E-CommerceE-Commerce, abbreviation for electronic commerce, usually defined as the conduct of business online, via the Internet. Until recently, e-commerce was limited mainly to large companies and their suppliers, who connected their computers together to speed up ordering and payment systems. Today, millions of people are involved in e-commerce on the Internet—when, for example, they visit World Wide Web sites to buy books or CDs, order flowers or pizzas, or check their bank accounts.

In the narrow definition of e-commerce, the term covers the buying and selling of goods and services using computer communications. This might be done via a messaging system such as electronic mail (see Office Systems), via the World Wide Web, or by direct computer-to-computer communications. Direct communications may use a standard form of electronic data interchange (EDI) such as Edifact (EDI For Administration, Commerce, and Trade).

Successful e-commerce ultimately leads to some form of payment, and ideally this will involve "electronic funds transfer" (EFT): in other words, the payment will be made via an electronic message, not in a physical form such as cash or a cheque. So-called smart cards and stored value cards (credit cards that contain a microchip, telephone cards, and so on) should therefore be considered part of e-commerce. The communications element may not always be obvious, but somewhere in the background, computer accounts are usually being credited and debited.

The broadest definitions of e-commerce may also include other electronic forms of doing business, such as fax, Telex (see Telegraph), video conferencing, and even telephone calls. Usually these are not e-commerce, but they could be regarded as such, depending on how they are used.

Companies invest in e-commerce systems to eliminate human input: orders and payments are made by machines rather than by people. This has several advantages. It cuts the cost of each transaction; speeds it up; and also makes it more convenient, because transactions can be performed at any hour of the day or night, often regardless of location.

The key question, then, in describing a transaction as an example of e-commerce is not which communications system is used, but whether or not the transaction has been automated. With a telephone-based bank account, for example, a user may wish to make a payment via the telephone. If a human assistant takes the instruction and types it into the bank's computer, that cannot be described as e-commerce. However, if the call is answered by a speech recognition system (software running on a computer), which verifies the user’s identity and makes the payment without human involvement, that is e-commerce. Much e-commerce may soon be performed using a mixture of voice recognition and text messaging from mobile telephones (see Cellular Radio).

Electronic Funds TransferElectronic Funds Transfer (EFT), method of transferring funds automatically from one bank or other financial account to another by electronic means. One example is electronic funds transfer at point of sale (EFTPOS), which provides for the automatic transfer of money from buyer to seller at the time of a sale. A customer inserts a card into a point-of-sale computer terminal in a supermarket, for example. Telecommunications links are then used to make an automatic debit from the customer's bank account to pay the bill.

RouterRouter, in computer communications, a specialized device used to interconnect different types of computer network. A router can be used to connect a Local Area Network (LAN) to another LAN, a Wide Area Network (WAN) to another WAN, or a LAN to the Internet. Routers transmit data packets through these networks and may determine the best path of transmission, based on a number of factors, including traffic load, line speed, and costs. Routers work at the network layer—layer 3 of the ISO (International Organization for Standardization) “seven-layer model”. See also Data Communications: Protocols.

CookieCookie, in computer science, a small text file created by individual Web site servers and sent to an Internet user’s browser where it is stored on the user’s hard-disk drive. One of the main purposes of cookies is to identify users and prepare personalized Web pages for them on future visits to previously viewed pages, increasing the speed and efficiency of Internet navigation. Cookies can be used to determine the number of visitors to specific Web sites by assigning a unique identification code to each Internet user on their first visit to a specific site. Each time the user returns to that site, the stored cookie transmits a message to the Web site server, which can then be used to track the number of returning visitors. Cookies also enable Web sites to assess the effectiveness of online advertising. They cannot be used to spread viruses and are not able to access the user’s hard drive. Cookies are not programs, but text-only strings that can be deleted at any time.Uniform Resource Locator

Uniform Resource Locator (URL), method of naming documents or places on the Internet, used most frequently on the World Wide Web (WWW). A URL is a string of characters that identifies the type of document, the computer the document is on, the directories and subdirectories the document is in, and the name of the document.

For example, the URL of the Web page (a document on the WWW) for the United Kingdom’s “open government” initiative is http://www.open.gov.uk/services/standards.htm. The part of the URL before the colon represents the scheme, or format used to retrieve the document; http means the document is on the WWW. If, instead of http, that part of the URL was ftp, it would mean that that document could be accessed through File Transfer Protocol(FTP), a format that allows a user to list files on, retrieve files from, and add files to another computer on the Internet. Some other schemes are gopher, which indicates the document is on a Gopher system, a menu-driven document delivery system for retrieving information from the Internet; news, which means the document occurs on a Usenet newsgroup, a forum in which users can post and respond to messages; and telnet, which indicatesTelnet, an access method in which the user logs on to a remote computer.

The next part of the URL, www.open.gov.uk, is called the hostname and represents the computer on which the document can be found. The .gov.uk extension identifies the computer as belonging to the United Kingdom government. Some other common extensions are .com (commercial—also .co.uk in the United Kingdom; .co.fr in France, etc.), .ac and .edu (academic and education respectively—usually a college or university).

After the computer and host names come the path, or chain of directories, on which the document is found; in this case, the only directory is services. The last item to be listed is the document name—in this case, standards.htm.

URLs are case-sensitive, which means that uppercase and lowercase letters are considered different letters, so a user has to enter a URL with all letters in the correct case. URLs on the WWW are accessed with browsers, or computer programs that can connect to the Internet and display Web pages.

InternetI INTRODUCTION

Internet, a collection  of computer networks that operate to common standards and enable the computers and the programs they run to communicate directly. There are many small-scale, controlled-access “enterprise internets”, but the term is usually applied to the global, publicly accessible network, called simply the Internet or Net. By the end of 2002, more than 100,000 networks and around 120 million users were connected via the Internet.

Internet connection is usually accomplished using international standards collectively called TCP/IP (Transmission Control Protocol/Internet Protocol), which are issued by an organization called the Internet Engineering Task Force, combined with a network registration process, and with the aid of public providers of Internet access services, known as Internet Service Providers or ISPs.

Each connected computer—called an Internet host—is provided with a unique Internet Protocol (IP) address—198.105.232.1, for example. For obvious reasons, the IP address has become known as the “dot address” of a computer. Although very simple and effective for network operation, dot addresses are not very user-friendly. Hence the introduction of the Domain Name System (DNS) that allows for the assignment of meaningful or memorable names to numbers. DNS allows Internet hosts to be organized around domain names: for example, “microsoft.com” is a domain assigned to the Microsoft Corporation, with the suffix “com” signifying a commercial organization. “ftp.microsoft.com” is an Internet host within that domain. Each part of the domain still has an IP or dot address, which is used by the network elements to deliver information. From a user point of view, though, the IP address is translated (or “resolved”) by DNS into the now familiar format.

The suffix .com is called a generic top-level domain name, and before 2001 there were just three of these (.com, .net, and .org), with .edu and .gov restricted to educational institutions and government agencies respectively. As a result of the rapid growth in Internet use, seven new top-level domain names have been prepared for use, some by specific sectors (.aero, .coop, and .museum) and some for general use (.biz, .info, .pro, and .name).

Internets are constructed using virtually any kind of electronic transmission medium, such as optical-fibre or copper-wire telephone lines, or radio or microwave channels. They can also connect almost any kind of computer or operating system; and they are operated in such a way as to be “self-aware” of their capabilities.

The great scale and universality of the public Internet results in its use to connect many other kinds of computer networks and services—including online information and shopping services—via systems called gateways. As a result of all these features, internets are an ideal means of building a very robust universal

information infrastructure throughout the world. The rapid growth of online shops, information services, and electronic business applications is testament to the inherent flexibility of the Net.

II SERVICES

Internets support thousands of different kinds of operational and experimental services. A few of the most popular include the following:

E-mail (electronic mail) allows a message to be sent from one person to another, or to many others, via computer. Internet has its own e-mail standards that have also become the means of interconnecting most of the world's e-mail systems. Internet e-mail addresses usually have a form such as “editor@encarta.microsoft.com”, where “editor” is the e-mail account name, and “encarta.microsoft.com” is the domain identity of the computer hosting the account. E-mail can also be used to create collaborative groups through the use of special e-mail accounts called “reflectors” or “exploders” that automatically redistribute mail sent to the address.

The World Wide Web allows the seamless creation and use of elegant point-and-click hypermedia presentations, linked across the Internet in a way that creates a vast open knowledge repository, through which users can easily browse.

Gopher is a system that allows the creation and use of directories of files held on computers on the Internet, and builds links across the Internet in a manner that allows users to browse through the files.

FTP (File Transfer Protocol) is a set of conventions allowing easy transfer of files between host computers. This remains the biggest use of the Internet, especially for software distribution, and many public distribution sites now exist.

Usenet allows automatic global distribution of news messages among thousands of user groups, called newsgroups.

Telnet is the system that allows a user to “log in” to a remote computer, and make use of it.

III METHODS OF CONNECTING

There are four ways to connect to the public Internet.

Host access is usually carried out via dial-up telephone lines and modems, combined with internet software on a personal computer, and allows the computer that is accessed to function fully as an internet host.

Network access is similar to host access, but is done via a leased line or an “always-on” link such as Digital Subscriber Line (DSL) or Etherloop. In this case, all the attached computers are made into internet hosts. See also Broadband; Asymmetrical Digital Subscriber Lines.

Terminal access is usually carried out via dial-up telephone lines and modems combined with terminal emulation software on a personal computer; it allows interaction with another computer that is an internet host.

Gateway access is similar to terminal access, but is provided via on-line or similar proprietary services that give the user the ability to exchange e-mail with the Internet.

IV HISTORY AND FUTURE

The Internet technology was created by Vinton Cerf in early 1973 as part of a project headed by Robert Kahn and conducted by the Advanced Research Projects Agency, part of the United States Department of Defense. Thereafter, Cerf led many efforts to build, scale, and standardize the Internet. In 1984 the technology and the network were turned over to the private sector and to government scientific agencies for further development. The growth has continued exponentially. Service-provider companies that make “gateways” to the Internet available to home and business users enter the market in ever-increasing numbers. By early 2000, access was available in over 200 countries and encompassed around 100 million users. The Internet and its technology continue to have a profound effect in promoting the sharing of information, making possible rapid transactions among businesses, and supporting global collaboration among individuals and organizations. In 1999, 205 countries and territories in the world had at least one connection to the Internet. The development of the World Wide Web is fuelling the rapid introduction of new business tools and activities that may by then have led to annual business transactions on the Internet worth hundreds of billions of pounds. The potential of web-based commerce is immense. Techniques that allow safe transactions over the Net (for payment and funds transfers), the construction of faster, more secure networks and the development of efficient search techniques make the Internet an ideal trading medium.

Future concerns are focused in a number of areas, including the efficiency of search engines—even the most efficient of them cover less than a sixth of all publicly available pages—as well as privacy, security, and Internet piracy. By its very nature, the Internet does not cope well with traffic that requires a dedicated link between two points (such as voice) as end-to-end delay cannot readily be controlled. Several protocols that allow greater predictability are being developed to guarantee an assured quality of service. The ability to integrate applications is of increasing importance. Common data formats allow e-business applications to cooperate and services such as Internet phones that are easy to install are being refined and deployed.

In addition to these extra features, the core of the Internet—the network hardware that connects everyone together—is undergoing an overhaul that will enable it to cope with ever-increasing traffic loads. The “Internet 2” project has been under way for several years now and is building faster links and bigger switches that will power the Internet for years to come.

IntranetIntranet, any computer network that provides similar services to those provided by the Internet, but which is not necessarily connected to the Internet.

The most common example of an Intranet is the use within an organization of one or more World Wide Web computer servers on an internal network using the Transmission Control Protocol/Internet Protocol (TCP/IP) for distribution of information within the organization. The Web sites on an Intranet look and behave as those on the Internet, but the firewall surrounding an Intranet prevents unauthorized access from outside the host organization, maintaining computer security.

Since about 1995, Intranets have become a major growth area in corporate computing, due to the availability of cheap or free commercial Web browser and Web server software, allowing them to provide a simple, uniform user interface to many kinds of information and application programs. If, as is most commonly the case, the Intranet is contained within a Local Area Network (LAN), then fast LAN speeds can be achieved over the Intranet. However, Intranets occasionally comprise two or more remote locations connected via the Internet, in which case the speed of the Internet is the limiting factor.

E-MailE-Mail (abbreviation for electronic mail), transmission of electronic messages between computers via a network. Millions of e-mails are exchanged every day—virtually every business relies on it and many people see it as their preferred method of communication.

For all its ubiquity and importance e-mail is very simple and has humble roots. An e-mail message is nothing more than a piece of text and the sending of a mail message requires no more than the simple attachment of this text to a special file, known as a mailbox.

The first e-mail message was sent in 1971 by an engineer named Ray Tomlinson, one of the pioneers of the Internet. He showed how a messaging facility that could be used by several users on a single computer could be extended so that it worked between a number of computers. Tomlinson decided that the @ sign should be used to designate the receiving machine, and so e-mail as we know it was born.

Practical e-mail systems have only a few, simple components. At the user end is a piece of software known as an “e-mail client”; Microsoft Outlook, Eudora, Pegasus, and Web-based clients such as America Online Inc. (AOL's) e-mail reader are familiar examples. The client allows the user to create mail messages, to view the contents of the mailbox, and to read incoming mail.

At the other end from the client is the e-mail server. This is a computer, typically one provided by an Internet Service Provider, that is dialled up when messages are sent and received. The server has a list of e-mail accounts, each of which has a text file where all of the messages for that account are stored.

To send an e-mail, a message is created using the client and is sent to the server. The server forwards the message to the computer that hosts the mailbox of the intended recipient. To receive e-mail, the user simply logs on to the e-mail server, which presents a set of message headers to the client. These headers provide information as to who sent the message and when it was sent.

There are two protocols that govern how real e-mail systems work. The first is SMTP (Simple Mail Transfer Protocol), which handles outgoing mail. The other is POP3 (Post Office Protocol), which handles incoming mail, simply appending incoming messages to a user’s file. SMTP “listens” for any attached clients who want to send messages on the server’s well-known port number 25, while POP3 listens for messages addressed to one of its clients on port 110.

E-mail messages get from one server to another in exactly the same way that any other information traverses the Internet. A program called “sendmail” is used to queue outgoing messages so if a network link is broken, the message will be re-sent until it gets through.

Despite the fact that e-mail only works for text, a variety of file types (for instance, images, sounds, spreadsheets, and so on) can be attached. A program called “uuencode” turns all attachments into text so that they can be transmitted across a network. When the message (which could be some words plus an attachment rendered into text by uuencode) is received, the client invokes “uudecode” to restore the original.

What is E-Commerce','Electronic Commerce (EC) is the paperless exchange of business information using Electronic Data Interchange (EDI) and related technologies. If you are familiar with Electronic Mail (E-Mail), computer bulletin boards, facsimile machines (faxes), Electronic Funds Transfer (EFT) You can very well understand what is e-commerce. These are all forms of EC. All EC systems replace all or key parts of paper-based work flow with faster, cheaper, more efficient, and more reliable communications between machines. In today's Defense Department procurement arena, however the most important EC technology to know about is Electronic Data Interchange, or EDI

Electronic Business, commonly referred to as "eBusiness" or "e-Business", may be defined as the utilisation of information and communication technologies (ICT) in support of all the activities of business. Commerce constitutes the exchange of products and services between businesses, groups and individuals and hence can be seen as one of the essential activities of any business. Hence, electronic commerce or eCommerce focuses on the use of ICT to enable the external activities and relationships of the business with individuals, groups and other businesses [1].

Louis Gerstner, the former CEO of IBM, in his book, 'Who says Elephants can't dance' attributes the term "e-Business" to IBM's marketing and Internet teams in 1996.

Electronic business methods enable companies to link their internal and external data processing systems more efficiently and flexibly, to work more closely with suppliers and partners, and to better satisfy the needs and expectations of their customers.

In practice, e-business is more than just e-commerce. While e-business refers to more strategic focus with an emphasis on the functions that occur using electronic capabilities, e-commerce is a subset of an overall e-business strategy. E-commerce seeks to add revenue streams using the World Wide Web or the Internet to build and enhance relationships with clients and partners and to improve efficiency using the Empty Vessel strategy. Often, e-commerce involves the application of knowledge management systems.

E-business involves business processes spanning the entire value chain: electronic purchasing and supply chain management, processing orders electronically, handling customer service, and cooperating with business partners. Special technical standards for e-business facilitate the exchange of data between

companies. E-business software solutions allow the integration of intra and inter firm business processes. E-business can be conducted using the Web, the Internet, intranets, extranets, or some combination of these.

(Row´ter) (n.)A device that forwards data packets along networks. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP’s network. Routers are located at gateways, the places where two or more networks connect.

Routers use headers and forwarding tables to determine the best path for forwarding the packets, and they use protocols such as ICMP to communicate with each other and configure the best route between any two hosts.

Very little filtering of data is done through routers.

See also Webopedia's "Did You Know... Routers, Switches and Hubs: What's the Difference?"

Cookie.A message given to a Web browser by a Web server. The browser stores the message in a text file. The message is then sent back to the server each time the browser requests a page from the server.

Also see session cookie and persistent cookie.

The main purpose of cookies is to identify users and possibly prepare customized Web pages for them. When you enter a Web site using cookies, you may be asked to fill out a form providing such information as your name and interests. This information is packaged into a cookie and sent to your Web browser which stores it for later use. The next time you go to the same Web site, your browser will send the cookie to the Web server. The server can use this information to present you with custom Web pages. So, for example, instead of seeing just a generic welcome page you might see a welcome page with your name on it.

The name cookie derives from UNIX objects called magic cookies. These are tokens that are attached to a user or program and change depending on the areas entered by the user or program.

See What You Need to Know About Cookies in the Did You Know . . . ? section of Webopedia.

Also see Do Cookies Compromise Security? in the Did You Know . . . ? section of Webopedia.

URLAbbreviation of Uniform Resource Locator, the global address of documents and other resources on the World Wide Web.

The first part of the address is called a protocol identifier and it indicates what protocol to use, and the second part is called a resource name and it specifies the IP address or the domain name where the resource is located. The protocol identifier and the resource name are separated by a colon and two forward slashes.

For example, the two URLs below point to two different files at the domain pcwebopedia.com. The first specifies an executable file that should be fetched using the FTP protocol; the second specifies a Web page that should be fetched using the HTTP protocol:

ftp://www.pcwebopedia.com/stuff.exe http://www.pcwebopedia.com/index.html

See "Countries and Their Domain Extensions" in the Quick Reference section of Webopedia.See also "How Web Servers Work" in the "Did You Know...?" section of Webopedia.

1) Short for Symmetric Multiprocessing, a computer architecture that provides fast performance by making multiple CPUs available to complete individual processes simultaneously (multiprocessing). Unlike asymmetrical processing, any idle processor can be assigned any task, and additional CPUs can be added to improve performance and handle increased loads. A variety of specialized operating systems and hardware arrangements are available to support SMP. Specific applications can benefit from SMP if the code allows multithreading.

SMP uses a single operating system and shares common memory and disk input/output resources. Both UNIX and Windows NT support SMP.

(2) Short for Simple Management Protocol, another name for SNMP2. SNMP2 is an enhanced version of the Simple Network Management Protocol (SNMP) with features required to support larger networks operating at high data transmission rates. SNMP2 also supports multiple network management workstations organized in a hierarchical fashion.

- An intranet is a private network that is contained within an enterprise. It may consist of many interlinked local area networks and also use leased lines in the wide area network. Typically, an intranet includes connections through one or more gateway computers to the outside Internet. The main purpose of an intranet is to share company information and computing resources among employees. An intranet can also be used to facilitate working in groups and for teleconferences.

An intranet uses TCP/IP, HTTP, and other Internet protocols and in general looks like a private version of the Internet. With tunneling, companies can send private messages through the public network, using the public network with special encryption/decryption and other security safeguards to connect one part of their intranet to another.

Typically, larger enterprises allow users within their intranet to access the public Internet through firewall servers that have the ability to screen messages in both directions so that company security is maintained. When part of an intranet is made accessible to customers, partners, suppliers, or others outside the company, that part becomes part of an extranet.

- An extranet is a private network that uses Internet technology and the public telecommunication system to securely share part of a business's information or operations with suppliers, vendors, partners, customers, or other businesses. An extranet can be viewed as part of a company's intranet that is extended to users outside the company. It has also been described as a "state of mind" in which the Internet is perceived as a way to do business with other companies as well as to sell products to customers.

An extranet requires security and privacy. These can include firewall server management, the issuance and use of digital certificates or similar means of user authentication, encryption of messages, and the use of virtual private networks (VPNs) that tunnel through the public network.

Companies can use an extranet to:

Exchange large volumes of data using Electronic Data Interchange (EDI) Share product catalogs exclusively with wholesalers or those "in the trade"

Collaborate with other companies on joint development efforts Jointly develop and use training programs with other companies Provide or access services provided by one company to a group of other companies, such as an

online banking application managed by one company on behalf of affiliated banks Share news of common interest exclusively with partner companies

- The Internet, sometimes called simply "the Net," is a worldwide system of computer networks - a network of networks in which users at any one computer can, if they have permission, get information from any other computer (and sometimes talk directly to users at other computers). It was conceived by the Advanced Research Projects Agency (ARPA) of the U.S. government in 1969 and was first known as the ARPANET. The original aim was to create a network that would allow users of a research computer at one university to be able to "talk to" research computers at other universities. A side benefit of ARPANet's design was that, because messages could be routed or rerouted in more than one direction, the network could continue to function even if parts of it were destroyed in the event of a military attack or other disaster.

Today, the Internet is a public, cooperative, and self-sustaining facility accessible to hundreds of millions of people worldwide. Physically, the Internet uses a portion of the total resources of the currently existing public telecommunication networks. Technically, what distinguishes the Internet is its use of a set of protocols called TCP/IP (for Transmission Control Protocol/Internet Protocol). Two recent adaptations of Internet technology, the intranet and the extranet, also make use of the TCP/IP protocol.

For many Internet users, electronic mail (e-mail) has practically replaced the Postal Service for short written transactions. Electronic mail is the most widely used application on the Net. You can also carry on live "conversations" with other computer users, using Internet Relay Chat (IRC). More recently, Internet telephony hardware and software allows real-time voice conversations.

The most widely used part of the Internet is the World Wide Web (often abbreviated "WWW" or called "the Web"). Its outstanding feature is hypertext, a method of instant cross-referencing. In most Web sites, certain words or phrases appear in text of a different color than the rest; often this text is also underlined. When you select one of these words or phrases, you will be transferred to the site or page that is relevant to this word or phrase. Sometimes there are buttons, images, or portions of images that are "clickable." If you move the pointer over a spot on a Web site and the pointer changes into a hand, this indicates that you can click and be transferred to another site.

Using the Web, you have access to millions of pages of information. Web browsing is done with a Web browser, the most popular of which are Microsoft Internet Explorer and Netscape Navigator. The appearance of a particular Web site may vary slightly depending on the browser you use. Also, later versions of a particular browser are able to render more "bells and whistles" such as animation, virtual reality, sound, and music files, than earlier versions.

Short for HyperText Transfer Protocol, the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when you enter a URL in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page.

The other main standard that controls how the World Wide Web works is HTML, which covers how Web pages are formatted and displayed.

HTTP is called a stateless protocol because each command is executed independently, without any knowledge of the commands that came before it. This is the main reason that it is difficult to implement Web sites that react intelligently to user input. This shortcoming of HTTP is being addressed in a number of new technologies, including ActiveX, Java, JavaScript and cookies.

Also see The Difference Between FTP and HTTP in the Did You Know . . . ? section of Webopedia.

A hash function is a form of encryption that takes some plaintext input and transforms it into a fixed-length encrypted output called the message digest. The digest is a fixed-size set of bits that serves as a unique "digital fingerprint" for the original message. If the original message is altered and hashed again, it will produce a different signature. Thus, hash functions can be used to detect altered and forged documents. They provide message integrity, assuring recipients that the contents of a message have not been altered or corrupted.

Hash functions are one-way, meaning that it is easy to compute the message digest but very difficult to revert the message digest back to the original plaintext (e.g., imagine trying to put a smashed pumpkin back to exactly the way it was). Hash function features are listed here:

A hash function should be impossible for two different messages to ever produce the same message digest. Changing a single digit in one message will produce an entirely different message digest.

It should be impossible to produce a message that has some desired or predefined output (target message digest).

It should be impossible to reverse the results of a hash function. This is possible because a message digest could have been produced by an almost infinite number of messages.

The hash algorithm itself does not need to be kept secret. It is made available to the public. Its security comes from its ability to produce one-way hashes.

The resulting message digest is a fixed size. A hash of a short message will produce the same size digest as a hash of a full set of encyclopedias.

Hash functions may be used with or without a key. If a key is used, both symmetric (single secret key) and asymmetric keys (public/private key pairs) may be used. The two primary algorithms are listed next and the RFCs listed later provide more information on the protocols. Also see the list of Web sites on the related entries page.

MD-5    A hash function designed by Ron Rivest, one of the inventors of the RSA public-key encryption scheme. The MD-5 algorithm produces a 128-bit output. Note that MD-5 is now known to have some weaknesses and should be avoided if possible. SHA-1 is generally recommended. This is discussed later.

SHA-1 (Secure Hash Algorithm-1)    SHA-1 is an MD-5-like algorithm that was designed to be used with the Digital Signature Standard (DSS). The United States agencies NIST (National Institute of Standards and Technology) and NSA (National Security Agency) are responsible for SHA-1. The SHA-1 algorithm produces a 160-bit MAC. This longer output is considered to be more secure than MD-5.

Keyed MD5 is a technique for using MD-5. Basically, a sender appends a randomly generated key to the end of a message, and then hashes the message and key combination to create a message digest. Next, the key is removed from the message and encrypted with the sender's private key. The message, message digest, and encrypted key are sent to the recipient, who opens the key with the sender's public key (thus validating that the message is actually from the sender). The recipient then appends the key to the message and runs the same hash as the sender. The message digest should match the message digest sent with the message.

The result of a hash function that combines a message with a key is called a message authentication code, or MAC. A MAC is a "fingerprint" or "message digest" of the input in combination with a key available to parties in the message exchange.

Hash functions are used in authentication routines such as CHAP (Challenge Handshake Authentication Protocol). Both the client and server share a secret-the password used by the client, which has been previously exchanged but is never sent over the wire. When the client establishes a link to the server, the server sends a unique "challenge" value (sometimes called a nonce) to the client. The client combines his or her password with the challenge and then runs them through the hash function. The result is sent back to the server, which runs the same process and compares its results with those received from the client. If they compare, the client is considered authentic. Note that the actual password is never sent, only a hash of the challenge and password combination.

HMAC (Hashed Message Authentication Code) is a core protocol that is considered essential for security on the Internet along with IPSec, according to RFC 2316 (Report of the IAB, April 1998). It is not a hash function, but a mechanism for message authentication that uses either MD5 or SHA-1 hash functions in combination with a shared secret key (as opposed to a public/private key pair). Basically, a message is combined with a key and run through the hash function. The result is then combined with the key and run through the hash function again. This 128-bit result is truncated to 96 bits and becomes the MAC.

According to RFC 2104 (HMAC: Keyed-Hashing for Message Authentication, February 1997), HMAC should be used in preference to older techniques, notably keyed hash functions. Keyed hashes based on MD-5 are especially to be avoided, given the hints of weakness in MD-5. HMAC is the preferred shared-secret authentication technique, and it should be used with SHA-1. It can be used to authenticate any arbitrary message and is suitable for logins.

The following RFCs provide important additional information about the hash functions used in the Internet environment. These RFCs are located on the CD-ROM.

RFC 1321 (MD5 Message-Digest Algorithm, April 1992) RFC 1828 (IP Authentication using Keyed MD5, August 1995) RFC 1864 (The Content-MD5 Header Field, October 1995) RFC 1994 (PPP Challenge Handshake Authentication Protocol (CHAP), August

1996) RFC 2069 (An Extension to HTTP: Digest Access Authentication, January 1997) RFC 2085 (HMAC-MD5 IP Authentication with Replay Prevention, February 1997)

RFC 2104 (HMAC: Keyed-Hashing for Message Authentication, February 1997) RFC 2316 (Report of the IAB, April 1998) RFC 2401 (Security Architecture for the Internet Protocol, November 1998) RFC 2403 (The Use of HMAC-MD5-96 within ESP and AH, November 1998) RFC 2404 (The Use of HMAC-SHA-1-96 within ESP and AH, November 1998) RFC 2537 (RSA/MD5 KEYs and SIGs in the Domain Name System (DNS), March

1999) RFC 2831 (Using Digest Authentication as a SASL Mechanism, May 2000) RFC 2857 (The Use of HMAC-RIPEMD-160-96 within ESP and AH, June 2000

Authentication using Private-key Ciphers

if a message is being encrypted using a session key known only to the sender and receiver, then the message may also be authenticated

o since only sender or receiver could have created it o any interference will corrupt the message (provided it includes sufficient redundancy to

detect change) o but this does not provide non-repudiation since it is impossible to prove who created the

message message authentication may also be done using the standard modes of use of a block cipher

o sometimes do not want to send encrypted messages o can use either CBC or CFB modes and send final block, since this will depend on all

previous bits of the message o no hash function is required, since this method accepts arbitrary length input and produces a

fixed output o usually use a fixed known IV o this is the approached used in Australian EFT standards AS8205 o major disadvantage is small size of resulting MAC since 64-bits is probably too small

Hashing Functions

hashing functions are used to condense an arbitrary length message to a fixed size, usually for subsequent signature by a digital signature algorithm

good cryptographic hash function h should have the following properties: o h should destroy all homomorphic structures in the underlying public key cryptosystem (be

unable to compute hash value of 2 messages combined given their individual hash values) o h should be computed on the entire message o h should be a one-way function so that messages are not disclosed by their signatures o it should be computationally infeasible given a message and its hash value to compute

another message with the same hash value o should resist birthday attacks (finding any 2 messages with the same hash value, perhaps by

iterating through minor permutations of 2 messages [1]) it is usually assumed that the hash function is public and not keyed traditional CRCs do not satisfy the above requirements length should be large enough to resist birthday attacks (64-bits is now regarded as too small, 128-

512 proposed)

Snefru

a one-way hash function designed by Ralph Merkle creates 128 or 256 bit long hash values (let m be length) uses an algorithm H which hashes 512-bits to m-bits, taking the first m output bits of H as the hash

value o H is based on a reversible block cipher E operating on 512-bit blocks o H is the last m-bits of the output of E XOR'd with the first m-bits of the input of E o E is composed of several passes, each pass has 64 rounds of an S-box lookup and XOR o E can use 2 to 8 passes

overview of algorithm o break message into 512-m bit chunks o each chunk has the previous hash value appended (assuming an IV of 0) o H is computed on this value, giving a new hash value o after the last block (0 padded to size as needed) the hash value is appended to a message

length value and H computed on this, the resulting value being the MAC Snefru has been broken by a birthday attack by Biham and Shamir for 128-bit hashes, and possibly

for 256-bit when 2 to 4 passes are used in E Merkle recommends 8 passes, but this is slow