic you need to understand
to put the tools and techniques in their proper context:
Confidentiality Confidentiality is the primary goal that cryptography seeks to achieve.
Encryption information is done to keep that information secret or away from prying eyes.
Under the right conditions, encryption should be impossible to break or reverse unless an
individual possesses the correct key. Confidentiality is the more widely sought aspect of
encryption.
Integrity Cryptography can help you detect changes in information and thus determine its
integrity. You’ll learn more about this in the section “Understanding Hashing,” later in this
chapter.
Authentication Cryptography allows a person, object, or party to be identified with a
high degree of confidence. Authentication is an essential component of a secure system
because it allows software and other things to be positively identified. A common scenario
for authentication nowadays is in the area of device drivers, where it provides a means of
having a driver signed and verified as coming from the actual vendor and not from some
other unknown (and untrusted) source. Authentication in the context of electronic messag-
ing provides the ability to validate that a particular message originated from a source that
is a known entity which, by extension, can be trusted.
Nonrepudiation The ability to provide positive identification of the source or originator
of an event is an important part of security. One of the most common applications of
nonrepudiation and cryptography is that of digital signatures, which provides positive
identification of where the message came from and from whom.
Key Distribution Arguably one of the most valuable components of a cryptosystem is the
key, which represents the specific combination or code used to encrypt or decrypt data.
Cryptography in Action
You will encounter cryptography in many forms throughout this book. It is applied to
many different technologies and situations and, as such, is something you need to have a
firm grasp of.
Some examples of applied cryptography are:
■ Public key infrastructure (PKI)
■ Digital certificates
■ Authentication
■ E-commerce
■ RSA
■ MD-5