Theme of computer cryptography - one of the most popular in Internet'е, including in its Russian-speaking part. The purpose of the given review - without repeating already told and without going deep into the theory (even which summary on volume sees multivolume), to try to collect and short to state the basic practical conclusions and recommendations about application широкодоступного the cryptographic software.

Широкодоступность the software limits consideration only to the algorithms, Kirhgoffa satisfying to a rule (not to confuse to electrotechnics) according to which result (enciphering and-or аутентификация) is provided with presence of a confidential key, instead of not documentary details of a used method. Thus, the theme connected with use of algorithms Clipper, Skipjack and their development, is left on consideration iXBT :-)

It is possible to consider as the primary goals of cryptography (to which the majority of others is reduced)

• Enciphering - protection of the data against unapproved acquaintance with them, and
• аутентификацию - protection of the data against unapproved change.

Аутентификация lately all is more widely applied to "the digital signature" extended through Internet software products as protection against "Grecian horses".

Whether there are absolutely reliable methods of enciphering? Yes, according to one of theorems of Shenona, those are the algorithms using keys which length is not less length of the ciphered message. Thus each such key can be used only once. Generation and distribution of such long keys in enough presents certain difficulties. Therefore similar methods are used only in exceptional cases. In a real life it is necessary to use methods with большей or smaller, but limited криптостойкостью.

In the book "Secrets Internet" all cryptographic methods have been divided on level of their firmness into five groups:

Listed in Pavel Semjanova's article "Why криптосистемы are unreliable?" The reasons can be divided conditionally on objective (considered more low) and subjective:

• Impossibility of use of proof algorithms owing to their computing complexity;
• Wrong application and errors in realisation;
• The human factor.

At an exception of these basic subjective reasons the most widespread algorithms provide the following level of protection (on entered above classification):

DES	2,3
Threefold DES	3,4
GOST	3,4
BlowFish	3,4
RC5	3,4
IDEA	3,4
RSA, RIPEM	Key of 512 bits - 2, 768 bits - 3, 1024 bits - 4
PGP	Depending on used internal algorithms, as a whole a little above, than in the previous point
ECC	According to last researches, stability is equivalent RSA with approximately three times longer key

Some teoretiko-numerical results of last years (new methods факторизации) have strongly shaken positions of method RSA. Progress in this direction such fast that is not present any guarantee that reasonable today the increase in length of a key will provide sufficient криптостойкость in the near future.

Competitions regularly declared by company RSA have led to working out of effective methods of attacks to algorithm DES, using both the distributed calculations, and special hardware. Last such attack within the limits of project Monarch has been spent on January, 18th, 1999. Project Bovine - криптоатака algorithm RC5/64 now proceeds.

The objective reason of weakness криптоалгоритмов consists in their some mathematical features. Ignorance or neglect theoretical bases of cryptography (and it, unfortunately, not a rarity not only in programs of type FreeWare or ShareWare) by working out of own algorithms of enciphering leads to pitiable results.

Characteristic examples - some archivers, MS Office to Office97, Novell versions 3.x and 4.x, and Paradox - криптостойкость which was so low that, first, did not demand any specific knowledge for a writing of the program of search of the password (unessentially true), and, secondly, these programs worked o-o-very quickly even on weak ПЭВМ. I.e., on entered above classification, hardly provided protection against group 1.

But even quite good algorithms much as a whole (in particular, DES, IDEA, BlowFish, GOST) have the weak keys which use does not provide due level криптостойкости. And though such keys (at least, known) each concrete algorithm has some to neglect them it is not recommended.

One more unpleasant feature of some cryptographic systems is presence of hatches - universal passwords, some kind of the master keys giving access to the information without knowledge of a true key. In most cases hatches are only feature of concrete realisation - result or errors, or evil intentions of developers of software product. However concerning some криптосистем there are serious suspicions in presence of algorithmic hatches. But it already other theme...

In the USA there are restrictions on export of cryptographic production. A number successful криптоатак has shown that originally established restriction of length of a key of 40 bits did not provide protection even from group 2. Therefore restrictions have been weakened, but all the same many software products developed in America exist in two variants - for "internal" use and "international" - the version. Wishing to work with full-function (from the point of view of protection) programs can take them on located in the Netherlands ftp and www servers Replay.com.

What algorithms it is better: "classical" - with confidential keys, or "modern" - with opened? A good question And :-) absolutely wrong because the choice in many respects depends on statement of a problem and application conditions.

In "symmetric" криптоалгоритмах (DES, GOST, BlowFish, RC5, IDEA) the same key is used both for enciphering, and for restoration of the open message. Therefore this key is confidential. Advantage of these algorithms is their good theoretical level of scrutiny, including a substantiation криптостойкости. In comparison with "asymmetric" algorithms it is necessary to note relative simplicity both program, and hardware realisation, higher speed of work in direct and in the opposite direction, and also maintenance of necessary level of protection at use is essential shorter keys. It is necessary to carry necessity of maintenance of additional measures of privacy to the basic lacks at distribution of keys and the problems connected with it and, probably, expenses, and also that fact that algorithms with a confidential key work only in the conditions of full confidence of correspondents each other, since Do not allow to realise present "the digital signature".

In "asymmetric" methods (RSA, PGP, ECC) direct and return криптопреобразования are carried out with use of various semi-keys which have no among themselves easily traced communications allowing on one semi-key to calculate another. Therefore one of semi-keys is published openly that everyone could cipher the message or check up the digital signature. To decipher such message or put the signature the one who knows the second - confidential - a semi-key can only. Such algorithms, in comparison with "symmetric", are more exacting to computing resources and, hence, their realisation and use costs dearer. Криптостойкость "asymmetric" algorithms for today it is proved worse, than "symmetric". But they work there where "classical" криптосхемы are inapplicable - allow to realise various smart reports of type of the digital signature, open distribution of keys and reliable аутентификации in a network steady even to full interception of the traffic.

Криптосхема with a confidential key can be constructed one of two ways:

• потоковая the scheme - for криптопреобразования is used the scale which not dependent on is the ciphered information;
• The block scheme - scale for криптопреобразования is developed by a manipulation with the information which should be ciphered.

In потоковых schemes for криптопреобразование (as direct, and the return) the stream of scale developed by the generator is used. For privacy maintenance this stream depends on value of a confidential key. The basic complexity at realisation such криптометодов consists in generator working out криптостойкой scales.

In block schemes the information shares on blocks and a part of blocks is used for development of scale which is applied at криптопреобразовании the rest of blocks then parts of blocks are interchanged the position. The detailed description of the general scheme and some variants of its realisation can be found in Andrey Vinokurova's article "As the block code number is arranged?" To the same author belong the detailed description of one of the best for today block криптоалгоритмов GOST 28147-89 and the initial text of the corresponding program accessible to wide use.

The programs realising various popular cryptographic algorithms, in Internet'е great variety. But for those who is seriously anxious by preservation of confidentiality of the data and does not wish to have in one not so happy day an unpleasant surprise as consequence of another's error insufficient компетентностиили of simply excessive curiosity, the greatest interest is represented by software products of serious developers with steady reputation.

For Linux'а and Windows95/98/NT it is possible to take such programs, for example, on ftp and www servers Replay.com. Elementary of these programs use PGP and allow to cipher both files, and the information sent by e-mail, and also provide creation possibility completely PgP-kriptovannyh file systems. For Windows95/98/NT is using algorithms of GOST and BlowFish (and consequently working slightly faster) package BestCrypt. Unfortunately, this package is commercial, but for it is available 30-day trial, with which interested persons can find the detailed instruction on work on AstalaVist'е.

The fullest (but a little академичным) is document FAQ About Today's Cryptography prepared and regularly updated by corporation RSA. From Russian-speaking materials it is necessary to note CryptoFAQ Alexey Vasileva. Bases криптостойкости are well stated in Pavel Semjanova's cryptographic educational program, in the same place you will find many useful references. Andrey Vinokurova's page is devoted "classical" code numbers with the confidential keys, even more interesting you will find in a series of its articles under the general name "Cryptography".