بودكاست ينزل يومي الأحد و الخميس من كل اسبوع يهتم بجميع انواع الترفيه من العاب، افلام، مسلسلات، كوميكس ، انمي، مانجا، بعفوية يحبها قلبك
…
continue reading
Вміст надано Mohamed Elsherif. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Mohamed Elsherif або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !
Переходьте в офлайн за допомогою програми Player FM !
EP46 - AskDeveloper Podcast - Cryptography - Part 1 - Introduction and Hashing
MP3•Головна епізоду
Manage episode 161857741 series 26781
Вміст надано Mohamed Elsherif. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Mohamed Elsherif або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Information Security 1. Introduction ? Security by obscurity § Steganography ? Hiding data inside another form of data, like using non-used bits in image to hide a message § Cool, but not practical. § Disadvantages ? Algorithm secrecy vs. key secrecy ? Cryptography is everywhere and yet if done right, you can barely see it. ? Goals: § Confidentiality ? Secrets stay secret. § Integrity ? Data is not tampered with. § Non-Repudiation ? No party can deny sending messages. § Authentication ? Each party can ensure that the sender is what they expect. ? Cryptography § Hashing § Encryption § Signing § Protocols ? Random Number Generators § Extremely important, almost all encryption/hashing strength is affected by how random the random number generator is. § Don't use simple random number, use a cryptographic random number generator with a sophisticated source of entropy. § Pseudorandom number generator § Dual_EC_DRBG random generator backdoor 2. Body ? Hashing (one Way) § Properties ? Fixed length output no matter what size the input was ? Very easy to compute the hash of a given message, however very hard to compute from a hash the corresponding input. ? Mathematically infeasible to generate a message that has a given hash ? Any modification to a message produces a completely different hash that has no relationship to the original message's hash. ? It is mathematically infeasible to find two messages with the same hash. Hash Collision § Hashing Functions ? Provides data integrity, however lacks authentication ? Examples ® MD5 ? Considered Insecure ® Secure Hash Family SHA-X, Sha-1, Sha-2 [Sha256, Sha512], Sha-3 ? Sha-1 is considered insecure. ? Sha-1, Sha-2 designed by NSA ? Sha-3 is not designed by NSA, Competition winner. ? Attacks ® Brute force ? CPU's are getting faster and cheaper every day. ? GPU's are getting faster and cheaper every day. ? Special Hash calculating hardware is becoming more available especially with the BitCoin push. ® Rainbow table attacks ? Pre-Calculated tables where you can reverse lookup a hash to a value ? Try www.crackstation.net § Hash Message Authentication Codes (HMAC) ? Adds authentication to integrity ? Can be used with all previous algorithms, HMACMD5, HMACShA1, HMAC256 … etc. § Salted Hash ? Adds random salt to mitigate rainbow table ? Salts are unique per record, and not a secret. § Password Based Key Derivation Function (PBKDF2) ? RSA Public Key Cryptographic Standard PKCS #5 Version 2.0 ? Internet Engineering Task Force RFC 2898 Specification ® Adds a lot of iterations to slow it just enough to mitigate brute force (default 50,000 iterations) ® Adds random salt to mitigate rainbow table ? Disadvantage: It can be easily implemented with hardware which makes it vulnerable to bruteforce even with high number of iterations § Bcrypt ? Password Hashing function ? State of the art password hashing § Usages ? Integrity Check Password Storage Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe
…
continue reading
93 епізодів
MP3•Головна епізоду
Manage episode 161857741 series 26781
Вміст надано Mohamed Elsherif. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Mohamed Elsherif або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Information Security 1. Introduction ? Security by obscurity § Steganography ? Hiding data inside another form of data, like using non-used bits in image to hide a message § Cool, but not practical. § Disadvantages ? Algorithm secrecy vs. key secrecy ? Cryptography is everywhere and yet if done right, you can barely see it. ? Goals: § Confidentiality ? Secrets stay secret. § Integrity ? Data is not tampered with. § Non-Repudiation ? No party can deny sending messages. § Authentication ? Each party can ensure that the sender is what they expect. ? Cryptography § Hashing § Encryption § Signing § Protocols ? Random Number Generators § Extremely important, almost all encryption/hashing strength is affected by how random the random number generator is. § Don't use simple random number, use a cryptographic random number generator with a sophisticated source of entropy. § Pseudorandom number generator § Dual_EC_DRBG random generator backdoor 2. Body ? Hashing (one Way) § Properties ? Fixed length output no matter what size the input was ? Very easy to compute the hash of a given message, however very hard to compute from a hash the corresponding input. ? Mathematically infeasible to generate a message that has a given hash ? Any modification to a message produces a completely different hash that has no relationship to the original message's hash. ? It is mathematically infeasible to find two messages with the same hash. Hash Collision § Hashing Functions ? Provides data integrity, however lacks authentication ? Examples ® MD5 ? Considered Insecure ® Secure Hash Family SHA-X, Sha-1, Sha-2 [Sha256, Sha512], Sha-3 ? Sha-1 is considered insecure. ? Sha-1, Sha-2 designed by NSA ? Sha-3 is not designed by NSA, Competition winner. ? Attacks ® Brute force ? CPU's are getting faster and cheaper every day. ? GPU's are getting faster and cheaper every day. ? Special Hash calculating hardware is becoming more available especially with the BitCoin push. ® Rainbow table attacks ? Pre-Calculated tables where you can reverse lookup a hash to a value ? Try www.crackstation.net § Hash Message Authentication Codes (HMAC) ? Adds authentication to integrity ? Can be used with all previous algorithms, HMACMD5, HMACShA1, HMAC256 … etc. § Salted Hash ? Adds random salt to mitigate rainbow table ? Salts are unique per record, and not a secret. § Password Based Key Derivation Function (PBKDF2) ? RSA Public Key Cryptographic Standard PKCS #5 Version 2.0 ? Internet Engineering Task Force RFC 2898 Specification ® Adds a lot of iterations to slow it just enough to mitigate brute force (default 50,000 iterations) ® Adds random salt to mitigate rainbow table ? Disadvantage: It can be easily implemented with hardware which makes it vulnerable to bruteforce even with high number of iterations § Bcrypt ? Password Hashing function ? State of the art password hashing § Usages ? Integrity Check Password Storage Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe
…
continue reading
93 епізодів
Усі епізоди
×Ласкаво просимо до Player FM!
Player FM сканує Інтернет для отримання високоякісних подкастів, щоб ви могли насолоджуватися ними зараз. Це найкращий додаток для подкастів, який працює на Android, iPhone і веб-сторінці. Реєстрація для синхронізації підписок між пристроями.