Article Categories
» Arts & Entertainment
» Automotive
» Business
» Careers & Jobs
» Education & Reference
» Finance
» Food & Drink
» Health & Fitness
» Home & Family
» Internet & Online Businesses
» Miscellaneous
» Self Improvement
» Shopping
» Society & News
» Sports & Recreation
» Technology
» Travel & Leisure
» Writing & Speaking

  Listed Article

  Category: Articles » Technology » Computer Security » Article
 

Seecrets On Security: A Gentle Introduction On Cryptography Part 2




By Stan Seecrets

The recent explosive growth of PC's and Internet-based commerce has significantly increased the need for a wide variety of computer security mechanisms. This article, the second of a three-part series, lays the underlying foundation in plain language.

A slightly longer series of articles "Keeping Your Secrets Secret" will examine practical examples in greater detail and provides useful tips and advice. Of course, these will continue with the theme of making crypto and computer security easily understood.

One-Way Hash

Also known as a one-way function, a message digest, a fingerprint or a checksum, the algorithm creates a fixed-length output that cannot be reversed. One-way hashes provide checksums to validate files, create digital certificates and played a central part in many authentication schemes.

Let us consider this example. For ages, the Chinese have a fortune-telling method that relies on "Ba Ji" (eight characters) which uses the time, day, month and year of birth according to their calendar. There are sixty possibilities (almost equal to 6 bits) for each of the four variables. Since the Chinese use two characters for each variable, the result is always eight characters. This is an example of a nonsecure 24-bit one-way hash.

Obviously, this way of producing a one-way hash is not acceptable for security purposes because of the huge number of collisions (different inputs producing the same output).

The most commonly used hashes are SHA-1 (Secure Hash Algorithm uses 160 bits) and MD5 (Message Digest uses 128 bits). In August 2005, a team of cryptographers led by Xiaoyun Wang of Shandong University, China, presented a paper that found faster ways of finding collisions than the usual brute force method. These exploits (vulnerabilities) may make digital certificates forgery a reality.

The implications to e-commerce may be widespread not to mention the millions of websites which used MD5 to hash the users' passwords in their databases. Any webmaster can tell you that converting these sites to use SHA-256 or SHA-512 will not be a trivial task.

In a recent directive, NIST (National Institute of Standards & Technology, U.S.A.) has advised U.S. governmental agencies to use SHA-256 or SHA-512 (256 and 512 bits respectively) instead.

Biometrics

A biometric device is one that can identify unique characteristics from a finger, eye or voice. Many believe that biometrics should provide a higher level of security than other forms of authentication.

There is a news story in March 2005 of how a Malaysian owner lost his Mercedes car and index finger to car thieves armed with machetes. Obviously the keyless ignition electronics cannot detect whether the finger is still part of the original body nor whether the finger (and by extension the person) is alive or not.

Recent security breaches have heightened concern over depositories of personal information stored on many financial sites. When such breaches occurred, the incidence of identity thefts will thus rise also.

If you lose your credit card, you can always void the card and get a new one. When you lose your fingerprint (stored digitally), or other biometric features, who can replace those?

Passwords

When asked to conjure a random number or characters, most people inevitably used materials that are familiar to them like birthdays, names of family members, pets' names and so forth.

For example, most will choose dates when asked to choose a six-digit number for their ATM Personal Identification Number (PIN). Doing so will reduce the number of possibilities by nine times.

Random Numbers and Generators

Random numbers are central to crypto. To qualify as true random numbers, the output from random number generators (RNG) must pass statistical tests of randomness. Two suites considered as de facto standards are the "diehard" suite developed by Prof. George Marsaglia of State University of Florida and "Statistical Test Suite" from NIST.

Second, the RNG's output must be unpredictable even with complete knowledge of the algorithm or hardware producing the series and all the previous bits produced.

Third, the RNG's output cannot be cloned in a repeat run even with the same input.

The most common approach to producing random numbers is by using an algorithm carried out by a computer program (Yarrow, Tiny, Egads, Mersenne Twister). Such algorithms cannot produce random numbers, hence their names, pseudo-random number generators (PRNG).

Another approach is to use physical events such as entropy produced by the keyboard, mouse, interrupts, white noise from microphones or speakers and disk drive behavior as the seed (initial value).

Some may argue that true random generators are those that can detect quantum behavior in subatomic physics. This is because randomness is inherent in the behavior of subatomic particles - remember the electron cloud from your high school physics.

One-time Pad

The most effective system is often the simplest. A one-time pad (OTP) is a series of random bits that has the same length as the digital object to be encrypted. To encrypt, just use a simple computer operation, exclusive OR (XOR). To decrypt, simply XOR the encrypted result with the same random bits.

The downside of using OTP is that once used, it must be discarded. Second, the OTP and the digital object must have the same number of bits. Lastly, the obvious problem of synchronizing the OTP between the receiver and sender.

[Author's note: The concluding Part 3 will focus on keys management and public key cryptography.]

"In God we trust, others use crypto."

© Copyright 2005, Stan Seecrets. All rights reserved.
 
 
About the Author
The author, Stan Seecrets, is a veteran software developer with 25+ years experience. For more of his articles and website promotion, visit http://www.seecrets.biz or http://www.rushprnews.com

Article Source: http://www.simplysearch4it.com/article/10295.html
 
If you wish to add the above article to your website or newsletters then please include the "Article Source: http://www.simplysearch4it.com/article/10295.html" as shown above and make it hyperlinked.



  Some other articles by Stan Seecrets
Seecrets On Google: Almost Everything You Want To Know About Google
This article takes a look into real Google-related issues, perhaps whimsically. It will also legitimately challenge for top rankings for the keyword google. Whether it succeed or fail, interesting results should be ...

Seecrets On Internet: An Ant Watching Giants Fight Part 2 (Google vs. Yahoo vs. Microsoft)
A new message reveals itself whenever there is a change within our society or culture. This is the effect of a ...

Seecrets On Search Engines: Joe Nogood Becomes President In Landslide Victory
This article introduces keywords, relevancy and possible abuses of search engines whimsically. It is an experiment to portray current Internet events and issues (where angels fear to tread) in a lighthearted perhaps entertaining ...

Seecrets On Website Promotion: Results Of Open Source Marketing Plan After 2 Months
Dave Chase in his column at iMedia "Sugarshots: The Big Picture" expounded on the virtues of Open-Source Marketing Plan. In his article, Dave explained the main ideas came from James Surowiecki's "The Wisdom ...

Seecrets On Website Promotion: Marketing Plan For Joe Nogood Gift Store
Joe Nogood owns a small but thriving gift store. He is middle-aged and he dabbles in the stock market and has survived ...

Seecrets On Website Promotion: How You Can Get A #1 Ranking For Your Website Name Within Thirty Days
Few businesses are prepared for the hyper speed and competition on the internet. Experts estimate that less than three percent of the tens of thousands of ...

  
  Recent Articles
Say Goodbye To Adware
by Josh George

Where to Find Free Spyware Removal
by Christopher Smith

Search Technologies to Solve the Problem of Information Security
by Alena Siameshka

Antivirus Software and Intrusion Prevention Solutions
by Joe Cohen

Conducting Information Systems Audit
by Wale Wahab

How to Speed Up Your Computer: Part 2
by Nathan Segal

Spyware Remover
by Greg Martinez

Antivirus Software - A Must For Your Computer
by Jakob Culver

Virus Alertness Tricks
by Andrew Corner

Viruses And Worms: Your System Needs Protection
by Garry Allen

Boost your Security with Biometry
by David Casper

Handheld Devices: Client Security and Connectivity Issues
by Joshua Feinberg

Can't connect to database