Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/a26f9f83/public_html/articles/includes/config.php on line 159
Secrets On Security: A Gentle Introduction To Cryptography > NetSparsh - Viral Content you Love & Share

Secrets On Security: A Gentle Introduction To Cryptography

Let us take the example of scrambling an egg. First, crack the shell, pour the contents into a bowl and beat the contents vigorously until you achieved the needed result - well, a scrambled egg. This action of mixing the molecules of the egg is encryption. Since the molecules are mixed-up, we say the egg has achieved a higher state of entropy (state of randomness). To return the scrambled egg to its original form (including uncracking the shell) is decryption. Impossible?

However, if we substitute the word "egg" and replace it with "number", "molecules" with "digits", it is POSSIBLE. This, my friend, is the exciting world of cryptography (crypto for short). It is a new field dominated by talented mathematicians who uses vocabulary like "non-linear polynomial relations", "overdefined systems of multivariate polynomial equations", "Galois fields", and so forth. These cryptographers uses language that mere mortals like us cannot pretend to understand.

In the computer, everything stored are numbers. Your MP3 file is a number. Your text message is a number. Your address book is a longer number. The number 65 represents the character "A", 97 for the small "a", and so on.

For humans, we recognize numbers with the digits from 0 to 9, where else, the computer can only recognize 0 or 1. This is the binary system which uses bits instead of digits. To convert bits to digits, just simply multiply the number of bits by 0.3 to get a good estimation. For example, if you have 256-bits of Indonesian Rupiah (one of the lowest currency denomination in the world), Bill Gates' wealth in comparison would be microscopic.

The hexadecimal (base 16) system uses the ten digits from 0 to 9, plus the six extra symbols from A to F. This set has sixteen different "digits", hence the hexadecimal name. This notation is useful for computer workers to peek into the "real contents" stored by the computer. Alternatively, treat these different number systems as currencies, be it Euro, Swiss Franc, British Pound and the like. Just like an object can be priced with different values using these currencies, a number can also be "priced" in these different number systems as well.

To digress a bit, have you ever wondered why you had to study prime numbers in school? I am sure most mathematics teachers do not know this answer. Answer: A subbranch called public-key cryptography which uses prime numbers especially for encrypting e-mails. Over there, they are talking of even bigger numbers like 2048, 4096, 8192 bits.)

When we want to encrypt something, we need to use a cipher. A cipher is just an algorithm similar to a recipe for baking a cake. It has precise, unambiguous steps. To carry out the encryption process, you need a key (some called it passphrase). A good practice in cryptography needs the key used by a cipher must be of high entropy to be effective.

Data Encryption Standard (DES), introduced as a standard in the late 1970's, was the most commonly used cipher in the 1980's and early 1990's. It uses a 56-bit key. It was broken in the late 1990's with specialized computers costing about US$250,000 in 56 hours. With today's (2005) hardware, it is possible to crack within a day.

Subsequently, Triple-DES superseded DES as the logical way to preserve compatibility with earlier investments by big corporations (mainly banks). It uses two 56-bit key using three steps:-

1. Encrypt with Key 1.
2. Decrypt with Key 2.
3. Encrypt with Key 1.

The effective key length used is only 112-bits (equivalent to 34 digits). The key is any number between 0 and 5192296858534827628530496329220095. Some modify the last process using Key 3, making it more effective at 168-bit keys.

Advanced Encryption Standard (AES) was adopted as a standard by the National Institute of Standards & Technology, U.S.A. (NIST) in 2001. AES is based on the Rijndael (pronounced "rhine-doll") cipher developed by two Belgian cryptographers, Victor Rijmen and Joan Daemen. Typically, AES uses 256-bits (equivalent to 78 digits) for its keys. The key is any number between 0 and 15792089237316195423570985008687907853269984665640564039457584007913129639935. This number is the same as the estimated number of atoms in the universe.

The National Security Agency (NSA) approved AES in June 2003 for protecting top-level secrets within US governmental agencies (of course subject to their approval of the implementation methods). They are reputedly the ones that can eavesdrop on all telephone conversations going on around the world. Besides, this organization is recognized to be the largest employer of mathematicians in the world and may be the largest buyer of computer hardware in the world. The NSA probably have cryptographic expertise many years ahead of the public and can undoubtedly break many of the systems used in practice. For reasons of national security, almost all information about the NSA - even its budget is classified.

A brute force attack is basically to use all possible combinations in trying to decrypt encrypted materials.

A dictionary attack usually refers to text-based passphrases (passwords) by using commonly used passwords. The total number of commonly used passwords is surprisingly small, in computer terms.

An adversary is somebody, be it an individual, company, business rival, enemy, traitor or governmental agency who would probably gain by having access to your encrypted secrets. A determined adversary is one with more "brains" and resources. The best form of security is to have zero adversary (practically impossible to achieve), the next best is to have zero determined adversary!

A keylogger is a software program or hardware to capture all keystrokes typed. This is by far the most effective mechanism to crack password-based implementations of cryptosystems. Software keylogger programs are more common because they are small, work in stealth-mode and easily downloaded from the internet. Advanced keyloggers have the ability to run silently on a target machine and remotely deliver the recorded information to the user who introduced this covert monitoring session. Keystroke monitoring, as everything else created by man, can either be useful or harmful, depending on the monitor's intents. All confidential information which passes through the keyboard and reaches the computer includes all passwords, usernames, identification data, credit card details, and confidential documents (as they are typed).

For the last definition, we will use an example. Let's say you have your house equipped with the latest locks, no master keys and no locksmith can tamper with them. Your doors and windows are unbreakable. How then does an adversary get into your house without using a bulldozer to break your front door? Answer: the roof - by removing a few tiles, the adversary can get into your house. This is an exploit (weakness point). Every system, organization, individual has exploits.

See, it is not that difficult after all. If you can understand the material presented in this article, congratulations - you have become crypto-literate (less than 1% of all current computer users). If you do not believe me, try using some of this newfound knowledge on your banker friends or computer professionals.

Stan Seecrets' Postulate: "The sum total of all human knowledge is a prime number."

Corollary: "The sum total of all human wisdom is not a prime number."

This article may be freely reprinted providing it is published in its entirety, including the author's bio and link to the URL below.

The author, Stan Seecrets, is a veteran software developer with 25+ years experience at (http://www.seecrets.biz) which specializes in protecting digital assets. This site provides quality software priced like books, free-reprint articles on stock charts and computer security, free downloads and numerous free stuff. © Copyright 2005, Stan Seecrets. All rights reserved.

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

Retirement Security: Fire And Fury In Telecommunications
Seeking Alpha
AT&T's merger with Time Warner has hit a brick wall and the market is celebrating. Here's what I'm doing. How about you? Subscribers to "Retirement: One Dividend At A Time" got an early look at this material via free instant text message trade alert ...

and more »

Forbes

How This Millennial Went From A High School Dropout To Cyber Security Expert
Forbes
Manan Shah, the 24-year-old founder of cyber security firm Avalance Global Solutions, is one of the top cyber security experts, but his path to the top was far from traditional. A high school dropout and former hacker, Shah had to overcome run-ins with ...


TechCrunch

Tortuga Logic raises $2 million to build chip-level security systems
TechCrunch
Tortuga Logic has raised $2 million in seed funding from Eclipse Ventures to help in their effort to maintain chip-level system security. Based in Palo Alto, the company plans to use the cash to build products that will find “lurking vulnerabilities ...


Fox News

Schools adept at shoring up security at any hint of danger
Fox News
Schools have become adept at rapidly shoring up security, measuring responses against the toll it could take on students' learning and sense of safety. The president of the National Association of School Resource Officers says schools regularly ...

and more »

New York Times

Homeland Security Official Resigns Over Remarks on African-Americans and Muslims
New York Times
WASHINGTON — The Department of Homeland Security's head of outreach to religious and community organizations resigned on Thursday after audio recordings revealed that he had previously made incendiary remarks about African-Americans and ...
Homeland Security Official Who Blamed Slums On 'Lazy Blacks' QuitsHuffPost
Homeland Security official Jamie Johnson resigns after comments ...Washington Post
Homeland Security's head of community outreach resigns over past controversial comments on black community, IslamCNN
Fort Dodge Messenger -New York Daily News -The Hill -FEMA.gov
all 71 news articles »

North Darfur security: Swiss aid worker released, kidnappers held
ReliefWeb
The security authorities in North Darfur announced on Wednesday that kidnapped Swiss aid worker Margaret Schenkel has been “released from her captors in a mountainous area during a professional security operation”. The head of the National ...

and more »

UN News Centre

Russia again vetoes extension of chemical experts in Syria
ABC News
And it was Russia's 11th veto of a Security Council resolution dealing with Syria, its close ally. Russia cast its latest veto Friday night on a last-ditch resolution by Japan to extend the mandate for 30 days for further discussions. It was supported ...
Security Council fails at fresh attempt to renew panel investigating chemical weapons use in SyriaUN News Centre
Security Council Considers 30-day Extension on Syria ExpertsVoice of America
The Investigation Into Chemical Attacks in Syria Is Fizzling Out After a Security Council ShowdownTIME

all 602 news articles »

UN News Centre

At Security Council, UN chief urges cooperation to tackle security challenges in Mediterranean
UN News Centre
17 November 2017 – The Mediterranean – a confluence of civilizations, cultures, religions, trade and migration – is facing multiple security challenges, such as terrorism, illicit trade in narcotics, environmental degradation and forced displacement ...

and more »

Computerworld

Strong and stable: The iOS security guide
Computerworld
So, what's the weakest point in mobile device security? Sadly, it's you. From tapping links in phony emails to accessing confidential password-protected information using open public Wi-Fi hotspots to simply using the same password everywhere: All ...

and more »

KING5.com

Seattle police plan security for tree lighting ceremony
KING5.com
Seattle police have a plan to secure next week's holiday tree lighting ceremony in Westlake Park, and it makes room for protesters to exercise their first amendment rights. "It's the kickoff for the holiday season," said James Sido, DSA spokesperson ...

Google News

Fishing for Fortunes. Scam!

Spelt phishing, but pronounced as above, this despicable act is... Read More

6 Ways To Prevent Identity Theft

These six ways to prevent identity theft offer you valuable... Read More

Online Shopping: 10 Tips For Safe Online Shopping

Have you ever bought a product or service from the... Read More

New CipherSend Online Security Service Thwarts Email Address Theft And Soothes Password Fatigue

In 1997, I decided after 15 years as a practicing... Read More

Firewalls: What They Are And Why You MUST Have One!

A firewall is a system or gateway that prevents unauthorized... Read More

Phishing - Identity Theft & Credit Card Fraud

What is Phishing? Phishing is a relatively newly coined term... Read More

From Spyware with Love!

It's late. You've been scouring the web for that perfect... Read More

Spy Scanners ? Don?t Compromise your Privacy

Spies, spyware, internet parasites are among what they are usually... Read More

The Saga of the Annoying Adware

When we think of adware, what comes to mind are... Read More

With the Rise of Internet Crimes, Users are Turning to High-Tech ?PI?s? for Solutions

High-tech private investigators are becoming the answer for many Internet... Read More

Mail Forwarding - Why Would You Do It?

First of all we need to get some terms stated.... Read More

What Every Internet Marketer Should Know About Spyware

If you run any type of Internet business, Adware and... Read More

Passwords or Pass Phrase? Protecting your Intellectual Property

Much has been said on the theory of password protection... Read More

Viruses and Worms: The Problems and Their Solutions

History and BackgroundThe virus was one of the first ever... Read More

The Importance of Protecting Your PC from Viruses and Spam

Today the internet is a mine field of malicious code... Read More

Cybercriminals Trick: Targeted Trojan-Containing Emails

Threats we ordinary Web users face online leave us no... Read More

IPv6 - Next Step In IP Security

IPv6, IntroductionThe high rate at wich the internet continualy evolves... Read More

Phishing: A Scary Way of Life

The Federal Bureau of Investigation has identified "phishing" as the... Read More

A Painless Plagiarism Solution

A crowded marketplace can lead to unethical webmasters using underhand... Read More

A New Low

A new variation of the Nigerian Scam theme ... Read More

Three-pronged Trojan Attack Threatens Security on the Internet

Glieder (Win32.Glieder.AK), Fantibag (Win32.Fantibag.A) and Mitglieder (Win32.Mitglieder.CT) are not names... Read More

How to Protect Yourself Against Online Criminals

Credit card fraud is a growing problem for online businesses... Read More

An Open Letter From a So-called Stupid

Someone recently told me, "You would have to be a... Read More

Why Corporations Need to Worry About Phishing

Phishing is a relatively new form of online fraud that... Read More

Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge

Is your enterprise following the rules?The bulk of financial information... Read More