Archive-name: cryptography-faq/part01

This is the first of ten parts of the sci.crypt FAQ. The parts are
mostly independent, but you should read this part before the rest. We
don't have the time to send out missing parts by mail, so don't ask.
Notes such as ``[KAH67]'' refer to the reference list in the last part.

Disclaimer: This document is the product of the Crypt Cabal, a secret
society which serves the National Secu---uh, no. Seriously, we're the
good guys, and we've done what we can to ensure the completeness and
accuracy of this document, but in a field of military and commercial
importance like cryptography you have to expect that some people and
organizations consider their interests more important than open
scientific discussion. Trust only what you can verify firsthand.
And don't sue us.

Many people have contributed to this FAQ. In alphabetical order:
Eric Bach, Steve Bellovin, Dan Bernstein, Nelson Bolyard, Carl Ellison,
Jim Gillogly, Mike Gleason, Doug Gwyn, Luke O'Connor, Tony Patti,
William Setzer. We apologize for any omissions.

If you have suggestions, comments, or criticism, please let the current
editors know by sending e-mail to Bear in
mind that this is a work in progress; there are some questions which we
should add but haven't gotten around to yet.

Archives: sci.crypt has been archived since October 1991 on, though these archives are available only to U.S. and
Canadian users. Please contact if you know of
other archives.

The sections of this FAQ are available via anonymous FTP to
as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography
FAQ is posted to the newsgroups sci.crypt, sci.answers, and news.answers
every 21 days.

Table of contents:

1. Overview

2. Net Etiquette
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
2.2. Do political discussions belong in sci.crypt?
2.3. How do I present a new encryption scheme in sci.crypt?

3. Basic Cryptology
3.1. What is cryptology? Cryptography? Plaintext? Ciphertext? Encryption? Key?
3.2. What references can I start with to learn cryptology?
3.3. How does one go about cryptanalysis?
3.4. What is a brute-force search and what is its cryptographic relevance?
3.5. What are some properties satisfied by every strong cryptosystem?
3.6. If a cryptosystem is theoretically unbreakable, then is it
  guaranteed analysis-proof in practice?
3.7. Why are many people still using cryptosystems that are
  relatively easy to break?

4. Mathematical Cryptology
4.1. In mathematical terms, what is a private-key cryptosystem?
4.2. What is an attack?
4.3. What's the advantage of formulating all this mathematically?
4.4. Why is the one-time pad secure?
4.5. What's a ciphertext-only attack?
4.6. What's a known-plaintext attack?
4.7. What's a chosen-plaintext attack?
4.8. In mathematical terms, what can you say about brute-force attacks?
4.9. What's a key-guessing attack? What's entropy?

5. Product Ciphers
5.1. What is a product cipher?
5.2. What makes a product cipher secure?
5.3. What are some group-theoretic properties of product ciphers?
5.4. What can be proven about the security of a product cipher?
5.5. How are block ciphers used to encrypt data longer than the block size?
5.6. Can symmetric block ciphers be used for message authentication?
5.7. What exactly is DES?
5.8. What is triple DES?
5.9. What is differential cryptanalysis?
5.10. How was NSA involved in the design of DES?
5.11. Is DES available in software?
5.12. Is DES available in hardware?
5.13. Can DES be used to protect classified information?
5.14. What are ECB, CBC, CFB, and OFB encryption?

6. Public-Key Cryptography
6.1. What is public-key cryptography?
6.2. What's RSA?
6.3. Is RSA secure?
6.4. How fast can people factor numbers?
6.5. What about other public-key cryptosystems?

7. Digital Signatures
7.1. What is a one-way hash function?
7.2. What is the difference between public, private, secret, shared, etc.?
7.3. What are MD4 and MD5?
7.4. What is Snefru?

8. Technical Miscellany
8.1. How do I recover from lost passwords in WordPerfect?
8.2. How do I break a Vigenere (repeated-key) cipher?
8.3. How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...]
8.4. Is the UNIX crypt command secure?
8.5. How do I use compression with encryption?
8.6. Is there an unbreakable cipher?
8.7. What does ``random'' mean in cryptography?
8.8. What is the unicity point (a.k.a. unicity distance)?
8.9. What is key management and why is it important?
8.10. Can I use pseudo-random or chaotic numbers as a key stream?
8.11. What is the correct frequency list for English letters?
8.12. What is the Enigma?
8.13. How do I shuffle cards?
8.14. Can I foil S/W pirates by encrypting my CD-ROM?
8.15. Can you do automatic cryptanalysis of simple ciphers?
8.16. What is the coding system used by VCR+?

9. Other Miscellany
9.1. What is the National Security Agency (NSA)?
9.2. What are the US export regulations?
9.3. What is TEMPEST?
9.4. What are the Beale Ciphers, and are they a hoax?
9.5. What is the American Cryptogram Association, and how do I get in touch?
9.6. Is RSA patented?
9.7. What about the Voynich manuscript?

10. References
10.1. Books on history and classical methods
10.2. Books on modern methods
10.3. Survey articles
10.4. Reference articles
10.5. Journals, conference proceedings
10.6. Other
10.7. How may one obtain copies of FIPS and ANSI standards cited herein?
10.8. Electronic sources
10.9. RFCs (available from [FTPRF])
10.10. Related newsgroups


2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
2.2. Do political discussions belong in sci.crypt?
2.3. How do I present a new encryption scheme in sci.crypt?

2.1. What groups are around? What's a FAQ? Who am I? Why am I here?

  Read news.announce.newusers and news.answers for a few weeks. Always
  make sure to read a newsgroup for some time before you post to it.
  You'll be amazed how often the same question can be asked in the same
  newsgroup. After a month you'll have a much better sense of what the
  readers want to see.

2.2. Do political discussions belong in sci.crypt?

  No. In fact some newsgroups (notably were
  created exactly so that political questions like ``Should RSA be
  patented?'' don't get in the way of technical discussions. Many
  sci.crypt readers also read,,
  comp.patents, sci.math, comp.compression, et al.; for the benefit of
  people who don't care about those other topics, try to put your
  postings in the right group.

  Questions about microfilm and smuggling and other non-cryptographic
  ``spy stuff'' don't belong in sci.crypt either.

2.3. How do I present a new encryption scheme in sci.crypt?

  ``I just came up with this neat method of encryption. Here's some
  ciphertext: FHDSIJOYW^&%$*#@OGBUJHKFSYUIRE. Is it strong?'' Without a
  doubt questions like this are the most annoying traffic on sci.crypt.

  If you have come up with an encryption scheme, providing some
  ciphertext from it is not adequate. Nobody has ever been impressed by
  random gibberish. Any new algorithm should be secure even if the
  opponent knows the full algorithm (including how any message key is
  distributed) and only the private key is kept secret. There are some
  systematic and unsystematic ways to take reasonably long ciphertexts
  and decrypt them even without prior knowledge of the algorithm, but
  this is a time-consuming and possibly fruitless exercise which most
  sci.crypt readers won't bother with.

  So what do you do if you have a new encryption scheme? First of all,
  find out if it's really new. Look through this FAQ for references and
  related methods. Familiarize yourself with the literature and the
  introductory textbooks.

  When you can appreciate how your cryptosystem fits into the world at
  large, try to break it yourself! You shouldn't waste the time of tens
  of thousands of readers asking a question which you could have easily
  answered on your own.

  If you really think your system is secure, and you want to get some
  reassurance from experts, you might try posting full details of your
  system, including working code and a solid theoretical explanation, to
  sci.crypt. (Keep in mind that the export of cryptography is regulated
  in some areas.)

  If you're lucky an expert might take some interest in what you posted.
  You can encourage this by offering cash rewards---for instance, noted
  cryptographer Ralph Merkle is offering $1000 to anyone who can break
  Snefru-4---but there are no guarantees. If you don't have enough
  experience, then most likely any experts who look at your system will
  be able to find a flaw. If this happens, it's your responsibility to
  consider the flaw and learn from it, rather than just add one more
  layer of complication and come back for another round.

  A different way to get your cryptosystem reviewed is to have the NSA
  look at it. A full discussion of this procedure is outside the scope
  of this FAQ.

  Among professionals, a common rule of thumb is that if you want to
  design a cryptosystem, you have to have experience as a cryptanalyst.