In cryptography, encryption is the process of transforming information

(referred to as plaintext) using an algorithm (called cipher) to make it

unreadable to anyone except those possessing special knowledge, usually
referred to as a key. The result of the process is encrypted information (in
cryptography, referred to as ciphertext). In many contexts, the word
encryption also implicitly refers to the reverse process, decryption (e.g.
“software for encryption” can typically also perform decryption), to make
the encrypted information readable again (i.e. to make it unencrypted).
 Encryption has long been used by militaries and governments to
facilitate secret communication. Encryption is now used in
protecting information within many kinds of civilian systems, such
as computers, networks (e.g. the Internet e-commerce), mobile
telephones, wireless microphones, wireless intercom systems,
Bluetooth devices and bank automatic teller machines. Encryption
is also used in digital rights management to prevent unauthorized
use or reproduction of copyrighted material and in software also
to protect against reverse engineering (see also copy protection).
Encryption, by itself, can protect the confidentiality of messages,
but other techniques are still needed to protect the integrity and
authenticity of a message; for example, verification of a message
authentication code (MAC) or a digital signature. Standards and
cryptographic software and hardware to perform encryption are
widely available, but successfully using encryption to ensure
security may be a challenging problem. A single slip-up in system
design or execution can allow successful attacks. Sometimes an
adversary can obtain unencrypted information without directly
undoing the encryption. See, e.g., traffic analysis, TEMPEST, or
Trojan horse.
 Advantage and factors involving risk on the
following topics

 The primary advantage of public-key cryptography is increased

security and convenience: private keys never need to be
transmitted or revealed to anyone. In a secret-key system, by
contrast, the secret keys must be transmitted (either manually or
through a communication channel) since the same key is used for
encryption and decryption. A serious concern is that there may be
a chance that an enemy can discover the secret key during
transmission.
 Another major advantage of public-key systems is that they can
provide digital signatures that cannot be repudiated.
Authentication via secret-key systems requires the sharing of
some secret and sometimes requires trust of a third party as well.
As a result, a sender can repudiate a previously authenticated
message by claiming the shared secret was somehow
compromised (see Question 4.1.2.3) by one of the parties sharing
the secret. For example, the Kerberos secret-key authentication
system (see Question 5.1.6) involves a central database that
keeps copies of the secret keys of all users; an attack on the
database would allow widespread forgery. Public-key
authentication, on the other hand, prevents this type of
repudiation; each user has sole responsibility for protecting his or
her private key. This property of public-key authentication is often
called non-repudiation.
 A disadvantage of using public-key cryptography for encryption is
speed. There are many secret-key encryption methods that are
significantly faster than any currently available public-key
encryption method. Nevertheless, public-key cryptography can be
used with secret-key cryptography to get the best of both worlds.
For encryption, the best solution is to combine public- and secret-
key systems in order to get both the security advantages of public-
key systems and the speed advantages of secret-key systems. Such
a protocol is called a digital envelope, Public-key cryptography may
be vulnerable to impersonation, even if users' private keys are not
available. A successful attack on a certification authority (will allow
an adversary to impersonate whomever he or she chooses by using
a public-key certificate from the compromised authority to bind a
key of the adversary's choice to the name of another user.
 In some situations, public-key cryptography is not necessary and
secret-key cryptography alone is sufficient. These include
environments where secure secret key distribution can take place,
for example, by users meeting in private. It also includes
environments where a single authority knows and manages all the
keys, for example, a closed banking system. Since the authority
knows everyone's keys already, there is not much advantage for
some to be "public" and others to be "private." Note, however, that
such a system may become impractical if the number of users
becomes large; there are not necessarily any such limitations in a
public-key system.
 Public-key cryptography is usually not necessary in a single-user
environment. For example, if you want to keep your personal files
encrypted, you can do so with any secret key encryption algorithm
using, say, your personal password as the secret key. In general,
public-key cryptography is best suited for an open multi-user
environment.
 Public-key cryptography is not meant to replace secret-key
cryptography, but rather to supplement it, to make it more secure.
 State any laws and the punishment of the
crime enforce by the law makers

 Due to recent developments in software and hardware, some

consumer-level encryption products are now so powerful that law
enforcement officials say they can't crack them, even with
massive supercomputers.
 Encryption has become one of the hottest hi-tech issues on Capitol
Hill, as Congress debates whether the government should step in
and limit the strength of encryption products to maintain law
enforcement's historical ability to eavesdrop electronically on
anyone it wants.
 There are currently no restrictions on the use of encryption
technology within the United States, though the Clinton
administration, citing national security, has long prohibited U.S.
firms from selling their best products overseas.
 Law-enforcement advocates say the government should maintain
export limits and maybe even impose restrictions on domestic use
of strong encryption.
 But privacy advocates and U.S. software makers – who are worried
about international competitiveness – say the government should
get out of the way.
 Actions taken on such risk on the company
concern the government and you.

 Modern encryption is achieved with algorithms that use a

"key" to encrypt and decrypt messages by turning text or
other data into digital gibberish and then by restoring it to
its original form.
 The longer the "key," the more computing required to
crack the code.
 To decipher an encrypted message by brute force, one
would need to try every possible key. Computer keys are
made of "bits" of information, binary units of information
that can have the value of zero or one. So an eight-bit key
has 256 (2 to the eighth power) possible values. A 56-bit
key creates 72 quadrillion possible combinations.
 If the key is 128 bits long, or the equivalent of a 16-
character message on a personal computer, a brute-force
attack would be 4.7 sextillion
(4,700,000,000,000,000,000,000) times more difficult than
cracking a 56-bit key.
 Given the current power of computers, a 56-bit key is
considered crackable; a 128-bit key isn't – at least not
without an enormous amount of effort.
 Until 1996, the U.S. government considered anything
stronger than 40-bit encryption a "munition" and its
 The "secure" mode on the latest Netscape browsers available to
U.S. and Canadian citizens, for instance, uses 128-bit encryption
to encode and decode information that is sent and received. But
because of export rules, Netscape can provide overseas users only
with browsers that employ much weaker encryption.
 Encryption software can also use keys in different ways.
 With single-key encryption, both the sender and receiver use the
same key to encrypt and decrypt messages. But that means the
sender has to get the key to the receiver somehow, without it
being intercepted.
 One of the most important advances in cryptography is the
invention of public-key systems, which are algorithms that encrypt
messages with one key (a public one) and permit decryption only
by a different key (a private one). Dan can openly publish his
"public" key, and if Amy uses it to encrypt a message, the
message turns into incomprehensible garbage that can only be
decoded with Dan's secret, "private" key.
 Finally, if Dan's bosses – or the government – insist that there be
some way for them to decode his encrypted data and messages in
case he gets hit by a truck or appears to be engaging in illegal
activity, there are a few basic options. Dan can be forced to turn
over a "spare" copy of his secret key to a third party, either
private or governmental, who will only allow it to be used under
certain circumstances. Or, along the lines of the government's
failed "Clipper Chip" initiative, Dan can be told to use only
encryption products that automatically create a master key, held
in reserve by a third party. Those options are known as "key
recovery" or "key escrow."
 Implementation on law enforcers

 Encryption is extremely beneficial when used legitimately to

 protect commercially sensitive information and communications.
 The law enforcement community, both domestically and abroad, is
 extremely concerned about the serious threat posed by the
 proliferation and use of robust encryption products that do not
 allow for the immediate, lawful access to the plaintext of
 encrypted, criminally-related communications and electronically
 stored data in accordance with strict legal requirements and
 procedures.
 The potential use of such commercially-available encryption
 products by a vast array of criminals and terrorists to conceal
 their criminal communications and information poses an extremely
 serious threat to public safety and national security. Law
 enforcement fully supports a balanced encryption policy that
 satisfies both the commercial needs of industry for robust
 encryption while at the same time satisfying law enforcement's
 public safety and national security needs. Robust, commerciallyavailable
 encryption products, which include some type of
 recoverable capability that allows for immediate, lawful access
 to plaintext is clearly the best method to achieve the goals of
 both industry and law enforcement.
 Since April of 1993, the Clinton Administration has
 expressed support for the adoption of a balanced encryption
 policy. In lieu of legislation, the Clinton Administration
 continues to favor a voluntary approach to address law
 enforcement’s public safety concerns regarding encryption for
 domestic use. The Administration has been attempting to work
 with industry, through "good faith dialogue," and by allowing
 "market forces," influence and inducements (mainly changes to
 existing export regulations) to bring about the development, sale
 and use of recoverable encryption products within the U.S.
 During the 105th Congress, several encryption-related bills
 were introduced; however, none were enacted. The main focus of
 these bills was the relaxation of existing export controls on
 encryption, regardless of the impact on national security and
 foreign policy.
 During the 106th Congress, three encryption-related bills
 have been introduced. Like last Congress’ encryption related
 bills, the main focus of these bills is to either relax existing
 export controls on encryption products and/or prevent the
 government (federal or state) from imposing domestic
requirements
 on encryption products to ensure that such domestic encryption
 products include some type of plaintext access for law
 enforcement should these products be used in the furtherance of
 serious criminal activity. These bills included: H.R.850, S.798,