Download presentation

Presentation is loading. Please wait.

1
Cryptography and the Internet Daryl Banttari daryl@windsorcs.com

2
Introduction n Cryptography u There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. This book is about the latter. --Bruce Schneier, preface, Applied Cryptography, Second Ed http://www.counterpane.com/actoc.html

3
Topics of Discussion n Types of Cryptography n Applications to the Internet u SSL u Digital Signatures u Digital Signatures and SSL u E-Mail Encryption and Authentication (PGP)

4
Types of Cryptography n Cryptographically Strong Hash Functions (MD5) n Symmetric Key (Conventional) Encryption n Public Key Encryption

5
The MD5 Hash Algorithm n Turns an arbitrary string into a 128-bit Message Digest or Hash n Always creates the same hash when given the same string n Impossible * to create a string from a hash or to alter a string and produce the same hash n Commonly used to verify that files are unaltered http://www.faqs.org/rfcs/rfc1321.html *Impossible: read Practically Impossible. It is believed to require 2 128 operations to produce a message that would create a given digest. Hash("Hello1"): 7A6D1B13498FB5B3085B2FD887933575 Hash("Hello2"): B83099B8CE596F31F2F60C8FD4D72826 Hash("Hello3"): E1C0F8926581BE86F96BD0007371CCA0

6
Symmetric Encryption n Proven and Secure n Fast n Uses the same key to decrypt as was used to encrypt n Requires out of band communication to exchange the key

7
Public Key Encryption n Pioneered by Whitfield Diffie and Martin Hellman in 1975. n Data encrypted with the Public key can only be decrypted with the Private key, even by the encrypter n Data encrypted with Private key can only be decrypted by the Public key n Commonly used to exchange a conventional session key n Public key encryption algorithms include RSA, DSA, Diffie-Hellman, Blowfish

8
SSL n Secure Server gives its Public key to the client n The client generates a conventional Session key n The client encrypts Session key with servers Public key n The rest of the communication uses Session key for speed http://developer.netscape.com/docs/manuals/security/sslin/contents.htm

9
Digital Signatures n MD5 Hash created of document n Hash in encrypted with Private key and appended to document n If the hash you decrypt using the senders Public key matches your own hash of the document: u The document must have been unaltered in transit u The document must have come from the sender n The combination of hash and private key is a Digital Signature

10
SSL Certificate Signing n Encryption does not equal authentication n Some means needed of ensuring consumer that they are sending their credit card number to the people they expect, not some lookalike Web server n Verisign et al diligently ensure the public key belongs to a given organization u Attach organization info and expiration date to public key u Digitally sign public key with attached info u Public key of major certificate signers shipped with browsers

11
E-Mail Encryption and/or Authentication n PGP is an open, reasonably easy method of applying digital signatures and encryption to e- mail n People and organizations can sign a message that can then can be verified for authenticity by their public key n PGP uses session keys like SSL, so messages can be encrypted to multiple recipients without multiplying size of message- think of a keyed safe with multiple lock-boxes attached n You must have public key of recipient to encrypt an e-mail to them, which makes encryption to mailing lists, newsgroups, etc. unfeasible http://www.pgpi.org/doc/pgpintro/

12
PGP Web of Trust n Anyone can upload keys to Key Servers-- even fake keys n If you can verify that a key belongs to its owner, you can sign that key, indicating that you have verified ownership n The Web of Trust is established by people signing other peoples keys; if you trust Person A to diligently verify identity of keys, and Person A signed Person Bs key, then you can trust that Person Bs key is authentic

13
ColdFusions hash() Function n Available with CF4.5 n Generates md5 hashes of strings in hex format (use char(32) to store) n Useful for storing passwords so they cant be read or recreated n Append an arbitrary string to salt the password hash to prevent hash dictionary attacks Hash("Hello1"): 7A6D1B13498FB5B3085B2FD887933575 Hash("Hello2"): B83099B8CE596F31F2F60C8FD4D72826 Hash("Hello3"): E1C0F8926581BE86F96BD0007371CCA0

14
Summary n An understanding of why encryption works is not necessary for an understanding of how it works n Although encryption and digital signature technology seem daunting, the processes are conceptually simple

15
What do I do with this info? n Hash passwords n Use encryption and authentication methods for secure processes n Evangelize!

Similar presentations

OK

Email Security By Meenal Mandalia. What is Email? Email stands for Electronic Mail. Email much the same as a letter, only that it is exchanged in a different.

Email Security By Meenal Mandalia. What is Email? Email stands for Electronic Mail. Email much the same as a letter, only that it is exchanged in a different.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google