The history of general cryptography almost certainly dates back to almost 2000 B.C. when Roman and Greek statesmen used simple alphabet-shifting algorithms to keep government communication private. Although complexity increased, not much changed until the 1970s, when the National Security Agency (NSA) worked with Dr. Horst Feistel to establish the Data Encryption Standard (DES) and Whitfield Diffie and Martin Hellman introduced the first Public Key Cryptography Standard (PKCS). Windows Server 2003 still uses Diffie-Hellman (DH) algorithms for Secure Sockets Layer (SSL), Transport Layer Security (TLS), and IP Security (IPSec).
DH algorithms are known collectively as shared secret key cryptographies, also known as symmetric key encryption. Say you have two users, Greg and Matt, who want to communicate privately. With DH, Greg and Matt each generate a random number. Each of these numbers is known only to the person who generated it. Part one of the DH function changes each secret number into a non-secret, or public, number. Greg and Matt now exchange the public numbers and then enter them into part two of the DH function. This results in a private key – one that is identical to both users. Using advanced mathematics, this shared secret key can be decrypted only by someone with access to one of the original random numbers. As long as Greg and Matt keep the original numbers hidden, the shared secret key cannot be reversed.
Another major force in modern cryptography came about in the late 1970s. RSA Labs, founded by Ronald Rivest, Adi Shamir, and Leonard Adleman, furthered the concept of key cryptography by developing a technology of key pairs, where plaintext that is encrypted by one key can only be decrypted by the other matching key. Windows Server 2003 uses RSA technology in its various forms extensively for such things as Kerberos authentication and S/MIME. The theory goes something like this: Two users, Dave and Dixine, wish to communicate privately. Dave and Dixine each own a key pair consisting of a public key and a private key. If Dave wants Dixine to send him an encrypted message, he first transmits his public key to Dixine. She then uses Dave’s public key to encrypt the message. Fundamentally, since Dave’s public key was used to encrypt, only Dave’s private key can be used to decrypt. When he receives the message, only he is able to read it. Security is maintained because only public keys are transmitted – the private keys are kept secret and are known only to their owners. Figure 12.1 illustrates the process.
