Nytro Posted January 15, 2012 Report Posted January 15, 2012 [h=1]An Overview of Cryptography [/h][h=3]Gary C. Kessler27 December 2011[/h] [h=4]A much shorter, edited version of this paper appears in the 1999 Edition of Handbook on Local Area Networks, published by Auerbach in September 1998. Since that time, this paper has taken on a life of its own...[/h] [h=3]CONTENTS[/h] 1. INTRODUCTION2. THE PURPOSE OF CRYPTOGRAPHY3. TYPES OF CRYPTOGRAPHIC ALGORITHMS3.1. Secret Key Cryptography3.2. Public-Key Cryptography3.3. Hash Functions3.4. Why Three Encryption Techniques?3.5. The Significance of Key Length4. TRUST MODELS4.1. PGP Web of Trust4.2. Kerberos4.3. Public Key Certificates and Certification Authorities4.4. Summary5. CRYPTOGRAPHIC ALGORITHMS IN ACTION5.1. Password Protection5.2. Some of the Finer Details of Diffie-Hellman Key Exchange5.3. Some of the Finer Details of RSA Public-Key Cryptography5.4. Some of the Finer Details of DES, Breaking DES, and DES Variants5.5. Pretty Good Privacy (PGP)5.6. IP Security (IPsec) Protocol5.7. The SSL "Family" of Secure Transaction Protocols for the World Wide Web5.8. Elliptic Curve Cryptography5.9. The Advanced Encryption Standard and Rijndael5.10. Cisco's Stream Cipher5.11. TrueCrypt6. CONCLUSION... OF SORTS7. REFERENCES AND FURTHER READINGA. SOME MATH NOTESA.1. The Exclusive-OR (XOR) FunctionA.2. The modulo FunctionABOUT THE AUTHOR[h=3]1. INTRODUCTION[/h] Does increased security provide comfort to paranoid people? Or does security provide some very basic protections that we are naive to believe that we don't need? During this time when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with. There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography, which is the focus of this chapter. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. The reader is advised, then, that the topics covered in this chapter only describe the first of many steps necessary for better security in any number of situations. This paper has two major purposes. The first is to define some of the terms and concepts behind basic cryptographic methods, and to offer a way to compare the myriad cryptographic schemes in use today. The second is to provide some real examples of cryptography in use today. I would like to say at the outset that this paper is very focused on terms, concepts, and schemes in current use and is not a treatise of the whole field. No mention is made here about pre-computerized crypto schemes, the difference between a substitution and transposition cipher, cryptanalysis, or other history. Interested readers should check out some of the books in the bibliography below for this detailed — and interesting! — background information. [h=3]2. THE PURPOSE OF CRYPTOGRAPHY[/h] Cryptography is the science of writing in secret code and is an ancient art; the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously sometime after writing was invented, with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet. Within the context of any application-to-application communication, there are some specific security requirements, including:Authentication: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.Integrity: Assuring the receiver that the received message has not been altered in any way from the original.Non-repudiation: A mechanism to prove that the sender really sent this message. Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication. There are, in general, three types of cryptographic schemes typically used to accomplish these goals: secret key (or symmetric) cryptography, public-key (or asymmetric) cryptography, and hash functions, each of which is described below. In all cases, the initial unencrypted data is referred to as plaintext. It is encrypted into ciphertext, which will in turn (usually) be decrypted into usable plaintext. In many of the descriptions below, two communicating parties will be referred to as Alice and Bob; this is the common nomenclature in the crypto field and literature to make it easier to identify the communicating parties. If there is a third or fourth party to the communication, they will be referred to as Carol and Dave. Mallory is a malicious party, Eve is an eavesdropper, and Trent is a trusted third party.Tutorial complet:http://www.garykessler.net/library/crypto.html Quote
co4ie Posted January 16, 2012 Report Posted January 16, 2012 Super tare tutorialul !!Complet si explicat pt toata lumea ! Off: Nytro ... 90% din posturile facute de tine (news si tutoriale) le faci cu 1 min intaintea mea:| ... Quote