Secrets On Security: A Gentle Introduction To Cryptography

Let us take the example of scrambling an egg. First, crack the shell, pour the contents into a bowl and beat the contents vigorously until you achieved the needed result - well, a scrambled egg. This action of mixing the molecules of the egg is encryption. Since the molecules are mixed-up, we say the egg has achieved a higher state of entropy (state of randomness). To return the scrambled egg to its original form (including uncracking the shell) is decryption. Impossible?

However, if we substitute the word "egg" and replace it with "number", "molecules" with "digits", it is POSSIBLE. This, my friend, is the exciting world of cryptography (crypto for short). It is a new field dominated by talented mathematicians who uses vocabulary like "non-linear polynomial relations", "overdefined systems of multivariate polynomial equations", "Galois fields", and so forth. These cryptographers uses language that mere mortals like us cannot pretend to understand.

In the computer, everything stored are numbers. Your MP3 file is a number. Your text message is a number. Your address book is a longer number. The number 65 represents the character "A", 97 for the small "a", and so on.

For humans, we recognize numbers with the digits from 0 to 9, where else, the computer can only recognize 0 or 1. This is the binary system which uses bits instead of digits. To convert bits to digits, just simply multiply the number of bits by 0.3 to get a good estimation. For example, if you have 256-bits of Indonesian Rupiah (one of the lowest currency denomination in the world), Bill Gates' wealth in comparison would be microscopic.

The hexadecimal (base 16) system uses the ten digits from 0 to 9, plus the six extra symbols from A to F. This set has sixteen different "digits", hence the hexadecimal name. This notation is useful for computer workers to peek into the "real contents" stored by the computer. Alternatively, treat these different number systems as currencies, be it Euro, Swiss Franc, British Pound and the like. Just like an object can be priced with different values using these currencies, a number can also be "priced" in these different number systems as well.

To digress a bit, have you ever wondered why you had to study prime numbers in school? I am sure most mathematics teachers do not know this answer. Answer: A subbranch called public-key cryptography which uses prime numbers especially for encrypting e-mails. Over there, they are talking of even bigger numbers like 2048, 4096, 8192 bits.)

When we want to encrypt something, we need to use a cipher. A cipher is just an algorithm similar to a recipe for baking a cake. It has precise, unambiguous steps. To carry out the encryption process, you need a key (some called it passphrase). A good practice in cryptography needs the key used by a cipher must be of high entropy to be effective.

Data Encryption Standard (DES), introduced as a standard in the late 1970's, was the most commonly used cipher in the 1980's and early 1990's. It uses a 56-bit key. It was broken in the late 1990's with specialized computers costing about US$250,000 in 56 hours. With today's (2005) hardware, it is possible to crack within a day.

Subsequently, Triple-DES superseded DES as the logical way to preserve compatibility with earlier investments by big corporations (mainly banks). It uses two 56-bit key using three steps:-

1. Encrypt with Key 1.
2. Decrypt with Key 2.
3. Encrypt with Key 1.

The effective key length used is only 112-bits (equivalent to 34 digits). The key is any number between 0 and 5192296858534827628530496329220095. Some modify the last process using Key 3, making it more effective at 168-bit keys.

Advanced Encryption Standard (AES) was adopted as a standard by the National Institute of Standards & Technology, U.S.A. (NIST) in 2001. AES is based on the Rijndael (pronounced "rhine-doll") cipher developed by two Belgian cryptographers, Victor Rijmen and Joan Daemen. Typically, AES uses 256-bits (equivalent to 78 digits) for its keys. The key is any number between 0 and 15792089237316195423570985008687907853269984665640564039457584007913129639935. This number is the same as the estimated number of atoms in the universe.

The National Security Agency (NSA) approved AES in June 2003 for protecting top-level secrets within US governmental agencies (of course subject to their approval of the implementation methods). They are reputedly the ones that can eavesdrop on all telephone conversations going on around the world. Besides, this organization is recognized to be the largest employer of mathematicians in the world and may be the largest buyer of computer hardware in the world. The NSA probably have cryptographic expertise many years ahead of the public and can undoubtedly break many of the systems used in practice. For reasons of national security, almost all information about the NSA - even its budget is classified.

A brute force attack is basically to use all possible combinations in trying to decrypt encrypted materials.

A dictionary attack usually refers to text-based passphrases (passwords) by using commonly used passwords. The total number of commonly used passwords is surprisingly small, in computer terms.

An adversary is somebody, be it an individual, company, business rival, enemy, traitor or governmental agency who would probably gain by having access to your encrypted secrets. A determined adversary is one with more "brains" and resources. The best form of security is to have zero adversary (practically impossible to achieve), the next best is to have zero determined adversary!

A keylogger is a software program or hardware to capture all keystrokes typed. This is by far the most effective mechanism to crack password-based implementations of cryptosystems. Software keylogger programs are more common because they are small, work in stealth-mode and easily downloaded from the internet. Advanced keyloggers have the ability to run silently on a target machine and remotely deliver the recorded information to the user who introduced this covert monitoring session. Keystroke monitoring, as everything else created by man, can either be useful or harmful, depending on the monitor's intents. All confidential information which passes through the keyboard and reaches the computer includes all passwords, usernames, identification data, credit card details, and confidential documents (as they are typed).

For the last definition, we will use an example. Let's say you have your house equipped with the latest locks, no master keys and no locksmith can tamper with them. Your doors and windows are unbreakable. How then does an adversary get into your house without using a bulldozer to break your front door? Answer: the roof - by removing a few tiles, the adversary can get into your house. This is an exploit (weakness point). Every system, organization, individual has exploits.

See, it is not that difficult after all. If you can understand the material presented in this article, congratulations - you have become crypto-literate (less than 1% of all current computer users). If you do not believe me, try using some of this newfound knowledge on your banker friends or computer professionals.

Stan Seecrets' Postulate: "The sum total of all human knowledge is a prime number."

Corollary: "The sum total of all human wisdom is not a prime number."

This article may be freely reprinted providing it is published in its entirety, including the author's bio and link to the URL below.

The author, Stan Seecrets, is a veteran software developer with 25+ years experience at (http://www.seecrets.biz) which specializes in protecting digital assets. This site provides quality software priced like books, free-reprint articles on stock charts and computer security, free downloads and numerous free stuff. © Copyright 2005, Stan Seecrets. All rights reserved.

In The News:


Aljazeera.com

Milo Yiannopoulos' security cost UC Berkeley $800,000 | Far Right ...
Aljazeera.com
US university grappling with budget cuts and layoffs spends sum on security for far-right speaker's 15-minute rally.

and more »

Gizmodo

Source: Deloitte Breach Affected All Company Email, Admin Accounts
Krebs on Security
In its statement about the incident, Deloitte said it responded by “implementing its comprehensive security protocol and initiating an intensive and thorough review which included mobilizing a team of cyber-security and confidentiality experts inside ...
One of the World's Biggest Accounting Firms Hacked After Basic Security GoofGizmodo
Industry reactions to the Deloitte cyber attackHelp Net Security

all 88 news articles »

ZDNet

Microsoft adds new Microsoft 365 versions, plus security and management features
ZDNet
Microsoft is adding new Microsoft 365 bundles, and adding more features to these integrated Windows, Office 365 and Enterprise Mobiity + Security management and security subscription offerings. Microsoft introduced Microsoft 365 at its Inspire ...
Microsoft looks to the cloud to expand its security offeringsTechCrunch
Ignite 2017: Improving Security via the Microsoft's Intelligent Security GraphWindows IT Pro

all 188 news articles »

Forbes

Security Concerns Again Hang Over Winter Olympics
Forbes
The PyeongChang 2018 Olympic medals during their unveiling at a ceremony in Seoul on Sept. 21. (Photo by JUNG YEON-JE/AFP/Getty Images). North Korea ramped up its vitriol on Monday, undoubtedly increasing concerns by athletes who are preparing ...
South Korean Olympic chief downplays security concernsUPI.com

all 48 news articles »

Bloomberg

SEC Says It Told US Security Officials of Hack Months Ago
Bloomberg
The U.S. Securities and Exchange Commission told government cybersecurity officials about a hack into its database of corporate filings soon after it happened last year, months before the agency's new chairman made the breach public. Since disclosing ...

and more »

Daily Signal

Trump's New Travel Ban Is Standard Security Policy
Daily Signal
President Donald Trump's latest travel executive order restricts travel from seven countries that are known state sponsors of terrorism or have failed to work effectively with the U.S. against emerging threats. (Photo: Jonathan Ernst/Reuters /Newscom) ...
President Trump's New Travel Executive Order Has Little National Security JustificationCato Institute (blog)
White House expands travel ban, restricting visitors from eight countriesWashington Post

all 839 news articles »

cleveland.com

Cleveland Browns security guard robbed at gunpoint near FirstEnergy Stadium
cleveland.com
Darnell Hurt, an employee at Contemporary Services Corporation, which provides security for the Browns, said he was walking to the stadium to catch a bus that would take him and other employees to Indianapolis where they would provide security for the ...


Macworld

Report: Security hole in macOS Keychain puts passwords at risk
Macworld
Apple released macOS High Sierra on Monday, so it should be a nice way to spotlight the Mac this week after last week's iOS 11 and iPhone 8 releases. But a report by a security researcher at Synack puts a bit of a damper on the High Sierra release.
macOS High Sierra Automatically Performs Security Check on EFI Firmware Each WeekMac Rumors
Ex-NSA hacker drops macOS High Sierra zero-day hours before launchZDNet
High Sierra validates Mac firmware weekly, alerts users to possible security issuesAppleInsider (press release) (blog)

all 108 news articles »

East Bay Times

Safeway adds security, OKs arresting trespassers at downtown Concord store
East Bay Times
15 letter to Mayor Laura Hoffmeister, the supermarket chain responded to the city's concerns about shoplifting, trespassing and security at the downtown grocery store. Safeway confirmed plans to paint the building's exterior, evaluate the parking lot ...

and more »

WKRN.com

Church shooting suspect worked for security company less than 12 hours before Antioch attack
WKRN.com
NASHVILLE, Tenn. (WKRN) – The man arrested for the deadly shooting at an Antioch church Sunday applied for a security guard license Friday before the attack, and worked as a security guard Saturday night . Emanuel Samson attended a class for ...
Antioch Church Gunman Attended Unarmed Security Training Class Before AttackNewsChannel5.com
Alleged Antioch church gunman tried to renew security license days before shootingWZTV

all 618 news articles »
Google News

3 Pervasive Phishing Scams

Scams involving email continue to plague consumers across America, indeed... Read More

Secure Your PC From Hackers, Viruses, and Trojans

Viruses, Trojans and Spyware: Protecting yourself.No user on the internet... Read More

How Did This Happen to Me? Top 10 Ways to Get Spyware or Viruses on Your Computer

If you use the internet, you have probably been infected... Read More

Are You Surfing Safe?

Ok, you've got a computer, and you get online. You... Read More

Reclaim Your PC from the Internet Spies

Viruses are, however, not the only malicious software programs out... Read More

Identity Theft Article ? A Phisher Is Trying To Steal Your Identity!

Sooner or later everyone with an email account will receive... Read More

What Every Internet Marketer Should Know About Spyware

If you run any type of Internet business, Adware and... Read More

Top Five Online Scams

The top five online scams on the Internet hit nearly... Read More

Detect Spyware Online

You can detect spyware online using free spyware cleaners and... Read More

Identity Theft Offline -- So Many Possibilities

Chris Simpson, head of Scotland Yard's computer crime unit was... Read More

Avoid Internet Theft, Fraud and Phishing

Since its birth, the Internet has grown and expanded to... Read More

Types Of Computer Infections

Computer infections can be broken up into 4 main categories... Read More

Internet Identity Theft - How You Can Shield Yourself

With the advent of the World Wide Web, a whole... Read More

Personal Firewalls for Home Users

What is a Firewall?The term "firewall" illustrates a system that... Read More

If You Steal It, They May Come!

Business on the internet is getting down right shameless. This... Read More

Is Your Email Private? Part 1 of 3

In a word, no - an email message has always... Read More

Free Antivirus Security Software: Download Now to Eliminate Spyware, Pop Up Ads, etc.

Adware. Spyware. Pesky pop up ads. Internet congestion. Computer malfunctions... Read More

Blogs as Safe Haven for Cybercriminals?

To blog or not to blog? Well, why not? Lots... Read More

Beware of Imitations! Security, Internet Scams, and the African Real Estate Agenda

Fishing on the Internet has come a long way. However,... Read More

Is Spyware Watching You?

Imagine my surprise when I received a phone call from... Read More

Dont Miss Information Because of Misinformation

It has been said that with the wealth of information,... Read More

6 Ways To Prevent Identity Theft

These six ways to prevent identity theft offer you valuable... Read More

Remove Rogue Desktop Icons Created By Spyware

If you have used a Windows machine for a while,... Read More

Is The Internet Over Regulated

Today's Internet or World Wide Web is being over regulated.But,... Read More

Protecting Your Home Both Inside and Out

If you are a parent, you have probably wondered at... Read More