Encryption 101
February 2, 2009 10:29 AM Subscribe
Can you point me an easy explanation of encryption technologies?
I am working at a job where I am coming more and more in contact with acronyms like SSH, SFTP, SCP, PGP, etc....
Can someone point me to a good and hopefully simple resource for learning more about these terms?
I am working at a job where I am coming more and more in contact with acronyms like SSH, SFTP, SCP, PGP, etc....
Can someone point me to a good and hopefully simple resource for learning more about these terms?
If you want to know about encryption beyond what the acronyms mean, you could do worse than to check out Simon Singh's very readable The Code Book. If it's nitty-gritty details, Schneier's Applied Cryptography is a great foundational book. It looks like there's an omnibus edition that includes his other two books, which ought to cover just about anything you'd want to know.
posted by jquinby at 10:52 AM on February 2, 2009 [1 favorite]
posted by jquinby at 10:52 AM on February 2, 2009 [1 favorite]
To learn about these terms, you just need to look at what each of them is or does. Google it.
To learn about cryptography.. well you probably don't want to. Instead, learn the difference between a web of trust (i.e. decentralised) and a centralised PKI. Read about public key cryptography versus private key cryptography (i.e. symmetric key cryptography).
posted by devnull at 11:10 AM on February 2, 2009
To learn about cryptography.. well you probably don't want to. Instead, learn the difference between a web of trust (i.e. decentralised) and a centralised PKI. Read about public key cryptography versus private key cryptography (i.e. symmetric key cryptography).
posted by devnull at 11:10 AM on February 2, 2009
I don't know if cryptologists take the Code Book seriously, but I'd second it anyway. Very accessible, and a good signal/noise ratio.
posted by ghost of a past number at 12:29 PM on February 2, 2009
posted by ghost of a past number at 12:29 PM on February 2, 2009
If you just want to know what the terms mean so you have a basic understanding of the tech involved, then Wikipedia is about as good as you're going to get.
If you'd like to know more about the problem space and the general security landscape, Schneier's Secrets and Lies is very accessible and pretty damn good, I'd say.
Unfortunately, though, to go much beyond that you're leaving the realm of "easy" pretty quickly. Public-key cryptography (around which most modern crypto is based) is seriously complicated, math-heavy stuff. The other recomendations for Applied Cryptography are right on, but it's far from an "easy" work. I'm a programming with about a decade of experience and I found working through Applied Crypto quite difficult (but I do suck at math). Well worth the time, of course, but... tough.
posted by jacobian at 1:28 PM on February 2, 2009
If you'd like to know more about the problem space and the general security landscape, Schneier's Secrets and Lies is very accessible and pretty damn good, I'd say.
Unfortunately, though, to go much beyond that you're leaving the realm of "easy" pretty quickly. Public-key cryptography (around which most modern crypto is based) is seriously complicated, math-heavy stuff. The other recomendations for Applied Cryptography are right on, but it's far from an "easy" work. I'm a programming with about a decade of experience and I found working through Applied Crypto quite difficult (but I do suck at math). Well worth the time, of course, but... tough.
posted by jacobian at 1:28 PM on February 2, 2009
Not only is the math hard in Applied Crypto, it is also very dense reading. I found that I had to be very alert, refreshed and engaged with the material in order to avoid the dreaded "Oh I just made it through a page but I can't recall what was in the first paragraph" syndrome.
posted by mmascolino at 2:04 PM on February 2, 2009
posted by mmascolino at 2:04 PM on February 2, 2009
What you are describing are more network protocols than cryptographic ones. They are built using cryptographic primitives and use a variety of security services to ensure security. These network protocols primarily provide security services in the form of authentication (validating something's identity) and privacy (protecting information from disclosure). These security services are enabled by the cryptographic primitives they employ.
Cryptographic primitives describe mathematical operations on numbers and/or sequences of bits. Wikipedia-level familiarity with primitives like symmetric ciphers, assymetric (public key) crypto systems, and hashes will get you enough exposure to journey to the next level.
ssh/scp use network-level semantics similar to plain-old SSL to wrap normally exposed traffic in a layer of privacy and authenticity. ssh/scp are encrypted versions of older network clients like rsh and rcp that provided zero security, and easily allowed attackers to intecept communications or forge identities to get unauthorized access. Your best bet for learning about those is to read the documentation for whatever ssh/scp client you are using (e.g. openssh has been pretty much the gold standard for ssh ever since it was released). SSH is kind of a swiss army knife in that you can do all kinds of crazy crap with it. Start small, read the handbook.
PGP is another, simpler, animal altogether. The only thing it can do is encrypt messages or files. If you read the wikipedia articles on assymmetric cryptography, it should make a little more sense. GnuPG is a free implementation and their HOWTO documentation is probably right up your alley.
posted by rye bread at 2:10 PM on February 2, 2009
Cryptographic primitives describe mathematical operations on numbers and/or sequences of bits. Wikipedia-level familiarity with primitives like symmetric ciphers, assymetric (public key) crypto systems, and hashes will get you enough exposure to journey to the next level.
ssh/scp use network-level semantics similar to plain-old SSL to wrap normally exposed traffic in a layer of privacy and authenticity. ssh/scp are encrypted versions of older network clients like rsh and rcp that provided zero security, and easily allowed attackers to intecept communications or forge identities to get unauthorized access. Your best bet for learning about those is to read the documentation for whatever ssh/scp client you are using (e.g. openssh has been pretty much the gold standard for ssh ever since it was released). SSH is kind of a swiss army knife in that you can do all kinds of crazy crap with it. Start small, read the handbook.
PGP is another, simpler, animal altogether. The only thing it can do is encrypt messages or files. If you read the wikipedia articles on assymmetric cryptography, it should make a little more sense. GnuPG is a free implementation and their HOWTO documentation is probably right up your alley.
posted by rye bread at 2:10 PM on February 2, 2009
If you're interested in cryptography in general then I agree that The Code Book is good. And if you're really interested I warmly recommend David Kahn's The Code Breakers, which provides a fantastic in-depth history of cryptography.
Otherwise Wikipedia and the links posted here should be fine.
posted by bjrn at 2:14 AM on February 3, 2009
Otherwise Wikipedia and the links posted here should be fine.
posted by bjrn at 2:14 AM on February 3, 2009
This thread is closed to new comments.
http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol
http://en.wikipedia.org/wiki/Secure_copy
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
posted by devbrain at 10:48 AM on February 2, 2009