Presentation is loading. Please wait.

Presentation is loading. Please wait.

1-way String Encryption Rainbows (a.k.a. Spectrums) Public Private Key Encryption HTTPS Encryption.

Published byPrudence Butler Modified over 7 years ago

Similar presentations

Presentation on theme: "1-way String Encryption Rainbows (a.k.a. Spectrums) Public Private Key Encryption HTTPS Encryption."— Presentation transcript:

1 1-way String Encryption Rainbows (a.k.a. Spectrums) Public Private Key Encryption HTTPS Encryption

2 String Encryption You have an account on facebook, LinkedIn, YouTube etc. Your login: costanza@seinfeld.com Your password is : bosco If this data was stored in a database, it might look like:

3 String Encryption The problem is if any employee at Facebook or someone who hacks into the server, got a dump of this data, they would have pairs of millions of people. People typically user their email address as their userid and also do not have a many different passwords for every website they have an account on (banks, stores, stubhub, facebook, linkedIn, Google)

4 String Encryption - Algorithm Simple Encryption Algorithm - For each letter in the word - Change it to the next letter in the alphabet (z  a) Example 1) unencrypted password = “abc” encrypted password = “bcd” Example 2) unencrypted password = “bosco” encrypted password = “cptdp”

5 Database with Encrypted passwords Now the database would look like

6 Encryption Algorithm’s Rainbow Suppose you don’t know what the encryption algorithm does but you have access to a function that can encrypt words. encrypt(“bosco”)  “cptdp” You could compute the encrypted word for every possible unencrypted word. This computation is sometimes called the Rainbow or Spectrum of the Encryption Algorithm.

7 Rainbow Write a program that creates every string from 1 to 8 character of the alphabet (not numbers or any other character), then inputs them into the encryption algorithm and record the pairs in a massive table

8 Time to calculate the Rainbow For our example where only 8 alphabetic characters can be used, there are over 217 Trillion combinations of possible inputs that we would have to encrypt to calculate the Rainbow

9 Algorithm for generating Rainbow Rainbow generating algorithm looks like for every word in (a  zzzzzzzz) encryptedWord = EncryptionAlgorithm(word) writeToRainbow (word, encryptedWord)

10 Time and Space for Rainbow Suppose you have the latest processor 10 gigahertz (approx. 10 billion instructions/second) and you have 217 trillion instructions to do, how long would it take? 217 trillion/10 billion = 21,700 seconds = 6 hours ***Of course months would be more realistic Each pair is 16 characters and there are 217 trillion of them so [(217 trillion) * 16]/1 Gigabyte = 3 Terrabytes

11 Key (a.k.a Salt) Encryption The User provided an unencrypted password The website provides a salt (some word) Example ) password = “bosco” salt = “12345” Encrypt (“bosco”,”12345”) = “cqvgt” This required 2 things to encrypt a password: 1) The password (only known to the user) 2) The salt (only known to the website) A hacker would have to compute the algorithm rainbow for every salt possible

12 3 Encryption algorithms in PHP MD5 SHA-1 CRYPT(password, salt)

13 LinkedIn (2012 unsalted SHA-1) In 2012, hackers (not known if it was an inside job) go into the database of LinkedIn and dumped the password table which contained 6.5 encrypted passwords. Inputting these encrypted passwords into a SHA-1 unsalted rainbow generated table, showed English-like words being produced as unencrypted passwords. http://techcrunch.com/2012/06/06/6-5-million-linkedin-passwords-reportedly-leaked-linkedin-is-looking-into-it/

14 2 Way (encryption/decryption) This simple algorithm of adding 1 letter value is decryptable. That is, if you know the encryption algorithm, since it is reversible, you know how to decrypt and encrypted word. It would be better if the encryption was one way.

15 1 way Encryption Simple but bad Example) Algorithm) take numerical value of all inputs and multiply them together and store the result Password = “cat” encrypted password = 3*1*20 = 60 What’s the encrypted password for “feb” ? = 6*5*2 = 60 also Even if you know the algorithm you could decrypt 60  “cat”

16 Public-Private Key Encryption A Encryption/Decryption public algorithm that all encrypted messages sent to you can only be decrypted by you. You ask the public algorithm for a public key and a private key You know your public and private key values. You publish your public key to anyone who wants to send an encrypted message to you. They encrypt a message using the public algorithm and your public key. You receive the message and decrypt it using you private key.

17 Public-Private Key Example You request a public key and private key and you get Public key: “+60+20” and Private key “-C” You publish your public key: “+60+20” on you website Someone wants to send you “bosco” encrypted so only you can see: They: Encrypt(“bosco”,“+60+20” ) = “ervfr”. You: Decrypt(“ervfr”, “-C”) = “bosco” Encryption: (+60/+20) = +3 so increment all letters by +3 Decryption –C = -3 so decrement letters by 3 There is a mathematical correlation between the public key and private key Public key: “+30-3” and Private Key: “+J” would be a valid combination for this encryption/decryption algorithm

18 HTTP: HyperText Transfer Protocol When you go to a website using the URL HTTP://www.somewebsite.com Communication is not encrypted. If a form asked you for email and password and you fill it in and hit enter, a message something like will be sent along all connections from you to the website server (i.e. the coffee shop wifi you are connected) and anyone dumping data will be able to read it. To: www.somewebsite.com From: IP address: 123.45.67.890 port:3000 Message: email(george@seinfeld.com) password(bosco)

19 HTTPS: (a.k.a. Secure HTTP) When you go to a website using the URL HTTPS://www.somesecurewebsite.com Communication is encrypted. If a form asked you for email and password and you fill it in and hit enter, a message something like Using public key private key encryption, the server sends your web browser it’s public key and encryption algorithm (you don’t even realize it) and your messages are encrypted with it and sent back to the server where the server decrypts it with the servers private key. To: www.somesecurewebsite.com From: IP address: 123.45.67.890 port:3000 Message: fnbjm(hfpshf#tfjogfme.dpn) qbttxpse(cptdp)

20 SSL (Secure Socket Layer) SSL is the predecessor to TLS (Transport Layer Security) Certificate Authorities (CA’s) issue public/private …

Download ppt "1-way String Encryption Rainbows (a.k.a. Spectrums) Public Private Key Encryption HTTPS Encryption."

Similar presentations

SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.

SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Security & Encryption Thomas Fenske & Joseph Minter.

Security & Encryption Thomas Fenske & Joseph Minter.
Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.

Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Cryptography: Keeping Your Information Safe. Information Assurance/Information Systems –What do we do? Keep information Safe Keep computers Safe –What.

Cryptography: Keeping Your Information Safe. Information Assurance/Information Systems –What do we do? Keep information Safe Keep computers Safe –What.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Network Security Secure hypertext transfer protocol (https) Cookies Public Key Cryptography.

Network Security Secure hypertext transfer protocol (https) Cookies Public Key Cryptography.
SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming

Similar presentations

Ads by Google