Chapter 11. Cryptography and the Web
Encryption is the fundamental technology that protects information as it travels over the Internet. Although strong host security can prevent people from breaking into your computer—or at least prevent them from doing much damage once they have broken in—there is no way to safely transport the information that resides on your computer to another computer over a public network without using encryption.
But as the last chapter explained, there is not merely one cryptographic technology: there are many of them, each addressing a different need. In some cases, the differences between encryption systems represent technical differences—after all, no one solution can answer every problem. Other times, the differences are the result of restrictions resulting from patents or trade secrets. And finally, restrictions on cryptography sometimes result from political decisions.
Cryptography and Web Security
Security professionals have identified four keywords that are used to describe all of the different functions that encryption plays in modern information systems. The different functions are these:
- Confidentiality
Encryption is used to scramble information sent over the Internet and stored on servers so that eavesdroppers cannot access the data’s content. Some people call this quality “privacy,” but most professionals reserve that word to refer to the protection of personal information (whether confidential or not) from aggregation and improper use.
- Authentication ...
Get Web Security and Commerce now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.