Cryptography basics

Written on 3 December 2014, 11:07pm

Tagged with: , ,

1. Steganography

The science of hiding the existence of a message, as opposed to cryptography. A type of security through obscurity.
Ex. message written on the head of a messenger and sent only when it’s covered by the messenger growing hair; microdots; physical templates applied to a long text to highlight only some of the words.

2. Cryptography

The practice of secured communication. The science of encrypting a message, or concealing the meaning of a message.

  • Transposition ciphers – letters do not change, but move position
  • Substitution ciphers – letters change, but keep position
    1. Caesar shift: all the letters of the alphabet shift a number of positions (from 1 to 26)
    2. Simple monoalphabetic substitution: substituting a different letter for every letter. The cipher alphabet is fixed throughout the encryption. Both methods fail to basic frequency analysis
    3. Monoalphabetic with Homophones: a plaintext letter can be enciphered in many ways (typically numbers or symbols) – making the encryption resistant to a basic frequency analysis
    4. Polyalphabetic substitution – alphabet matrix + password repeated until it has the same length as the plain text message (Vigenère cypher). The cipher alphabet changes during the encryption; the change is defined by a key. The longer the key, the more secure; but less practical for everyday use.
  • A mix between transposition and substitution: ADFGVX (used to send Morse code messages)
  • One time pad – the only form of encryption that is unbreakable, relying on a random key that is the same length as the message. Each key can be used only once. Impractical for extended use.

3. Cryptanalysis

The science of deducting the plain text from a cyphertext, without knowledge of the key.
One of the most used methods at the beginning: frequency analysis

substitution cipher

basic cryptanalisis

Random things #6

Written on 28 November 2014, 11:27am

Tagged with: , , , , ,

1. A few things about yum:

yum plugins
yum update openssl package (heartbleed anyone?)

Info about yum and openssl packages:
yum info yum
yum info openssl

Run yum without plugins:
yum --noplugins

Update openssl package:
yum update openssl

To check that a certain CVE (common vulnerability and exposure) is fixed in the current installation:
rpm -q --changelog openssl | grep CVE-2014-0224

To check openssl version:
openssl version -a

2. vi quick commands:

insert to start editing
escape to stop editing
:x to save and exit (in view mode)
u to undo (in view mode)

3. SFTP Sublime Text plugin is awesome

And it’s only $20

Security concepts

Written on 24 November 2014, 11:08pm

Tagged with:

The CIA of security
Confidentiality + Integrity + Availability
+ (in time) – Authentication and Non-repudiation

Operational model of computer security
Protection = Prevention + (Detection + Response)

Other security concepts
– Least privilege
– Separation of duties
– Implicit deny
– Job rotation
– Layered security
– Diversity of defense
– Security through obscurity: pushing your favorite ice cream to the back of the freezer, or making your admin URL hard to guess đŸ™‚

Identification vs Authentication vs Authorization
Identification – who are you? (typically an username)
Authentication – how can you prove who you are?
– something you know (a password)
– something you have (a physical token)
– something you are (fingerprint reader)
Authorization – what you can do once you are authenticated?

Access control
– DAC – discretionary access control
– MAC – mandatory access control
– RBAC – role based access control
– RBAC – rule based access control

Image: istockphoto