Category Archives: Encryption
An interesting thing about some modern standardized ciphers, like AES, is that the government is “eating its own dogfood” by using them internally. (AES 192 and 256 are approved for top-secret data.) Back in the day (up through the 90s), U.S. government internal encryption standards was not closely aligned with public sector cryptography, and we largely had to speculate as to whether public crypto could hold up to the government standards; the NSA had a history of knowing more crypto than they let on. But now that they are willing to stake their own security on them, that seems like a decent endorsement of those algorithms.
The U.S. government has conflicting goals: they want to be able to break crypto, but at the same time, in the interest of protecting the citizen in the digital age, they want us to be protected against the crypto attacks of others. So much of our modern economy relies on crypto that we want a high security margin on it. Since the 90s, crypto knowledge in the public and foreign intelligence domains has sky rocketed, and a vulnerability that the NSA can exploit is possibly a vulnerability that someone else can exploit. So at the drafting of AES, we doubt that they were focused on choosing a candidate that could be broken and kind of suspect they wanted a candidate that could not be.
Since you only break crypto when you don’t have the key, to compromise those two goals they could just allow us mathematically secure crypto, then focus on getting the keys instead. If they can recover keys, they don’t care how strong our crypto is. Attacking the endpoints that generate the keys is not always as hard as it seems (consider how many user and corporate machines get infected with malware, and think about what sort of key-related backdoors could be planted in popular software), and a simple subpoena might get keys in some situations. As more user data moves toward the cloud, backdoors in public services (voluntarily provided or not) are going to make the job of key recovery even easier.
Summary of these two points:
The federal government is allowed to use AES for top-secret information.
We don’t know that they would actually want AES to be mathematically breakable, so at the AES competition 11 years ago it is possible they would have avoided any algorithm they thought they could break in the near future.
None of that is proof, but we tend to assume that the NSA can’t break AES.
View original post here:
encryption – How secure is AES-256? – Cryptography Stack …
Update, Feb. 5, 2015, 8:10 p.m.: After this article appeared,Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation’s Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations flooded Werner’s website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Kochs project.
The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive.
Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded.
“I’m too idealistic,” he told me in an interview at a hacker convention in Germany in December. “In early 2013 I was really about to give it all up and take a straight job.” But then the Snowden news broke, and “I realized this was not the time to cancel.”
Like many people who build security software, Koch believes that offering the underlying software code for free is the best way to demonstrate that there are no hidden backdoors in it giving access to spy agencies or others. However, this means that many important computer security tools are built and maintained by volunteers.
Now, more than a year after Snowden’s revelations, Koch is still struggling to raise enough money to pay himself and to fulfill his dream of hiring a full-time programmer. He says he’s made about $25,000 per year since 2001 a fraction of what he could earn in private industry. In December, he launched a fundraising campaign that has garnered about $43,000 to date far short of his goal of $137,000 which would allow him to pay himself a decent salary and hire a full-time developer.
The fact that so much of the Internet’s security software is underfunded is becoming increasingly problematic. Last year, in the wake of the Heartbleed bug, I wrote that while the U.S. spends more than $50 billion per year on spying and intelligence, pennies go to Internet security. The bug revealed that an encryption program used by everybody from Amazon to Twitter was maintained by just four programmers, only one of whom called it his full-time job. A group of tech companies stepped in to fund it.
Koch’s code powers most of the popular email encryption programs GPGTools, Enigmail, and GPG4Win. “If there is one nightmare that we fear, then it’s the fact that Werner Koch is no longer available,” said Enigmail developer Nicolai Josuttis. “It’s a shame that he is alone and that he has such a bad financial situation.”
The programs are also underfunded. Enigmail is maintained by two developers in their spare time. Both have other full-time jobs. Enigmail’s lead developer, Patrick Brunschwig, told me that Enigmail receives about $1,000 a year in donations just enough to keep the website online.
GPGTools, which allows users to encrypt email from Apple Mail, announced in October that it would start charging users a small fee. The other popular program, GPG4Win, is run by Koch himself.
Email encryption first became available to the public in 1991, when Phil Zimmermann released a free program called Pretty Good Privacy, or PGP, on the Internet. Prior to that, powerful computer-enabled encryption was only available to the government and large companies that could pay licensing fees. The U.S. government subsequently investigated Zimmermann for violating arms trafficking laws because high-powered encryption was subject to export restrictions.
In 1997, Koch attended a talk by free software evangelist Richard Stallman, who was visiting Germany. Stallman urged the crowd to write their own version of PGP. “We can’t export it, but if you write it, we can import it,” he said.
Inspired, Koch decided to try. “I figured I can do it,” he recalled. He had some time between consulting projects. Within a few months, he released an initial version of the software he called Gnu Privacy Guard, a play on PGP and an homage to Stallman’s free Gnu operating system.
Koch’s software was a hit even though it only ran on the Unix operating system. It was free, the underlying software code was open for developers to inspect and improve, and it wasn’t subject to U.S. export restrictions.
Koch continued to work on GPG in between consulting projects until 1999, when the German government gave him a grant to make GPG compatible with the Microsoft Windows operating system. The money allowed him to hire a programmer to maintain the software while also building the Windows version, which became GPG4Win. This remains the primary free encryption program for Windows machines.
In 2005, Koch won another contract from the German government to support the development of another email encryption method. But in 2010, the funding ran out.
For almost two years, Koch continued to pay his programmer in the hope that he could find more funding. “But nothing came,” Koch recalled. So, in August 2012, he had to let the programmer go. By summer 2013, Koch was himself ready to quit.
But after the Snowden news broke, Koch decided to launch a fundraising campaign. He set up an appeal at a crowdsourcing website, made t-shirts and stickers to give to donors, and advertised it on his website. In the end, he earned just $21,000.
The campaign gave Koch, who has an 8-year-old daughter and a wife who isn’t working, some breathing room. But when I asked him what he will do when the current batch of money runs out, he shrugged and said he prefers not to think about it. “I’m very glad that there is money for the next three months,” Koch said. “Really I am better at programming than this business stuff.”
Researchers have found a way to put handshake-style encryption in email and other communication tools, which is good news for spies.
Secret handshakes have long been a method of verification for spies in the field, but digitally things are about to change in a big way. Similar to the physical handshake, digital handshakes are used to verify communication participants identities in real time.
While fine for instant messaging, it has proven impossible to replicate in communication methods such as email whereby messages may need to be decoded long after they were originally sent.
However, a research team from the Stevens Institute of Technology has revealed a new cryptography breakthrough that could solve this 15-year-old problem. This could be hugely beneficial not only to intelligence agencies, but anyone with an interest in secure communications, such as journalists and doctors.
The demand for tools like this is incredible, said Giuseppe Ateniese, who led the research. Privacy is growing more and more important, and encryption is essential for almost everyone.
To achieve the breakthrough, Ateniese and his team combined existing key-based cryptographic algorithms in a novel arrangement to create a system called matchmaking encryption. This simultaneously checks the identities of both the sender and receiver before decrypting the message.
Crucially, matchmaking encryption does away with the need for real-time interactions, allowing messages to be sent on a dead drop basis and read at a later date.
A dead drop is like when a spy leaves a message behind a rock, Ateniese said. It can be used when you need to send a message to someone whos not there at the moment, but will find it if he or she is the intended recipient.
To use this form of encryption, both parties create policies or a list of traits that describe the people with whom they are willing to communicate. When both digital policies are happy that each party is who they say they are, the message will be sent.
Aside from person-to-person communication, it could also be used to group classes of people together. So, for example, CIA agents in New York could refuse to accept messages from anyone other than Philadelphia-based FBI agents.
Messages that dont fit the bill will not be decrypted, with no information being sent. Team member Danilo Francati said: This is important for intelligence I dont want to reveal to you that Im an FBI agent, so I want assurances that you are who you say you are. Matchmaking encryption provides that assurance as well as a level of privacy thats stronger than anything else thats available.
The team believes that the breakthrough opens new frontiers in secure communication and that additional applications will quickly emerge as researchers explore the new technology and make matchmaking encryption more powerful.
Ateniese will present the teams findings at the upcoming Crypto 2019 conference.
See original here:
Encryption breakthrough could keep prying eyes away from your …
Data encryption defined in Data Protection 101, our series on the fundamentals of data security.
Data encryption translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it. Encrypted data iscommonlyreferred to as ciphertext, while unencrypted data is called plaintext. Currently, encryption is one of the most popular and effective data security methods used by organizations. Two main types of data encryption exist – asymmetric encryption, also known as public-key encryption, and symmetric encryption.
The purpose of data encryption is to protect digital data confidentiality as it is stored on computer systems and transmitted using the internet or other computer networks. The outdated data encryption standard (DES) has been replaced by modern encryption algorithms that play a critical role in the security of IT systems and communications.
These algorithms provide confidentiality and drive key security initiatives including authentication, integrity, and non-repudiation. Authentication allows for the verification of a messages origin, and integrity provides proof that a messages contents have not changed since it was sent. Additionally, non-repudiation ensures that a message sender cannot deny sending the message.
Data, or plaintext, is encrypted with an encryption algorithm and an encryption key. The process results in ciphertext, which only can be viewed in its original form if it is decrypted with the correct key.
Symmetric-key ciphers use the same secret key for encrypting and decrypting a message or file. While symmetric-key encryption is much faster than asymmetric encryption, the sender must exchange the encryption key with the recipient before he can decrypt it. As companies find themselves needing to securely distribute and manage huge quantities of keys, most data encryption services have adapted and use an asymmetric algorithm to exchange the secret key after using a symmetric algorithm to encrypt data.
On the other hand, asymmetric cryptography, sometimes referred to as public-key cryptography, uses two different keys, one public and one private. The public key, as it is named, may be shared with everyone, but the private key must be protected. The Rivest-Sharmir-Adleman (RSA) algorithm is a cryptosystem for public-key encryption that is widely used to secure sensitive data, especially when it is sent over an insecure network like the internet. The RSA algorithms popularity comes from the fact that both the public and private keys can encrypt a message to assure the confidentiality, integrity, authenticity, and non-repudiability of electronic communications and data through the use of digital signatures.
The most basic method of attack on encryption today is brute force, or trying random keys until the right one is found. Of course, the length of the key determines the possible number of keys and affects the plausibility of this type of attack. It is important to keep in mind that encryption strength is directly proportional to key size, but as the key size increases so do the number of resources required to perform the computation.
Alternative methods of breaking a cipher include side-channel attacks and cryptanalysis. Side-channel attacks go after the implementation of the cipher, rather than the actual cipher itself. These attacks tend to succeed if there is an error in system design or execution. Likewise, cryptanalysis means finding a weakness in the cipher and exploiting it. Cryptanalysis is more likely to occur when there is a flaw in the cipher itself.
Data protection solutions for data encryption can provide encryption of devices, email, and data itself. In many cases, these encryption functionalities are also met with control capabilities for devices, email, and data. Companies and organizations face the challenge of protecting data and preventing data loss as employees use external devices, removable media, and web applications more often as a part of their daily business procedures. Sensitive data may no longer be under the companys control and protection as employees copy data to removable devices or upload it to the cloud. As a result, the best data loss prevention solutions prevent data theft and the introduction of malware from removable and external devices as well as web and cloud applications. In order to do so, they must also ensure that devices and applications are used properly and that data is secured by auto-encryption even after it leaves the organization.
As we mentioned, email control and encryption is another critical component of a data loss prevention solution. Secure, encrypted email is the only answer for regulatory compliance, a remote workforce, BYOD, and project outsourcing. Premier data loss prevention solutions allow your employees to continue to work and collaborate through email while the software and tools proactively tag, classify, and encrypt sensitive data in emails and attachments. The best data loss prevention solutions automatically warn, block, and encrypt sensitive information based on message content and context, such as user, data class, and recipient.
While data encryption may seem like a daunting, complicated process, data loss prevention software handles it reliably every day. Data encryption does not have to be something your organization tries to solve on its own. Choose a top data loss prevention software that offers data encryption with device, email, and application control and rest assured that your data is safe.
Tags: Data Protection 101
Partnership to Leverage Complementary Technology Capabilities
HOUSTON, April 24, 2019 (GLOBE NEWSWIRE) — IronClad Encryption Corporation (IRNC) a cyber defense company that secures digital assets and communications across a wide range of industries and technologies, and Data Privacy Software Provider Data443 Risk Management, Inc. (Data443 (LDSR)) announced today that they have entered into a partnership to leverage each others technology capabilities in their requisite product suites.
“Data443 is the leader in Data Classification, Governance, Archiving and eDiscovery all major capabilities required in the onslaught of Data Privacy requirements that businesses face today, said JD McGraw, Chief Executive Officer of Ironclad Encryption. Our capabilities are highly complementary, and we are confident that our customers will readily adopt.
Data443 provides numerous solutions in the Data Privacy space and has leading products for many capabilities. Its award winning ARALOC product suite enables Digital Rights Management capabilities on mobile and desktop while utilizing leading edge encryption to protect it in flight or at rest. Data443s ArcMail suite provides large scale enterprise search and discovery capabilities. Its ClassiDocs product performs data sensitive-aware automated classification and tagging for reporting and privacy requests.
“IronClads patented technologies give us another leg up on the competition. Our clients are looking for capabilities that secure their data at military-grade or above levels features unavailable with run-of-the-mill solutions from other providers, said Jason Remillard, Chief Executive Officer of LandStar and founder of Data443. “IronClads technology provides additional capabilities for us to improve any organizations data security posture. Its products protect data and communications using proprietary techniques that are significantly harder to penetrate than any other cyber-security systems currently available. IronClads technology provides a unique synergy for our solutions.
IronClads solutions have virtually no additional power or memory overhead requirements and operate purely with software. This alleviates any requirement for organizations to change hardware and infrastructure, an attractive advantage from an IT perspective. The vast majority of competing security systems require upgrades or modifications to hardware and/or infrastructure, a drain on productivity and financial resources.
About LandStar, Inc. Data443LandStar, Inc. (OTCPK: LDSR), through its wholly owned subsidiary DATA443 Risk Mitigation, Inc., enables secure data across local devices, network, cloud, and databases at rest and in flight. Its suite of products and services is highlighted by: (i) ArcMail, which is a leading provider of simple, secure and cost-effective email and enterprise archiving and management solutions; (ii) ARALOC, which is a market leading secure, cloud-based platform for the management, protection and distribution of digital content to the desktop and mobile devices, which protects an organizations confidential content and intellectual property assets from leakage malicious or accidental without impacting collaboration between all stakeholders; (iii) ClassiDocs, the Companys award-winning data classification and governance technology, which supports CCPA, LGPD and GDPR compliance; (iv) ClassiDocs for Blockchain, which provides an active implementation for the Ripple XRP that protects blockchain transactions from inadvertent disclosure and data leaks; (v) the WordPress GDPR Framework with over 20,000 active users enables organizations of all sizes to comply with the GDPR and other privacy frameworks; (vi) The Virtual Data Protection Officer program that offers a turnkey and outsourced DPO capability for smaller organizations; and, (vii) Data443 Privacy Manager which enables the full lifecycle of Data Privacy Access Requests, Remediation, Monitoring and Reporting.
For Further Information:
Follow us on Twitter: https://twitter.com/data443Risk
Follow us on Facebook: https://www.facebook.com/data443/
Follow us on LinkedIn: https://www.linkedin.com/company/data443-risk-mitigation-inc/
Signup for our Investor Newsletter: https://www.data443.com/investor-relations/
About IronClad Encryption Corporation:IronClad Encryption is an X-Generation cyber defense company that secures digital assets and communications across a wide range of industries and technologies. IronClad Encryption-powered solutions utilize our patented Dynamic Encryption and Perpetual Authentication technologies to make all known key-based encryption technologies virtually impossible to compromise. Dynamic Encryption Technology eliminates vulnerabilities caused by exposure of any single encryption key by continuously changing encryption keys and keeping the keys synchronized in a fault-tolerant manner. Perpetual Authentication Technology uses multiple virtual channels for encryption so that in the event one channel is compromised, the other channels maintain encryption integrity. Together, these technologies not only eliminate the single point of failure problem created by having keys exposed through brute force, side channel, or other types of attack, but do so with very low latency and system performance overhead. Developers, MSPs, MSSPs and IT organizations can now easily and effectively integrate ultra-secure authentication and encryption measures across essentially all mediums. This includes the latest processors and operating systems, legacy hardware and software, within or between networks and on compartmentalized data or entire databases. At rest or in-motion, IronClad Encryption ensures data remains safe, secure and uncompromised.
Visit IronClad Encryption at http://www.IronCladencryption.com
This press release may contain forward-looking statements that involve substantial risks and uncertainties. The information included in this release should not be used for investment purposes because statements of intent or projections of financial performance are based on assumptions that can change. In addition, events or circumstances may arise that we can neither anticipate or control. Therefore, any statements of intent or predictions of financial performance are valid only on the date of this press release. We undertake no obligation to update or revise publicly any forward-looking statements except as required by law.
For IronClad Encryption and Data443 Risk Mitigation:Porter, LeVay & Rose, Inc.Matthew Abenante212firstname.lastname@example.org@plrinvest.com
See the original post:
IronClad Encryption Partners with Data443 Risk Mitigation …
Hackers and whistleblowers have made encryption a common term.
But most people cant define it, let alone explain the use of encryption software or its underlying concepts.
You dont necessarily need to know each individual encryption algorithm or how to decrypt ciphertext to take advantage of encryption. But everyone should know the general types of encryption and use cases, at least so youre aware of potential vulnerabilities.
So what is encryption really?
Encryption is a way to transform data in such a way that only approved parties can decrypt it and then transform it into something comprehensible to humans.
Encryption, as a general concept, is the conversion or masking of information to prevent unauthorized parties from accessing it.
The altered information is referred to as ciphertext, which can be thought of as basically digital gibberish.” The information is unintelligible and essentially impossible to use for anyone without the encryption key.
An encryption key is an indicator or identifier used to turn ciphertext into your desired output. Keys are kind of like passwords, but theyre virtually impossible to decipher without expert computational resources and decryption experience.
Authorized recipients, on the other hand, are in possession of the key. They can easily identify themselves and gain access to the sensitive data, messages or files. Depending on the data you want to encrypt, solutions can become more complex, but the focal point of encryption solutions is securing information.
Information security is more important than ever. Companies are rapidly adopting data security software and identity management software to improve the security of both personal and professional information.
Many industries require encryption for the storage of sensitive information, such as medical records or business transactions. Government regulations like GDPR and the the California Consumer Privacy Act have forced businesses to improve their protection of personal information under penalty of law.
TIP: GDPR compliance is one of G2 Crowds Cybersecurity Trends in 2019. Learn more about GDPR plus Zero Trust, Biometrics and IoT security.
Encryption has become a staple in the technology world as a fortifying tool for accessing privileged information. Web application firewalls, or encrypted database software, will protect both end-user data and the sensitive business information a company wants kept secure.
There are a few different types of encryption algorithms that encrypt information and facilitate the encryption process. Asymmetric, symmetric and hashing formulas are the common methods to enable encryption, with a few variations existing.
While cryptography has existed in human society since the ancient Greeks and Egyptians, modern cryptography emerged during World War II. This implementation of keys was generated using computers.
Symmetric algorithms are used to implement private key encryption. In this situation, the encryption key is typically the same as the decryption key. The two communicating parties are in sole possession of the keys, keeping the secret between them.
These algorithms are common examples of symmetric encryption algorithms and are commonly used today:
AES Advanced Encryption Standard, or AES, is a specification for encryption designated by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES can be implemented in a variety of ways and is available through a number of partitioning, password management and file encryption tools.
It relies on keys made up of 16-byte plaintext blocks to generate keys of 128, 192 and 256 bits. To put that into perspective, it would take years for even dozens of supercomputers to guess the key.
Triple DES Triple DES, or 3DES, is a cipher that utilizes Data Encryption Standard. It was the accepted encryption standard until AES became effective.
Despite the replacement of 3DES, some industries continue to use it frequently. For example, OpenSSL, an open-source library and toolkit for internet security protocols, relies on 3DES implementation.
Twofish Twofish was a finalist to become the Advanced Encryption Standard, falling short to the current standard (referred to as the Rijndael prior to winning).
Asymmetric encryption, or public key encryption, is similar to symmetric methods, but utilizes unique keys to both encrypt and decipher information. It was first detailed nearly 40 years ago in a secret British government document.
These encryption tools emerged after people realized its dangerous to utilize duplicate keys and share them online. These provide a private key for the owner to use and keep to themselves.
A user can send information using your public key, but only you can open it using the private key. This is a stark contrast to the symmetric model where the same key is used in both situations.
RSA RSA is one of the first cryptosystems of this kind. It was classified under British intelligence, but made public in the late 1970s. Its considered relatively slow, but its strength lies in the inefficiency of calculating large prime numbers.
The system creates and publishes a public key made of two big prime numbers. Only individuals with knowledge of those original prime numbers can decipher the encrypted data.
ElGamal ElGamal, another example of asymmetric encryption algorithms, emerged in the mid-1980s as an alternative to RSA. Like RSA, its slower than most symmetric models, but provides additional security by asymmetrically generating keys previously used for symmetric encryption.
ElGamal is based on the DiffieHellman key exchange, which is a method of securely exchanging keys. It was one of the first cryptographic systems that ensured no two parties know both the encryption and decryption keys of their counterpart.
Hashing creates unique signatures to identify parties accessing information and track any changes they make. Technically, hashing is not encryption. But for many practical purposes, the application of hashing can be used for similar purposes.
TIP: Start using a VPN to help protect your browsing. Discover the best free VPNs from real-user reviews.
For the average user, applications with encryption features are more commonly used. These are a few technologies that frequently implement encryption into their base-level feature sets.
Data encryption Databases, data warehouses and backup servers are the most commonly encrypted types of software you will come across. Stored files are always a target because they can be the easiest to locate.
Data warehouses and backup systems often include enormous amounts of data that would be disastrous to lose. As a result, IT professionals are often quick to secure those files through encryption technology.
File encryption File encryption software helps to securely encrypt files and folders that are stored locally or within a cloud application. Strong file encryption will prevent hackers from actually accessing or altering sensitive data.
Many free file encryption software solutions exist for personal use but typically wont scale to suit the needs of a larger business. Encrypted databases, storage clouds and hard drives are often more fitting.
Encrypted messaging Email encryption and secure messaging apps turn communications into ciphertext, the encrypted form of information, which is far less valuable to hackers.
The receiving party may need an encryption key or verification tool to prove their identity and access communications files. These tools are often used by health care, human resources or government professionals who need to facilitate the secure transfer of sensitive information.
Endpoint encryption Full-disk encryption and hard drive encryption are two common examples of endpoint encryption solutions. If someones laptop is stolen, but their hard drive or hard drives were encrypted, it would be extremely difficult for someone to gain access to locally stored files without an encryption key.
Some endpoint protection and encryption tools also facilitate disk partitioning, which creates separately encrypted components and increased security through multiple layers of cipher text.
These are a handful of common features to look for when considering the adoption ofencryption tools these capabilities are detailed below:
Encryption solutions are just one security tool included in a healthy IT security software stack. Check out some of the top cybersecurity companies today!
Are you a security professional interested in free security tools? Check out our list of the 6 best free encryption software to consider in 2019.
Here is the original post:
What Is Encryption? An Overview of Modern Encryption …
31 December,2015Jason Parms
Information security has grown to be a colossal factor, especially with modern communication networks, leaving loopholes that could be leveraged to devastating effects. This article presents a discussion on two popular encryption schemes that can be used to tighten communication security in Symmetric and Asymmetric Encryption. In principle, the best way to commence this discussion is to start from the basics first. Thus, we look at the definitions of algorithms and key cryptographic concepts and then dive into the core part of the discussion where we present a comparison of the two techniques.
An algorithm is basically a procedure or a formula for solving a data snooping problem. An encryption algorithm is a set of mathematical procedure for performing encryption on data. Through the use of such an algorithm, information is made in the cipher text and requires the use of a key to transforming the data into its original form. This brings us to the concept of cryptography that has long been used in information security in communication systems.
Cryptography is a method of using advanced mathematical principles in storing and transmitting data in a particular form so that only those whom it is intended can read and process it. Encryption is a key concept in cryptography It is a process whereby a message is encoded in a format that cannot be read or understood by an eavesdropper. The technique is old and was first used by Caesar to encrypt his messages using Caesar cipher. A plain text from a user can be encrypted to a ciphertext, then send through a communication channel and no eavesdropper can interfere with the plain text. When it reaches the receiver end, the ciphertext is decrypted to the original plain text.
This is the simplest kind of encryption that involves only one secret key to cipher and decipher information. Symmetrical encryption is an old and best-known technique. It uses a secret key that can either be a number, a word or a string of random letters. It is a blended with the plain text of a message to change the content in a particular way. The sender and the recipient should know the secret key that is used to encrypt and decrypt all the messages. Blowfish, AES, RC4, DES, RC5, and RC6 are examples of symmetric encryption. The most widely used symmetric algorithm is AES-128, AES-192, and AES-256.
The main disadvantage of the symmetric key encryption is that all parties involved have to exchange the key used to encrypt the data before they can decrypt it.
Asymmetrical encryption is also known as public key cryptography, which is a relatively new method, compared to symmetric encryption. Asymmetric encryption uses two keys to encrypt a plain text. Secret keys are exchanged over the Internet or a large network. It ensures that malicious persons do not misuse the keys. It is important to note that anyone with a secret key can decrypt the message and this is why asymmetrical encryption uses two related keys to boosting security. A public key is made freely available to anyone who might want to send you a message. The second private key is kept a secret so that you can only know.
A message that is encrypted using a public key can only be decrypted using a private key, while also, a message encrypted using a private key can be decrypted using a public key. Security of the public key is not required because it is publicly available and can be passed over the internet. Asymmetric key has a far better power in ensuring the security of information transmitted during communication.
Asymmetric encryption is mostly used in day-to-day communication channels, especially over the Internet. Popular asymmetric key encryption algorithm includes EIGamal, RSA, DSA, Elliptic curve techniques, PKCS.
To use asymmetric encryption, there must be a way of discovering public keys. One typical technique is using digital certificates in a client-server model of communication. A certificate is a package of information that identifies a user and a server. It contains information such as an organizations name, the organization that issued the certificate, the users email address and country, and users public key.
When a server and a client require a secure encrypted communication, they send a query over the network to the other party, which sends back a copy of the certificate. The other partys public key can be extracted from the certificate. A certificate can also be used to uniquely identify the holder.
SSL/TLS uses both asymmetric and symmetric encryption, quickly look at digitally signed SSL certificates issued by trusted certificate authorities (CAs).
When it comes to encryption, the latest schemes may necessarily the best fit. You should always use the encryption algorithm that is right for the task at hand. In fact, as cryptography takes a new shift, new algorithms are being developed in a bid to catch up with the eavesdroppers and secure information to enhance confidentiality. Hackers are bound to make it tough for experts in the coming years, thus expect more from the cryptographic community!
Read the rest here:
Symmetric vs. Asymmetric Encryption What are differences?
10 December,2015Jason Parms
Security and efficiency are two very important parameters in communication systems and you must have heard of the terms. Encryption and Hashing as far as data and computing concerned. Regardless, these two computing terms that can be confusing to many, but this article looks to dispel any confusion by giving a complete overview of the two.
A hash can simply be defined as a number generated from a string of text. Other literature can also call it a message digest. In essence, a hash is smaller than the text that produces it. It is generated in a way that a similar hash with the same value cannot be produced by another text. From this definition, it can be seen that hashing is the process of producing hash values for the purpose of accessing data and for security reasons in communication systems. In principle, hashing will take arbitrary input and produce a string with a fixed length. As a rule of the thumb, hashing will have the following attributes:
A hash algorithm is a function that can be used to map out data of random size to data of fixed size. Hash values, hash codes and hash sums are returned by functions during hashing. These are different types of hashing algorithms used in computing, but some have been discarded over time. Some examples are given below:
These characteristics mean that hash can be used to store passwords. This way, it becomes difficult for someone who has the raw data to reverse them.
Encryption is the process of encoding simple text and other information that can be accessed by the sole authorized entity if it has a decryption key. It will protect your sensitive data from being accessed by cybercriminals. It is the most effective way of achieving data security in modern communication systems. In order for the receiver to read an encrypted message, he/she should have a password or a security key that is used in decryption. Data that has not been encrypted is known as plain text while encrypting data is known as a cipher text. There are a number of encryption systems, where an asymmetric encryption is also known as public-key encryption, symmetric encryption and hybrid encryption are the most common.
The main idea of encryption is to protect data from an unauthorized person who wants to read or get information from a message that was not intended for them. Encryption enhances security when sending messages through the Internet or through any given network. The following are key elements of security that encryption helps to enhance.
Some of the most popular encryption algorithms are AES and PGP. AES is a symmetric encryption algorithm while PGP is an example of an asymmetric encryption algorithm used today.
Hashing is used to validate the integrity of the content by detecting all modifications and thereafter changes to a hash output. Encryption encodes data for the primary purpose of maintaining data confidentiality and security. It requires a private key to reversible function encrypted text to plain text.
In short, encryption is a two-way function that includes encryption and decryption whilst hashing is a one-way function that changes a plain text to a unique digest that is irreversible.
Hashing and encryption are differentbut also have some similarities. They are both ideal in handling data, messages, and information in computing systems. They both transform or change data into a different format. While encryption is reversible, hashing is not. Future improvements are very crucial given that attackers keep changing tactics. This implies that an up-to-date way of hashing and encrypting is more palatable in modern computing systems.
To encrypt transmitted information over the website, you need to obtain an SSL certificate as per your needs. Once you installed the certificate on your desired server, all communication between the web browser and the web server will be encrypted.
Read more from the original source:
Difference Between Hashing and Encryption – ssl2buy.com
The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.
The National Institute of Standards and Technology (NIST) started development of AES in 1997 when it announced the need for a successor algorithm for the Data Encryption Standard (DES), which was starting to become vulnerable to brute-force attacks.
This new, advanced encryption algorithm would be unclassified and had to be “capable of protecting sensitive government information well into the next century,” according to the NIST announcement of the process for development of an advanced encryption standard algorithm. It was intended to be easy to implement in hardware and software, as well as in restricted environments (for example, in a smart card) and offer good defenses against various attack techniques.
The selection process for this new symmetric key algorithm was fully open to public scrutiny and comment; this ensured a thorough, transparent analysis of the designs submitted.
NIST specified the new advanced encryption standard algorithm must be a block cipher capable of handling 128 bit blocks, using keys sized at 128, 192, and 256 bits; other criteria for being chosen as the next advanced encryption standard algorithm included:
Fifteen competing symmetric key algorithm designs were subjected to preliminary analysis by the world cryptographic community, including the National Security Agency (NSA). In August 1999, NIST selected five algorithms for more extensive analysis. These were:
Implementations of all of the above were tested extensively in ANSIC and Java languages for speed and reliability in encryption and decryption; key and algorithm setup time; and resistance to various attacks, both in hardware- and software-centric systems. Members of the global cryptographic community conducted detailed analyses (including some teams that tried to break their own submissions).
After much feedback, debate and analysis, the Rijndael cipher — a mash of the Belgian creators’ last names Daemen and Rijmen — was selected as the proposed algorithm for AES in October 2000 and published by NIST as U.S. FIPS PUB 197. The Advanced Encryption Standard became effective as a federal government standard in 2002. It is also included in the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 18033-3 standard, which specifies block ciphers for the purpose of data confidentiality.
In June 2003, the U.S. government announced that AES could be used to protect classified information, and it soon became the default encryption algorithm for protecting classified information as well as the first publicly accessible and open cipher approved by the NSA for top-secret information. The NSA chose AES as one of the cryptographic algorithms to be used by its Information Assurance Directorate to protect national security systems.
Its successful use by the U.S. government led to widespread use in the private sector, leading AES to become the most popular algorithm used in symmetric key cryptography. The transparent selection process helped create a high level of confidence in AES among security and cryptography experts. AES is more secure than its predecessors — DES and 3DES — as the algorithm is stronger and uses longer key lengths. It also enables faster encryption than DES and 3DES, making it ideal for software applications, firmware and hardware that require either low latency or high throughput, such as firewalls and routers. It is used in many protocols such as Secure Sockets Layer (SSL)/Transport Layer Security (TLS) and can be found in most modern applications and devices that need encryption functionality.
AES comprises three block ciphers: AES-128, AES-192 and AES-256. Each cipher encrypts and decrypts data in blocks of 128 bits using cryptographic keys of 128-, 192- and 256-bits, respectively. The Rijndael cipher was designed to accept additional block sizes and key lengths, but for AES, those functions were not adopted.
Symmetric (also known as secret-key) ciphers use the same key for encrypting and decrypting, so the sender and the receiver must both know — and use — the same secret key. All key lengths are deemed sufficient to protect classified information up to the “Secret” level with “Top Secret” information requiring either 192- or 256-bit key lengths. There are 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys — a round consists of several processing steps that include substitution, transposition and mixing of the input plaintext and transform it into the final output of ciphertext.
The AES encryption algorithm defines a number of transformations that are to be performed on data stored in an array. The first step of the cipher is to put the data into an array; after which the cipher transformations are repeated over a number of encryption rounds. The number of rounds is determined by the key length, with 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys.
The first transformation in the AES encryption cipher is substitution of data using a substitution table; the second transformation shifts data rows, the third mixes columns. The last transformation is a simple exclusive or (XOR) operation performed on each column using a different part of the encryption key — longer keys need more rounds to complete.
Research into attacks on AES encryption has continued since the standard was finalized in 2000. Various researchers have published attacks against reduced-round versions of the Advanced Encryption Standard.
In 2005, cryptographer Daniel J. Bernstein published a paper, “Cache-timing attacks on AES,” in which he demonstrated a timing attack on AES capable of achieving a “complete AES key recovery from known-plaintext timings of a network server on another computer.”
A research paper published in 2011, titled “Biclique Cryptanalysis of the Full AES,” by researchers Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger, demonstrated that by using a technique called a biclique attack, they could recover AES keys faster than a brute-force attack by a factor of between three and five, depending on the cipher version. However, even this attack does not threaten the practical use of AES due to its high-computational complexity.
AES has proven to be a reliable cipher, and the only practical successful attacks against AES have leveraged side-channel attacks on weaknesses found in the implementation or key management of specific AES-based encryption products.
Side-channel attacks exploit flaws in the way a cipher has been implemented rather than brute force or theoretical weaknesses in a cipher. The Browser Exploit Against SSL/TLS (BEAST) browser exploit against the TLS v1.0 protocol is a good example; TLS can use AES to encrypt data, but due to the information that TLS exposes, attackers managed to predict the initialization vector block used at the start of the encryption process.
When you enable encryption, the Wi-Fi network requires a password so that not just anybody can connect. However, it’s not just the password that’s important but also the encryption type.
There are multiple options your router might support when it comes to wireless encryption. If you’re using an outdated encryption method, attackers don’t even need your password because they can just break the old encryption.
You can use your phone or tablet to see if a wireless network is using encryption. All you need to know is the name of the network.
Open your device’s settings. There’s usually a Settings app on the device that you can tap.
Locate the network in question.
Do you see a padlock icon next to the network? If so, it’s using at least the most basic form of encryption, possibly the strongest type.
However, even if basic security is enabled, it could be using an outdated form of encryption.
See if the connection shows the encryption type. You might see WEP, WPA, or WPA2.
If your wireless network is wide open with no encryption enabled, you’re practically inviting neighbors and other freeloaders to steal the bandwidth that you’re paying good money for.
There was a time when WEP was the standard for securing wireless networks, but it was eventually cracked and is now easily bypassed by even the most novice hackers, thanks to cracking tools available on the internet.
After WEP came WPA. WPA had flaws, too, and was replaced by WPA2, which isn’t perfect but is currently the best available offering for protecting home-based wireless networks.
If you set up your Wi-Fi router many years ago, then you could be using one of the old, hackable encryption schemes such as WEP, and should consider changing to WPA2.
All routers are different, but with a little poking around you should have no problem finding the encryption settings for your router.
If you don’t know any of this information, check the router manufacturer’s website for help or reset your router to restore the factory default settings.
Locate the wireless security settings. Your router might call this section Wireless Security, Wireless Network, or something similar.
In this example, the settings are in Basic Setup > Wireless > Security:
Change the encryption option to WPA2-PSK.
You might see a WPA2-Enterprise setting; the enterprise version of WPA2 is intended more for corporate environments and requires a more complicated setup process.
This is what users will enter when they need to get on your Wi-Fi network, so it should not be easy to guess or easy to remember, as tempting as that may be.
If you have to, store the complex password in a password manager so that you’ll always have easy access to it.
Click Save or Apply to submit the changes. The router might have to reboot for the settings to take effect.
Reconnect all your wireless devices by selecting the correct network name and entering the new password in each device’s Wi-Fi settings page.
You should periodically check your router manufacturer’s website for firmware updates that they might release to fix security vulnerabilities associated with your router. The updated firmware might also contain new security features.
Read this article:
How to Encrypt Your Wireless Network – Lifewire