Secrets On Security: A Gentle Introduction To Cryptography
Let us take the example of scrambling an egg. First, crack the shell, pour the contents into a bowl and beat the contents vigorously until you achieved the needed result - well, a scrambled egg. This action of mixing the molecules of the egg is encryption. Since the molecules are mixed-up, we say the egg has achieved a higher state of entropy (state of randomness). To return the scrambled egg to its original form (including uncracking the shell) is decryption. Impossible?
However, if we substitute the word "egg" and replace it with "number", "molecules" with "digits", it is POSSIBLE. This, my friend, is the exciting world of cryptography (crypto for short). It is a new field dominated by talented mathematicians who uses vocabulary like "non-linear polynomial relations", "overdefined systems of multivariate polynomial equations", "Galois fields", and so forth. These cryptographers uses language that mere mortals like us cannot pretend to understand.
In the computer, everything stored are numbers. Your MP3 file is a number. Your text message is a number. Your address book is a longer number. The number 65 represents the character "A", 97 for the small "a", and so on.
For humans, we recognize numbers with the digits from 0 to 9, where else, the computer can only recognize 0 or 1. This is the binary system which uses bits instead of digits. To convert bits to digits, just simply multiply the number of bits by 0.3 to get a good estimation. For example, if you have 256-bits of Indonesian Rupiah (one of the lowest currency denomination in the world), Bill Gates' wealth in comparison would be microscopic.
The hexadecimal (base 16) system uses the ten digits from 0 to 9, plus the six extra symbols from A to F. This set has sixteen different "digits", hence the hexadecimal name. This notation is useful for computer workers to peek into the "real contents" stored by the computer. Alternatively, treat these different number systems as currencies, be it Euro, Swiss Franc, British Pound and the like. Just like an object can be priced with different values using these currencies, a number can also be "priced" in these different number systems as well.
To digress a bit, have you ever wondered why you had to study prime numbers in school? I am sure most mathematics teachers do not know this answer. Answer: A subbranch called public-key cryptography which uses prime numbers especially for encrypting e-mails. Over there, they are talking of even bigger numbers like 2048, 4096, 8192 bits.)
When we want to encrypt something, we need to use a cipher. A cipher is just an algorithm similar to a recipe for baking a cake. It has precise, unambiguous steps. To carry out the encryption process, you need a key (some called it passphrase). A good practice in cryptography needs the key used by a cipher must be of high entropy to be effective.
Data Encryption Standard (DES), introduced as a standard in the late 1970's, was the most commonly used cipher in the 1980's and early 1990's. It uses a 56-bit key. It was broken in the late 1990's with specialized computers costing about US$250,000 in 56 hours. With today's (2005) hardware, it is possible to crack within a day.
Subsequently, Triple-DES superseded DES as the logical way to preserve compatibility with earlier investments by big corporations (mainly banks). It uses two 56-bit key using three steps:-
1. Encrypt with Key 1.
The effective key length used is only 112-bits (equivalent to 34 digits). The key is any number between 0 and 5192296858534827628530496329220095. Some modify the last process using Key 3, making it more effective at 168-bit keys.
Advanced Encryption Standard (AES) was adopted as a standard by the National Institute of Standards & Technology, U.S.A. (NIST) in 2001. AES is based on the Rijndael (pronounced "rhine-doll") cipher developed by two Belgian cryptographers, Victor Rijmen and Joan Daemen. Typically, AES uses 256-bits (equivalent to 78 digits) for its keys. The key is any number between 0 and 15792089237316195423570985008687907853269984665640564039457584007913129639935. This number is the same as the estimated number of atoms in the universe.
The National Security Agency (NSA) approved AES in June 2003 for protecting top-level secrets within US governmental agencies (of course subject to their approval of the implementation methods). They are reputedly the ones that can eavesdrop on all telephone conversations going on around the world. Besides, this organization is recognized to be the largest employer of mathematicians in the world and may be the largest buyer of computer hardware in the world. The NSA probably have cryptographic expertise many years ahead of the public and can undoubtedly break many of the systems used in practice. For reasons of national security, almost all information about the NSA - even its budget is classified.
A brute force attack is basically to use all possible combinations in trying to decrypt encrypted materials.
A dictionary attack usually refers to text-based passphrases (passwords) by using commonly used passwords. The total number of commonly used passwords is surprisingly small, in computer terms.
An adversary is somebody, be it an individual, company, business rival, enemy, traitor or governmental agency who would probably gain by having access to your encrypted secrets. A determined adversary is one with more "brains" and resources. The best form of security is to have zero adversary (practically impossible to achieve), the next best is to have zero determined adversary!
A keylogger is a software program or hardware to capture all keystrokes typed. This is by far the most effective mechanism to crack password-based implementations of cryptosystems. Software keylogger programs are more common because they are small, work in stealth-mode and easily downloaded from the internet. Advanced keyloggers have the ability to run silently on a target machine and remotely deliver the recorded information to the user who introduced this covert monitoring session. Keystroke monitoring, as everything else created by man, can either be useful or harmful, depending on the monitor's intents. All confidential information which passes through the keyboard and reaches the computer includes all passwords, usernames, identification data, credit card details, and confidential documents (as they are typed).
For the last definition, we will use an example. Let's say you have your house equipped with the latest locks, no master keys and no locksmith can tamper with them. Your doors and windows are unbreakable. How then does an adversary get into your house without using a bulldozer to break your front door? Answer: the roof - by removing a few tiles, the adversary can get into your house. This is an exploit (weakness point). Every system, organization, individual has exploits.
See, it is not that difficult after all. If you can understand the material presented in this article, congratulations - you have become crypto-literate (less than 1% of all current computer users). If you do not believe me, try using some of this newfound knowledge on your banker friends or computer professionals.
Stan Seecrets' Postulate: "The sum total of all human knowledge is a prime number."
Corollary: "The sum total of all human wisdom is not a prime number."
This article may be freely reprinted providing it is published in its entirety, including the author's bio and link to the URL below.
The author, Stan Seecrets, is a veteran software developer with 25+ years experience at (http://www.seecrets.biz) which specializes in protecting digital assets. This site provides quality software priced like books, free-reprint articles on stock charts and computer security, free downloads and numerous free stuff. © Copyright 2005, Stan Seecrets. All rights reserved.
Reporting Internet Scams
When it comes to reporting Internet scams most of us either don't have a clue who to contact or just ignore them in our email. But according to an FBI report in December 2004, nearly ten million people last year didn't ignore them and fell for the latest Internet scams. The money those victims lost totaled nearly $5 billion.
Don?t Become An Identity Fraud Statistic!
"You've just won a fabulous vacation or prize package! Now, if you'll kindly give me your credit card information and social security number for verification purposes, you will receive this awesome gift!"
AbstractHomogeneous symmetries and congestion control have garnered limited interest from both cryptographers and computational biologists in the last several years . In fact, few steganographers would disagree with the investigation of spreadsheets. Our focus in this work is not on whether write-back caches and evolutionary programming  can cooperate to achieve this intent, but rather on exploring an analysis of Markov models (Eale).
An Open Door To Your Home Wireless Internet Network Security?
This is not some new fangled techno-speak, it is a real tool to be used for the protection of your wireless internet network and LAN. African American SMBs have to realize that if your Internet connection is on 24/7 then your network, and it is a network that your computer is connected to, is at risk. Any business that uses the Internet to share or exchange information, news, or ideas with clients, vendors, partners, or other locations look in the reflection of your monitor and realize that your business is an unintentional (or intentional) target.
Virus and Adware - Fix them Both!
We all get the odd virus now and then, but sometimes that one virus could cause so many problems. In this article I shall be going though just some of the problems that these virus software programs can do, and how to fix them.
Eliminate Adware and Spyware
Everyone should eliminate spyware and adware from your hard drive for your computer privacy protection. Spyware and adware programs also slow down the speed of your computer by cluttering your hard drive with annoying programs. Once you eliminate adware and spyware, your computer speed will improve immediately.
Types Of Computer Infections
Computer infections can be broken up into 4 main categories which are explained in detail below:
8 Surefire Ways to Spot an E-Mail Identity Theft Scam!
The E-Mail Identity Theft Scam is running Rampant. These E-Mail Scam artists will go to great lengths to Get Your Bank Account information and Steal your Identity. Learn how to Protect To Yourself Now!
Spyware ? Your Web Browser is the Culprit!
My first experience with a spyware BHO based infection was several months ago. I had gone through all of the usual steps with the client's machine to clean it. Ad-Aware was run, Spybot: Search and Destroy was as well. Nothing looked suspicious in the system's startup. All appeared well, but it wasn't.
5 Tips For An Unbreakable Password
Despite the current wave of identity theft and corporate security breaches it's amazing how very few people treat their passwords with any level of seriousness. Most computers users, both at home and in the office, see passwords as a nuisance and therefore make them as easy to remember as possible. This can be a catastrophic mistake.
With the Rise of Internet Crimes, Users are Turning to High-Tech ?PI?s? for Solutions
High-tech private investigators are becoming the answer for many Internet users who have been victimized online. The use of e-mail by that unethical element lurking in cyberspace rings all too common these days. With law enforcement agencies overwhelmed and under trained to address these issues, victims have often been left to deal with them on their own.
Delete Cookies: New-Age Diet or Common Sense Internet Security?
No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet. It's about cookies on your computer - what they are, why they are there, and what to do about them. Computer cookies actually have quite a bit in common with their baked counterparts - some are good, some are bad, and they have expiration dates.
Preventing Online Identity Theft
Identity theft is one of the most common criminal acts in society today. Criminals will use your personal information such as banking accounts and passwords, to pretend that they are you. They may take out credit cards in your name, mortgages, or even worse. The internet has opened up a whole world of possibilities for these criminals, and the threat is very real. There are things that you can do to help prevent such a crime. It costs very little to protect your information, and it is money well spent.
Consumers: Shop Online and Get Information Safely
Do you really have to know how feeds work? Not really. But you do need to understand how they can benefit you as a consumer or as an information seeker.
What Can Be Done About Spyware And Adware
Having a good Spyware eliminator on your computer is vital now a days with all of the different Spyware, Adware, and other malicious computer parasites that are out there. Most of them are reasonably priced and very easy to use.
Email Scams ? Ten Simple Steps To Avoiding Them
According to the Anti-Phishing Working Group (APWG) email scams also known as phishing attacks claim more than 2,000 victims each day from more than 75 million phishing emails that are sent each day. The APWG also claims that these email scams steal close to $1 billion a year from its victims.
A Painless Plagiarism Solution
A crowded marketplace can lead to unethical webmasters using underhand techniques to get ahead of their competitors and online plagiarism is one of the easiest.
Web Browsing - Collected Information
You may not realize it, but as you are surfing the web all sorts of details are being left behind about your computer and where you have been. Most of this information is used harmlessly in website statistics, but it could also be used to profile you, or identify you as a vulnerable target for an exploit.
Password Security and Safety
There is nothing more important that password security in world of technology. It is the first step to creating a safe and secure environment. If your password becomes compromised, there are limitless consequences to what could happen. There are a few very important factors in keeping your passwords safe and secure that everyone should adhere to.
Phishing: An Interesting Twist On A Common Scam
After Two Security Assessments I Must Be Secure, Right?---------------------------------------Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests. When the final report came in, your company was given a clean bill of health. At first, you felt relieved, and confident in your security measures. Shortly thereafter, your relief turned to concern. "Is it really possible that we are completely secure?" Given you're skepticism, you decide to get one more opinion.
|© Athifea Distribution LLC - 2013|