The following are the most common encryption algorithms:

1. AES (Advanced Encryption Standard): AES is a block cipher adopted as an encryption standard by the US government. AES was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and is therefore also called ‘Rijndael’ (however, AES is not precisely Rijndael, as Rijndael supports a larger range of block and key sizes).

AES has a fixed block size of 128 bits and a key size of 128,192 or 256 bits. AES is fast in both software and hardware, is relatively easy to implement, and besides, it requires little memory. As a new encryption standard, it is currently being deployed on a large scale.

2. Blowfish: Blowfish is another widely used encryption standard. It is a block cipher algorithm developed by Bruce Schneider. Blowfish is a variable-length key algorithm. The most common key lengths are 128-bit and 160-bit.

3. DES: DES has a fixed key length of 56 bits. DES is a block cipher algorithm developed by the National Institute of Standards and Technology (NIST) Data Encryption Standard.

4. Triple DES: Triple DES is a version of DES that encrypts a message or file three times using the DES 56-bit key. A plain text message or file is encrypted. The encrypted message is again encrypted, and the twice-encrypted message is encrypted a third time using DES.

5. RC4: RC4 is a stream cipher developed by RSA Data Security, Inc. The key-length is variable but typically limited to 40 bits. A 40-bit version of RC4 is also used by MS Office 97 for data encryption.

6. Message Digest (MD): MD is also sometimes referred to as a digital fingerprint. It is a number which is calculated from all the information in a message through the use of a cryptographic hash function, and which can be used to verify the data integrity of the message. Any change to the message, even of a single bit, typically results in a dramatically different message digest.

A message digest algorithm is considered ’secure’ if it is not computationally feasible to determine the content of a message from its message digest, nor to find ‘collisions’, wherein two different messages have the same message digest. In order to increase speed, most digital signature algorithms specify that only the digest of the message be ’signed’. Message digests can also be used in the generation of pseudorandom bits. SHA-1, MD5, and RIPEMD-160 are among the most commonly used message digest algorithms.

Time and power: Encryption may end up hogging a lot of time as well as power. The task of encryption as a whole is a time consuming one and it also takes up a lot of CPU cycles-this may retard system performance to a considerable extent, and if the pressure mounts, you stand to lose your entire data.

Poor usage: Encryption may lead you to a sense of false security. It’s not as if by encrypting the data, you can solve all your security problems. Make sure that you still pay enough attention to network and operating system security. Many users tend to disregard fundamental security practices for a file if it is encrypted. This becomes a security flaw because as we know, certain information should never be transmitted-encrypted or not. So it’s vital to remember that information security requires much more than just encryption. Make sure to always maintain the standard security procedure-authentication, configuration management, good design, access controls, firewalls, audting, security practices, and security awareness training.

Key length and cryptanalysis: Cryptanalysis is the study of trying to break ciphers. The most common method used by cryptanalysts is the brute force method.

Brute force means that the user tries all keys till the end result resembles estimated plain text. Given enough time and computing power, and/or special hardware, all key-based algorithms are theoretically breakable depending on the time and computing resources available. For example a 56-bit key algorithm broken in 1995 was said to have taken one week and about 120,000 processors

Encryption can be deceptive: Encryption becomes redundant if the intruder is able to penetrate your system and access the plain text data directly from the stored files. Intruders can access memory contents by means of modifying network protocols, placing key loggers or using Trojans to get access to keys or plain text data or to completely subvert the encryption process. Also, be wary of rumors regarding encryption. Claims such as ‘encryption could stop computer crackers’ are false. Encryption does nothing to protect one against the many common methods of attack. These may include those that exploit bad default settings or vulnerabilities in network protocols or software.

Bugs: Finally, even with the strongest encryption algorithms, you can never be hundred percent sure that there are no loopholes or bugs. They are after all, codes which are bound to have alternate ways to hack, which might make passwords etc easy to hack. This in turn means that no matter how good your encryption is, the supposedly secured information can still be read

]]> http://www.flashcardcommunity.com/encryption-caveats/feed/ http://www.flashcardcommunity.com/not-everything-that-glitters-is-gold/ http://www.flashcardcommunity.com/not-everything-that-glitters-is-gold/#comments Thu, 28 Aug 2008 23:30:46 +0000 admin http://www.flashcardcommunity.com/?p=6088 But there’s a small catch. True, public key is ultra secure, but it comes at a huge price- it’s generally anywhere from 100 to 1000 times slower than the equivalent single key encryption. This is basically due to the overhead associated with the calculation of the tremendous mathematical relationship between public and private keys.

Another prime variable that affects the encryption is the key length used by the algorithms. The key length is basically the number of bits used for the encryption key.

All tools encrypt data in blocks, and the key length for modern encryption algorithms varies from 128 bits to 448 bits and beyond. The most common key lengths used are 64-bit, 128-bit, 256-bit and 448-bit. The most secure keys today are the ones with ‘pattern-less’ algorithms that can be attacked only by “brute force’
, thait is ,by trying every possible combination. Algorithms that use longer keys are generally more secure for the simple reason the longer the key, the more possible combination exist.

Public key encryption is considered significantly more secure than symmetric key encryption, not because of the algorithms used-in fact, the algorithms used in both types are equally secure but because the method of key transmission is so much more secure.

Going back to our earlier example where you need to send your tender document to your boss, this is what you would do using the public key algorithm: your boss would generate a set of keys - public key and private key. He would then send you the public key, which you would use to encrypt the document, and you would transmit only this encrypted document back. And he would use the other key of the pair (private key) to decrypt the data. So, unlike symmetric key encryption, here the private key (actual key used to unlock the data) is never transmitted. So even if you publish your public key on the front page of the Times of India, as long as your private key is with you, your data is safe.

Two prime factors that you have to take into consideration while encrypting are the types of algorithms and key length used by the tools.

Encryption algorithms can be of two basic types: symmetric (single-key) algorithms, which are comparatively faster but less secure, and asymmetric (public key) algorithms that are slower but more secure than the normal single-key techniques.

Symmetric algorithms use the same key for both encryption and decryption. For example, if you were to transfer the details of your tender to your boss, using symmetric key algorithms this is what you would do: generate a secret key, encrypt the data using that key and mail the encrypted data. Later, you wouId have to transmit the secret key to your boss either by mail, fax or phone. On receiving the key, your boss would be able to decrypt the data. Now even if your competitors were to intercept this transaction, they would not have the key to decrypt the data. So essentially, the data would be worthless without the decryption key.

Encryption tools essentially act as ciphers that convert information into secret code that only you or the intended recipient can access, leaving the data unreadable for any third party.

Encryption utilities are available dime-a-dozen these days and most of them are easy-to-use utilities available as freeware or shareware.

So why take a chance with your data? Just zero down on the one that fits your requirement the best. Here’s a little background on the what’s, why’s and how’s of cryptography, and some not-so-tech explanations of the principles and methods of data encryption. Finally, we also take a look at some of the most popular encryption tools available

But no matter what you do, no matter how many doors you close, there are always those backdoor entries that evade you and the fear still remains. Especially now when you know that there are plenty of readymade tools for hackers: sniffers, spoofing techniques and plenty of others, all freely available on the Internet. Armed with these, even an amateur can find it an easy matter to break into your system and grab your data.

What does one do in situations like this? Well, one good option is encryption. Most of us have some kind of sensitive data on our system that we’d rather no one else had access to. It cou Id be anything from vital business documents, research data, political secrets, financial details  or something as trivial as a romantic tete-ii-tete you’d rather not have anyone else see. It’s always easier to simply encrypt such data and rest assured that unless decoded, it’s complete gibberish to the prowler.

Another plus with online backups is that they are centralized and thus make it easier to track that ad-hoc backups on separate work stations- it makes life much simpler for administrators. Finally with online backups you can be rest assured that your data is comparatively safer from physical disasters.

On the downside the biggest drawback with online backups is the high bandwidth requirement. It becomes mandatory to have a good bandwidth for backups and restores, especially for backing up large media files. With 64kbps bandwidth you could end up waiting for an eternity for a complete initial backup. Given the current bandwidth scenario in some countries this can be an issue to content with.

]]> http://www.flashcardcommunity.com/online-backups-continued/feed/ http://www.flashcardcommunity.com/make-the-switch-store-online/ http://www.flashcardcommunity.com/make-the-switch-store-online/#comments Mon, 11 Aug 2008 10:48:18 +0000 admin http://www.flashcardcommunity.com/?p=6036 Initially when somebody mentioned the idea of online backups to me the idea struck to me as uber-foolish, today with hard disks zip drives and mobile laptops, who in the hell really needs more storage space. Besides, we usually back up vital data- only a fool would risk putting all his data online for hackers to have a field day.

But after a little deliberation I realized that there is something about backups, it’s not about free online storage at all- it’s about control, convenience and the collaboration of data.

Such backups make most sense for the individuals and small and medium - size companies with high speed internet connections; online backups could also be ideal solution to problems like remote access, offsite storage, frequent backup requirements and real time interconnections across locations, employees can share spreadsheets, databases, etc online. And of course they save a lot of theme take for disaster recovery. Anyone who has to deal with a nasty virus or a crashed drive would know what I mean.

We would continue on the topic in our next post…

All the major Olympic events are being streamed live by various networks. Normally it wouldn’t be a worry to anybody but with the massive internet usage growth and the restriction imposed by Chinese Government over number of streaming servers has definitely made it a problem, one which we need to at the very least think about.

If we only count the internet users from China and US, the number is about 430 million. Even if we assume that only 50% of the people of these two countries use the internet to watch the Olympics, we can easily figure out what are we up against. But the picture is going to be larger than this; entire world is watching the Olympics and will be streaming the videos.

The question that is on our hands is will the internet be able to pass the Olympic test. I expect it to be answered in a few days time.