background preloader

Security

Facebook Twitter

OpenID

Overview of SSL/TLS Encryption. SSL/TLS is primarily used to encrypt confidential data sent over an insecure network such as the Internet.

Overview of SSL/TLS Encryption

In the HTTPS protocol, the types of data encrypted include the URL, the HTTP header, cookies, and data submitted through forms. A Web page secured with SSL/TLS has a URL that begins with “ The SSL/TLS security protocol is layered between the application protocol layer and TCP/IP layer, where it can secure and then send application data to the transport layer. Because it works between the application layer and the TCP/IP layer, SSL/TLS can support multiple application layer protocols. The SSL/TLS protocol can be divided into two layers. Figure 1. The Handshake Layer The Handshake Layer consists of three sub-protocols: Handshake.

Handshake Sub-Protocol Functions The Handshake sub-protocol provides a number of very important security functions. Authentication For more information about certificates and how they are used, see Encryption Symmetric Key. Hash Algorithms. Security LLC - Chargen - Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes. The socialbookmarkosphere is abuzz with talk of “rainbow tables” , what they mean for password security, and why they prove that Microsoft did a shoddy job of securing Windows for Workgroups 15 years ago. This really freaks me out. If the “advanced” pole of your threat model is “rainbow tables”, stop working on your social shopping cart calendar application right now: I can’t trust you with my Reddit karma score, let alone my credit card number. : servers don’t usually store actual passwords. Instead, they hash the password, store the hash, and discard the password. The hash can verify a password from a login page, but can’t be reversed back to the text of the password.

Now let’s re-explain rainbow tables: take a “dictionary” —- say, of all combinations of alphanumerics less than 15 characters hash all of them burn the results onto a DVD. You now have several hundred billion hash values that you reverse back to text —- a “rainbow table”. Take your stolen table of hashes for each hash Get it? Public-key cryptography. An unpredictable (typically large and random) number is used to begin generation of an acceptable pair of keys suitable for use by an asymmetric key algorithm.

Public-key cryptography

In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt. Security depends on the secrecy of the private key. In the Diffie–Hellman key exchange scheme, each party generates a public/private key pair and distributes the public key. After obtaining an authentic copy of each other's public keys, Alice and Bob can compute a shared secret offline. The shared secret can be used, for instance, as the key for a symmetric cipher. Public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of which is public. Message authentication involves processing a message with a private key to produce a digital signature.

Understanding[edit] Diffie–Hellman key exchange. The scheme was first published by Whitfield Diffie and Martin Hellman in 1976.[2] By 1975, James H.

Diffie–Hellman key exchange

Ellis,[3] Clifford Cocks and Malcolm J. Williamson within GCHQ, the British signals intelligence agency, had also shown how public-key cryptography could be achieved; however, their work was kept secret until 1997.[4] Although Diffie–Hellman key agreement itself is an anonymous (non-authenticated) key-agreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite). U.S. Patent 4,200,770,[5] from 1977, is now expired and describes the now public domain algorithm. Name[edit] In 2002, Hellman suggested the algorithm be called Diffie–Hellman–Merkle key exchange in recognition of Ralph Merkle's contribution to the invention of public-key cryptography (Hellman, 2002), writing: Description[edit] Cryptographic explanation[edit]