Encryption

Kerberos uses encryption to protect information passing over the network. Encryption is the transformation of data into a form no one can read without the key, for the purpose of ensuring privacy by keeping the information hidden from anyone for whom it is not intended, even if they can see the encrypted data.

An encryption system is a set of rules or operations to be applied to the message. The rules require a randomizing seed or starting point, called a key. The original message is called plaintext. The disguised message is called ciphertext.

---

Note:  Encryption is a procedure to convert plaintext into ciphertext, and decryption is a procedure to convert ciphertext into plaintext.

---

Encryption systems can be patented. Many encryption systems have been patented, including DES and RSA. The basic ideas of public-key encryption are contained in U.S. Patent 4,200,770, by M. Hellman, W. Diffie, and R. Merkle, issued 4/29/80 and in U.S. Patent 4,218,582, by M. Hellman and R. Merkle, issued 8/19/80. Similar patents have been issued throughout the world. Public Key Partners, of Sunnyvale, California holds exclusive licensing rights to both patents, as well as the rights to the RSA patent.

The encryption systems in use in Kerberos and most publicly available encryption systems (such as PGP) are patented. Any commercial implementation of Kerberos will be subject to the license granted for the encryption system.

NSA or other intelligence or defense agencies have intervened to block some patent applications for encryption systems, under the authority of the Invention Secrecy Act of 1940 and the National Security Act of 1947.

The NSA is the U.S. government’s official communications security body. The NSA has a mandate to listen to and decode all foreign communications of interest to the security of the United States. The NSA is the largest employer of mathematicians and the largest purchaser of computer hardware in the world. The NSA probably possesses encryption expertise many years ahead of the public state of the art, and undoubtedly can break many of the systems used in practice. For reasons of national security, almost all information about the NSA is classified. It also has used its power to slow the spread of publicly available encryption, to prevent national enemies from employing methods too strong for the NSA to break.

As the premier cryptographic government agency, the NSA has enormous financial and computer resources. Developments in encryption achieved at the NSA are not made public. This secrecy has led to many rumors about the NSA’s capability to break popular crypto-systems like DES and that the NSA secretly has placed weaknesses, called trapdoors, in DES. These rumors have never been proved or disproved, and the criteria the NSA uses to select encryption standards never have been made public.

The NSA exerts influence over commercial cryptography in several ways. First, it controls the export of cryptography from the U.S. The NSA generally does not approve export of products used for encryption unless the key size is strictly limited. It does, however, approve for export any products used for authentication only, no matter how large the key size, as long as the product cannot be converted to be used for encryption. The NSA also has blocked encryption methods from being published or patented, citing a national security threat. Additionally, the NSA serves an advisory role to NIST (National Institute of Standards and Technology, a division of the U.S. Department of Commerce) in the evaluation and selection of official U.S. government computer security standards. In this capacity, it has played a prominent role in the selection of DES. The NSA also can exert market pressure on U.S. companies to produce (or refrain from producing) encryption products, because the NSA itself often is a major customer for these same companies.

The governments of Canada and the United States have synchronized their policies on export of encryption. As a result, any distribution of encryption that is legal within the U.S. is also legal into Canada. Canadians wanting to export encryption to a third country must go through the same applications for an export license with the Canadian government.