TweetFollow Us on Twitter

Nov 97 Viewpoint

Volume Number: 13 (1997)
Issue Number: 11
Column Tag: Viewpoint

Viewpoint

by Eric Gundrum

Why All This Crypto Stuff?

You can't have digital commerce unless you can be certain that your digital data is unadulterated. That's where cryptography comes in. Most people think of cryptography simply as a means to hide data, but actually it is much more useful than that. Through cryptography, we can assure (within reasonable expectations) that a block of data has not been changed by any intermediate party.

Imagine that you are a software publisher, and you want to use the Internet to distribute an update to your software. You could post the update to a few key software distribution sites and let it propagate. Within a day or two everyone would have access to it, but how can you be certain that it was your version of the update that was distributed? What's to stop some malicious person from releasing his own version of your updater and embedding his newly created virus? (Many readers may recall a similar situation with the recent release of a bogus StuffIt Deluxe 4.5 package as a trojan horse.) This problem can easily be prevented through the proper use of cryptography; in this case, digital signatures.

Another use of cryptography is access certificates. Imagine selling your software over the 'Net: your potential customer begins by examining a trial version of your software. The customer decides to purchase the software and sends you payment through some digital means. (Payment could be digital cash, digital checks, credit card information through an SSL connection, or some other means.) Once you have settled the payment with a bank (to be sure it is not fraudulent), you send an authentication code to the customer so they can turn the trial version of the software into the fully paid version. What is that authentication code? Many software companies struggle for countless hours trying to develop a serial number that can't be easily guessed or changed, and contains enough information to be traceable back to the customer in case they give it out for their friends to use. Another limitation of this mechanism is that you, the publisher, must maintain a database to map all the serial numbers to customers. This becomes even more complicated when you have single customers purchasing more than one copy of the product, or add site licenses, multiple versions, or other products.

Access certificates eliminate most of the limitations of serial numbers. An access certificate is a document which contains all the information the software publisher uses to control access to the software. This can include the purchaser's name and contact information and various license restrictions such as how many copies can be used simultaneously or when this use of the software expires. Cryptography is used to digitally sign the access certificate; the software being accessed can check this signature to verify the document has not been altered. The software can read the certificate to determine what restrictions to impose on the use of the software. If the information in the certificate is stored as clear text, then the customer also can see what restrictions are on the license. This certificate serves much the same purpose as a serial number; however, users are much less likely to distribute a certificate to friends when they see that their name and address is included in that certificate.

There are many uses of cryptography besides hiding data. The certificates mentioned above can be extended to limit access to services as well as software. No need for users and groups databases. No need to remember all those different passwords we each have on all the different systems we access. This could make our digital lives so much easier.

What's Holding Us Back?

We have most of the technology we need to make broad use of cryptography, but the technology is not deployed. The United States Government is actively trying to restrict access to the technology. They prevent software which uses the technology from being exported from the U.S. They also are coercing other governments to impose restrictions on the use of cryptography in those societies. The resulting fear, uncertainty, and doubt make U.S.-based businesses reluctant to develop products that use cryptographic technology, even when those products use only digital signatures, and therefore could easily get an export license.

Some companies, such as Microsoft, PGP and Sun, are actively working to have these export restrictions removed. Unfortunately Apple, as a member of the Key Recovery Alliance, is supporting the anti-cryptography stance of the U.S. Government. PGP http://www.pgp.com/ is the original strong cryptographic technology for the masses, available throughout the world on many platforms. They have done more to relieve the U.S. export restrictions than any other company. Recently, they released a number of new Macintosh products making cryptography easy for anyone to use. They are working on a developer's kit so we developers can add cryptographic services to our applications. Microsoft is building developer-accessible cryptography into a variety of products, including a future version of Windows. Sun has developed a cryptography module (JCE, http://www.javasoft.com/security/) for Java 1.1, but it is not available for the Mac.

Apple's position is quite sad, especially considering that Apple holds patents to some of the strongest cryptographic technology invented and some of the least restrictive licenses to other cryptographic technology. Hopefully, Apple will soon recognize the market opportunities they could develop by making these technologies available to developers as part of the OS. Fortunately there are some Macintosh-friendly software publishers picking up some of the slack, including PGP. Consensus Development http://www.consensus.com/ is another company that has had cryptographic technology available for years. Currently, they have a multi-platform SSL3 library, as well as other technologies in development. If you are interested in learning more about cryptography on the Mac, be sure to check out Vinnie Moscaritolo's crypto pages at http://www.vmeng.com/mc/.

 
AAPL
$467.36
Apple Inc.
+0.00
MSFT
$32.87
Microsoft Corpora
+0.00
GOOG
$885.51
Google Inc.
+0.00

MacTech Search:
Community Search:

Software Updates via MacUpdate

Acorn 4.1 - Bitmap image editor. (Demo)
Acorn is a new image editor built with one goal in mind - simplicity. Fast, easy, and fluid, Acorn provides the options you'll need without any overhead. Acorn feels right, and won't drain your bank... Read more
Mellel 3.2.3 - Powerful word processor w...
Mellel is the leading word processor for OS X, and has been widely considered the industry standard since its inception. Mellel focuses on writers and scholars for technical writing and multilingual... Read more
Iridient Developer 2.2 - Powerful image...
Iridient Developer (was RAW Developer) is a powerful image conversion application designed specifically for OS X. Iridient Developer gives advanced photographers total control over every aspect of... Read more
Delicious Library 3.1.2 - Import, browse...
Delicious Library allows you to import, browse, and share all your books, movies, music, and video games with Delicious Library. Run your very own library from your home or office using our... Read more
Epson Printer Drivers for OS X 2.15 - Fo...
Epson Printer Drivers includes the latest printing and scanning software for OS X 10.6, 10.7, and 10.8. Click here for a list of supported Epson printers and scanners.OS X 10.6 or laterDownload Now Read more
Freeway Pro 6.1.0 - Drag-and-drop Web de...
Freeway Pro lets you build websites with speed and precision... without writing a line of code! With it's user-oriented drag-and-drop interface, Freeway Pro helps you piece together the website of... Read more
Transmission 2.82 - Popular BitTorrent c...
Transmission is a fast, easy and free multi-platform BitTorrent client. Transmission sets initial preferences so things "Just Work", while advanced features like watch directories, bad peer blocking... Read more
Google Earth Web Plug-in 7.1.1.1888 - Em...
Google Earth Plug-in and its JavaScript API let you embed Google Earth, a true 3D digital globe, into your Web pages. Using the API you can draw markers and lines, drape images over the terrain, add... Read more
Google Earth 7.1.1.1888 - View and contr...
Google Earth gives you a wealth of imagery and geographic information. Explore destinations like Maui and Paris, or browse content from Wikipedia, National Geographic, and more. Google Earth... Read more
SMARTReporter 3.1.1 - Hard drive pre-fai...
SMARTReporter is an application that can warn you of some hard disk drive failures before they actually happen! It does so by periodically polling the S.M.A.R.T. status of your hard disk drive. S.M.... Read more
 

See All

Strategy & Tactics: World War II Upd...
Strategy & Tactics: World War II Update Adds Two New Scenarios Posted by Andrew Stevens on August 12th, 2013 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
Expenses Planner Review
Expenses Planner Review By Angela LaFollette on August 12th, 2013 Our Rating: :: PLAIN AND SIMPLEUniversal App - Designed for iPhone and iPad Expenses Planner keeps track of future bills through due date reminders, and it also... | Read more »
Kinesis: Strategy in Motion Brings An Ad...
Kinesis: Strategy in Motion Brings An Adaptation Of The Classic Strategic Board Game To iOS Posted by Andrew Stevens on August 12th, 2013 [ | Read more »
Z-Man Games Creates New Studio, Will Bri...
Z-Man Games Creates New Studio, Will Bring A Digital Version of Pandemic! | Read more »
Minutely Review
Minutely Review By Jennifer Allen on August 12th, 2013 Our Rating: :: CROWDSOURCING WEATHERiPhone App - Designed for the iPhone, compatible with the iPad Work together to track proper weather conditions no matter what area of the... | Read more »
10tons Discuss Publishing Fantasy Hack n...
Recently announced, Trouserheart looks like quite the quirky, DeathSpank-style fantasy action game. Notably, it’s a game that is being published by established Finnish games studio, 10tons and developed by similarly established and Finnish firm,... | Read more »
Boat Watch Lets You Track Ships From Por...
Boat Watch Lets You Track Ships From Port To Port Posted by Andrew Stevens on August 12th, 2013 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
Expenses Review
Expenses Review By Ruairi O'Gallchoir on August 12th, 2013 Our Rating: :: STUNNINGiPhone App - Designed for the iPhone, compatible with the iPad Although focussing primarily on expenses, Expenses still manages to make tracking... | Read more »
teggle is Gameplay Made Simple, has Play...
teggle is Gameplay Made Simple, has Players Swiping for High Scores Posted by Andrew Stevens on August 12th, 2013 [ permalink ] | Read more »
How To: Manage iCloud Settings
iCloud, much like life, is a scary and often unknowable thing that doesn’t always work the way it should. But much like life, if you know the little things and tweaks, you can make it work much better for you. I think that’s how life works, anyway.... | Read more »
See All

Price Scanner via MacPrices.net

13″ 2.5GHz MacBook Pro on sale for $150 off M...
B&H Photo has the 13″ 2.5GHz MacBook Pro on sale for $1049.95 including free shipping. Their price is $150 off MSRP plus NY sales tax only. B&H will include free copies of Parallels Desktop... Read more
iPod touch (refurbished) available for up to...
The Apple Store is now offering a full line of Apple Certified Refurbished 2012 iPod touches for up to $70 off MSRP. Apple’s one-year warranty is included with each model, and shipping is free: -... Read more
27″ Apple Display (refurbished) available for...
The Apple Store has Apple Certified Refurbished 27″ Thunderbolt Displays available for $799 including free shipping. That’s $200 off the cost of new models. Read more
Apple TV (refurbished) now available for only...
The Apple Store has Apple Certified Refurbished 2012 Apple TVs now available for $75 including free shipping. That’s $24 off the cost of new models. Apple’s one-year warranty is standard. Read more
AnandTech Reviews 2013 MacBook Air (11-inch)...
AnandTech is never the first out with Apple new product reviews, but I’m always interested in reading their detailed, in-depth analyses of Macs and iDevices. AnandTech’s Vivek Gowri bought and tried... Read more
iPad, Tab, Nexus, Surface, And Kindle Fire: W...
VentureBeat’s John Koetsier says: The iPad may have lost the tablet wars to an army of Android tabs, but its still first in peoples hearts. Second place, however, belongs to a somewhat unlikely... Read more
Should You Buy An iPad mini Or An iPad 4?
Macworld UK’s David Price addresses the conundrum of which iPAd to buy? Apple iPad 4, iPad 2, iPad mini? Or hold out for the iPad mini 2 or the iPad 5? Price notes that potential Apple iPad... Read more
iDraw 2.3 A More Economical Alternative To Ad...
If you’re a working graphics pro, you can probably justify paying the stiff monthly rental fee to use Adobe’s Creative Cloud, including the paradigm-setting vector drawing app. Adobe Illustrator. If... Read more
New Documentary By Director Werner Herzog Sho...
Injuring or even killing someone because you were texting while driving is a life-changing experience. There are countless stories of people who took their eyes off the road for a second and ended up... Read more
AppleCare Protection Plans on sale for up to...
B&H Photo has 3-Year AppleCare Warranties on sale for up to $105 off MSRP including free shipping plus NY sales tax only: - Mac Laptops 15″ and Above: $244 $105 off MSRP - Mac Laptops 13″ and... Read more
 

Jobs Board

Sales Representative - *Apple* Honda - Appl...
APPLE HONDA AUTOMOTIVE CAREER FAIR! NOW HIRING AUTO SALES REPS, AUTO SERVICE BDC REPS & AUTOMOTIVE BILLER! NO EXPERIENCE NEEDED! Apple Honda is offering YOU a Read more
*Apple* Developer Support Advisor - Portugue...
Changing the world is all in a day's work at Apple . If you love innovation, here's your chance to make a career of it. You'll work hard. But the job comes with more than Read more
RBB - *Apple* OS X Platform Engineer - Barc...
RBB - Apple OS X Platform Engineer Ref 63198 Country USA…protected by law. Main Function | The engineering of Apple OS X based solutions, in line with customer and Read more
RBB - Core Software Engineer - Mac Platform (...
RBB - Core Software Engineer - Mac Platform ( Apple OS X) Ref 63199 Country USA City Dallas Business Area Global Technology Contract Type Permanent Estimated publish end Read more
*Apple* Desktop Analyst - Infinity Consultin...
Job Title: Apple Desktop Analyst Location: Yonkers, NY Job Type: Contract to hire Ref No: 13-02843 Date: 2013-07-30 Find other jobs in Yonkers Desktop Analyst The Read more

  • Generate a short URL for this page:



All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.