Scribd Logo
Upload

Welcome to Scribd!

  • Cryptography and The Internet

    Uploaded by

    Iqbal Pramadita
    24 views15 pages
    A presentation about the relationship between cryptography and the Internet.

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    A presentation about the relationship between cryptography and the Internet.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    24 views15 pages

    Cryptography and The Internet

    Uploaded by

    Iqbal Pramadita
    A presentation about the relationship between cryptography and the Internet.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    Cryptography and the Internet

    Daryl Banttari daryl@windsorcs.com

    Introduction

    Cryptography
    There

    are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. This book is about the latter.
    --Bruce Schneier, preface, Applied Cryptography, Second Ed

    http://www.counterpane.com/actoc.html

    Topics of Discussion

    Types of Cryptography Applications to the Internet


    SSL

    Digital

    Signatures Digital Signatures and SSL E-Mail Encryption and Authentication (PGP)

    Types of Cryptography

    Cryptographically Strong Hash Functions (MD5) Symmetric Key (Conventional) Encryption Public Key Encryption

    The MD5 Hash Algorithm

    Hash("Hello1"): 7A6D1B13498FB5B3085B2FD887933575 Hash("Hello2"): B83099B8CE596F31F2F60C8FD4D72826 Hash("Hello3"): E1C0F8926581BE86F96BD0007371CCA0

    Turns an arbitrary string into a 128-bit Message Digest or Hash Always creates the same hash when given the same string Impossible* to create a string from a hash or to alter a string and produce the same hash Commonly used to verify that files are unaltered
    *Impossible: read Practically Impossible. It is believed to require 2128 operations to produce a message that would create a given digest. http://www.faqs.org/rfcs/rfc1321.html

    Symmetric Encryption

    Proven and Secure Fast Uses the same key to decrypt as was used to encrypt Requires out of band communication to exchange the key

    Public Key Encryption

    Pioneered by Whitfield Diffie and Martin Hellman in 1975. Data encrypted with the Public key can only be decrypted with the Private key, even by the encrypter Data encrypted with Private key can only be decrypted by the Public key Commonly used to exchange a conventional session key Public key encryption algorithms include RSA, DSA, Diffie-Hellman, Blowfish

    SSL

    Secure Server gives its Public key to the client The client generates a conventional Session key The client encrypts Session key with servers Public key The rest of the communication uses Session key for speed
    http://developer.netscape.com/docs/manuals/security/sslin/contents.htm

    Digital Signatures

    MD5 Hash created of document Hash in encrypted with Private key and appended to document If the hash you decrypt using the senders Public key matches your own hash of the document:
    The document must have been unaltered in transit The document must have come from the sender

    The combination of hash and private key is a Digital Signature

    SSL Certificate Signing

    Encryption does not equal authentication Some means needed of ensuring consumer that they are sending their credit card number to the people they expect, not some lookalike Web server Verisign et al diligently ensure the public key belongs to a given organization
    Attach organization info and expiration date to public key Digitally sign public key with attached info Public key of major certificate signers shipped with browsers

    E-Mail Encryption and/or Authentication

    PGP is an open, reasonably easy method of applying digital signatures and encryption to email People and organizations can sign a message that can then can be verified for authenticity by their public key PGP uses session keys like SSL, so messages can be encrypted to multiple recipients without multiplying size of message- think of a keyed safe with multiple lock-boxes attached You must have public key of recipient to encrypt an e-mail to them, which makes encryption to mailing lists, newsgroups, etc. unfeasible
    http://www.pgpi.org/doc/pgpintro/

    PGP Web of Trust

    Anyone can upload keys to Key Servers-- even fake keys If you can verify that a key belongs to its owner, you can sign that key, indicating that you have verified ownership The Web of Trust is established by people signing other peoples keys; if you trust Person A to diligently verify identity of keys, and Person A signed Person Bs key, then you can trust that Person Bs key is authentic

    ColdFusions hash() Function

    Hash("Hello1"): 7A6D1B13498FB5B3085B2FD887933575 Hash("Hello2"): B83099B8CE596F31F2F60C8FD4D72826 Hash("Hello3"): E1C0F8926581BE86F96BD0007371CCA0

    Available with CF4.5 Generates md5 hashes of strings in hex format (use char(32) to store) Useful for storing passwords so they cant be read or recreated Append an arbitrary string to salt the password hash to prevent hash dictionary attacks

    Summary

    An understanding of why encryption works is not necessary for an understanding of how it works Although encryption and digital signature technology seem daunting, the processes are conceptually simple

    What do I do with this info?

    Hash passwords Use encryption and authentication methods for secure processes Evangelize!

    You might also like