Security Information |
|
Secrets On Security: A Gentle Introduction To Cryptography
Let us take the example of scrambling an egg. First, crack the shell, pour the contents into a bowl and beat the contents vigorously until you achieved the needed result - well, a scrambled egg. This action of mixing the molecules of the egg is encryption. Since the molecules are mixed-up, we say the egg has achieved a higher state of entropy (state of randomness). To return the scrambled egg to its original form (including uncracking the shell) is decryption. Impossible? However, if we substitute the word "egg" and replace it with "number", "molecules" with "digits", it is POSSIBLE. This, my friend, is the exciting world of cryptography (crypto for short). It is a new field dominated by talented mathematicians who uses vocabulary like "non-linear polynomial relations", "overdefined systems of multivariate polynomial equations", "Galois fields", and so forth. These cryptographers uses language that mere mortals like us cannot pretend to understand. In the computer, everything stored are numbers. Your MP3 file is a number. Your text message is a number. Your address book is a longer number. The number 65 represents the character "A", 97 for the small "a", and so on. For humans, we recognize numbers with the digits from 0 to 9, where else, the computer can only recognize 0 or 1. This is the binary system which uses bits instead of digits. To convert bits to digits, just simply multiply the number of bits by 0.3 to get a good estimation. For example, if you have 256-bits of Indonesian Rupiah (one of the lowest currency denomination in the world), Bill Gates' wealth in comparison would be microscopic. The hexadecimal (base 16) system uses the ten digits from 0 to 9, plus the six extra symbols from A to F. This set has sixteen different "digits", hence the hexadecimal name. This notation is useful for computer workers to peek into the "real contents" stored by the computer. Alternatively, treat these different number systems as currencies, be it Euro, Swiss Franc, British Pound and the like. Just like an object can be priced with different values using these currencies, a number can also be "priced" in these different number systems as well. To digress a bit, have you ever wondered why you had to study prime numbers in school? I am sure most mathematics teachers do not know this answer. Answer: A subbranch called public-key cryptography which uses prime numbers especially for encrypting e-mails. Over there, they are talking of even bigger numbers like 2048, 4096, 8192 bits.) When we want to encrypt something, we need to use a cipher. A cipher is just an algorithm similar to a recipe for baking a cake. It has precise, unambiguous steps. To carry out the encryption process, you need a key (some called it passphrase). A good practice in cryptography needs the key used by a cipher must be of high entropy to be effective. Data Encryption Standard (DES), introduced as a standard in the late 1970's, was the most commonly used cipher in the 1980's and early 1990's. It uses a 56-bit key. It was broken in the late 1990's with specialized computers costing about US$250,000 in 56 hours. With today's (2005) hardware, it is possible to crack within a day. Subsequently, Triple-DES superseded DES as the logical way to preserve compatibility with earlier investments by big corporations (mainly banks). It uses two 56-bit key using three steps:- 1. Encrypt with Key 1. The effective key length used is only 112-bits (equivalent to 34 digits). The key is any number between 0 and 5192296858534827628530496329220095. Some modify the last process using Key 3, making it more effective at 168-bit keys. Advanced Encryption Standard (AES) was adopted as a standard by the National Institute of Standards & Technology, U.S.A. (NIST) in 2001. AES is based on the Rijndael (pronounced "rhine-doll") cipher developed by two Belgian cryptographers, Victor Rijmen and Joan Daemen. Typically, AES uses 256-bits (equivalent to 78 digits) for its keys. The key is any number between 0 and 15792089237316195423570985008687907853269984665640564039457584007913129639935. This number is the same as the estimated number of atoms in the universe. The National Security Agency (NSA) approved AES in June 2003 for protecting top-level secrets within US governmental agencies (of course subject to their approval of the implementation methods). They are reputedly the ones that can eavesdrop on all telephone conversations going on around the world. Besides, this organization is recognized to be the largest employer of mathematicians in the world and may be the largest buyer of computer hardware in the world. The NSA probably have cryptographic expertise many years ahead of the public and can undoubtedly break many of the systems used in practice. For reasons of national security, almost all information about the NSA - even its budget is classified. A brute force attack is basically to use all possible combinations in trying to decrypt encrypted materials. A dictionary attack usually refers to text-based passphrases (passwords) by using commonly used passwords. The total number of commonly used passwords is surprisingly small, in computer terms. An adversary is somebody, be it an individual, company, business rival, enemy, traitor or governmental agency who would probably gain by having access to your encrypted secrets. A determined adversary is one with more "brains" and resources. The best form of security is to have zero adversary (practically impossible to achieve), the next best is to have zero determined adversary! A keylogger is a software program or hardware to capture all keystrokes typed. This is by far the most effective mechanism to crack password-based implementations of cryptosystems. Software keylogger programs are more common because they are small, work in stealth-mode and easily downloaded from the internet. Advanced keyloggers have the ability to run silently on a target machine and remotely deliver the recorded information to the user who introduced this covert monitoring session. Keystroke monitoring, as everything else created by man, can either be useful or harmful, depending on the monitor's intents. All confidential information which passes through the keyboard and reaches the computer includes all passwords, usernames, identification data, credit card details, and confidential documents (as they are typed). For the last definition, we will use an example. Let's say you have your house equipped with the latest locks, no master keys and no locksmith can tamper with them. Your doors and windows are unbreakable. How then does an adversary get into your house without using a bulldozer to break your front door? Answer: the roof - by removing a few tiles, the adversary can get into your house. This is an exploit (weakness point). Every system, organization, individual has exploits. See, it is not that difficult after all. If you can understand the material presented in this article, congratulations - you have become crypto-literate (less than 1% of all current computer users). If you do not believe me, try using some of this newfound knowledge on your banker friends or computer professionals. Stan Seecrets' Postulate: "The sum total of all human knowledge is a prime number." Corollary: "The sum total of all human wisdom is not a prime number." This article may be freely reprinted providing it is published in its entirety, including the author's bio and link to the URL below. The author, Stan Seecrets, is a veteran software developer with 25+ years experience at (http://www.seecrets.biz) which specializes in protecting digital assets. This site provides quality software priced like books, free-reprint articles on stock charts and computer security, free downloads and numerous free stuff. © Copyright 2005, Stan Seecrets. All rights reserved.
MORE RESOURCES: US State Department issues worldwide security alert due to potential for attacks on LGBTQ people and events KCCI Des Moines 'Blow the whistle': Indiana's top election official spends $35k on security guide mailings • Indiana Capital Chronicle Indiana Capital Chronicle Canada security intelligence chief warns China can use TikTok to spy on users, CBC reports Reuters Canada Violence in New Caledonia subsides slightly as France sends reinforcements for security The Associated Press House Passes Israel Security Assistance Support Act | House Committee on Appropriations - Republicans House Appropriations Israel Resists Grand Bargain as U.S. and Saudis Work on Security Pact The New York Times U.S.-Ukraine Security Entanglement Risks Forever War The American Conservative International Community Meets to Discuss the Future of Nuclear Security International Atomic Energy Agency Security Alert: Worldwide Caution - U.S. Embassy & Consulates in Indonesia US Embassy and Consulates in Indonesia Palo Alto Networks and IBM to Jointly Provide AI-powered Security Offerings; IBM to Deliver Security Consulting ... IBM Newsroom Now armed with AI, America's adversaries will try to influence election, security officials warn The Associated Press Sean 'Diddy' Combs Allegedly Paid $50K to Obtain Hotel Security Footage of Cassie Assault: Lawsuit PEOPLE Women are worried about their financial security. That may affect the 2024 presidential election CNBC Nuclear security through the eyes of the Co-Presidents of ICONS 2024 International Atomic Energy Agency Security video appears to show Sean 'Diddy' Combs beating singer Cassie in hotel hallway in 2016 Washington Times Appropriators Lead Israel Security Assistance Support Act | House Committee on Appropriations - Republicans House Appropriations IBM Selling Cloud Security Software to Palo Alto Networks in Broader Cyber Strategy Shift The Wall Street Journal Security footage calls into question Anchorage police account of fatal shooting Alaska Public Media News TikTok is a threat to Canadians' data security, CSIS chief warns Bennington Banner Security Council Secretary: ‘Not an Inch of Armenian Land Ceded to Azerbaijan’ Armenian News by MassisPost NATO and Economic Security: A Political Oxymoron or Inevitability? CSIS | Center for Strategic and International Studies Canada Releases Defense Policy Update to Boost Security Department of Defense Amazon security guard tries to kill unsuspecting boss before he's shot dead in gunfight with police: 'He almost executed me' New York Post Identity Management and Information Security News for the Week of May 17; Exabeam, Saviynt, VAST Data, and More Solutions Review Fox News Poll: Abortion, economy, and border security are top deal-breakers in 2024 elections Fox News Putin has ditched his paranoid security chief. Here are 5 of the wackiest things Nikolai Patrushev has said. POLITICO Europe See cops working security at Tacoma grocery stores? Here’s why and what policies allow Tacoma News Tribune OWASP dep-scan: Open-source security and risk audit tool Help Net Security Opinion | Is TikTok Chinese ownership a U.S. national security issue? Come on. - The Washington Post Opinion | Is TikTok Chinese ownership a U.S. national security issue? Come on. The Washington Post New Survey Finds a Paradox of Confidence in Software Supply Chain Security Security Boulevard Diddy Seen Physically Assaulting Cassie in Never-Before-Seen 2016 Hotel Security Footage Entertainment Tonight Japan, Philippines Finalize Largest Maritime Security Pact Days After Chinese CG, Militia Aggression In SCS EurAsian Times EXCLUSIVE: Two students uncover security bug that could let millions do their laundry for free TechCrunch UN sexual violence envoy pulls out of Security Council briefing on Hamas hostages The Times of Israel Endpoint Security and Network Monitoring News for the Week of May 17; Alkira, Preamble, c/side, and More Solutions Review RSA Conference 2024: AI and the Future Of Security Security Boulevard The New U.S. Strategy on Global Health Security Think Global Health Multnomah County Signs $40 Million Contract for Armed and Unarmed Security at County Facilities, Including Public ... Willamette Week An inspector general warned the Justice Department of gaps in its security clearance appeals process Government Executive Patch Tuesday, May 2024 Edition – Krebs on Security Krebs on Security Fintech giant Flutterwave loses ₦11 billion to security breach Business Insider Africa Enabling Continuous Zero Trust in Multi-Cloud Environments with Netography Fusion Security Boulevard Center for International Maritime Security | Fostering the Discussion on Securing the Seas. - CIMSEC FCC proposes BGP security measures Network World PKI-Based Passkeys Lead The Way For A Passwordless Future Security Boulevard 7 months since Oct 7, UN Security Council holds first meeting entirely dedicated to Israeli hostages in Gaza All Israel News Votiro Keeps Up the Momentum in 2024 Security Boulevard The situation concerning Iraq - Security Council, 9628th meeting Welcome to the United Nations JLOTS, an obscure Army-Navy capability, arrives in Gaza NavyTimes.com 'Abnormal' security video, Google Drive led to Stephan Sterns' arrest in Madeline Soto case, documents show WKMG News 6 & ClickOrlando May 17: IDF fighter jet carries out rare strike on target in West Bank city of Jenin The Times of Israel Making Safety and Security Intrinsic to School Design Campus Security Today The Dell API Breach: It could have been prevented Security Boulevard Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds Security Boulevard Cybersecurity Insights with Contrast CISO David Lindner | 5/17/24 Security Boulevard Swift actions to mitigate the El nino weather effects on food security paid off - FAO Africanews English Yemeni security forces deploy in Aden as anger simmers over lengthy power outages The Associated Press U.S. Security Cooperation with Ukraine - United States Department of State Department of State |
RELATED ARTICLES
How to Know Whether an Email is a Fake or Not A few nights ago I received an email from "2CO" asking me to update my personal data. The sender did not forget to insert a link to log in, too. Spyware Removal Spyware SolutionProbably Today's Biggest Computer Problem.You Suffer Without Knowing Your PC is Infected!"The effects can be devastating. Phishing: An Interesting Twist On A Common Scam After Two Security Assessments I Must Be Secure, Right?---------------------------------------Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests. How to Fight Spyware If you are wondering how to fight spyware for safe web surfing, this Internet privacy article will answer some of your questions. By now you have probably heard about the dangers of spyware. The Saga of the Annoying Adware When we think of adware, what comes to mind are those annoying and pesky ads that pop up out of nowhere whenever we are surfing the net. Anybody who has surfed through the net has encountered those irritating pop-up adwares advertising everything from computer software down to Viagra. How to Manage Your Username and Password The Easy and Secure Way Have been an Internet user for more than 9 years, I have 100's of logins and passwords to keep. I'm paranoid. Avoiding Scams: If It Sounds Too Good to Be True, It Probably Is A week or so ago, I received an inquiry from a man in Indonesia about buying multiple copies of certain items on my website. I immediately suspected fraud, so I explained that I only had one piece of each. 8 Surefire Ways to Spot an EBAY Scam E-Mail and Protect Yourself from Identity Theft Ebay is a great site and is used by many to buy and sell new and used Items. It truly is the worlds Largest Garage Sale Unfortunately when an online site becomes as big and popular as E-Bay the scam artists seem to just naturally follow. Securing Your Accounts With Well-Crafted Passwords In the past I've never really paid much attention to security issues when it comes to user names and passwords. Frankly I figured it was all a lot of overblown hype. How Did This Happen to Me? Top 10 Ways to Get Spyware or Viruses on Your Computer If you use the internet, you have probably been infected with a virus, trojan or spyware. According to the SANS Internet Storm Center, the average unprotected PC is infected within 20 minutes of normal internet usage. Is Shopping Online For Your Horse Gifts Safe? Shopping for horse gifts or other gift items on the internetis quick, convenient and is probably safer than you think.However, you still need to be aware that it is essential tovigorously protect your privacy and financial informationwhen making purchases online. Dont be a Dork - Protect Yourself There are folks out there who use their powers for evil, not good. Let's not give them the opportunity to sneak into our lives and wreak havoc. From Spyware with Love! It's late. You've been scouring the web for that perfect present for your Aunt Bess in Idaho. Passwords or Pass Phrase? Protecting your Intellectual Property Much has been said on the theory of password protection for files, computer login, and other network access. In the past we used a combination of letters, special characters, and other techniques to try and prevent unwanted or unauthorized access to our computers, resources, and networks. Dont Miss Information Because of Misinformation It has been said that with the wealth of information, freely available, the Internet has the ability to make you smarter, faster, than any other medium on the planet. Of course with an equal amount of mis-information, it also has the ability to make you dumber, faster, than any other medium on the planet. Is My PC Vulnerable on the Internet? No longer are viruses the only threat on the internet. In recent years other threats have evolved which include spyware, adware, hacking, identity theft, information theft, pop-ups and the loss of information. SCAMS - Be Aware - And Report When Necessary The Internet is a vast International Network of people and businesses - and a place where people can make a fairly decent living. However, it is also a place where certain unsavory characters can freely roam - to take your dollars and run. If You Sell Anything Online Your ePockets Are Being Picked You and I are a lot alike. We are both software publishers and eBook authors getting hosed on a regular basis. Online Cell Phone Scams and Spam They're out there. Individuals trying to make a quick buck at your expense. A Basic Introduction To Spyware Spyware is the most troublesome software to appear on theInternet in recent times. When spyware infects a computersystem, it may be relatively harmless or it may bedevastating. |
home | site map |
© 2006 |