Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE : User guide : Page 124

Appendix A. Encryption Standards

114

collaborated to publicly break a DES key in 22 hours and 15 minutes (see chronology). There are also

some analytical results which demonstrate theoretical weaknesses in the cipher, although they are

unfeasible to mount in practice. The algorithm is believed to be practically secure in the form of Triple

DES, although there are theoretical attacks. In recent years, the cipher has been superseded by the

Advanced Encryption Standard (AES).

5

In some documentation, a distinction is made between DES as a standard and DES the algorithm

which is referred to as the DEA (the Data Encryption Algorithm). When spoken, "DES" is either spelled

out as an abbreviation (/�di��i��s/), or pronounced as a one-syllable acronym (/�d�z/).

6

A.2. Public-key Encryption

Public-key cryptography is a cryptographic approach, employed by many cryptographic algorithms

and cryptosystems, whose distinguishing characteristic is the use of asymmetric key algorithms

instead of or in addition to symmetric key algorithms. Using the techniques of public key-private key

cryptography, many methods of protecting communications or authenticating messages formerly

unknown have become practical. They do not require a secure initial exchange of one or more

secret keys as is required when using symmetric key algorithms. It can also be used to create digital

signatures.

7

Public key cryptography is a fundamental and widely used technology around the world, and is the

approach which underlies such Internet standards as Transport Layer Security (TLS) (successor to

SSL), PGP and GPG.

8

The distinguishing technique used in public key cryptography is the use of asymmetric key algorithms,

where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has

a pair of cryptographic keys — a public key and a private key. The private key is kept secret, whilst

the public key may be widely distributed. Messages are encrypted with the recipient's public key and

can only be decrypted with the corresponding private key. The keys are related mathematically, but the

private key cannot be feasibly (ie, in actual or projected practice) derived from the public key. It was

the discovery of such algorithms which revolutionized the practice of cryptography beginning in the

middle 1970s.

9

In contrast, Symmetric-key algorithms, variations of which have been used for some thousands of

years, use a single secret key shared by sender and receiver (which must also be kept private, thus

accounting for the ambiguity of the common terminology) for both encryption and decryption. To use a

symmetric encryption scheme, the sender and receiver must securely share a key in advance.

10

Because symmetric key algorithms are nearly always much less computationally intensive, it is

common to exchange a key using a key-exchange algorithm and transmit data using that key and

a symmetric key algorithm. PGP, and the SSL/TLS family of schemes do this, for instance, and are

called hybrid cryptosystems in consequence.

11

A.2.1. Diffie-Hellman

Diffie–Hellman key exchange (D–H) is a cryptographic protocol that allows two parties that

have no prior knowledge of each other to jointly establish a shared secret key over an insecure

5

"Data Encryption Standard." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Data_Encryption_Standard

6

"Data Encryption Standard." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Data_Encryption_Standard

7