Because computer devices such as personal computers, portable computers, and other handheld devices are targets for hackers and thieves, passwords are used to protect their vital data and to prevent the computer from being used by unauthorized people. Passwords often work in conjunction with encryption and authentication keys that are used to establish secure communications between computers. It is possible today to install a program in the computer that will encrypt sensitive data so that these data cannot be read by anyone who does not have the unlocking key. It is necessary, however, to store the key somewhere, and there is a constant risk that it will be found.
Despite the continuing development of new technologies, passwords are still the most common security tools; they are also the most abused, and often the easiest for an attacker to break. Passwords present a kind of security paradox. The best passwords are the most difficult to guess: long and random. Unfortunately, these are also the most difficult to remember. Moreover, most experts strongly recommend using different passwords for each e-mail, e-commerce, or other account, and changing the passwords regularly. As a result, most people either choose passwords that are easily guessed, or write them down where they can be copied or stolen.
One answer to this conundrum is to use password safes. These programs provide a space to store long, complex, random passwords, and then encrypt the passwords so that they cannot be stolen. Some password safes generate random passwords for the user and store these on a local disk that also has a password access protection.
Secure transmission may be provided by using Public Key Infrastructure (PKI) cryptography. In PKI cryptography, a user has a pair of keys: public and private. As their names suggest, the private key is kept private, while the public key is distributed to other users. The owner of the private key never shares the private key with anyone. The public and private keys of a particular user are related via complex mathematical structures that inexorably link one key with the other. This relationship is crucial to making public/private key-based encryption work.
The public key is used as the basis for encrypting a message, while the private key is necessary for the recipient to decrypt the encrypted message. Only the bearer of the private key can decrypt the message. Even the person who did the encrypting cannot decrypt the message he just encrypted, because he does not know the private key.
For digital signatures, two different keys are generally used, one for creating a digital signature or transforming data into a seemingly unintelligible form, and another key for verifying a digital signature or returning the message to its original form. Computer equipment and software using two such keys is often termed an “asymmetric cryptosystem.”
The keys of an asymmetric cryptosystem for digital signatures are termed the private key, which is known only by the signer and which is used to create the digital signature, and the public key, which is ordinarily more widely known and which is used to verify the digital signature. A recipient must have the corresponding public key in order to verify that a digital signature is the signer's. When many people need to verify the signer's digital signature, the public key must be widely distributed, perhaps by publication in an on-line repository or directory.
Although the keys of the pair are mathematically related, it is computationally infeasible to derive one key from the other, if the asymmetric cryptosystem has been designed and implemented properly. Consequently, although many people may know the public key of a given signer and use it to verify his or her digital signature, they cannot discover the signer's private key and use it to forge the digital signature.