E-commerce Security Issues CHAPTER 13 295 your encrypted messages. As shown in Figure , both the sender (who encrypts the message) and the recipient (who decrypts the message) have the same key. The most widely used secret key algorithm is the Data Encryption Standard (DES). This scheme was developed by IBM in the 1970s and adopted as the American standard for commercial and unclassified government communications. Computing speeds are orders of magnitudes faster now than in 1970, and DES has been obsolete since at least 1998. Other well-known secret key systems include RC2, RC4, RC5, triple DES, and IDEA. Triple DES is. | E-commerce Security Issues 295 Chapter 13 your encrypted messages. As shown in Figure both the sender who encrypts the message and the recipient who decrypts the message have the same key. The most widely used secret key algorithm is the Data Encryption Standard DES . This scheme was developed by IBM in the 1970s and adopted as the American standard for commercial and unclassified government communications. Computing speeds are orders of magnitudes faster now than in 1970 and DES has been obsolete since at least 1998. Other well-known secret key systems include RC2 RC4 RC5 triple DES and IDEA. Triple DES is fairly It uses the same algorithm as DES applied three times with up to three different keys. A plain text message is encrypted with key one decrypted with key two and then encrypted with key three. One obvious flaw of secret key encryption is that in order to send somebody a secure message you need a secure way to get the secret key to him. If you have a secure way to deliver a key why not just deliver the message that way Fortunately there was a breakthrough in 1976 when Diffie and Hellman published the first public key scheme. Public Key Encryption Public key encryption relies on two different keys a public key and a private key. As shown in Figure the public key is used to encrypt messages and the private key to decrypt them. 13 E-commerce Security Issues Figure Public key encryption uses separate keys for encryption and decryption. The advantage to this system is that the public key as its name suggests can be distributed publicly. Anybody to whom you give your public key can send you a secure message. As long as only you have your private key then only you can decrypt the message. 2Somewhat paradoxically triple DES is twice as secure as DES. If you needed something three times as strong you could write a program to implement a quintuple DES algorithm. E-commerce and Security 296 Part III The most common public key algorithm is RSA .