1. Steganography

The science of hiding the existence of a message, as opposed to cryptography. A type of security through obscurity.
Ex. message written on the head of a messenger and sent only when it’s covered by the messenger growing hair; microdots; physical templates applied to a long text to highlight only some of the words.
http://en.wikipedia.org/wiki/Steganography

2. Cryptography

The practice of secured communication. The science of encrypting a message, or concealing the meaning of a message.

• Transposition ciphers – letters do not change, but move position
• Substitution ciphers – letters change, but keep position
  1. Caesar shift: all the letters of the alphabet shift a number of positions (from 1 to 26)
  2. Simple monoalphabetic substitution: substituting a different letter for every letter. The cipher alphabet is fixed throughout the encryption. Both methods fail to basic frequency analysis
  3. Monoalphabetic with Homophones: a plaintext letter can be enciphered in many ways (typically numbers or symbols) – making the encryption resistant to a basic frequency analysis
  4. Polyalphabetic substitution – alphabet matrix + password repeated until it has the same length as the plain text message (Vigenère cypher). The cipher alphabet changes during the encryption; the change is defined by a key. The longer the key, the more secure; but less practical for everyday use.
• A mix between transposition and substitution: ADFGVX (used to send Morse code messages)
• One time pad – the only form of encryption that is unbreakable, relying on a random key that is the same length as the message. Each key can be used only once. Impractical for extended use.

3. Cryptanalysis

The science of deducting the plain text from a cyphertext, without knowledge of the key.
One of the most used methods at the beginning: frequency analysis
http://en.wikipedia.org/wiki/Cryptanalysis

It’s the speed geek’s favorite time of the year – so I am bookmarking some links for later use 🙂

Starting from the 2014 performance calendar and jumping from link to link:
1. HTTPS and web performance: SSL server test, HSTS header, cache, keep alive, etc…
2. Is it fast yet?

TLS has exactly one performance problem: it is not used widely enough.
Everything else can be optimized.

3. High Performance Browser Networking by Ilya Grigorik – made available by O’Reilly for free.
4. High Performance Web Sites and Even Faster Web Sites by Steve Souders
5. Improving Smashing Magazine’s Performance: A Case Study

And some names in the web performance field:
Tim Kadlec
Ilya Grigorik
Steve Souders
Stoyan Stefanov

1. Custom templates for request debug output

Use case: you want to temporarily enable debug output in a production environment (ex – to determine the cause of a specific performance problem), but you obviously don’t want the users to see the debug information.
Solutions:
– restrict debug output to your IP only (if you know exactly who is behind your IP), but it will still introduce a performance problem (the IP has to be checked for every request)
– create a custom debug template (*) – example logging.cfm instead of classic.cfm and log all the details you need instead of outputting
– create an empty debug template (silent.cfm), then create a component with a main logging method based on the classic.cfm debug template. Call this main method onRequestEnd to log all the needed details.

(*) A custom debug template can be created and placed in the WEB-INF/debug ColdFusion folder. The classic.cfm template can be used as starting point.
More info: http://www.bennadel.com/blog/116-finding-template-execution-stack-in-coldfusion.htm

2. When a ColdFusion template cannot be found

Use onMissingTemplate and return a 404 HTTP error code. Let the web server handle the error:

<cffunction name="onMissingTemplate">
    <cfargument name="targetPage" type="string" required="true"/>
    <cfheader statuscode="404" statustext="Not Found">
</cffunction>

(more…)