Initiation to Cryptography and Encryption to Secure Data
 In this article we will focus on securing private data in the broadest sense
of the term. Any time manipulation of data in order to maintain secrecy or
integrity was a major challenge for the information. Whether it is the swapping
of Julius Caesar, invisible ink or royal seal, there was and remains necessary
to identify or encrypt data.
Concepts
In computing, it is still quite difficult to determine what is what. In this
case, the best way to secure data is obviously not to disclose them. Admittedly,
this is not always convenient, but this aspect is not to lose sight of. Why?
Data protection is usually based on several layers, the first must be the
security of workstation. In fact, it is useless to encrypt a file 140 times if
the keys are easily accessible
Encryption
Often babble as the "Encryption", encryption is the best known principle even
if it is not always understood. The idea is to transform the data using methods
more or less complex to get "protected" data. This operation must be done in
reverse (decryption) in order to recover the original data. There are so many
techniques because the principle is as old as the world.
Secret Algorithm
Although they have almost completely disappeared, I speak to you as it is a
common temptation when you start to focus on the joys of cryptography.
Basically, even a compression is an encoding and can easily believe that an
encoding by an algorithm that is known only by ourselves is particularly safe.
Unfortunately, the reverse engineering being what it is, this is the wrong
approach. It is always quite simple to find the operations of an algorithm and
therefore to break the security. Do not engage in this kind of adventure, there
is no worse security than an illusory security.
Key encryption
 All modern algorithms now use key ciphers. There are several kinds, grouped
into three families.
1) Symmetric key encryption
In this type of encryption, the same key is used for encoding and decoding
data. There are several (Rijndael, RC2, DES, Triple DES, etc ...) but all are
based on the same principle. To give a trivial example, a symmetric key
encryption can be a doubling of each ASCII code. Two is then the key.
2) Asymmetric key encryption
Much more complex, this encryption uses a pair of public / private key. The
public key is used for encryption and private key for decryption. The best known
of them is the RSA (Rivest, Shamir, ADLEMAN) algorithm.
Ciphers symmetric or asymmetric key is not safer depending on the nature of
the key. This difference is due to problems of key communication. Indeed, in an
approach to encryption for communication, I have at one time or another to
provide the decryption key in the case of a symmetric key. In this case the key
is vulnerable. In the case of asymmetric encryption, I can simply communicate
the public key to those wishing to send me the data, so that they can encrypt
data with this key. I could decipher them using my private key which is not
transmitted. Keep in mind that asymmetric ciphers are heavier and therefore much
longer, they are generally reserved for the treatment of a small amount of data.
3) One-way Cryptographic
This particular family called "hash» does not allow decryption.
Identification
While identification is a vast area, it is an integral part of the world of
computer cryptography. Indeed, identification allows to identify a source of
statistical data or not as safe without having to decrypt it beforehand.
Furthermore identification must be used to reduce luring attacks. Although
generally not sufficient, the basis of identification is usually based on the
hash.
-Hash
 The hash (hash of English) is a one-way cryptographic, that is to say, it is
not theoretically possible to go back to the original value by knowing the hash
value. There are many algorithms (MD5, SHA1, SHA256, ...). In all cases, the
hash gives a resulting chain of known length called hashing size. The value of
the hash is obviously to make the identification or data integrity control. It
can also be used for purposes of comparison. It is much safer to make a
comparison of hash values than of their counterparts in clear.
-Limitations of hash
Although very reliable, hashing has limits. The first of these limits is a
proper use, because it is quite easy to recognize a hash value and it can be
pretty easy to guess what was hatched. Therefore, the lure becomes possible.
The
second danger is to store critical values chopped too easily accessible. So if
you chop passwords and you leave the values available, you make your passwords
vulnerable to an attack by dictionary or by brute force.
-Hash with a key
To avoid the possibility of corruption of the hash, a hash is generally used
with a key, that is to say, we added a secret value to the chopping value making
it theoretically impossible to hoax.
Key generation
 This is the pivot of cryptography, without good key, no valid cryptographic.
Again, there are several techniques for key generation.
-Aleatory
The key precursors are generated randomly. Ensure that the random function is
good, which excluded Rand for example and prioritize calls to ad hoc functions.
The advantage of the random generation is that it can generate very strong keys
when it is well used.
-Derived
Very popular as they do not store the key, the derived key generation is ,
however perilous as it is reliable only if the precursors (usually passwords)
are well chosen, which will allow us to ramble a little about passwords.
-Password
The perennial problem of password is based on the ongoing struggle between
memory and strength. A strong password is usually twenty character using
sensitive letters, numbers and punctuation characters, it is more fashionable
that it does not contain any word or sequence of characters that may make it
vulnerable to a dictionary attack. We can say at once that to store "dAT9 {j
*-c3 {p5KvADyX (rb" it will take a little practice. However, a derivative key of
"Fido" presents relatively little resistance as we must find a compromise in
sensitivity of protected data and their duration.
Programming
Introduction to Java EE (Part 1)
How the Google App Engine Works
WSDL - Web Service Description Language
SOAP: Simple Object Access Protocol
Initiation to Cryptography and Encryption to Secure Data
Introduction to Design Patterns in Java
How To Write Efficient Programs in Java
Proper Management of Logs in .Net
How To Remove FaceBook Action Ids From URL |
