Version 1.5


Glossary of cryptographic terms

Chosen Plain Text Attack
This is the next step up from the Known Plain Text Attack. In this version, the cryptanalyst can choose what plain text message he wishes to encrypt and view the results, as opposed to simply taking any old plain text that he might happen to lay his hands on. If he can recover the key, he can use it to decode all data encrypted under this key. This is a much stronger form of attack than known plain text. The better encryption systems will resist this form of attack.
A chip developed by the United States Government that was to be used as the standard chip in all encrypted communications. Aside from the fact that all details of how the Clipper chip work remain classified, the biggest concern was the fact that it has an acknowledged trap door in it to allow the government to eavesdrop on anyone using Clipper provided they first obtained a wiretap warrant. This fact, along with the fact that it can't be exported from the United States, has led a number of large corporations to oppose the idea. Clipper uses an 80 bit key to perform a series of nonlinear transformation on a 64 bit data block.
DES (Data Encryption Standard)
A data encryption standard developed by IBM under the auspices of the United States Government. It was criticized because the research that went into the development of the standard remained classified. Concerns were raised that there might be hidden trap doors in the logic that would allow the government to break anyone's code if they wanted to listen in. DES uses a 56 bit key to perform a series of nonlinear transformation on a 64 bit data block. Even when it was first introduced a number of years ago, it was criticized for not having a long enough key. 56 bits just didn't put it far enough out of reach of a brute force attack. Today, with the increasing speed of hardware and its falling cost, it would be feasible to build a machine that could crack a 56 bit key in under a day's time. It is not known if such a machine has really been built, but the fact that it is feasible tends to weaken the security of DES substantially.

I would like to thank Paul Leyland <> for the following information relating to the cost of building such a DES cracking machine:

Efficient DES Key Search

At Crypto 93, Michael Wiener gave a paper with the above title. He showed how a DES key search engine could be built for $1 million which can do exhaustive search in 7 hours. Expected time to find a key from a matching pair of 64-bit plaintext and 64-bit ciphertext is 3.5 hours.

So far as I can tell, the machine is scalable, which implies that a $100M machine could find keys every couple of minutes or so.

The machine is fairly reliable: an error analysis implies that the mean time between failure is about 270 keys.

The final sentence in the abstract is telling: In the light of this work, it would be prudent in many applications to use DES in triple- encryption mode.

I only have portions of a virtually illegible FAX copy, so please don't ask me for much more detail. A complete copy of the paper is being snailed to me.

Paul C. Leyland <>

Laszlo Baranyi <> says that the full paper is available in PostScript from:
EFF (Electronic Frontier Foundation)
The Electronic Frontier Foundation (EFF) was founded in July, 1990, to assure freedom of expression in digital media, with a particular emphasis on applying the principles embodied in the Constitution and the Bill of Rights to computer-based communication. For further information, contact:
Electronic Frontier Foundation
1001 G St., NW
Suite 950 East
Washington, DC 20001
+1 202 347 5400
+1 202 393 5509 FAX
IDEA (International Data Encryption Algorithm)
Developed in Switzerland and licensed for non-commercial use in PGP. IDEA uses a 128 bit user supplied key to perform a series of nonlinear mathematical transformations on a 64 bit data block. Compare the length of this key with the 56 bits in DES or the 80 bits in Clipper.
ITAR (International Traffic in Arms Regulations)
ITAR are the regulations covering the exporting of weapons and weapons related technology from the United States. For some strange reason, the government claims that data encryption is a weapon and comes under the ITAR regulations. There is presently a move in Congress to relax the section of ITAR dealing with cryptographic technology.
Key Escrow
In general, key escrow means that a copy of the secret key needed to decrypt something is stored with a third party. This can be a notary or a bank, who will keep it safely for you, in case you lose your key, or when you die, in which case your relatives might need access to your encrypted material.

It is also common in business. When an employee has encrypted material on his company computer, and he leaves, gets fired, or dies unexpectedly, the company might not be able to decrypt the material. This can cost them a lot of money, especially when the employee was working on something very important. For this reason, a copy of the secret key is usually kept by one or more supervisors, who can then decrypt the material if necessary. To ensure that a supervisor does not abuse this power, the key can be split amongst several persons, who have to work together to restore the key.

Thanks to the US Clipper initiative, this term is now more or less synonymous with government key escrow, where the government keeps a copy of all the secret keys in the country. This allows them to read all encrypted messages being sent, usually for reasons of national security. Many people object to this type of key escrow, as it can be used to invade people's privacy very easily.

Known Plain Text Attack
A method of attack on a crypto system where the cryptanalyst has matching copies of plain text, and its encrypted version. With weaker encryption systems, this can improve the chances of cracking the code and getting at the plain text of other messages where the plain text is not known.
MD5 (Message Digest Algorithm #5)
The message digest algorithm used in PGP is the MD5 Message Digest Algorithm, placed in the public domain by RSA Data Security, Inc. MD5's designer, Ronald Rivest, writes this about MD5:
"It is conjectured that the difficulty of coming up with two messages having the same message digest is on the order of 2^64 operations, and that the difficulty of coming up with any message having a given message digest is on the order of 2^128 operations. The MD5 algorithm has been carefully scrutinized for weaknesses. It is, however, a relatively new algorithm and further security analysis is of course justified, as is the case with any new proposal of this sort. The level of security provided by MD5 should be sufficient for implementing very high security hybrid digital signature schemes based on MD5 and the RSA public-key cryptosystem."
MIPS stands for Million Instructions Per Second. Usually, this is an indicator of the computer's brute force power. A MIPS-year is approximately the amount of computing done by a 1 MIPS computer in one year.
MPILIB (Multiple Precision Integer Library)
This is the common name for the set of RSA routines used in PGP 2.3a and previous, as well as the international versions of PGP. It is alleged to violate PKP's RSA patent in the USA, but is not otherwise restricted in usage. It retains its popularity abroad because it outperforms RSAREF and has fewer legal restrictions as well.
NSA (National Security Agency)
The following information is from the sci.crypt FAQ:
The NSA is the official communications security body of the U.S. government. It was given its charter by President Truman in the early 50's, and has continued research in cryptology till the present. The NSA is known to be the largest employer of mathematicians in the world, and is also the largest purchaser of computer hardware in the world. Governments in general have always been prime employers of cryptologists. The NSA probably possesses cryptographic expertise many years ahead of the public state of the art, and can undoubtedly break many of the systems used in practice; but for reasons of national security almost all information about the NSA is classified.
One Time Pad
The one time pad is the ONLY encryption scheme that can be proven to be absolutely unbreakable! It is used extensively by spies because it doesn't require any hardware to implement and because of its absolute security. This algorithm requires the generation of many sets of matching encryption keys pads. Each pad consists of a number of random key characters. These key characters are chosen completely at random using some truly random process. They are NOT generated by any kind of cryptographic key generator. Each party involved receives matching sets of pads. Each key character in the pad is used to encrypt one and only one plain text character, then the key character is never used again. Any violation of these conditions negates the perfect security available in the one time pad.

So why don't we use the one time pad all the time? The answer is that the number of random key pads that need to be generated must be at least equal to the volume of plain text messages to be encrypted, and the fact that these key pads must somehow be exchanged ahead of time. This becomes totally impractical in modern high speed communications systems.

Among the more famous of the communications links using a one time pad scheme is the Washington to Moscow hot line.

PEM (Privacy Enhanced Mail)
The following was taken from the sci.crypt FAQ:
How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...]?

Here's one popular method, using the des command:

cat file | compress | des private_key | uuencode | mail

Meanwhile, there is a de jure Internet standard in the works called PEM (Privacy Enhanced Mail). It is described in RFCs 1421 through 1424. To join the PEM mailing list, contact There is a beta version of PEM being tested at the time of this writing.

There are also two programs available in the public domain for encrypting mail: PGP and RIPEM. Both are available by FTP. Each has its own news group: and Each has its own FAQ as well. PGP is most commonly used outside the USA since it uses the RSA algorithm without a license and RSA's patent is valid only (or at least primarily) in the USA.

[ Maintainer's note: The above paragraph is not fully correct, as MIT PGP uses RSAREF as well now. ]

RIPEM is most commonly used inside the USA since it uses the RSAREF which is freely available within the USA but not available for shipment outside the USA.

Since both programs use a secret key algorithm for encrypting the body of the message (PGP used IDEA; RIPEM uses DES) and RSA for encrypting the message key, they should be able to interoperate freely. Although there have been repeated calls for each to understand the other's formats and algorithm choices, no interoperation is available at this time (as far as we know).

PGP (Pretty Good Privacy)
The program we're discussing. See question 1.1.
PKP (Public Key Partners)
A patent holding company that holds many public-key patents, including (supposedly) the patent on public-key cryptography itself. Several of its patents are not believed by some to be valid, including their patent on RSA (which affects PGP).
RSA (Rivest-Shamir-Adleman)
RSA is the public key encryption method used in PGP. RSA are the initials of the developers of the algorithm which was done at taxpayer expense. The basic security in RSA comes from the fact that, while it is relatively easy to multiply two huge prime numbers together to obtain their product, it is computationally difficult to go the reverse direction: to find the two prime factors of a given composite number. It is this one-way nature of RSA that allows an encryption key to be generated and disclosed to the world, and yet not allow a message to be decrypted.
This is the free library RSA Data Security, Inc., made available for the purpose of implementing freeware PEM applications. It implements several encryption algorithms, including (among others) RSA. MIT PGP uses RSAREF's RSA routines to avoid the alleged patent problems associated with other versions of PGP.
See Clipper
TEMPEST is a standard for electromagnetic shielding for computer equipment. It was created in response to the fact that information can be read from computer radiation (e.g., from a CRT) at quite a distance and with little effort. Needless to say, encryption doesn't do much good if the cleartext is available this way. The typical home computer WOULD fail ALL of the TEMPEST standards by a long shot. So, if you are doing anything illegal, don't expect PGP or any other encryption program to save you. The government could just set up a monitoring van outside your home and read everything that you are doing on your computer.

Short of shelling out the ten thousand dollars or so that it would take to properly shield your computer, a good second choice might be a laptop computer running on batteries. No emissions would be fed back into the power lines, and the amount of power being fed to the display and being consumed by the computer is much less than the typical home computer and CRT. This provides a much weaker RF field for snoopers to monitor. It still isn't safe, just safer. In addition, a laptop computer has the advantage of not being anchored to one location. Anyone trying to monitor your emissions would have to follow you around, maybe making themselves a little more obvious. I must emphasize again that a laptop still is NOT safe from a tempest standpoint, just safer than the standard personal computer.

[ Table of Contents | About this FAQ | Glossary ]

Copyright © 1996 by Arnoud Engelfriet.
Last updated: 22 Oct 1998.
Comments, additions and suggestions can be sent to <>.
This FAQ was generated by Orb v1.3 for OS/2.