Difference between revisions of "Encrypting everything"
From Gender and Tech Resources
m |
m |
||
Line 9: | Line 9: | ||
* Enabling authorised transactions. | * Enabling authorised transactions. | ||
* Defending free expression. | * Defending free expression. | ||
− | * Protecting our space, our ''objects and channels'', from unauthorised access | + | * Protecting our space, our ''objects and channels'', from unauthorised access. |
* Collectively failing at putting crypto into our own hands. | * Collectively failing at putting crypto into our own hands. | ||
+ | |||
+ | This page is on the latter. See some of the below concepts applied in [[anonymising your traffic with linux]] (mostly channels), [[object encryption on linux]] and [[clean up all the things]]. | ||
== Crypto concepts == | == Crypto concepts == |
Revision as of 11:02, 24 July 2015
Until it is destroyed [1], or we run out of resources to maintain its cables, bridges, root servers and data centers, or some idiot(s) replace(s) the current internet with a panopticon-like or a military-and-corporate-only global network, the web seems to be here to stay ... but it has an ad-hoc security model added post-hoc and it is up to us to make it better!?! WTF?
Before the digital age, the biggest users of cryptography were governments, particularly for military purposes. With the advent of the net we can all use it for:
- Enabling authorised transactions.
- Defending free expression.
- Protecting our space, our objects and channels, from unauthorised access.
- Collectively failing at putting crypto into our own hands.
This page is on the latter. See some of the below concepts applied in anonymising your traffic with linux (mostly channels), object encryption on linux and clean up all the things.
Contents
Crypto concepts
- The science of sending concealed messages is known as steganography (concealed writing). It is not very secure by itself. If someone finds the hidden message, all its secrets are revealed.
- Manipulating a message so that it can not be read even if it were intercepted is known as cryptography(hidden writing).
- Cryptography takes two forms: codes and ciphers.
- A code is essentially a secret language invented to conceal the meaning of a message, a system for hiding the meaning of a message by replacing each word or phrase in the original message with another character or set of characters (codegroups). The list of replacements is contained within a codebook. To protect a message in this way is called encoding. Encoding has no built-in flexibility.
- A cipherconceals a plaintext message by replacing or scrambling its letters. This process is known as enciphering and results in a ciphertext message. Converting a ciphertext message back to a plaintext message is known as deciphering. Each cipher can be split into two halves: the algorithm and the key. The key gives a cipher some built in flexibility.
- There are two classes of ciphers. A substitution cipher changes the letters in a message to another set of letters, or cipher alphabet, while a transposition cipher shuffles the letters around.
- Coded messages are often enciphered to improve their security, a process known as superencipherment.
- Encryption covers both the act of encoding and enciphering.
- Decryption covers both decoding and deciphering.
- Cryptotext covers both codetext and ciphertext but encicode is sometimes used instead.
- The science of breaking cryptotext or encicode is known as cryptanalysis.
- The two fields cryptography and cryptanalysis together make up the science of cryptology.
Most forms of cryptography used today rely on computers. Ciphers are better known today as algorithms, the guides for encryption -- they provide a way in which to craft a message and give a certain range of possible combinations. A key, on the other hand, helps a person or computer figure out the one possibility on a given occasion.
Symmetric-key encryption
In symmetric key cryptography (alias secret key cryptography) the same key is used to encrypt and decrypt the data.
There are many different algorithms using symmetric key cryptography, offering anything from minimal to nearly unbreakable security. Some of these algorithms offer strong security, easy implementation in code, and rapid encryption and decryption. Such algorithms are very useful for encrypting files stored on a computer to protect them in case an unauthorised individual gains access to the machine. They are somewhat less useful for sending messages from one computer to another, because both ends of the communication channel must possess the key and must keep it secure. Distribution and secure storage of such keys can be difficult and can open security vulnerabilities.
Data Encryption Standard (DES)
The Data Encryption Standard is a popular symmetric-key encryption method developed in 1975 and standardised by ANSI in 1981 as ANSI X.3.92. DES uses a 56-bit key and uses the block cipher method, which breaks text into 64-bit blocks and then encrypts them.
Triple DES, also referred to as 3DES, is a mode of the DES encryption algorithm that encrypts data three times. Three 64-bit keys are used, instead of one, for an overall key length of 192 bits (the first encryption is encrypted with second key, and the resulting cipher text is again encrypted with a third key).
Asymmetric key cryptography
In asymmetric key cryptography (alias public-key encryption) different keys are used for encrypting and decrypting a message. The asymmetric key algorithms that are most useful are those in which neither key can be deduced from the other. In that case, one key can be made public while the other is kept secure. This provides some distinct advantages over symmetric encryption: the necessity of distributing secret keys to large numbers of users is eliminated, and the algorithm can be used for authentication as well as for cryptography.
Diffie-Hellman key agreement
The Diffie-Hellman key agreement algorithm was developed by Dr. Whitfield Diffie and Dr. Martin Hellman in 1976 to enable two parties who are involved in communication to generate a shared secret key for exchanging information confidentially.
- Alice and Bob exchange public keys. These keys must have the same modulo portion, a prime
p
. (see RFC 5114) - Alice and Bob each encrypt a shared, non-secret value,
g
(also usually taken from RFC 5114), using their private keys, and they exchange these encrypted values. - Alice encrypts the encrypted value received from Bob with her private key, and vice versa. These values are used as a shared session key.
For example, Alice says: 5,23 (base g = 5 and prime number p = 23, randomly chosen)
O_/ 7_O_/ _/| ---------------5,23--------------> (/ __)\ /\/' ` \ 7 Alice Bob
Bob says: 8
O_/ 7_O_/ _/| <----------------8---------------- (/ __)\ /\/' ` \ 7 Alice Bob
Alice says: 19
O_/ 7_O_/ _/| -----------------19--------------> (/ __)\ /\/' ` \ 7 Alice Bob
Alice: Now I know the key is 2. Bob: Now I know the key is 2. And both encrypt their communication with 2. How did they compute the numbers?
Modulus or modulo (abbreviated as "mod") is the Latin word for "remainder, residue" or more in "what is left after parts of the whole are taken". Thus, "modular" or "mod arithmetic" is really "remainder arithmetic". For example:
- When 7 is divided by 3 it leaves a remainder of 1, thus: 7 mod 3 = 1
- When 8 is divided by 3 it leaves a remainder of 2: 8 mod 3 = 2
- When 9 is divided by 3 it leaves no remainder: 9 mod 3 = 0.
In the example of Bob and Alice setting up a shared key, private numbers are x = 6 and y = 15. The public numbers are g = 5, n = 23, X = 8 and Y = 19.
5, 23 = (g,p) = (base,prime)
8 = X = gx mod p
19 = Y = gy mod p
The keys then are:
key1 = 2 - [Yx mod p] = 2 - [196 mod 23]
key2 = 2 - [Xy mod p] = 2 - [815 mod 23]
This solves the problem of how to pass a secret key between two parties without having any eavesdropper knowing the key. This does not solve the man in the middle attack (authentication): Someone can pretend to be Bob and share a key with Alice and Alice will send encrypted information to "Bob".
Rivest Shamir Adleman (RSA)
Ron Rivest, Adi Shamir, and Len Adleman released the Rivest-Shamir-Adleman (RSA) public key algorithm in 1978. This algorithm can be used for encrypting and signing data. The encryption and signing processes are performed through a series of modular multiplications.
Basic RSA algorithm for confidentiality:
Ciphertext = (plaintext)e mod n
Plaintext = (ciphertext)d mod n
Private Key = {d, n}
Public Key = {e, n}
Basic RSA algorithm for authentication:
Ciphertext = (plaintext)d mod n
Plaintext = (ciphertext)e mod n
Private key = {d, n}
Public key = {e, n}
Elliptic Curve Cryptography (ECC)
Elliptic Curve Cryptography provides similar functionality to RSA and is implemented in smaller devices like cell phones. It requires less computing power than RSA. ECC encryption systems are based on the idea of using points on a curve to define the public/private key pair.
El Gamal
El Gamal is an algorithm used for transmitting digital signatures and key exchanges. The method is based on calculating logarithms. The algorithm is based on the characteristics of logarithmic numbers and calculations. The Digital Signature Algorithm (DSA) is based on the El Gamal algorithm.
Digital Signature Algorithm (DSA)
The Digital Signature Algorithm (DSA) was developed by the United States government for digital signatures. DSA can be used only for signing data and it cannot be used for encryption. The DSA signing process is performed through a series of calculations based on a selected prime number. Although intended to have a maximum key size of 1,024 bits, longer key sizes are now supported.
Cryptographic hash functions
Digital signatures
Digital certificates
Cryptanalysis
Resources
- Hands-on Diffie–Hellman demonstration http://ds9a.nl/tmp/dh.html
Related
- Installing linux
- Linux applications
- Linux security
- Kinky linux command-line
- Object encryption on linux
- Anonymising your traffic with linux
- Clean up all the things
- Shell scripting
References
- ↑ How to destroy the internet http://gizmodo.com/5912383/how-to-destroy-the-internet