RSA Laboratories?Frequently Asked Questions About Todays Cryptography

1.  Introduction

1.1. What is the RSA Laboratories?Frequently Asked Questions About Todays Cryptography?
1.2. What is cryptography?
1.3. What are some of the more popular techniques in cryptography?
1.4. How is cryptography applied?
1.5. What are cryptography standards?
1.6. What is the role of the United States government in cryptography?
1.7. Why is cryptography important?

2. Cryptography

Section 2.1: Cryptographic Tools

2.1.1. What is public-key cryptography?
2.1.2. What is secret-key cryptography?
2.1.3. What are the advantages and disadvantages of public-key cryptography compared with secret-key cryptography?
2.1.4. What is a block cipher?
2.1.5. What is a stream cipher?
2.1.6. What is a hash function?
2.1.7. What are Message Authentication Codes (MACs)?
2.1.8. What are interactive proofs and zero-knowledge proofs?
2.1.9. What are secret sharing schemes?

Section 2.2: Simple Applications of Cryptography

2.2.1. What is privacy?
2.2.2. What is a digital signature and what is authentication?
2.2.3. What is a key agreement protocol?
2.2.4. What is a digital envelope?
2.2.5. What is identification?

Section 2.3: Hard Problems

2.3.1. What is a hard problem?
2.3.2. What is a one-way function?
2.3.3. What is the factoring problem?
2.3.4. What are the best factoring methods in use today?
2.3.5. What improvements are likely in factoring capability?
2.3.6. What is the RSA Factoring Challenge and what is RSA-129?
2.3.7. What is the discrete logarithm problem?
2.3.8. What are the best discrete logarithm methods in use today?
2.3.9. What are the prospects for a theoretical breakthrough in the discrete log problem?
2.3.10. What are elliptic curves?
2.3.11. What are lattice-based cryptosystems?
2.3.12. What are some other hard problems?

Section 2.4: Cryptanalysis

2.4.1. What is cryptanalysis?
2.4.2. What are some of the basic types of cryptanalytic attack?
2.4.3. What is an exhaustive key search?
2.4.4. What is the RSA Secret-Key Challenge?
2.4.5. What are the most important attacks on symmetric block ciphers?
2.4.6. What are the most important attacks on hash functions?
2.4.7. What are the most important attacks on stream ciphers?
2.4.8. What are the most important attacks on MACs?
2.4.9. At what point does an attack become practical?

Section 2.5: Supporting Tools in Cryptography

2.5.1. What is primality testing?
2.5.2. What is random number generation?

3. Techniques in Cryptography

Section 3.1: RSA

3.1.1. What is RSA?
3.1.2. How fast is RSA?
3.1.3. What would it take to break RSA?
3.1.4. What are strong primes and are they necessary for RSA?
3.1.5. How large a key should be used in RSA?
3.1.6. Could users of RSA run out of distinct primes?
3.1.7. How is RSA used for privacy in practice?
3.1.8. How is RSA used for authentication and digital signatures in practice?
3.1.9. Is RSA currently in use?
3.1.10. Is RSA an official standard today?
3.1.11. Is RSA a de facto standard?

Section 3.2: DES

3.2.1. What is DES?
3.2.2. Has DES been broken?
3.2.3. How does one use DES securely?
3.2.4. Should one test for weak keys in DES?
3.2.5. Is DES a group?
3.2.6. What is triple-DES?
3.2.7. What is DES-X?
3.2.8. What are some other DES variants?

Section 3.3: AES

3.3.1. What is the AES? 
3.3.2. What are some candidates for AES?
3.3.3. What is the schedule for the AES process?

Section 3.4: DSA

3.4.1. What are DSA and DSS?
3.4.2. Is DSA secure?

Section 3.5: Elliptic Curve Cryptosystems

3.5.1. What are elliptic curve cryptosystems?
3.5.2. Are elliptic curve cryptosystems secure?
3.5.3. Are elliptic curve cryptosystems widely used?
3.5.4. How do elliptic curve cryptosystems compare with other cryptosystems?

Section 3.6: Other Cryptographic Techniques

3.6.1. What is Diffie-Hellman?
3.6.2. What is RC2?
3.6.3. What is RC4?
3.6.4. What is RC5?
3.6.5. What are SHA and SHA-1?
3.6.6. What are MD2, MD4, and MD5?
3.6.7. What are some other block ciphers?
3.6.8. What are some other public-key cryptosystems?
3.6.9. What are some other signature schemes?
3.6.10. What are some other stream ciphers?
3.6.11. What other hash functions are there?
3.6.12. What are some secret sharing schemes?

4. Applications of Cryptography

Section 4.1: Key Management

4.1.1. What is key management?

Section 4.1.2: General What key size should be used? How does one find random numbers for keys? What is the life cycle of a key?

Section 4.1.3: Public-Key Issues What is a PKI? Who needs a key pair? How does one get a key pair? Should a public key or private key be shared among users? What happens when a key expires? What happens if my key is lost? What happens if my private key is compromised? How should I store my private key? How do I find someone else's public key? What are certificates?
How are certificates used? Who issues certificates and how? How do certifying authorities store their private keys? How are certifying authorities susceptible to attack? What if a certifying authority's key is lost or compromised? What are Certificate Revocation Lists (CRLs)?

Section 4.2: Electronic Commerce

4.2.1. What is electronic money?
4.2.2. What is iKP?
4.2.3. What is SET?
4.2.4. What is Mondex?
4.2.5. What are micropayments?

5. Cryptography in the Real World

Section 5.1: Security on the Internet

5.1.1. What is S/MIME?
5.1.2. What is SSL?
5.1.3. What is S/WAN?
5.1.4. What is IPSec?
What is SSH?
5.1.6. What is Kerberos?

Section 5.2: Development Security Products

5.2.1. What are CAPIs?
5.2.2. What is the GSS-API?
5.2.3. What are BSAFE and JSAFE?
5.2.4. What is SecurPC?
5.2.5. What is SecurID?
5.2.6. What is PGP?

Section 5.3: Cryptography Standards

5.3.1. What are the ANSI X9 standards?
5.3.2. What are the ITU-T (CCITT) standards?
5.3.3. What is PKCS?
5.3.4. What are the ISO standards?
5.3.5. What is IEEE P1363?
5.3.6. What are some other cryptography specifications?

6. Laws Concerning Cryptography


Section 6.2: Government Involvement

6.2.1. What is NIST?
6.2.2. What is the NSA?
6.2.3. What is Capstone?
6.2.4. What is Clipper?
6.2.5. What is the current status of Clipper?
6.2.6. What is Fortezza?

Section 6.3: Patents on Cryptography

6.3.1. Is RSA patented?
6.3.2. Is DSA patented?
6.3.3. Is DES patented?
6.3.4. Are Elliptic Curve cryptosystems patented?
6.3.5. What are some other important patents in cryptography?

Section 6.4: United States Cryptography Export / Import Laws

6.4.1. Can RSA be exported from the United States?
Can DES be exported from the United States?
6.4.3. Why is cryptography export-controlled?
6.4.4. Are digital signature applications exportable?

Section 6.5: Cryptography Export / Import Laws in Other Countries

6.5.1. Which major countries have import restrictions on cryptography?

7. Miscellaneous Topics

7.1. What is probabilistic encryption?
7.2. What are special signature schemes?
7.3. What is a blind signature scheme?
7.4. What is a designated confirmer schedule?
7.5. What is a fail-stop signature scheme?
7.6. What is a group signature?
7.7. What is a one-time signature scheme?
7.8. What is an undeniable signature scheme?
7.9. What are on-line / off-line signatures?
7.10. What is OAEP?
7.11. What is digital timestamping?
7.12. What is key recovery?
7.13. What are LEAFs?
7.14. What is PSS / PSS-R?
7.15. What are covert channels?
7.16. What are proactive security techniques?
7.17. What is quantum computing?
7.18. What is quantum cryptography?
7.19. What is DNA computing?
7.20. What are biometric techniques?
7.21. What is tamper-resistant hardware?
7.22. How are hardware devices made tamper-resistant?

8. Further Reading

8.1. Where can I learn more about cryptography?
8.2. Where can I learn more about cryptographic protocols and architecture?
8.3. Where can I learn more about recent advances in cryptography?
8.4. Where can I learn more about electronic commerce?
8.5. Where can I learn more about cryptography standards?
8.6. Where can I learn more about laws concerning cryptography?


Comments on the FAQ are encouraged.  Contact
Contact RSA Laboratories at:

Send any website feedback or comments to:
Copyright © 1998 RSA Data Security, Inc. All Rights Reserved.