Copyright © Philip M. Parker, INSEAD. Terms of Use.

Key

Specialty Definition: Key

Top     

Specialty Definition: Cryptographic key

(From Wikipedia, the free Encyclopedia)

A cryptographic key is a relatively small amount of information that is used by a cryptographic algorithm to 'customize' the transformation of plaintext into cyphertext (during encryption) or from cyphertext to plaintext (during decryption). The same algorithm and plaintext, but with a different key will produce a quite different cyphertext, and so for decryption as well. If the decryption key is lost, encrypted data will not in practice be convertible back to its original form -- at least for high quality encryption algorithms and large enough key sizes. Thus, the security of a cryptographic key in most cases relies on its being kept secret: hence the alternative name secret key.

Most cryptographic algorithms use a single key for both encryption and decryption: they are known as symmetric key algorithms. An attacker who obtains the key (by theft, extortion, dumpster diving, or inspection of a Post-It note stuck to the side of a terminal) can recover the original message from the encrypted data, since as a matter of principle the details of the cryptographic algorithm used is assumed to be already available to the attacker. This design assumption is usually known to cryptanalysts as Kerckhoffs' law -- '...only secrecy of the key provides security...', or in more colloquial form, Shannon's Maxim -- '...the enemy knows the system...'. In either form, it is fully justified by long and painful practical experience over some thousands of years and no recent development has changed this reality; indeed there is widely thought to be no prospect of change. That secrecy of a crypto system (the algorithms or the protocols) is important (or even vital) is widely, and wrongly, believed. As a general principle one would not want one's crypto system to be fully known to the opposition, but it should remain secure even if the opposition learns all about it. The chances are excellent that they will anyway.

A new class of cryptographic encryption algorithms was discovered in the 1970s which use a pair of keys, one to encrypt and one to decrypt. Some of these asymmetric key algorithms have the property that it is not possible to determine one key from the other (so far as is currently known). Such an algorithm allows one key to be made public while retaining the private key in only one location.

Key Sizes

Typical key sizes for estimated 'equivalent security' against a particular kind of attack (ie, brute force key space search) are 128 bits for symmetric ciphers and 2048 bits or more for public key cryptography. Elliptic curve cryptography may allow much smaller size keys for equivalent security, but these algorithms have only been known for a relatively short time and current estimates of the difficulty of brute force searching for their keys may not survive. Recently, a message encrypted using a 109-bit key elliptic curve algorithm was broken by brute force. As a result it would appear that elliptic curve algorithm keys must be somewhat the same length as symmetric key algorithm keys for equivalent security. As always, for all but the one-time pad, a theoretical breakthrough may make everything you've encrypted an open book regardless of the algorithm or algorithm type you've chosen, and a too-short key will certainly do so.

If the key is too small, the algorithm will be vulnerable to a brute force attack in which all possible values of the key are tried one by one. 'Birthday' attacks are also possible; the probability of a 'collision' between a large group of values goes up roughly as the square of the number of possible values and this applies in cryptography as well. In addition, many algorithms permit reduced effort attacks as compared to brute force key search. If the effort is sufficiently reduced, the algorithm will be 'insecure' against that attack and should not be used. It may be expected that algorithms for which no improved attack is now known, and for which a brute force attack is impractical, will be found to be insecure when some new cryptoanalytic technique is developed. When one is.

The problem of choosing a cryptographic algorithm reduces itself, in actual practice, to an estimate of how likely such an advance will be over the relevant time. Personal secrets need to be kept confidential for different durations than tactical deployment information in a battle, and still differently than some commercially valuable information (eg, the formula for Coke). There are no good answers known to this problem. Intelligent, cryptographically informed, choosers limit their choice to publicly known and publicly unbroken, but well studied, algorithms. Only algorithms from this group can be credibly thought secure. All others are either not sufficiently well tested, or are from secret organizations with adequate testing resources, but also with ulterior motives.

Key Choice

At the least sensible, choosing a key by increasing the value of the last used key by one is clearly foolish. Any attacker noticing the key choice pattern will be ecstatic. In fact, experience has shown that pattern in key choice are a very very significant source of breaks into otherwise well designed crypto systems. The Japanese Purple cypher machine of WWII is an example, for after the initial breakthrough by US cryptanalysts, the poor choice of keys made continuing breaks into the Purple traffic very much easier.

In general, keys _must_ be chosen randomly (or alternatively, they must be random values) while meeting other requirements of the algorithm in use. This is a fundamentally difficult, quite subtle, problem and has been 'solved' in one or another crypto system in various ways. There is an Internet RFC on generating randomness (RFC 1750, Randomness Recommendations for Security), but it is long on prescription and short on explanation. In general randomness is always a problem in cryptography, and key choice is merely another example.

Failure to handle this properly is an easy way to render any cryptosystem insecure. See randomness.

Applications

Pretty Good Privacy (PGP) is a popular program that intelligently uses both symmetric and asymmetric algorithms as part of an excellent crypto system design. PGP uses the timing between keystrokes to generate 'randomness'; thus far this has not been found unsatisfactory. A public Standard has been recently adopted for a PGP compatible crypto system. OpenPGP is the standard and GPG is an implementation of it available from the Free Software Foundation. There is a Web site for the FSF which has pointers to the official Web pages for both PGP and OpenPGP.

External links

• http://www.pobratyn.com/pk.php3 An example of a PGP Public Key. -- broken link
• The official site for PGP International and, unofficially, for GPG.
• Crypto-Gram, a monthly online publication on cryptography and its sensible use.

  Source: adapted by the editor from Wikipedia, the free encyclopedia under a copyleft GNU Free Documentation License (GFDL) from the article "Cryptographic key."

Top     

Cryptography

(From Wikipedia, the free Encyclopedia)

Cryptography (from Greek kryptós, "hidden", and gráphein, "to write") is generally understood to be the study of the principles and techniques by which information can be translated into a "garbled" version that is difficult for an unauthorized person to read, while still allowing the intended reader to convert the resulting gobbledygook back into the original information. In fact, cryptography covers rather more than merely encryption and decryption. It is, in practice, a specialized branch of information theory with substantial additions from other branches of mathematics, and from such sources as Machiavelli, Sun Tzu, and Karl von Clausewitz.

The term cryptology has sometimes been used instead of cryptography for this field, it is recent coinage, due apparently to William F. Friedman in the early 20th century. There is some tension between these two lexigraphic schools.

Unsurprisingly, the study of hiding the meaning of messages from others by encrypting them has been accompanied by the study of how to read such messages when one is not the intended receiver; this area of study is called cryptanalysis. People involved in such work, and with cryptography in general, are known as cryptographers (or for some of those in the other lexigraphic school, cryptologists).

The original unencrypted information being sent from one person (or organization) to another is usually called the plaintext. Encryption is the plaintext-to-garble conversion, and decryption is the garble-to-plaintext conversion. A major class of encryption technique is called encoding (yielding codetext), after which the receiver decodes the codetext. The other major class is called enciphering (yielding, naturally, cyphertext), after which the receiver decyphers the cyphertext. The exact operation of the encryption and decryption, for all schemes with any pretense to security, is controlled by one or more keys.

Overview: goals

Cryptography has four main goals, though they are nearly always concealed beneath a blanket of confusing 'marketing speak' in commercial products. And behind a fog of rumor and myth as well. Examining any proposed crypto system with these basic functions in mind, and ignoring the marketing blather, will be a very useful exercise for those interested in cryptography in the real world. They are:

1. message confidentiality: Only the authorised recipient should be able to extract the contents of the message from its encrypted form. In addition, it should not be possible to obtain information about the message contents (such as a statistical distribution of certain characters) as this makes cryptanalysis easier.
2. message integrity: The recipient should be able to determine if the message has been altered during transmission.
3. sender authentication: The recipient should be able to identify the sender, and verify that the purported sender actually did send the message.
4. sender non-repudiation: The sender should not be able to deny sending the message.

Not all cryptographic systems or algorithms achieve all of the above goals, or are even intended to. Poorly designed, or poorly implemented, crypto systems achieve them only by accident or bluff or lack of interest on the part of the opposition, and users can and regularly do reduce even well designed and implemented crypto systems to the security equivalent of Swiss cheese. But even with well designed, well implemented, and properly used crypto systems, some goals aren't practical (or desirable) in some contexts. For example, the sender of the message may want to be anonymous, or the system may be intended for an environment with limited computing resources, or confidentiality might not matter.

In addition, some confusion may arise in a crypto system design regarding whom we are referring to when speaking of "sender" or "recipient"; some examples for real crypto systems in the modern world include:

1. a computer program on a local system,
2. a computer program on a 'nearby' system which 'provides security services' for users on other nearby systems,
3. or -- what most people implicitly assume is "obviously" meant -- a human being (usually understood as one 'at a keyboard' to actively send or receive). Even in such cases, the human does not actually encrypt or sign or decrypt or authenticate anything in modern cryptographic systems. At most, when all is right in the world, the user instructs a computer program to encrypt or sign or decrypt and authenticate, or ... and it does so, properly and securely. This buffering of human action from actions which are presumed (without much consideration) to have 'been done by a human' is a source of problems in crypto system design, implementation, and use. Such problems are often quite subtle and correspondingly obscure. Generally so, even to practicing cryptographers with knowledge, skill, and good engineering sense.

When confusion on these points is present (at the design stage, during implementation, or by a user after installation), unintended failures in reaching each of the stated goals can occur quite easily, often without notice to any human involved, and even given perfect algorithms, superb and provably secure system design, and error free implementation. Such failures are most often due to extra-cryptographic issues; each such failure demonstrates that good algorithms, good protocols, good system design, and good implementation do not alone, nor in combination, provide 'security'. Instead, careful thought is required regarding the entire crypto system design and its use in actual production by real people on actual equipment running production system software (eg, operating systems) -- too often, this is absent or insufficient in practice with real-world crypto systems.

Although cryptography has a long and complex history, it wasn't until the 19th century that it developed anything more than ad hoc approaches to either cryptanalysis (eg, Charles Babbage's Crimean War era work on mathematical cryptanalysis of polyalphabetic cyphers, repeated publicly rather later by the Prussian Kasiski) or encryption. An example is Auguste Kerckhoffs' crypto writings in the latter 19th century; which are really collections of rules of thumb and hard won knowledge about cryptography. Excellent for their time, but with little of the theoretical foundation which has been developed since. An increasingly mathematical trend accelerated up to World War II (notably in William F. Friedman's application of statistical techniques to cryptography and in Marian Rejewski's initial break into the German Army's version of the Enigma system). Both cryptography and cryptanalysis have become far more mathematical since WWII. Even then, it has taken widely available computers, and the Internet, to bring effective cryptography into common use by anyone other than national governments or similarly sized enterprises.

Classical Cryptography

The earliest known use of cryptography is found in non-standard hieroglyphs on monuments from Egypt's Old Kingdom (ca 4000 years ago). These are not thought to be serious attempts at secret communications, however, but rather to have been attempts at mystery, intrigue, or even amusement for literate onlookers. Each of which has been, intermittently, still another use of cryptography, or of something that looks (impressively if misleadingly) like it. Later, Hebrew scholars made use of simple substitution ciphers (such as the Atbash cipher) beginning perhaps around 500 to 600 BCE. Cryptography has a long tradition in religious writing likely to offend the dominant culture or political authorities. Perhaps the most famous is the 'Number of the Beast' from the book of Revelations in the Christian New Testament. 666 is almost certainly a cryptographic (ie, encrypted) way of concealing a dangerous reference; many scholars believe it's a way of referring to Rome, or Nero, (and so to Roman policies of persecution of Christians) that would be understood by the initiated (who 'had the codebook') and yet be safe (or at least somewhat deniable and so less dangerous) if it came to the attention of those authorities. At least for orthodox Christian writing, the need for such concealment ended with Constantine's conversion and the adoption of Christianity as the official religion of the Empire.

The Greeks of Classical times are said to have known of cyphers (eg, the scytale transposition cypher claimed to have been used by the Spartan military). Herodutus tells us of secret messages physically concealed beneath wax on wooden tablets or as a tattoo on a slave's head concealed by regrown hair (see secret writing; these are not properly examples of cryptography). The Romans certainly did (eg, the Caesar cipher and its variations). There is ancient mention of a book about Roman military cryptography (especially Julius Caesar's); it has been, unfortunately, lost.

In India, cryptography was apparently well known. It is recommended in the Kama Sutra as a technique by which lovers can communicate without being discovered. This may imply that cryptanalytic techniques were less well developed in India ca 500 CE.

Cryptography became (secretly) important still later as a consequence of political competition and religous analysis. For instance, in Europe during and after the Renaissance, citizens of the various Italian states, including the Papacy, were responsible for substantial improvements in cryptographic practice (eg, polyalphabetic cyphers invented by Leon Alberti ca 1465). And in the Arab world, religiously motivated textual analysis of the Koran led to the invention of the frequency analysis technique for breaking monoalphabetic substitution cyphers sometime around 1000 CE.

Cryptography, cryptanalysis, and secret agent betrayal featured in the Babington plot during the reign of Queen Elizabeth I which led to the execution of Mary, Queen of Scots. And an encrypted message from the time of the Man in the Iron Mask (decrypted around 1900 by Étienne Bazeries) has shed some, regrettably non-definitive, light on the identity of that legendary, and unfortunate, prisoner. Cryptography, and its misuse, was involved in the plotting which led to the execution of Mata Hari and even more reprehensibly in the travesty which led to Dreyfus' conviction and imprisonment, both in the early 20th century. Fortunately, cryptographers were also involved in setting Dreyfus free; Mata Hari, in contrast, was shot.

Mathematical cryptography leapt ahead (also secretly) after World War I. Marian Rejewski, in Poland, attacked and 'broke' the early German Army Enigma system (an electromechanical rotor cypher machine) using theoretical mathematics in 1932. The break continued up to '39, when changes in the way the German Army's Enigma machines were used required more resources than the Poles could deploy. His work was extended by Alan Turing, Gordon Welchman, and others at Bletchley Park beginning in 1939, leading to sustained breaks into several other of the Enigma variants and the assorted networks for which they were used. US Navy cryptographers (with cooperation from British and Dutch cryptographers after 1940) broke into several Japanese Navy crypto systems. The break into one of them famously led to the US victory in the Battle of Midway. A US Army group, the SIS, managed to break the highest security Japanese diplomatic cypher system (an electromechanical 'stepping switch' machine called Purple by the Americans) even before WWII began. The Americans referred to the intelligence resulting from cryptanalysis, perhaps especially that from the Purple machine, as 'Magic'. The British eventually settled on 'Ultra' for intelligence resulting from cryptanalysis, particularly that from message traffic encyphered by the various Enigmas. An earlier British term for Ultra had been 'Boniface'.

World War II Cryptography

By World War II mechanical and electromechanical cryptographic cypher machines were in wide use, although where these were impractical manual systems continued to be used. Great advances were made in both practical and mathematical cryptography in this period, all in secrecy. Information about this period has begun to be declassified in recent years as the official 50-year (British) secrecy period has come to an end, as the relevant US archives have slowly opened, and as assorted memoirs and articles have been published.

The Germans made heavy use (in several variants) of an electromechanical rotor based cypher system known as Enigma. The German military also deployed several mechanical implementations of one-time pads. Bletchley Park called them the Fish cypherss, and Max Newman and colleagues designed and deployed the world's first programmable electronic computer, the Colossus, to help with those cypher systems.

The Japanese Foreign Office used an independently developed electrical stepping switch based system (called Purple by the US; see the entry Purple code), and also used several similar machines for attaches in some Japanese embassies. One of these was called the 'M-machine' by the US, another was referred to as 'Red'. All were broken, to one degree or another by the Allies. Other cypher machines used in WWII included the British Type X and the American SIGABA; both were electromechanical rotor designs similar in spirit to the Enigma. Neither is known to have been broken by anyone during the war.

Modern Cryptography

The era of modern cryptography really begins with Claude Shannon, arguably the father of mathematical cryptography. In 1949 he published the paper Communication Theory of Secrecy Systems in the Bell System Technical Journal and a little later the book, Mathematical Theory of Communication, with Warren Weaver. These, in addition to his other works on information and communication theory established a solid theoretical basis for cryptography and for cryptanalysis. And with that, cryptography more or less disappeared into secret government communicatiosn organisations such as the NSA. Very little work was again made public until the mid '70s, when everything changed.

1976 saw two major public (ie, non-secret!) advances. First was the DES (Data Encryption Standard) submitted by IBM, at the invitation of the National Bureau of Standards (now NIST), in an effort to develop secure electronic communication facilities for businesses such as banks and other large financial organizations. After 'advice' and modification by the NSA, it was adopted and published as a FIPS Publication (Federal Information Processing Standard) in 1977 (currently at FIPS 46-3). It has been made effectively obsolete by the adoption in 2001 of the Advanced Encryption Standard, also a NIST competition, as FIPS 197. DES was the first publicly accessible cypher algorithm to be 'blessed' by a national crypto agency such as NSA. The release of its design details by NBS stimulated an explosion of public and academic interest in cryptography. DES and more secure variants of it (such as 3DES or TDES; see FIPS 46-3) are still used today, although DES was officially supplanted by AES (Advanced Encryption Standard) in 2001 when NIST announced the selection of Rijndael, by two Belgian cryptographers, as the AES. DES remains in wide use nonetheless, having been incorporated into many national and organizational standards. However, it has been broken (by the Electronic Frontier Foundation, a cyber civil rights group -- the story is in Cracking DES, published by O'Reilly and Associates) -- and it should not be used in new crypto system designs.

Second was the publication of the paper New Directions in Cryptography by Whitfield Diffie and Martin Hellman. This paper introduced a radically new method of distributing cryptographic keys, which went far toward solving one of the fundamental problems of cryptography, key distribution. It has become known as Diffie-Hellman key exchange. The article also seems to have stimulated the almost immediate public development of a new class of encyphering algorithms, the asymmetric key algorithms.

Prior to that time, all useful modern encryption algorithms had been symmetric key algorithms, in which the same cryptographic key is used with the underlying algorithm by both the sender and the recipient who must both keep it secret. All of the electromechanical machines used in WWII were of this logical class, as were the Caesar and Atbash cyphers and essentially all cypher and code systems throughout history. The 'key' for a code is, of course, the codebook, which must likewise be distributed and kept secret.

Of necessity, a key in every such system had to be exchanged between the communicating parties in some secure way prior to any use of the system (the term usually used is 'via a secure channel') such as a trustworthy courier with a briefcase handcuffed to a wrist, or face-to-face contact, or a loyal carrier pigeon. This requirement rapidly becomes unmanageable when the number of participants increases beyond some (very!) small number, or when (really) secure channels aren't available for key exchange. In particular, a separate key is required for each communicating pair if other parties are not to be able to decrypt their messages. A system of this kind is also known as a private key, secret key, or conventional key cryptosystem. D-H key exchange (and succeeding improvements) made operation of these systems much easier, and more secure, than had ever been possible before.

In contrast, in asymmetric key encryption, there is a pair of mathematically related keys for the algorithm, one of which is used for encryption and the other for decryption. Some, but not all, of these algorithms have the additional property that one of the keys may be made public since the other cannot be (by any currently known method) deduced from the 'public' key. The other key in these systems is kept secret and is usually called the 'private' key. An algorithm of this kind is known as a public key / private key algorithm, although the term asymmetric key cryptography is preferred by those who wish to avoid the ambiguity of using that term for all such algorithms, and to stress that there are two distinct keys with different secrecy requirements.

As a result, only one key pair is now needed per recipient (regardless of the number of senders) as possession of a receipient's public key (by anyone whatsoever) does not compromise the 'security' of messages so long as the corresponding private key is not known to any attacker (effectively, this means not known to anyone except the recipient). This wholly unanticipated property of some of these algorithms made practical, and possible, widespread deployment of high quality crypto systems which could be used by anyone. Which in turn gave government crypto organizations worldwide a severe case of heartburn; for the first time, those outside that fraternity could have access to cryptography that wasn't readily breakable by the snooping side of those organizations. Considerable controversy, and conflict, began almost immediately. It has not yet died down; in the US, for example, exporting strong cryptography was illegal until 2001, and cryptographic methods were classified as munitions. (See S Levy's Crypto for a journalist's account of the policy controversy in the US).

Note, however, that it has NOT been proven, for any of the good public/private asymmetric key algorithms, that a private key cannot be deduced from a public key (or vice versa). Informed observers believe it to be currently impossible (and perhaps forever impossible) for the 'good' asymmetric algorithms; no workable deduction techniques have been publicly shown for any of them. Note also that some asymmetric key algorithms have been quite thoroughly broken, just as many symmetric key algorithms have; there is no special magic attached to using two keys.

In fact, some of the well respected, and most widely used, public key / private key algorithms can be broken by one or another cryptanalytic attack and so, like most encryption algorithms, the protocols within which they are used must be chosen and implemented carefully. _All_ of them can be broken if the key length used is short enough to permit practical brute force key search; indeed this is true of all encryption algorithms using keys, including all symmetric and asymmetric algorithms.

This is an example of the most fundamental problem for those who wish to keep their communications secure; they must choose a crypto system (algorithms + protocols + operation) that resists all attack from any attacker. There being no way to know who those attackers might be, nor what resources they might be able to deploy, nor what advances in cryptanalysis (or its associated mathematics) might in future occur, users may ONLY do the best they know how, and then hope. In practice, for well designed / implemented / used crypto systems, this is believed by informed observers to be enough, and possibly even enough for all(?) future attackers. Distinguishing between well designed / implemented / used crypto systems and crypto trash is another, quite difficult, problem for those who are not themselves expert cryptographers. It is even quite difficult for those who are.

Non-secret Encryption

Asymmetric key cryptography, D-H key exchange, and the best known of the public key / private key algorithms (ie, what is usually called the RSA algorithm), all seem to have been developed at a UK intelligence agency before the public announcement by Diffie and Hellman in '76. GCHQ has released documents claiming that they had developed public key cryptography before the publication of Diffie and Hellman's paper. Various classified papers were written at GCHQ during the 1960s and 1970s which eventually led to schemes essentially identical to RSA encryption and to Diffie-Hellman key exchange in 1973 and 1974. Some of these have now been published, and the inventors (James Ellis, Clifford Cocks, and Malcolm Williamson) have made public (some of) their work.

Some algorithms of various kinds

Hash functions, aka message digest functions, cryptographic hash functions

• MD5
• SHA-1
• RIPEMD-160
• Tiger

Free/Open Source crypto systems (algorithms + protocols + system design)

• PGP
• GPG
• SSH
• IPSec / Free S/WAN

Public key / private key encryption algorithms (aka asymmetric key algorithms)

• Diffie-Hellman
• El Gamal
• Elliptic curve cryptography
• RSA
• Digital Signature Algorithm
• Elliptic Curve DSA
• XTR

Secret key algorithms (aka symmetric key algorithms)

• Enigma (WWII German rotor cypher machine -- many variants, many users)
• Purple (WWII Japanese Foreign Office cypher machine)
• SIGABA (WWII US cypher machine)
• JN-25 (WWII Japanese Navy superencyphered code)
• One-time pad (Vernam and Mauborgne, patented mid-'20s)
• Data Encryption Standard (DES, FIPS 46-3, 1976)
• Lucifer cipher (IBM, early 1970s; modified to become DES)
• RC4 cipher (one of a series by Ron Rivest of MIT)
• Blowfish (by Bruce Schneier, et al)
• International Data Encryption Algorithm (IDEA -- J Massey and X Lai)
• CAST5
• Advanced Encryption Standard (AES, FIPS 197, 2001 -- by Daemen and Rijmen)
• Twofish (AES finalist, by Schneier et al)
• RC6 (AES finalist, by Rivest et al)
• MARS (AES finalist, by Don Coppersmith et al)
• Serpent (AES finalist, by Ross Anderson et al)
• Iraqi Block Cipher (IBC)

Pseudo-random number generators

• Blum Blum Shub
• Yarrow (by Schneier, et al)
• Fortuna (by Schneieir, et al)
• ISAAC

Anonymous communication

• Dining cryptographers protocol (by David Chaum)
• Anonymous remailer
• pseudonymity
• anonymous internet banking

Terminology

• Cryptographic key
• Cipher
• Code
• Brute force attack
• Dictionary attack
• Unicity distance

Further Reading

General note on cryptographic references: There is a great amount of myth and misunderstanding in wide circulation about topics cryptographic. Some is grossly wrong, some is 'merely' subtly misleading, much of it is plausible to the crypto newcomer and even to the somewhat crypto experienced or informed. There is also a very great selection of poorly done, non-secure crytographic software on the market (purchaseware, shareware, freeware, journalware, xyzware). Readers, buyers, and users should exercise substantially more than the usual caution lest they lose one, two, or all of the reasons they have bothered with cryptography at all (see the article above for the goals of cryptography). At the time this sentence was written, each of the following references is reliable. Mostly. Consider that none covers up-to-date secret government cryptography (at minimum, publishing schedules do not permit it, more generally NSA and brethren don't talk), none is even complete for material available before publication, and none is error free. All of this, plus individual differences in comprehension of a complex field, may produce considerable distortions in your understanding of the current state of the art in cryptography. Nevertheless, try these references first if you wish to minimize those distortions.

• The Beginner's Guide to Cryptography - This website gives a (quite) elementary overview of a few basic areas of cryptography.
• An Introduction to the Use of Encryption - A useful and fairly non-technical introduction to the subject.
• Ferguson, Niels, and Schneier, Bruce - Practical Cryptography, Wiley, 2003, ISBN 0471223573. Up to date cryptography reference. Covers both algorithms and protocols. This is an in depth consideration of one cryptographic problem, including paths not taken and some reasons why. Most of the material is not otherwise available in a single source. Some is not otherwise available. In a sense, a follow-up to 'Applied Cryptography'.
• Schneier, Bruce - Applied Cryptography, 2 ed, Wiley, ISBN 0471117099. The best single volume available covering modern cryptographic practice and possibilities. About as comprehensive as a single volume could have been. Not overly mathematical, well written, and so accessible -- mostly -- to the non-technical.
• Schneier, Bruce - Secrets and Lies, Wiley, ISBN 0471253111, a discussion of the context within which cryptography and cryptosystems work. Meta-cryptography, if you will. Required reading for would be cryptographers, and nearly so for all cryptography users.
• Ross Anderson -- Security Engineering, advanced coverage of computer security issues, including cryptography, by one of its foremost practicioners, and most likely its best writer.
• Bamford, James - The Puzzle Palace : A Report on America's Most Secret Agency ISBN 0140067485, and the more recent "Body of Secrets". The best of a quite small group of books about NSA. Most are inadequate, and untrustworthy, for various reasons.
• A. J. Menezes, P. C. van Oorschot and S. A. Vanstone - Handbook of Applied Cryptography ISBN 0849385237 (online version). Equivalent to Applied Cryptography in many ways, but seriously mathematical.
• Kahn, David - The Codebreakers ISBN 0684831309 The best available single volume source for cryptographic history, at least for events up to the mid '60s. The added chapter on more recent developments (in the most recent edition) is regrettably far too thin. See also his other publications on cryptography which have been uniformly excellent.
• Piper, Fred and Sean Murphy - Cryptography : A Very Short Introduction ISBN 0192803158 This book quickly sketches out the major goals, uses, methods, and developments in cryptography.
• Singh, Simon - The Code Book ISBN 1857028899. An anecdotal introduction to the history of cryptography, but much better than such an approach might be expected to produce. Covers more recent material than does Kahn's The Codebreakers. Well written. Sadly, the included cryptanalytic contest has been won and the prize awarded; the cyphers are still worth having a go at, however.

Related topics

Echelon, Enigma, Espionage, IACR, Purple code, Ultra, Security engineering, SIGINT, Steganography, Cryptographers, SSL, Quantum Cryptography, Crypto-anarchism, Cypherpunk,RSA,ID-based cryptography

Source: adapted by the editor from Wikipedia, the free encyclopedia under a copyleft GNU Free Documentation License (GFDL) from the article "Cryptography."

Top     

Key

(From Wikipedia, the free Encyclopedia)

See:

• lock and key
• skate key for roller skates
• keys (clues) to solving a mystery
• typewriter and computer keyboards
  • the QWERTY and Dvorak keyboard layouts
• key of a piece of music: see key signature, Key (music)
• key, a moving part of a musical instrument
• keying video
• cryptographic keys
• the Florida keys
• Key in painting and photography

This is a disambiguation page; that is, one that just points to other pages that might otherwise have the same name. If you followed a link here, you might want to go back and fix that link to point to the appropriate specific page.

Source: adapted by the editor from Wikipedia, the free encyclopedia under a copyleft GNU Free Documentation License (GFDL) from the article "Key."

Top     

Key (music)

(From Wikipedia, the free Encyclopedia)

In Music theory, the key is the tonal center of a piece. It is designated by a note name (the tonic), such as C, and can be either in major or minor mode. What a key designates to a performer is the scale in which all the diatonic notes of the piece lie. This is slightly more complicated in a minor key, because the pitch of the sixth and seventh scale degrees in a minor key can change depending on their harmonic context. The primary key of a piece of music is indicated at the beginning of the piece with a key signature.

A piece may change key at some point. This is sometimes done by just starting in the new key with no preparation - this kind of key change is common in various kinds of popular music, when a sudden change to a key a whole tone higher is a quite frequently heard device at the end of a song. In classical music, however, a "smoother" kind of key change is more usual -- this kind of key change is called modulation.

Certain musical instruments are sometimes said to play in a certain key, or have their music written in a certain key. Instruments which do not play in the key of C are known as transposing instruments. The most common kind of clarinet, for example, is said to play in the key of B flat. This means that a scale written in C major in sheet music will actually sound as a B flat major scale when played; that is, notes sound a whole tone lower than written. Likewise, the French horn, normally in the key of F, plays notes a major fifth lower than written.

Similarly, some instruments may be said to be built in a certain key. A brass instrument built in, say, B flat, will play a fundamental note of B flat, and will be able to play notes in the harmonic series starting on B flat without using valves, fingerholes, slides or otherwise altering the length of the vibrating column of air. An instrument built in a certain key will often, but not always, have its music written in the same key (see trombone for an exception).

Source: adapted by the editor from Wikipedia, the free encyclopedia under a copyleft GNU Free Documentation License (GFDL) from the article "Key (music)."

Top     

Key signature

(From Wikipedia, the free Encyclopedia)

In musical notation, the key signature is the series of sharps or (alternatively) flats are to be used, unless the notes are indicated otherwise, in a section of music. Key signatures are generally written immediately after the clef at the beginning of a line of musical notation, although they can appear in other parts of a score.

Fig 1. The B-Major scale

A key signature defines the diatonic scale which a piece of music uses. Unless the piece is in the key of C, some notes must be consistently sharpened or flattened.

For example, in the key of G major, the leading-note is F sharp. The key signature indicates that each time an F is written in the staff it is in fact to be played as F sharp.

Individual sharp, flat or natural signs that modify an individual note in the piece are called accidentals (for example, an F natural in a piece in the key of G). These override the key signature for the duration of the bar they occur in.

Key signatures are in fact merely a convenience of notation. Some pieces which change key (modulate) insert a new key signature on the staff partway; while others use accidentals: natural signs to "neutralize" the key signature and other sharps or flats for the new key.

Figure 1 shows the key signature of the scale of B-major. Any note which is on the same line or space as its five sharps is increased from its natural pitch by a semitone. Although key signatures can technically consist of any collection of sharps or flats, musical tradition dictates that they be arranged in a fixed order according to the key of the piece. As each major key has an equivalent relative minor key that may be represented with the same key signature, the number of standard key signatures is less than the actual number of keys.

The table below illustrates the relative major key signatures for minor scales.

Key Sig.	Major Scale	Minor Scale
0	C major	A minor
1#	G major	E minor
2#	D major	B minor
3#	A major	F# minor
4#	E major	C# minor
5#	B major	G# minor
6#	F# major	D# minor
7#	C# major	A# minor
1b	F major	D minor
2b	Bb major	G minor
3b	Eb major	C minor
4b	Ab major	F minor
5b	Db major	Bb minor
6b	Gb major	Eb minor
7b	Cb major	Ab minor

For key signatures with sharps, the first sharp is placed on F line (for the key of G major/E minor). Subsequent additional sharps are added on C, G, D, A, E and B. For key signatures with flats, the first flat is placed on the B line, with subsequent flats on E, A, D, G, C and F. There are 15 different key signatures, including the "empty" signature of C major/A minor.

The key signatures with seven flats and seven sharps are very rarely used, because they have simpler enharmonic equivalents. For example, the key of C# major (seven sharps) is more simply represented as Db major (five flats) - for modern practical purposes these keys are the same, because C# and Db are the same note. Pieces are written in these seven sharp or flat keys, however. The third Prelude and Fugue from Book One of Johann Sebastian Bach's Well-Tempered Clavier is in C# major, for example.

In cryptography, a key signature is the result of applying a hash function on a key, for the purpose of simplifying operations on keys. For example, cryptographic keys are often quite large and cumbersome to compare, so a user who wants to verify the presence of a public key in a database might use a smaller key signature rather than comparing the whole key.

Source: adapted by the editor from Wikipedia, the free encyclopedia under a copyleft GNU Free Documentation License (GFDL) from the article "Key signature."

Top     

Keying

(From Wikipedia, the free Encyclopedia)

In cryptography, keying is the installation of key material into a device.

In telecommunications, keying is a form of modulation where the modulating signal takes one of two values at all times. For example: "on" or "off", "mark" or "space". The name derives from the Morse code key used for telegraph signalling.

In graphics, keying is an informal term for compositing two full frame images together, by discriminating the visual information into values of color and light.

• A chroma key is the removal of a color from one image to reveal another "behind" it.

• A luma key similarly replaces color from an images which falls into a particular range of brightness. This technique is less controllable, but can be used on graphic elements.

• A matte key uses three images: the two images that will be composited, and a black-and-white third image that dictates the blending of the two, with white revealing one image, black the other, and grey revealing a blend of the two together.

Generally, the "bottom" image is called the beauty, the image that appears on top is the fill and the discriminating element (chroma, luma or matte) is called the key or matte.

Source: adapted by the editor from Wikipedia, the free encyclopedia under a copyleft GNU Free Documentation License (GFDL) from the article "Keying."

Top     

Locksmithing

(From Wikipedia, the free Encyclopedia)

Locksmithing is the science and art of making and defeating locks. A lock is a mechanism that secures buildings, rooms, cabinets, or other storage facilities from theft by burglars. A key is usually used to open a lock. It is often said that "a lock keeps honest people honest."

Practitioners are called locksmiths. Locksmithing is one of the earliest forms of security engineering. Lock-picking was one of the first methods of cracking security systems.

The issue of full disclosure was first raised in the context of locksmithing.

Topics in locksmithing

• Mortice lock
• Warded lock
• Cylinder lock
• Combination lock
• Lock-picking
• Lock-bypassing
• Pin tumbler lock
• Tubular pin tumbler lock
• Disc tumbler lock

External links

• The alt.locksmithing FAQ
• MIT guide to lock-picking by 'Ted the Tool'

Source: adapted by the editor from Wikipedia, the free encyclopedia under a copyleft GNU Free Documentation License (GFDL) from the article "Locksmithing."

Top     

Abbreviations & Acronyms: Key

Top     

Top     

Synonyms within Context: Key

Top     

Top     

Modern Usage: Key

Top     

Commercial Usage: Key

Top     

Image Slideshow: Key

Photos: Key More pictures...

Illustrations: Key More pictures...

Computer Images: Key More pictures...

Top     

Photo Album: Key

Thumbnail	Description & Credit	Thumbnail	Description & Credit
	This illustration, with and without text, titled "Pinpointing The Genes In Cancer: Three Key Techniques" explains about 1) chromosome staining, 2)inherited markers and 3) DNA cloning. See artwork: GA-17. Credit: Jane Hurd (artist).		The drawing shown indicates the key organs of the immune system - thymus, lymph nodes, spleen, bone marrow. Credit: Linda Bartlett (photographer).
	Historical marker of Convent of Mary Immaculate (1878), whose Sisters nursed yellow fever victims. Key West, Florida. Credit: CDC.		"Bell Curve" (movie) by Jerry Thornhill. Use the up arrow key to see inside.
	Key members of the XS-1 Research Team. Credit: NASA.		JPL Key Figures. Credit: NASA.
	The Key Project team used this Hubble telescope view of the magnificent spiral galaxy, NGC ... Credit: NASA.		The Hubble Space Telescope Key Project team today announced that it has completed efforts to ... Credit: NASA.
	The key chart showing flight lines and photo locations Mapping of Mississippi Delta and Passes. Credit: Coast & Geodetic Survey Historical Image Collection.		Sketch of John Ross Key by James McNeill Whistler Sketched in the Coast Survey office in 1854 Key was a nephew of Francis Scott Key He was a draughtsman in the office at the time of the drawing. Credit: Coast & Geodetic Survey Historical Image Collection.
Source: pictures compiled by the editor from various references; see picture credits.

Top     

Digital Photo Gallery: Key
 

"Key" by Travis Quilten Commentary: "A key in black and white."	"Computer Print Key" by Brian Griesbaum Commentary: "Black Computer Print Key on Dell Keyboard."
Source: photographs selected by the editor, with permission from the photographers.

Top     

Sounds Captioned with "Key".

Play	Caption	Play	Caption
	A mid-sized pipe organ playing in a minor key area.		Strumming acoustic guitar and percussion playing in a major key area.
	Minor key tune very typical of a piece by Sade.		Arpeggiated digital keyboard effects playing in a major key area.
	Minor key excerpt with repetitive piano, high bells, and horn.		Major key excerpt with lots of ascending chord arpeggios.
	Major key area excerpt incorporating various synthesized marimba and flutes.		Brazilian syncopated percussion layered with a major key melody.
	Synthesized flutes with guitar arpeggios playing in a major key area.		Type one key then press enter on a keyboard.
Source: compiled by the editor from various references; see credits.

Top     

Familiar Quotations: Key

Top     

Use in Literature: Key

Top     

Non-Fiction Usage: Key