Throughout this chapter
we’ve shown how objects from the Java Security API, such as
Ciphers, can be created by specifying a
particular cryptographic algorithm for the implementation of the
object. We haven’t yet discussed the issues involved in picking
one algorithm over another.
Cryptography includes a broad range of techniques under its umbrella. Some of the characteristics that distinguish one technique from another follow.
Some encryption techniques provide a virtually unbreakable barrier to information theft; others just require a determined attacker with moderate resources to be broken. One way to compare techniques on this level is to estimate how much CPU time would be required on a machine of a given processing speed to iterate through all the possible keys to the encoded data. For example, “A 128-bit XYZ cryptographic key requires 14.5 months of CPU time on an Acme 24-processor server to be broken.” But other issues can affect the level of effort required to break the encrypted data, and make it difficult to objectively compare the security of encryption techniques. For example, if the attacker is not familiar with the format of the data being transmitted, and the data isn’t easily interpreted on its own, then it may be tough to tell if an attempt to decode the data has worked or not.
Encryption techniques are usually based upon ...