Encryption

Kerberos adds privacy (confidentiality) and integrity in communication between entities using the protocol through encryption and checksums. Let’s look at each a little closer.

Encryption

Casually speaking, encryption is a way to conceal information by altering it so that it appears to just be random data. In computing, unencrypted data is known as plaintext, and encrypted data is known as ciphertext. The methods used to encode and decode messages are called encryption algorithms or ciphers. Encryption takes readable data and alters it so that it appears random. Although encrypted data appears random, encryption proceeds in a logical, predictable way so that a party receiving the encrypted data, and in possession of the key used to encrypt the data, can decrypt the data and turn it back into plaintext. The hope is that if the encryption scheme is complex enough, then malicious third-parties will be highly unlikely to decrypt the ciphertext by brute force. Data can be encrypted either at rest, i.e., when it is encrypted and then held in any form of storage like memory or hard disk, or when data is in transit, i.e., when it is encrypted and transmitted across a network. In Kerberos, we are only concerned with data encryption in transit.