## What is Cryptography?

In networking and telecommunications, the process of securely transmitting data over a network in such a way that if the data is intercepted, it cannot be read by unauthorized users.

### How it works: Cryptography

Cryptography involves two complementary processes:

- Encryption is the process of taking data and modifying it so that it cannot be read by untrusted users.
- Decryption is the process of taking encrypted data and rendering it readable for trusted users.

Encryption and decryption are performed using algorithms and keys. An algorithm, a series of mathematical steps that scrambles data, is the underlying mathematical process behind encryption. There are a variety of cryptographic algorithms that have been developed based on different mathematical processes.

Some algorithms result in stronger encryption than others—the stronger the algorithm, the more difficult the encrypted data is to crack. For example, Network and Dial-up Connections in Microsoft Windows 2000 supports standard 40-bit RAS RC4 encryption, but if you are located in the United States or Canada, you can get a stronger 128-bit version. Similar versions are offered for Windows NT.

Encryption algorithms involve mathematical values called keys. Earlier cryptography systems were secret key encryption systems in which only the hosts involved in transmitting and receiving the encrypted transmission knew the key. This key had to somehow be transported securely to anyone needing to decrypt a message. This was the main disadvantage with secret key cryptosystems.

Most cryptography today involves a process called public key encryption, which uses two different keys:

- A public key that is distributed to any user (or to any client program) requesting it
- A private key that is known only to the owner (or the owner’s client program)

To send an encrypted message, the sender uses his or her private key to encrypt the data, and the recipient uses the sender’s public key to decrypt it. Similarly, the recipient can return a response to the original sender by using the sender’s public key to encrypt the response, and the original sender uses his or her private key to decrypt it.