A few simple definitions on privacy and cryptography,
the way I understand them
Privacy means (among other things) that information transmitted from a sender to a receiver is not accessed by others.
A
secure
communication channel is a channel that enforces privacy by making it impossible to eavesdrop on the communication. An insecure channel makes eavesdropping possible.
Cryptography is the use of techniques which make information readable by
the sender and receiver, but unintelligible to anyone else (including anyone with complete access to the ciphertext, see below). Information is encrypted by the sender before sending, and decrypted by the receiver. Thus, cryptography makes privacy
possible even on an insecure channel. Plaintext (or
cleartext) is nonencrypted information. The sender converts plaintext to ciphertext (see below) by applying an encryption algorithm to the plaintext.
Ciphertext is
encrypted information. The receiver recovers the original plaintext by decrypting the received ciphertext.
A
cryptographic key is a sequence of numbers, characters or other data used by a cryptographic algorithm to convert plaintext into ciphertext or vice versa.
Secret key cryptography use a key which is kept secret and known only to the sender and receiver. Leaking a secret key compromises the privacy of any ciphertext generated with this key. Therefore, a secret key
should be sent only on a secure channel. Public key cryptography uses a pair of keys, one for encrypting and the other for decrypting. The two keys constituting a pair are generated together by an algorithm. The key used for
encrypting is called public, i.e., it can be publicly known without compromising the security of ciphertext. The key used for decrypting is called secret. Anybody in possession of a public key can encrypt a plaintext, but only the party in possession of
the corresponding secret key can decrypt the ciphertext. A public key can be sent on an insecure channel.
Weak cryptography is the use of cryptographic techniques that make encrypted information unintelligible to a casual observer
not in possession of the key. A determined opponent with large human, technological and financial resources (e.g., a government), on the other hand, may be able to decrypt a weaklyencrypted ciphertext in a short time without having the key.
Strong cryptography is the use of cryptographic techniques which make it impossible or extremely slow and expensive (even for a government) to decrypt a plaintext without having the key.
Snakeoil
cryptography is the use of proprietary, homemade or secret cryptographic algorithms. Public knowledge of a cryptographic algorithm and its extensive review by cryptographers and mathematicians is the only guarantee that an algorithm is strong (i.e., that
a way to break it within a reasonable time frame has not been found). Secret algorithms have not received public review, and their strength therefore cannot be assessed. Also, there is no intrinsic safety in a secret algorithm. If a strong cryptographic
algorithm is used, knowledge of the algorithm does not help a third party to crack the ciphertext. On the other hand, in the great majority of cases, snakeoil algorithms are quite easy to crack by professional cryptanalysts. If you trust snakeoil
ointments, then you will love snakeoil cryptography.
Keyescrow cryptography is the use of a cryptographic scheme in which a secret key is deposited (escrowed) with a trusted party. The deposited key (which may or may not be the same as
the key in possession of the sender and/or receiver) allows the plaintext to be recovered. Generally, different parts of an escrowed key are held by two or more agencies or independent entities, and are released to the government upon motivated request.
Not storing the whole key at one location makes it unlikely that the key will be used in unauthorised ways (unless the government decides to use it in unauthorised ways, in which case the multipleagency system offers no protection). As a result, persons
using a keyescrow system must trust the government not to eavesdrop on their encrypted communications without just reason, but have no real guarantee that this is indeed the case (in a similar  totally hypothetical  case, you
could be asked to trust your
president or prime minister not to lie, but would have no way to tell whether he does).
A government may use national security and the fight against crime
as pretexts to justify the adoption of keyescrow, but again, private persons have no guarantee that this is the
real reason. It is obvious, however, that two more steps must follow the adoption of a keyescrow system, lest it remains useless. The first step is
making it obligatory to participate in the keyescrow scheme (the system is no use to the government if only a few persons use it). As a result,
the government will have access to each and every citizen's escrowed key. The second step is
outlawing other types of cryptography (since a keyescrow system is useless if a ciphertext generated with a keyescrow system contains another ciphertext
generated with strong cryptography). Thus, the government effectively will have abolished the right to privacy of the people. At this point, only terrorists and criminals will still have privacy.
Unbreakable cryptography is the use of a
cryptographic algorithm which is demonstrably (in a mathematical sense) impossible to break. Only one such algorithm is known (i.e., the onetime pad). This algorithm is very simple. Unfortunately, it is a secretkey algorithm, the key must be at least as
long as the plaintext, and the security of both key and plaintext is compromised if the same key is used more than once. Variations on the onetime pad in order to remedy one or more of its limitations invariably destroy its unbreakability.
Because
of the mysticism and sometimes incorrect information that seem to surround the onetime pad, I am providing here more information. A simple implementation of the onetime pad uses a random sequence of bytes as key. You can use a pseudorandom sequence
(i.e., a sequence generated by a deterministic algorithm) which passes mathematical tests for pseudorandomness (i.e., fails to show any detectable pattern in the sequence. There is no mathematical test to distinguish real randomness from
pseudorandomness, so a "good" pseudorandom sequence will do, as long as it is generated using a random seed (which is a shorter sequence of data used to initialize a pseudorandom generator). Random and pseudorandom sequences are a field of
research in their own, so don't expect an exhaustive treatment here. The key must be at least as long as the plaintext. The cleartext is XORed with the key. It is preferrable, but not indispensable, to compress the cleartext before doing so.
XORing is a logical operation that takes two input bits and outputs a TRUE if either input bit is TRUE, and FALSE if both input bits are TRUE or FALSE. Each bit in a byte of the key and plaintext is XORed in sequence, and each byte in the plaintext and key
is XORed in sequence. The key is stored in a safe place, and/or sent to the receiving part through a safe channel. This is the weakest part of this cypher, of course, and the most difficult to implement. Decryption consist of applying
the same procedure to the cyphertext. The unbreakability of this cypher consists in the fact that there is no way to distinguish the true key from any of the possible keys (i.e., all possible combinations and permutations of the bits
constituting the key). As a result, a bruteforce approach (which consists of applying all possible keys to the cyphertext) is meaningless, because it will produce all possible plaintexts of the same length as the cyphertext, with no way to tell which of
these plaintexts is real. If you use the same key for more than one plaintext, however, the cyphertexts will display a statistical correlation and, especially if part of one plaintext is known, this allow a third party to compute part or all of
the key, thus compromising the security of all cyphertexts obtained with the same key.
Finally, note the following, highly summarised points about the onetime pad:  The
onetime pad is unbreakable in itself, but only as good as the
key being used, and the way the key is stored and/or transmitted.  If a good key is used
(i.e., one that passes tests for pseudorandomness), a cyphertext
generated with the onetime pad is undistinguishable from a nonsense random sequence: nobody can prove it contains  or does not contain  a plaintext.  The same thing applies
to a key: nobody can prove it is a cryptographic key unless they have access to the corresponding cyphertext.  Once a key is lost or destroyed, there is no way to recover the cyphertext. This is true, unless you happen to know how you obtained the
key, and are able to duplicate the process. However, if you can duplicate a key, the key itself
is not random, and the method used to generate it is no good. You can use this as one of the tests a keygeneration scheme must pass.  You don't need a computer to use
the onetime pad. You can apply it with paper and pencil, and you can use statistically unflawed dice, coins or other valid manual methods to generate a key.
Deniable encryption is the use of
cryptographic techniques which produce a ciphertext that can decrypt to two or more plaintexts when different keys are used. This can be useful to a sender or a receiver who wishes to deny the contents of a ciphertext even when forced to give up the
decryption key. For instance, the original plaintext may say "The president sucks". The ciphertext may decrypt to "The president sucks" when one key is used, and to "What a nice day" when another key is used. When forced to give up the key (e.g., under
threat), a party may give up the second key, which yields an innocent plaintext. In order to make the scheme more credible, the "contingency" plaintext may have a slightly incriminating content, in order to justify the use of cryptography  in the eyes of
the authorities  by the person(s) involved, but not important enough to cause serious consequences to them. Very little practical work has been done on deniable encryption so far.
A possible implementation of deniable encryption uses the
onetime pad described above. In simple terms, and indicating the XORing operation with X, we have: key X plaintext1 = cyphertext1 cyphertext1 X plaintext2 = cyphertext2 Plaintext1 is the real message, plaintext2 the decoy message. Note
that you used cyphertext1 as a key. At this point,under threat you can disclose cyphertext1, saying that it is the key (there is no way to prove otherwise). The adversary will perform the operation: cyphertext2 X cyphertext1 = plaintext2 and
will have to be satisfied with it. You or your ally, on the other hand, can perform the operation: cyphertext1 X key = plaintext1 or also cyphertext2 X plaintext2 X key = plaintext1 As shown above, cyphertext1 does not need to be kept, as
long as the other three texts are known. Steganography is the application of techniques that hide information within data. For instance, steganographic techniques exist for hiding a text message within a photograph stored in
electronic format. The data constituting the photograph act as a container for the hidden message. The photograph looks normal, but the hidden text can be recovered by using an appropriate algorithm. As a rule, the information that must be hidden is
substantially smaller than the information acting as a container. Also, the container must be of a nature that allows for a slight loss of information without becoming unusable or carrying telltale signs of hiding extraneous data. Pictures, movies and
sound are obvious choices for containers. Redundant data formats which allow the automatic correction of corrupted and/or missing bits (e.g., the data recovery records on a CDROM) or the file slack (i.e., unused storage filling the space between the end
of a file and the end of the last allocation unit on a hard disk) can also be used as containers. Steganography can be combined with cryptography, so that a steganographic container may contain an encrypted message.
Cryptography alone is
not a complete solution to achieve privacy. Indirect techniques may allow an observer to gain information from the act of sending a ciphertext even when she cannot decrypt or break the ciphertext. For instance,
traffic analysis (e.g., the knowledge of who
sent a ciphertext to whom, and when in time) can already tell something useful to an observer. Timebased traffic analysis can be foiled, for instance, by frequently transmitting nonsense ciphertext, so that a meaningful ciphertext (i.e., a ciphertext
containing a meaningful plaintext), to the observer, will be undistinguishable from the nonsense ones. Destinationbased traffic analysis can be foiled by uploading ciphertext to a location where it is publicly available (e.g., a Usenet group), where in
principle anybody can download it. The destinatary can thus remain secret. Steganography can be used to prevent sourcebased traffic analysis, i.e., by hiding from an observer the fact that the sender is sending a ciphertext. Depending on the algorithm
being used, the same plaintext may always encrypt to the same ciphertext, or to a different ciphertext each time the algorithm is used. The latter type of algorithm is preferable, since in this case an observer will have no way to detect that the same
message has been sent on different occasions. The length of the plaintext may also be significant. This can be hidden by appending nonsense data of random length to the real plaintext before encrypting it.
If you want to know more, read
the cryptography FAQ (posted at regular intervals on sci.crypt).
