Connect:

T @mrak

marko@mrak.biz

FB, LI: Marko Rakar

Encryption

AES is a standard of using the Rijndael cipher, and is the most widely-accepted encryption

algorithm. It is not necessarily the most secure mathematically. The only known attacks on it right now are side-channel attacks, but that's the fault of the implementation or platform you are encrypting on.

The Rijndael cipher was chosen because it seems to be the most performant algorithm in a variety of different systems of all bit sizes tested, and it is also extraordinarily secure. If you have control over your systems, replacing government-standard DES encryption with AES will be a great step.Other highly-secure ciphers are Twofish, Serpent and RC6.

The following ciphers are outdated and either deprecated in favor of a newer cipher, or are a travesty of computer science: DES, Triple DES, Blowfish, and MARS.

HashingMd4/MD5 are relatively "easy" to break, and the SHA-1 hash has weaknesses in certain situations as well. CRC is commonly used for error detection, so maybe not the best choice for hashing per se.

For a hash, you basically just want to choose the largest block size possible, and use a salt value to avoid rainbow attacks. SHA-256 and above are still considered very secure, although your

implementation is always the weak point with hashing.

AES-256 is the standardized encryption specification. It's used worldwide by everyone from

corporations to the US government. It's largest key size is 256 bits. This means that the key, the

thing that turns encrypted data into unencrypted data, is string of 256 1s or 0s.

With each character having two possibilities (1 or 0), there are 2256 possible combinations. Typically,

only 50% of these need to be exhausted to yield the correct key, so only 2255 need to be guessed.

How long would it take to flip through each of the possible keys?

When doing mundane, repetitive calculations (such as brute-forcing or bitcoin mining), the GPU is

better suited than the CPU. A high-end GPU can typically do about 2 billion calculations per second

(2 gigaflops). So, we'll use GPUs.

Say you had a billion of these, all hooked together in a massively parallel computer system.

Together, they could perform at 2e18 flops, or

2 000 000 000 000 000 000 keys per second (2 quintillion)

1 billion gpus @ 2 gigaflops each (2 billion flops)

Since there are 31 556 952 seconds in a year, we can multiply by that to get the keys per year.*31 556 952 =6.3113904e25 keys per year (~10 septillion, 10 yottaflops)

Now we divide 2255 combinations by 6.3113904e25 keys per year:2^255 / 6.3113904e25 =9.1732631e50 years

The universe itself only existed for 14 billion (1.4e10) years. It would take ~6.7e40 times

longer than the age of the universe to exhaust half of the keyspace of a AES-256 key.

Two-factor authentication (also known as 2FA) provides unambiguous identification of users by means of the combination of two different components. These components may be something that the user knows, something that the user possesses or something that is inseparable from the user. A good example from everyday life is the withdrawing of money from a cash machine. Only the correct combination of a bank card (something that the user possesses) and a PIN (personal identification number, i.e. something that the user knows) allows the transaction to be carried out. Two-factor authentication is a type of multi-factor authentication.

BitLocker is a full disk encryption feature included with the Ultimate and Enterprise editions of Windows Vista and Windows 7, the Pro and Enterprise editions of Windows 8 Windows 8.1 and Windows Server 2008 and later. It is designed to protect data by providing encryption for entire

volumes. By default it uses the AES encryption algorithm in cipher block chaining (CBC) mode with a 128-bit or 256-bit key, combined with the Elephant diffuser for additional disk encryption-specific security not provided by AES.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

EFS is available in all versions of Windows developed for business environments from Windows 2000 onwards. By default, no files are encrypted, but encryption can be enabled by users on a per-file, per-directory, or per-drive basis. Some EFS settings can also be mandated via Group Policy in Windows domain environments.

EFS supports industry-standard encryption algorithms including Advanced Encryption Standard (AES), Secure Hash Algorithm (SHA), elliptic curve cryptography (ECC), smart card–based encryption, and other features.

CORSAIR USB 2.0 Flash Padlock 2 8GB 256-bit AES Hardware Encrypted USB Flash Drive

Some of the easiest-to-remember passwords aren’t words at all but collections of words that form a phrase or sentence, perhaps the opening sentence to your favorite novel, or the opening line to a good joke. Complexity is nice, but length is key. It used to be the case that picking an alphanumeric password that was 8-10 characters in length was a pretty good practice. These days, it’s increasingly affordable to build extremely powerful and fast password cracking tools that can try tens of millions of possible password combinations per second. Just remember that each character you add to a password or passphrase makes it an order of magnitude harder to attack via brute-force methods.

To hack two-factor authentication, the bad guys must acquire either the physical component of the log-in, or must gain access to the cookies or tokens placed on the device by the authentication mechanism. This can happen in several ways, including a phishing attack, malware, or credit card-reader skimming.

There is a another way, however: account recovery.

Main (computer) account

Main (email) account)

Payable services

Regulary used services

All other services

Highly complex and unique password, never used elsewhere

Highly complex and unique password, never used elsewhere

Highly complex password used with variations on similar services

Regular password used (with or without variations) on services without personal info

One time „Password1234” kind of passwords

Notes:• Crypto 101, Laurens Van Houtven• Time and energy required to brute-force a AES-256 encryption key.