Crypto is something I left long ago. But it is still in my bloodstream since I dabbled with it for a very long time.
Basically crypto is not the only way to implement security. It is a very important building block but not the only one. We find that authentication algorithms and protocols normally employ crypto. We find crypto in integrity checks or preserving the data from being tampered. And of course we employ crypto in confidentiality or encryption. There are many things that do not at all depend on crypto. If you are doing biometric scanning or facial recognition or voice recognition then some crypto may be there in the form of doing a match against the fingerprint or message digest. But crypto as is generally understood is used for encryption when we use SSL, VPN(secure one, we can have VPN without security) or SSH. Encryption is used for protecting the data from being seen. You also have file system encryption and you can even encrypt a file using vim or openssl. Anyway crypto alone does not ensure security. If a machine does not have physical security then any amount of crypto will not save it. One can always get to it in single user mode and reset the root password. The most important component of crypto at a serious level is a sound random number generator. At a simpler level the most oft used method is a message digest algorithm like MD5 or SHA1. All complicated crypto systems employ message digest in one form or other. Message digest itself is not secure. Once you add a secret key to it it then becomes HMAC and that is secure. But message digests can be encrypted with a cipher like AES and then used. PKI implementation uses crypto in the form of RSA, DSA or ESS and also uses message digest and finally a symmetric cipher like AES or DES3. -Girish -- Gayatri Hitech http://gayatri-hitech.com _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
