## Cryptography basics

Written on 3 December 2014, 11:07pm

Tagged with: , ,

## 1. Steganography

The science of hiding the existence of a message, as opposed to cryptography. A type of security through obscurity.
Ex. message written on the head of a messenger and sent only when it’s covered by the messenger growing hair; microdots; physical templates applied to a long text to highlight only some of the words.
http://en.wikipedia.org/wiki/Steganography

## 2. Cryptography

The practice of secured communication. The science of encrypting a message, or concealing the meaning of a message.

• Transposition ciphers – letters do not change, but move position
• Substitution ciphers – letters change, but keep position
1. Caesar shift: all the letters of the alphabet shift a number of positions (from 1 to 26)
2. Simple monoalphabetic substitution: substituting a different letter for every letter. The cipher alphabet is fixed throughout the encryption. Both methods fail to basic frequency analysis
3. Monoalphabetic with Homophones: a plaintext letter can be enciphered in many ways (typically numbers or symbols) – making the encryption resistant to a basic frequency analysis
4. Polyalphabetic substitution – alphabet matrix + password repeated until it has the same length as the plain text message (VigenĂ¨re cypher). The cipher alphabet changes during the encryption; the change is defined by a key. The longer the key, the more secure; but less practical for everyday use.
• A mix between transposition and substitution: ADFGVX (used to send Morse code messages)
• One time pad – the only form of encryption that is unbreakable, relying on a random key that is the same length as the message. Each key can be used only once. Impractical for extended use.

## 3. Cryptanalysis

The science of deducting the plain text from a cyphertext, without knowledge of the key.
One of the most used methods at the beginning: frequency analysis
http://en.wikipedia.org/wiki/Cryptanalysis

## Random things #6

Written on 28 November 2014, 11:27am

Tagged with: , , , , ,

## 1. A few things about yum:

yum plugins
yum update openssl package (heartbleed anyone?)

Info about yum and openssl packages:
`yum info yum`
`yum info openssl`

Run yum without plugins:
`yum --noplugins`

Update openssl package:
`yum update openssl`

To check that a certain CVE (common vulnerability and exposure) is fixed in the current installation:
`rpm -q --changelog openssl | grep CVE-2014-0224`

To check openssl version:
`openssl version -a`

## 2. vi quick commands:

`insert` to start editing
`escape` to stop editing
`:x` to save and exit (in view mode)
`u` to undo (in view mode)

### 3. SFTP Sublime Text plugin is awesome

And it’s only \$20

## Security concepts

Written on 24 November 2014, 11:08pm

Tagged with:

The CIA of security
`Confidentiality + Integrity + Availability`
+ (in time) – Authentication and Non-repudiation

Operational model of computer security
`Protection = Prevention + (Detection + Response)`

Other security concepts
– Least privilege
– Separation of duties
– Implicit deny
– Job rotation
– Layered security
– Diversity of defense
– Security through obscurity: pushing your favorite ice cream to the back of the freezer, or making your admin URL hard to guess đŸ™‚

Identification vs Authentication vs Authorization
Identification – who are you? (typically an username)
Authentication – how can you prove who you are?
– something you know (a password)
– something you have (a physical token)
– something you are (fingerprint reader)
Authorization – what you can do once you are authenticated?

Access control
– DAC – discretionary access control
– MAC – mandatory access control
– RBAC – role based access control
– RBAC – rule based access control

Image: istockphoto