From The spring:// Network Documentation
Jump to: navigation, search

Generally speaking -- cryptography is the process and science of hiding and revealing information. It also has a variety of tools associated with it like proving integrity of information.

Encryption is taking what is known as plaintext information and hiding it as ciphertext which, when viewed by itself, is incredibly unlikely to reveal any of the original information. Decryption is the reverse process -- taking a ciphertext and revealing the original plaintext. Encryption is designed to make revealing the original information very easy for those who are meant to see it but incredibly difficult for those who are not meant to see it. When we say very strong encryption is unlikely to be broken, the odds are in the order of billions of years to systematically work through and break using contemporary technology.

It is, however, a notoriously difficult field to get right which is why we rely on solid tools for the network (Gnu Privacy Guard) and industry recommended algorithms.

The Spring network is supplying a cryptography layer in the platform because sensitive information, such as that defined by the Data Protection Act, should really not be sent across public channels (the Internet!) as plaintext.