Safety of a chain depends on the weakest link: the it over жнее, the a chain is stronger. In good криптосистеме should be checked thoroughly up both algorithm, and the report, and keys, and вс the rest. If the cryptographic algorithm is enough racks, and the generator of random numbers used for creation of keys, does not suit anywhere, any skilled enough криптоаналитик first of all will turn сво attention to it. If it will be possible to improve the generator, but cells of memory of the computer after they were visited by the generated key, a penny the price of such safety will not be smoothed out. If proof cryptographic algorithms and really casual keys which are accurately erased from memory of the computer are used after they have been used, but before enciphering a file in which together with your address and a surname all your incomes for current year are specified, has been by mistake sent by e-mail in tax service what for, it is asked, it were necessary for you both proof algorithm, and casual keys, and зачистка computer memory in addition?!

Криптографу you will not envy: in projected by it криптосистеме it should provide protection absolutely from all kinds of attacks what only can think up воспал нное imagination криптоаналитика. Криптоаналитику on the contrary, it is enough to find a unique weak link in a chain of cryptographic protection and to organise attack only against this link.

Besides it is necessary to consider that in practice threat of information safety of any object proceeds not only from криптоаналитика. Eventually, long the cryptographic key which is used by you for enciphering of files if law enforcement bodies need to learn that is stored in your computer would not be what, they will simply establish the chamber and скрупул зно will write down all information appearing on the screen. Not without reason, by a recognition of officials from АНБ, the majority of failures in maintenance of information safety occurs not because of the found weaknesses in cryptographic algorithms and reports, and because of scandalous oversights in their realisation. What firmness the cryptographic algorithm would not possess, at successful attack against it this firmness should not be overcome in a forehead, е is simple уда тся to bypass any roundabout пут m. However and to neglect good cryptographic algorithms too does not follow, that the cryptography did not become the weakest link in a chain which will not sustain a pressure attacking.

When speech about a choice of good cryptographic algorithm, at choosing comes, as a rule, there are some possibilities:

- It is possible to take advantage of the known algorithm rather for a long time published in the special edition on problems of cryptography. If anybody yet has not informed that has managed to open this algorithm, means, it is worthy of it to pay to it attention.

- It is possible to trust in the known firm specialising on sale of means of enciphering. Hardly this firm will risk the reputation, trading in unstable cryptographic algorithms.

- It is possible will address to the independent expert. Most likely, it can objectively estimate merits and demerits of various cryptographic algorithms.

- It is possible will address for support in corresponding governmental department. Hardly the government will mislead the citizens, giving its false advice concerning firmness of this or that cryptographic algorithm.

- It is possible to try to create own cryptographic algorithm. Very few people is interested itself(himself) to deceive. Than ч рт does not joke: and suddenly you possess outstanding abilities in the field of cryptography?

In all listed possibilities there are essential defects. To rely only on one firm, on one expert or on one department it is not absolutely reasonable. Many people naming independent experts, understand in cryptography a little. The majority of the firms making means of enciphering, is not better at all. In АНБ and Federal agency for government communication and information the best work криптографы in the world, however, for clear reasons, they do not hasten to share the secrets with the first comer. However, and with the second too. And even if you the genius in cryptography, silly to work cryptographic algorithm of own invention without that it have comprehensively analysed and have tested skilled криптологи.

Therefore the first of the listed possibilities is represented to the most preferable. The given approach to an estimation of firmness of cryptographic algorithms it would be possible to recognise ideal, if not its one lack. Unfortunately, it it is not known about results криптоаналитических researches of these algorithms which, were undoubtedly, actively conducted in the past and continue also it is actively spent all over the world by numerous employees of various governmental departments into which competence enter криптологические researches. These departments, most likely, are much better financed, than the academic institutes conducting similar researches. And they have started to be engaged in cryptology much earlier, than уч ные, not having military ranks, and experts from private concerns. Therefore it is possible to assume that military men have found much more simple ways of opening of known code numbers, rather than what are invented outside of strictly protected buildings of superconfidential governmental departments.

Well and let. Even if you will arrest and as the proof will confiscate from you сткий a disk with the files ciphered on DES-algorithm hardly криптоаналитики, consisting on public service, will come on judicial session that is oath to confirm that the data for your bill of particulars is received пут m of decoding of the confiscated files. That fact that it is possible to open any concrete cryptographic algorithm, often is considerably the big secret, than the information received пут m of opening of this algorithm.

Is better to start with the assumption, consisting that АНБ, Federal agency for government communication and information and иже with them can read any message which they will wish to read. However these departments not in a condition to read all messages with which maintenance wish to familiarise. The main reason is limitation in the means allocated with the government on криптоанализ. Other reasonable assumption consists that it is much easier to competent bodies to get access to the ciphered information by means of rough physical strength, than пут m graceful, but very much трудо мких the mathematical calculations leading to opening of the code number.

In any case much over жнее to use known cryptographic algorithm which is thought up already for a long time and which has managed to stand against numerous attempts to open it, undertaken authoritative криптологами.

Now users of personal computers have a possibility to apply шифровальные the algorithms which have been built in various software products. It is enough to get, for example, text editor Word, or operating systems Windows NT and Netware, or the editor of spreadsheets Excel. At all these software products is ещ one general property, except presence in them of the built in algorithms of enciphering. They are made in Soedin нных States and before to start to trade in them abroad, the American manufacturers without fail should obtain the permit at the government for their export for limits of the USA.

Everywhere a popular belief that any cryptographic algorithm which разреш н to export from the USA, is not proof enough that it could not open криптоаналитики from АНБ. It is considered that the companies which wish to sell abroad the production, allowing to carry out enciphering of the data, under insisting АНБ alter used cryptographic algorithms so that

- From time to time separate bits of a key are mixed in шифртекст;

- The key has length of only 30 bits instead of officially declared 100 bats as the majority of keys appear are equivalent;

- The fixed heading is inserted into the beginning of each ciphered message to facilitate криптоаналитическую attack with knowledge of a clear text;

- Any шифрованное the message contains a piece of a casual clear text together with corresponding to it шифртекстом.

Initial texts шифровальных programs are transferred to storage in АНБ, however outside of this superconfidential agency access to them is closed tightly. It is quite natural that АНБ, the American companies which have received from АНБ the permission for export of шифровальных of means, are not interested in advertising of weaknesses of the cryptographic algorithms taken as a principle of functioning of these means. Therefore it is desirable to show very big care if you are going to protect the data by means of the American programs of enciphering which are approved by the government of the USA for export for country limits.

What algorithm is better - symmetric or asymmetric? The question is not absolutely correct, as provides use of identical criteria at comparison криптосистем with a confidential and open key. And such criteria does not exist.

Nevertheless, debate concerning merits and demerits of two basic versions криптосистем is conducted since the moment of the invention of the first algorithm with an open key. It is noticed that symmetric cryptographic algorithms have smaller length of a key and work faster, than asymmetric.

However, according to one of inventors криптосистем with an open key - American криптолога U.Diffi, them it is necessary to consider not as a certain absolutely new version universal криптосистем. The cryptography with an open key and cryptography with a confidential key is "two big differences", they are intended for the decision of absolutely different problems connected with засекречиванием of the information. Symmetric cryptographic algorithms serve for enciphering of the data, they work on some usages faster, than asymmetric algorithms. However and the cryptography with an open key has scopes in which with a confidential key it nothing cryptography. Them concern work with keys and numerous cryptographic reports.

One of distinctive characteristics of any computer network is е division into so-called levels, each of which is responsible for observance определ нных conditions and performance of functions which are necessary for dialogue among themselves the computers connected in a network. This division into levels has fundamental value for creation of standard computer networks. Therefore in 1984 some the international organisations and committees have united the efforts and have developed the approximate model of a computer network known under name OSI (Open Systems Interconnection).

OSI carries communication functions on levels. Each of these levels functions irrespective of more low - and overlying. It can is direct communicate only with two next levels, but is completely isolated from the direct reference to following levels. Model OSI allocates seven levels: top three serve for communication with the end user, and bottom four are focused on performance of communication functions in real time.

In the theory enciphering of the data for transfer on communication channels of a computer network can be carried out at any level of model OSI. In practice it usually becomes either on the lowermost, or at the uppermost levels. If the data is ciphered at the bottom levels, enciphering is called as channel. If enciphering of the data is carried out at top levels, it call тся by the through. Both these of the approach to enciphering of the data have the advantages and lacks.

At channel enciphering all data passing through each communication channel, including a message clear text, and also the information on its routeing and on the used communication report (fig. 1 see) is ciphered. However in this case any intellectual network knot (for example, the switchboard) will be compelled to decipher the entering data flow that in appropriate way it to process, and again to cipher, to transfer to other knot of a network.

Nevertheless, channel enciphering represents very much an effective remedy of protection of the information in computer networks. As all data, moving networks from one knot to another are subject to enciphering, at криптоаналитика there is no additional information on the one who is a source of the transferred data to whom they are intended, what their structure and so on. And if ещ to take care and of that while the channel stands idle, to transfer on it casual bit sequence, the detached onlooker cannot even tell, where begins and where the text of the transferred message comes to an end.

Work with keys is not too difficult also. It is necessary to supply with identical keys only two next knots of a communication network which then can change used keys irrespective of other pairs of knots.

The biggest lack of channel enciphering is connected by that the data should be ciphered by transfer on each physical channel of a computer network. Information sending in not ciphered kind on any of channels threatens safety of all network as a whole. As a result cost of realisation of channel enciphering in the big networks can appear is excessively great.

Besides, at use of channel enciphering in addition it is required to protect each knot of a computer network through which take place the data transferred on a network. If subscribers of a network completely trust each other and everyone е knot размещ н in защищ нном from penetration of malefactors a place, it is possible not to pay attention to this lack of channel enciphering. However in practice such position meets extremely seldom. After all in each firm there is confidential data, get acquainted with which employees of one определ нного department can only , and behind its limits to this data it is necessary to limit access to a minimum.

At through enciphering the cryptographic algorithm is realised on one of top levels of model OSI. The substantial part of the message which it is required to transfer on a network is subject to enciphering only. After зашифрования to it the office information necessary for routeing of the message is added, and the result is forwarded on lower levels for the purpose of sending to the addressee.

Now the message is not required to be deciphered and ciphered constantly at passage through each intermediate knot of a communication network. The message оста тся ciphered on вс m of a way from the sender to the addressee (fig. 2 see).

The basic problem which users of computer networks where through enciphering is applied face, is connected by that the office information used for routeing of messages, переда тся on a network in not ciphered kind. Skilled криптоаналитик can take for itself weight of the helpful information, knowing who, with whom as long and at what o'clock communicates through a computer network. For this purpose it at all will not need to be well informed about a dialogue subject.

In comparison with channel through enciphering is characterised by more difficult work with keys as each pair of users of a computer network should be supplied by identical keys before they can communicate with each other. In addition, as the cryptographic algorithm is realised at top levels of model OSI, it is necessary to face also many essential distinctions in communication reports and interfaces depending on types of computer networks and computers united in a network. Вс it complicates practical application of through enciphering.

The channel of 1 Kanal2 the Channel 3

P P

The combination of channel and through enciphering of the data in a computer network manages much more expensively, than channel or through enciphering separately. However such approach allows to protect in the best way the data transferred on a network. Enciphering in each communication channel does not allow the opponent to analyze the office information used for routeing. And through enciphering reduces probability of access to not ciphered data in network knots.

At the combined enciphering work with keys вед тся separately: network managers are responsible for the keys used at channel enciphering, and about the keys applied at through enciphering, users care.

At first sight it is possible to assimilate enciphering of files completely to enciphering of messages, the sender and which addressee is one person, and as the transfer environment one of computer devices of a data storage (a magnetic or optical disk, a magnetic tape, operative memory) serves. However вс not so it is simple, as it seems at first sight.

By transfer on communication channels the message has no great value. If it gets lost on the way from the sender to the addressee, it is possible to try to transfer it again. At enciphering of the data intended for storage in the form of computer files, business are absolutely differently. If you not in a condition to decipher the file, you hardly will manage to make it both with the second, and with the third, and even from the 100-th attempt. Your data will be lost once and for all. It means that at enciphering of files it is necessary to provide special mechanisms for prevention of occurrence of errors in шифртексте.

The cryptography helps to transform the big secrets into the small. Instead of unsuccessfully trying to remember contents of a huge file, the person has enough of it to cipher and keep key used for this purpose in memory. If the key is applied to message enciphering it is required to be had near at hand only until the message not дойд т to the addressee and to it will not be successfully deciphered. Unlike messages, шифрованные files can is stored by years, and during all this time it is necessary to remember and keep a secret a corresponding key.

There are also other features of enciphering of files which it is necessary to remember without dependence from the cryptographic algorithm applied to this purpose:

- Quite often after file enciphering its not ciphered copy safely забыва тся on other magnetic disk, on other computer or in the form of the listing made on the printer;

- The size of the block in block algorithm of enciphering can exceed considerably the size of a separate portion of the data in the structured file therefore the total length of the ciphered file will appear much more, than length of an initial file;

- Speed of enciphering of files by means of the cryptographic algorithm chosen for this purpose should correspond to speeds on which devices of input/conclusion of modern computers work;

- Work with keys is uneasy enough business as different users usually should have access not only to various files, but also to separate parts of the same file.

If the file represents a single whole (for example, contains a text piece), restoration of this file in an initial kind will not demand the big efforts: before use it will be enough simple to decipher all file. However if the file is structured (for example, section н on records and fields as it becomes in databases) deciphering of all file entirely every time when it is necessary to provide access to a separate portion of the data, will make work with such file extremely inefficient. And at individual enciphering of portions of the data in the structured file will make its vulnerable in relation to attack at which the malefactor finds the necessary portion of the data in this file and replaces е with another at own discretion.

The user who wishes to cipher each file, размещ нный on стком a computer disk, has two possibilities. If it uses one key for enciphering of all files subsequently is not able to differentiate access to separate files from outside other users. Besides, as a result at криптоаналитика there will be a significant amount шифртекста, received on one key that will essentially facilitate to it opening of this key.

It is better to cipher each file on a separate key, and then to cipher all keys by means of a master key. Thereby users will be relieved of the vanity connected with the organisation over жного of storage of a great number of keys. Differentiation of access of groups of users to various files will be carried out пут m of division of set of all keys on subsets and enciphering of these subsets on various master keys. Firmness such криптосистемы it will be considerable above, than in case of use of a uniform key for enciphering of all files on стком a disk as the keys applied to enciphering of files, it is possible to make more casual and, hence, more proof against dictionary attack.

The majority of means of cryptographic protection of the data is realised in the form of specialised hardware devices. These devices are built in the communication line and carry out enciphering of all information transferred on it. Prevalence of hardware enciphering over the program is caused by the several reasons.

First, hardware enciphering possesses большей in the speed. Cryptographic algorithms consist of huge number of the difficult operations which are carried out over bits of a clear text. Modern universal computers are badly adapted for effective performance of these operations. The specialised equipment is able to do them much faster.

Secondly, the equipment is easier for protecting physically from penetration from the outside. The program which is carried out on the personal computer, is almost defenceless. Having armed with a debugger, the malefactor can is reserved to make in not changes to lower firmness of used cryptographic algorithm, and anybody will notice nothing. As to equipment it usually is located in special containers which do impossible scheme change е functioning. The chip becomes covered from above by a special chemical compound and as a result any attempt to overcome a protective layer of this chip leads to self-destruction of its internal logic structure. And though electromagnetic radiation can sometimes be a good source of the information that occurs in a microcircuit, it is easy to get rid of this radiation, having shielded a microcircuit. Similarly it is possible to shield and the computer, however to make it much more difficult, than in case of a tiny microcircuit.

And thirdly, the enciphering equipment is more simple in installation. Very often enciphering is required there where the additional computer equipment is absolutely excessive. Phones, fax machines and modems to equip with devices of hardware enciphering much more cheaply, than to build in them microcomputers with the corresponding software.

Even in computers installation specialised шифровального the equipment созда т is less than problems, than modernisation of the system software for the purpose of addition in it of functions of enciphering of the data. In an ideal enciphering should be carried out imperceptibly for the user. To achieve it by means of software, enciphering should be hidden deeply in operating system bowels. With the ready and debugged operating system without serious consequences to do it not so it is simple. But even any nonprofessional can connect шифровальный the block on the one hand to the personal computer and to the external modem with another.

The modern market of hardware of enciphering of the information offers potential buyers three versions of such means - self-sufficient шифровальные modules (they independently perform all work with keys), enciphering blocks in communication channels and шифровальные payments of expansion for installation in personal computers. The majority of devices of the first and second type are narrowly specialised and consequently, before to make the definitive and irrevocable decision on their acquisition, it is necessary to study thoroughly restrictions which at installation impose these devices on corresponding "iron", operating systems and the applied software. And differently it is possible to throw out money for a wind, for an iota without having come nearer to the desired purpose. However, sometimes the choice is facilitated by that some companies trade in the communication equipment which already has in сво m structure the preestablished equipment of enciphering of the data.

Payments of expansion for personal computers are more a universal remedy of hardware enciphering and can be usually easily configured so that to cipher all information which registers on сткий a computer disk, and also all data sent on its flexible disk and in serial ports. As a rule, protection against electromagnetic radiation in шифровальных expansion payments is absent, as there is no sense to protect these payments if similar measures are not undertaken concerning all computer as a whole.

Any cryptographic algorithm can be realised in the form of the corresponding program. Advantages of such realisation are obvious: enciphering software are easily copied, they are simple in use, they are easy for modifying according to concrete requirements.

In all распростран нных operating systems there are built in means of enciphering of files. Usually they are intended for enciphering of separate files, and work with keys is entirely assigned to the user. Therefore application of these means demands special attention: first, in no event it is impossible to store keys on a disk together with the files ciphered with their help, and secondly, not ciphered copies of files are necessary for erasing at once after enciphering.

Certainly, the malefactor can reach the computer and is imperceptible make undesirable changes to the enciphering program. However the basic problem consists at all in it. If the malefactor in a condition to get into a premise where the computer is established, it will potter hardly with the program, and will simply establish a candid camera in a wall, a tap in phone or the gauge for relaying of electromagnetic radiation in the computer. Eventually, if the malefactor can в с free make it, battle with it is already lost, at all without having begun.

Algorithms of compression of the data very well approach for sharing with cryptographic algorithms. On it there are two reasons:

- At code number opening криптоаналитик more all is necessary on the redundancy peculiar to any clear text. Compression helps to get rid of this redundancy.

- Enciphering of the data is rather трудо мкой operation. At compression the length of a clear text and by that time which will be spent for its enciphering is reduced decreases.

It is necessary only not to forget to compress a file before it will be ciphered, instead of after. After enciphering of a file by means of qualitative cryptographic algorithm received шифртекст it will not be possible to compress, as its characteristics will be close to characteristics of absolutely casual set of letters. By the way, compression can serve as the original test for quality check of cryptographic algorithm: if шифртекст подда тся to compression, this algorithm means better to replace on more perfect.

Let's assume that two hypothetical persons by name of Anton and Boris exchanged some months шифрованными messages. Counterspionage has intercepted all these messages, but and could not read a uniform word. To counterspies has bothered to collect Anton and Boris's correspondence, without knowing е the maintenance, and they have decided to arrest a suspicious couple. The first interrogation has begun words: "Where keys to the code number?". "To what such code number?!" - have unanimously exclaimed Anton and Boris, but have there and then stopped short and have turned pale, having noticed on a table at the inspector of an ominous kind the pincers covered with stains whether a rust, whether blood.

Anton and Boris could will get out of the created position if ciphered everyone сво the message so that it supposed two various расшифрования depending on a used key. Сво to Boris Anton quite innocent clear text - on other could cipher the present confidential message on one key, and. Now, if from Anton will demand a key to the code number, it will give подставной a key which will allow to read absolutely innocent message, and the key from the present message will keep as fiduciary.

The most simple way to make it will demand use of a disposable notebook. Let P - the present clear text, D - an innocent clear text, C - a text in code, K - the present key, and - подставной a key. Anton ciphers P:

As Boris has a copy of key K, it can decipher Anton's message without problems:

If counterspies try to force to give out Anton and Boris a key used by them, instead of K they can inform in counterspionage:

As a result counterspies can read an innocent clear text:

As Anton and Boris use a disposable notebook K is completely casual and to prove that is подставным a key, it is almost impossible (without resorting to tortures).

Anton could cipher P not by means of a disposable notebook, and using any of the most favourite cryptographic algorithms and key K. Having combined C with a piece of any well-known product (for example, with a fragment from the second chapter of "Idiot" of Dostoevsky) on the module 2, Anton will receive K . Now if "uncles" stick to Anton from counterspionage, it will show to them C together with K  and will tell that K  is a disposable notebook for C and that he has simply wanted to practise cryptography, having ciphered for this purpose a fragment from the first book. And while counterspies will not receive in сво the order key K, to prove that Anton was engaged in something illegal, they cannot.