Cryptography methods are changing as computers get faster. It has been said that any encryption code can be broken given enough computer time to derive all of the permutations. However, if it takes months to break a code, a war could be won or lost, or a financial transaction's meaningfulness might have long expired. As computers get faster, the keys get longer and the algorithms become more complex to stay ahead of the game.

Historical interlude
In 1518, a Benedictine monk named Johannes Trithemius wrote Polygraphiae, the first published treatise on cryptography. Later, his text Steganographia described a cipher in which each letter is represented by words in successive columns of text, designed to hide inconspicuously inside a seemingly pious book of prayer.

Polygraphiae and Steganographia attracted a considerable amount of attention not only for their meticulous analysis of ciphers but more notably for the unexpected thesis of Steganographia's third and final section, which claimed that messages communicated secretly were aided in their transmission by a host of summoned spirits.

As might be expected, Trithemius' works were widely renounced as having magical content -- by no means an unfamiliar theme in cryptographic history -- and a century later fell victim to the zealous flames of the Inquisition during which they were banned as heretical sorcery.

Emerging standards, uncertain policies
Today, the "zealous flames" may be symbolic of the controversy that surrounds encryption issues. Because encryption standards are still being formed and allow for multiple implementation techniques, companies have no sure way of implementing successful encryption. Furthermore, current encryption strategies make no allowances for content security. The market needs an encryption strategy designed to be both algorithm- and certification authority-independent, allowing users to implement a public key infrastructure (PKI) for signed and sealed global email. A sound strategy must first identify key standards and then focus on encryption policy management.

Blending policy and standards to provide content security in an encrypted world
To provide full content security for signed and encrypted messages, content security solutions need to support authorized encryption, including S/MIME, X.509 certificates, a selection of Certification Authorities and the most popular encryption algorithms in use today.

On the encryption policy management front, user authorization, algorithm recognition and message securing are the key to ensuring that encryption works for organizations. Unauthorized encryption, for example, needs to be blocked at the network boundary and quarantined by the system administrator to save the costs of decoding rogue encryption algorithms downloaded from the Internet.

The convergence of policy and standards is necessary because the proliferation of encryption keys and algorithms makes it impossible to monitor the content of encrypted messages. With a policy-based strategy, organizations can be sure their needs for privacy, cost control, content control and system security are met, without disclosing private keys or authorized users' content. If a corporate encryption strategy is based on open standards, it will enable a global PKI with secure email.