Upload
domen-savic
View
163
Download
0
Embed Size (px)
Citation preview
Encryption
AES is a standard of using the Rijndael cipher, and is the most widely-accepted encryption
algorithm. It is not necessarily the most secure mathematically. The only known attacks on it right now are side-channel attacks, but that's the fault of the implementation or platform you are encrypting on.
The Rijndael cipher was chosen because it seems to be the most performant algorithm in a variety of different systems of all bit sizes tested, and it is also extraordinarily secure. If you have control over your systems, replacing government-standard DES encryption with AES will be a great step.Other highly-secure ciphers are Twofish, Serpent and RC6.
The following ciphers are outdated and either deprecated in favor of a newer cipher, or are a travesty of computer science: DES, Triple DES, Blowfish, and MARS.
HashingMd4/MD5 are relatively "easy" to break, and the SHA-1 hash has weaknesses in certain situations as well. CRC is commonly used for error detection, so maybe not the best choice for hashing per se.
For a hash, you basically just want to choose the largest block size possible, and use a salt value to avoid rainbow attacks. SHA-256 and above are still considered very secure, although your
implementation is always the weak point with hashing.
AES-256 is the standardized encryption specification. It's used worldwide by everyone from
corporations to the US government. It's largest key size is 256 bits. This means that the key, the
thing that turns encrypted data into unencrypted data, is string of 256 1s or 0s.
With each character having two possibilities (1 or 0), there are 2256 possible combinations. Typically,
only 50% of these need to be exhausted to yield the correct key, so only 2255 need to be guessed.
How long would it take to flip through each of the possible keys?
When doing mundane, repetitive calculations (such as brute-forcing or bitcoin mining), the GPU is
better suited than the CPU. A high-end GPU can typically do about 2 billion calculations per second
(2 gigaflops). So, we'll use GPUs.
Say you had a billion of these, all hooked together in a massively parallel computer system.
Together, they could perform at 2e18 flops, or
2 000 000 000 000 000 000 keys per second (2 quintillion)
1 billion gpus @ 2 gigaflops each (2 billion flops)
Since there are 31 556 952 seconds in a year, we can multiply by that to get the keys per year.*31 556 952 =6.3113904e25 keys per year (~10 septillion, 10 yottaflops)
Now we divide 2255 combinations by 6.3113904e25 keys per year:2^255 / 6.3113904e25 =9.1732631e50 years
The universe itself only existed for 14 billion (1.4e10) years. It would take ~6.7e40 times
longer than the age of the universe to exhaust half of the keyspace of a AES-256 key.
Two-factor authentication (also known as 2FA) provides unambiguous identification of users by means of the combination of two different components. These components may be something that the user knows, something that the user possesses or something that is inseparable from the user. A good example from everyday life is the withdrawing of money from a cash machine. Only the correct combination of a bank card (something that the user possesses) and a PIN (personal identification number, i.e. something that the user knows) allows the transaction to be carried out. Two-factor authentication is a type of multi-factor authentication.
BitLocker is a full disk encryption feature included with the Ultimate and Enterprise editions of Windows Vista and Windows 7, the Pro and Enterprise editions of Windows 8 Windows 8.1 and Windows Server 2008 and later. It is designed to protect data by providing encryption for entire
volumes. By default it uses the AES encryption algorithm in cipher block chaining (CBC) mode with a 128-bit or 256-bit key, combined with the Elephant diffuser for additional disk encryption-specific security not provided by AES.
The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.
EFS is available in all versions of Windows developed for business environments from Windows 2000 onwards. By default, no files are encrypted, but encryption can be enabled by users on a per-file, per-directory, or per-drive basis. Some EFS settings can also be mandated via Group Policy in Windows domain environments.
EFS supports industry-standard encryption algorithms including Advanced Encryption Standard (AES), Secure Hash Algorithm (SHA), elliptic curve cryptography (ECC), smart card–based encryption, and other features.
Some of the easiest-to-remember passwords aren’t words at all but collections of words that form a phrase or sentence, perhaps the opening sentence to your favorite novel, or the opening line to a good joke. Complexity is nice, but length is key. It used to be the case that picking an alphanumeric password that was 8-10 characters in length was a pretty good practice. These days, it’s increasingly affordable to build extremely powerful and fast password cracking tools that can try tens of millions of possible password combinations per second. Just remember that each character you add to a password or passphrase makes it an order of magnitude harder to attack via brute-force methods.
To hack two-factor authentication, the bad guys must acquire either the physical component of the log-in, or must gain access to the cookies or tokens placed on the device by the authentication mechanism. This can happen in several ways, including a phishing attack, malware, or credit card-reader skimming.
There is a another way, however: account recovery.
Main (computer) account
Main (email) account)
Payable services
Regulary used services
All other services
Highly complex and unique password, never used elsewhere
Highly complex and unique password, never used elsewhere
Highly complex password used with variations on similar services
Regular password used (with or without variations) on services without personal info
One time „Password1234” kind of passwords
Notes:• Crypto 101, Laurens Van Houtven• Time and energy required to brute-force a AES-256 encryption key.