Encryption 101 - The Choices

Ramón J. Hontañón

In the late 1980s and early 1990s, there was a clear separation between "private" and "public" networks. Those companies that engaged in early electronic commerce did so while ensuring that all transactions took place over "secure" (read "dedicated") lines. Confidentiality was achieved by physically protecting the communication medium. With the advent of the public Internet, the electronic commerce model changed dramatically. The network can no longer be trusted to be a private medium, so steps must taken to ensure that sensitive information will not be compromised when it falls into hostile hands. Encryption technology, once the realm of spies and secret government operations, became of great interest to conventional businesses. This article provides a summary view of the major encryption alternatives currently available, with the aim of helping you make the choice that is right for your environment.

Encryption, of course, refers to the process by which sensitive information is modified using a cryptographic algorithm and a "seed" value, typically known as a "key". A similar algorithm can be applied to the encrypted data to recover the original information, using a decrypting key. The strength of an encryption algorithm lies in the difficulty of decrypting a block of encrypted data (typically referred to as "cyphertext") without having prior knowledge of the encrypting key. Not surprisingly, key length is a determining factor of algorithm strength: the longer the key, the harder it is to "crack" the algorithm.

The following sections organize the cryptographic choices by the nature of the key, secret or public, and examine various forces that may influence your choice of an encryption strategy that is appropriate for your needs.<>