Cryptography versus computer security
Cryptography and computer security are two distinct subjects. Cryptography is the art of encoding information in a secret format such that only the intended recipient can access the information. Cryptography can also be applied to supply proofs of authenticity, integrity, and intent. The use of cryptography has progressed extensively over a long period of time, ranging from the ancient Caesar cipher to cipher machines widely used in World War II to modern cryptosystems implemented with computer hardware and software.
Computer security is the application of measures that ensure that information being processed, stored, or communicated is reliable and available to authorized entities. Computer security first became an issue only in the 1960s, when timesharing, multiuser computer operating systems, such as Cambridge's early computing system and MIT's Multics, were first built. After that, the field of computer security remained relatively obscure for years, apart from a brief active period in the mid-1970s. Security concerns then were based mostly on military requirements. Commercial security did not become fully mainstream until the Internet and electronic commerce (e-commerce)—and Java technology in particular—took center stage in the 1990s.
Security mechanisms often can benefit from the use of cryptography, such as when running a network-based user login protocol. However, they do not necessarily depend on the use of cryptography, such as when implementing UNIX-style access control on files.
Yet cryptography does not exist in a vacuum. Cryptographic algorithms are usually implemented in software or hardware; thus, their correct operation depends critically on whether there is an adequate level of system security. For example, if lack of access control means that an attacker can modify the software that implements the algorithm, the lack of security directly impacts the utilization of cryptography.
*Inside Java™ 2 Platform Security, Li Gong, Gary Ellison, Mary Dageforde, 2003