Specifications
your encrypted messages. As shown in Figure 13.4, both the sender (who encrypts the mes-
sage) and the recipient (who decrypts the message) have the same key.
The most widely used secret key algorithm is the Data Encryption Standard (DES). This
scheme was developed by IBM in the 1970s and adopted as the American standard for com-
mercial and unclassified government communications. Computing speeds are orders of magni-
tudes faster now than in 1970, and DES has been obsolete since at least 1998.
Other well-known secret key systems include RC2, RC4, RC5, triple DES, and IDEA. Triple
DES is fairly secure.
2
It uses the same algorithm as DES, applied three times with up to three
different keys. A plain text message is encrypted with key one, decrypted with key two, and
then encrypted with key three.
One obvious flaw of secret key encryption is that, in order to send somebody a secure mes-
sage, you need a secure way to get the secret key to him. If you have a secure way to deliver a
key, why not just deliver the message that way?
Fortunately, there was a breakthrough in 1976, when Diffie and Hellman published the first
public key scheme.
Public Key Encryption
Public key encryption relies on two different keys, a public key and a private key. As shown in
Figure 13.5, the public key is used to encrypt messages, and the private key to decrypt them.
E-commerce Security Issues
C
HAPTER 13
13
E-COMMERCE
SECURITY ISSUES
295
Plain
Text
Public
Key
Private
Key
Cipher
Text
Encryption
Algorithm
Plain
Text
Decryption
Algorithm
FIGURE 13.5
Public key encryption uses separate keys for encryption and decryption.
The advantage to this system is that the public key, as its name suggests, can be distributed
publicly. Anybody to whom you give your public key can send you a secure message. As long
as only you have your private key, then only you can decrypt the message.
2
Somewhat paradoxically, triple DES is twice as secure as DES. If you needed something three times as
strong, you could write a program to implement a quintuple DES algorithm.
17 7842 CH13 3/6/01 3:36 PM Page 295