![]() | |
![]() | |
![]() |
Security Information |
|
![]() |
Secrets On Security: A Gentle Introduction To Cryptography
Let us take the example of scrambling an egg. First, crack the shell, pour the contents into a bowl and beat the contents vigorously until you achieved the needed result - well, a scrambled egg. This action of mixing the molecules of the egg is encryption. Since the molecules are mixed-up, we say the egg has achieved a higher state of entropy (state of randomness). To return the scrambled egg to its original form (including uncracking the shell) is decryption. Impossible? However, if we substitute the word "egg" and replace it with "number", "molecules" with "digits", it is POSSIBLE. This, my friend, is the exciting world of cryptography (crypto for short). It is a new field dominated by talented mathematicians who uses vocabulary like "non-linear polynomial relations", "overdefined systems of multivariate polynomial equations", "Galois fields", and so forth. These cryptographers uses language that mere mortals like us cannot pretend to understand. In the computer, everything stored are numbers. Your MP3 file is a number. Your text message is a number. Your address book is a longer number. The number 65 represents the character "A", 97 for the small "a", and so on. For humans, we recognize numbers with the digits from 0 to 9, where else, the computer can only recognize 0 or 1. This is the binary system which uses bits instead of digits. To convert bits to digits, just simply multiply the number of bits by 0.3 to get a good estimation. For example, if you have 256-bits of Indonesian Rupiah (one of the lowest currency denomination in the world), Bill Gates' wealth in comparison would be microscopic. The hexadecimal (base 16) system uses the ten digits from 0 to 9, plus the six extra symbols from A to F. This set has sixteen different "digits", hence the hexadecimal name. This notation is useful for computer workers to peek into the "real contents" stored by the computer. Alternatively, treat these different number systems as currencies, be it Euro, Swiss Franc, British Pound and the like. Just like an object can be priced with different values using these currencies, a number can also be "priced" in these different number systems as well. To digress a bit, have you ever wondered why you had to study prime numbers in school? I am sure most mathematics teachers do not know this answer. Answer: A subbranch called public-key cryptography which uses prime numbers especially for encrypting e-mails. Over there, they are talking of even bigger numbers like 2048, 4096, 8192 bits.) When we want to encrypt something, we need to use a cipher. A cipher is just an algorithm similar to a recipe for baking a cake. It has precise, unambiguous steps. To carry out the encryption process, you need a key (some called it passphrase). A good practice in cryptography needs the key used by a cipher must be of high entropy to be effective. Data Encryption Standard (DES), introduced as a standard in the late 1970's, was the most commonly used cipher in the 1980's and early 1990's. It uses a 56-bit key. It was broken in the late 1990's with specialized computers costing about US$250,000 in 56 hours. With today's (2005) hardware, it is possible to crack within a day. Subsequently, Triple-DES superseded DES as the logical way to preserve compatibility with earlier investments by big corporations (mainly banks). It uses two 56-bit key using three steps:- 1. Encrypt with Key 1. The effective key length used is only 112-bits (equivalent to 34 digits). The key is any number between 0 and 5192296858534827628530496329220095. Some modify the last process using Key 3, making it more effective at 168-bit keys. Advanced Encryption Standard (AES) was adopted as a standard by the National Institute of Standards & Technology, U.S.A. (NIST) in 2001. AES is based on the Rijndael (pronounced "rhine-doll") cipher developed by two Belgian cryptographers, Victor Rijmen and Joan Daemen. Typically, AES uses 256-bits (equivalent to 78 digits) for its keys. The key is any number between 0 and 15792089237316195423570985008687907853269984665640564039457584007913129639935. This number is the same as the estimated number of atoms in the universe. The National Security Agency (NSA) approved AES in June 2003 for protecting top-level secrets within US governmental agencies (of course subject to their approval of the implementation methods). They are reputedly the ones that can eavesdrop on all telephone conversations going on around the world. Besides, this organization is recognized to be the largest employer of mathematicians in the world and may be the largest buyer of computer hardware in the world. The NSA probably have cryptographic expertise many years ahead of the public and can undoubtedly break many of the systems used in practice. For reasons of national security, almost all information about the NSA - even its budget is classified. A brute force attack is basically to use all possible combinations in trying to decrypt encrypted materials. A dictionary attack usually refers to text-based passphrases (passwords) by using commonly used passwords. The total number of commonly used passwords is surprisingly small, in computer terms. An adversary is somebody, be it an individual, company, business rival, enemy, traitor or governmental agency who would probably gain by having access to your encrypted secrets. A determined adversary is one with more "brains" and resources. The best form of security is to have zero adversary (practically impossible to achieve), the next best is to have zero determined adversary! A keylogger is a software program or hardware to capture all keystrokes typed. This is by far the most effective mechanism to crack password-based implementations of cryptosystems. Software keylogger programs are more common because they are small, work in stealth-mode and easily downloaded from the internet. Advanced keyloggers have the ability to run silently on a target machine and remotely deliver the recorded information to the user who introduced this covert monitoring session. Keystroke monitoring, as everything else created by man, can either be useful or harmful, depending on the monitor's intents. All confidential information which passes through the keyboard and reaches the computer includes all passwords, usernames, identification data, credit card details, and confidential documents (as they are typed). For the last definition, we will use an example. Let's say you have your house equipped with the latest locks, no master keys and no locksmith can tamper with them. Your doors and windows are unbreakable. How then does an adversary get into your house without using a bulldozer to break your front door? Answer: the roof - by removing a few tiles, the adversary can get into your house. This is an exploit (weakness point). Every system, organization, individual has exploits. See, it is not that difficult after all. If you can understand the material presented in this article, congratulations - you have become crypto-literate (less than 1% of all current computer users). If you do not believe me, try using some of this newfound knowledge on your banker friends or computer professionals. Stan Seecrets' Postulate: "The sum total of all human knowledge is a prime number." Corollary: "The sum total of all human wisdom is not a prime number." This article may be freely reprinted providing it is published in its entirety, including the author's bio and link to the URL below. The author, Stan Seecrets, is a veteran software developer with 25+ years experience at (http://www.seecrets.biz) which specializes in protecting digital assets. This site provides quality software priced like books, free-reprint articles on stock charts and computer security, free downloads and numerous free stuff. © Copyright 2005, Stan Seecrets. All rights reserved.
MORE RESOURCES: Letters: Recruiting security volunteers could be quite useful, St. Paul and Minneapolis St. Paul Pioneer Press Tallahassee hospital cancels procedures, diverts EMS after IT security issue Tallahassee Democrat
Band of Barbers, Judges and Security Guards Uses Soviet-Era Guns to Repel Russian Drones The Wall Street Journal Electronic pollbook security raises concerns going into 2024 The Associated Press - en Español Lax Supreme Court security made leak investigation far more difficult: Report Washington Examiner President Biden Announces Appointments to the Presidentâs ... The White House Deputy Secretary Sherman's Meeting with Poland's National ... Department of State Electronic pollbook security raises concerns going into 2024 New Haven Register Biden Administration Announces Additional Security Assistance for ... Department of Defense CBP proposes efforts to strengthen aviation security | U.S Customs and Border Protection Texas Senate leaders signal intent to spend big on border security The Texas Tribune Palestinian leaders ârebuff' pressure to resume security coordination The Jerusalem Post Downtown bars under new security guidelines following fatal ... The Turlock Journal Basketball games add extra security after multiple lockdowns in Wake County during the week WRAL News Air Force sees national security threat in Chinese-owned corn mill Successful Farming Viral âsecurity guardâ dancer brings back moves for basketball season WATE 6 On Your Side Statement of Homeland Security Secretary Mayorkas on the Family ... Homeland Security Attacks on Electrical Substations Raise Alarm The New York Times Barely Dressed Woman Meanders Through Security At The Miami ... View from the Wing Transportation Security Administration confiscates 8th firearm at Reagan National Airport this year Washington Times Memphis Police Chief Trained With Israel Security Forces The Intercept Turkey says West failed to share details of security threat The Associated Press - en Español USENIX Security â22 â âHow Machine Learning Is Solving The Binary Function Similarity Proble... Security Boulevard Williamsport security guard allegedly chokeholds boy PAHomePage.com CISA establishes new office to âoperationalizeâ supply chain security Federal News Network Teen arrested on suspicion of killing security guard at party in Muscoy San Bernardino County Sun DHS Announces Process Enhancements for Supporting Labor ... Homeland Security More Than $3 Billion in Additional Security Assistance for Ukraine Department of Defense Special Envoy for Global Food Security Fowler's Travel to Zambia ... Department of State Git patches two critical remote code execution security flaws BleepingComputer Identity Thieves Bypassed Experian Security to View Credit Reports ... Krebs on Security Microsoft ends Windows 7 extended security updates on Tuesday BleepingComputer House Republicans Preparing Broad Inquiry Into F.B.I. and Security Agencies The New York Times Musk's Twitter still violates FTC security pact, new whistleblower says The Washington Post |
![]() |
![]() |
![]() |
RELATED ARTICLES
Watching the Watchers: Detection and Removal of Spyware If spyware were a person and he set himself up in yourhouse, you are likely going to do one of two things. You'llkick him out yourself or you'll call someone (such as thepolice) to do it for you. Protect Your Little Black Book The movie Little Black Book features a young woman, Stacy, who is frustrated when her boyfriend refuses to share information about his past relationships. When his PDA, a Palm Tungsten C, falls into her hands, she is faced with a conundrum. Computer Security What is computer security?Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. 8 Surefire Ways to Spot an E-Mail Identity Theft Scam! The E-Mail Identity Theft Scam is running Rampant. These E-Mail Scam artists will go to great lengths to Get Your Bank Account information and Steal your Identity. Website Security - Creating a Bulletproof Site in 5 Easy Steps When it comes to a secure website and passwords it is all in your hands to create a password that a hacker simply cannot crack. However, this will require that you be creative and use everything at your fingertips to create the strongest password possible for a secure web site. Phishing - Its Signs and Your Options Phishing is the act of some individual sending an email to a user in an attempt to scam the user to release personal information. Is it easy to determine if it's a scam? Sometimes - but not always. Identity Theft - Beware of Phishing Attacks! "Dear Bank of the West customer", the message begins. I've just received an e-mail message, purportedly from the security department at the Bank of the West. What is Hacking? Are You a Hacker? WHAT IS HACKING?Hacking, sometimes known as "computer crime" has only recently been taken very seriously. The activities undertaken by the real hackers have been criminalized and they are now being legally persecuted on a scale disproportional to the actual threat they pose. Personal Firewalls for Home Users What is a Firewall?The term "firewall" illustrates a system that protects a network and the machines on them from various types of attack. Firewalls are geared towards keeping the server up all the time and protecting the entire network. Virus and Adware - Fix them Both! We all get the odd virus now and then, but sometimes that one virus could cause so many problems. In this article I shall be going though just some of the problems that these virus software programs can do, and how to fix them. Protecting Your Identity On The Internet Afraid that someone is monitoring your PC or installed a keylogger to record every single keystroke? Find out which tools you need to get to make sure you are protected.X-Cleaner Deluxehttp://www. Click Here To Defeat Evil Microsoft routinely releases new security updates, many of which are given it's highest severity rating "critical". Here's a typical announcement:"A security issue has been identified that could allow an attacker tocompromise a computer running Internet Explorer and gain control over it. How Free Scripts Can Create Security Problems With the Internet entering our lives in such an explosive manner, it was inevitable that Internet security issues would follow as well. While credit card frauds are an offline security problem that has been carried over to the Internet as well, spamming and phishing are uniquely Internet security hazards. Phishing: An Interesting Twist On A Common Scam After Two Security Assessments I Must Be Secure, Right?---------------------------------------Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests. Criminals are Fishing For Your Identity What is Phishing? In a typical Phishing attack, a criminal will send you an email which appears to be from a well known company, bank or government agency. The email will direct you to click on a link which directs you to a Website or pop-up box that looks like the company's or organization's legitimate site. Firewall Protection - Does Your Firewall Do This? The first thing people think about when defending their computers and networks is an up-to-date antivirus program. Without this most basic protection, your computer will get a virus, which could just slow it down or potentially bring the pc to a complete standstill!So anti-virus software is the answer?An anti-virus solution on it's own is not the answer to all of your problems, it can only protect you so much; in fact test have shown that a new pc running Windows XP if left connected to the Internet unprotected will be infected with viruses and remotely controlled via unauthorised persons within 20 minutes! To protect you against hackers and often to prevent spyware and 'scumware' from communicating directly with their servers about information it may have picked up from your pc, a firewall should form the key part of your e-security solution. Don't Become An Identity Fraud Statistic! "You've just won a fabulous vacation or prize package! Now, if you'll kindly give me your credit card information and social security number for verification purposes, you will receive this awesome gift!"Now why would they need my credit card or social security number to send me a freebie? Can you say, "identity theft?"Although there are legitimate reasons for people to need that information, such as a purchase or job application, thieves need it to steal your life and money from you!Crime officials are reporting that this kind of theft is becoming quite common. Don't be a victim! Follow a few common-sense suggestions to avoid finding out someone else has taken over your life-along with your bank account!-Do not allow anyone to borrow your credit cards! Your best friend may be trustworthy, but her boyfriend may not be!-Don't provide personal information such as date of birth, credit card numbers, your pin number, mom's maiden name, or social security number over the telephone unless you initiate the call. Ransom Trojan Uses Cryptography for Malicious Purpose Every day millions of people go online to find information, to do business, to have a good time. Alas, some people go there to commit crimes as well. Dont Get Hacked - A Guide to Protecting Your Business from Thieves You've seen it in the news - 40 million credit cards exposed!With all the news about web sites being hacked and cyberthieves stealing credit card numbers and other personal data,it's no wonder that some shoppers are still hesitant to providepayment information online. You don't have to be. Hacking the Body Via PDA Wireless Device First I would like to stress I am condoning the art of hacking. Nor am I condoning the control and manipulation of the human race by way of frequencies interacting with the biological systems, which run the human body. ![]() |
home | site map |
© 2006 |