بودكاست ينزل يومي الأحد و الخميس من كل اسبوع يهتم بجميع انواع الترفيه من العاب، افلام، مسلسلات، كوميكس ، انمي، مانجا، بعفوية يحبها قلبك
…
continue reading
Mohamed Elsherif에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Mohamed Elsherif 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
EP46 - AskDeveloper Podcast - Cryptography - Part 1 - Introduction and Hashing
Manage episode 161857741 series 26781
Mohamed Elsherif에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Mohamed Elsherif 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Information Security 1. Introduction ? Security by obscurity § Steganography ? Hiding data inside another form of data, like using non-used bits in image to hide a message § Cool, but not practical. § Disadvantages ? Algorithm secrecy vs. key secrecy ? Cryptography is everywhere and yet if done right, you can barely see it. ? Goals: § Confidentiality ? Secrets stay secret. § Integrity ? Data is not tampered with. § Non-Repudiation ? No party can deny sending messages. § Authentication ? Each party can ensure that the sender is what they expect. ? Cryptography § Hashing § Encryption § Signing § Protocols ? Random Number Generators § Extremely important, almost all encryption/hashing strength is affected by how random the random number generator is. § Don't use simple random number, use a cryptographic random number generator with a sophisticated source of entropy. § Pseudorandom number generator § Dual_EC_DRBG random generator backdoor 2. Body ? Hashing (one Way) § Properties ? Fixed length output no matter what size the input was ? Very easy to compute the hash of a given message, however very hard to compute from a hash the corresponding input. ? Mathematically infeasible to generate a message that has a given hash ? Any modification to a message produces a completely different hash that has no relationship to the original message's hash. ? It is mathematically infeasible to find two messages with the same hash. Hash Collision § Hashing Functions ? Provides data integrity, however lacks authentication ? Examples ® MD5 ? Considered Insecure ® Secure Hash Family SHA-X, Sha-1, Sha-2 [Sha256, Sha512], Sha-3 ? Sha-1 is considered insecure. ? Sha-1, Sha-2 designed by NSA ? Sha-3 is not designed by NSA, Competition winner. ? Attacks ® Brute force ? CPU's are getting faster and cheaper every day. ? GPU's are getting faster and cheaper every day. ? Special Hash calculating hardware is becoming more available especially with the BitCoin push. ® Rainbow table attacks ? Pre-Calculated tables where you can reverse lookup a hash to a value ? Try www.crackstation.net § Hash Message Authentication Codes (HMAC) ? Adds authentication to integrity ? Can be used with all previous algorithms, HMACMD5, HMACShA1, HMAC256 … etc. § Salted Hash ? Adds random salt to mitigate rainbow table ? Salts are unique per record, and not a secret. § Password Based Key Derivation Function (PBKDF2) ? RSA Public Key Cryptographic Standard PKCS #5 Version 2.0 ? Internet Engineering Task Force RFC 2898 Specification ® Adds a lot of iterations to slow it just enough to mitigate brute force (default 50,000 iterations) ® Adds random salt to mitigate rainbow table ? Disadvantage: It can be easily implemented with hardware which makes it vulnerable to bruteforce even with high number of iterations § Bcrypt ? Password Hashing function ? State of the art password hashing § Usages ? Integrity Check Password Storage Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe
…
continue reading
93 에피소드
Manage episode 161857741 series 26781
Mohamed Elsherif에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Mohamed Elsherif 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Information Security 1. Introduction ? Security by obscurity § Steganography ? Hiding data inside another form of data, like using non-used bits in image to hide a message § Cool, but not practical. § Disadvantages ? Algorithm secrecy vs. key secrecy ? Cryptography is everywhere and yet if done right, you can barely see it. ? Goals: § Confidentiality ? Secrets stay secret. § Integrity ? Data is not tampered with. § Non-Repudiation ? No party can deny sending messages. § Authentication ? Each party can ensure that the sender is what they expect. ? Cryptography § Hashing § Encryption § Signing § Protocols ? Random Number Generators § Extremely important, almost all encryption/hashing strength is affected by how random the random number generator is. § Don't use simple random number, use a cryptographic random number generator with a sophisticated source of entropy. § Pseudorandom number generator § Dual_EC_DRBG random generator backdoor 2. Body ? Hashing (one Way) § Properties ? Fixed length output no matter what size the input was ? Very easy to compute the hash of a given message, however very hard to compute from a hash the corresponding input. ? Mathematically infeasible to generate a message that has a given hash ? Any modification to a message produces a completely different hash that has no relationship to the original message's hash. ? It is mathematically infeasible to find two messages with the same hash. Hash Collision § Hashing Functions ? Provides data integrity, however lacks authentication ? Examples ® MD5 ? Considered Insecure ® Secure Hash Family SHA-X, Sha-1, Sha-2 [Sha256, Sha512], Sha-3 ? Sha-1 is considered insecure. ? Sha-1, Sha-2 designed by NSA ? Sha-3 is not designed by NSA, Competition winner. ? Attacks ® Brute force ? CPU's are getting faster and cheaper every day. ? GPU's are getting faster and cheaper every day. ? Special Hash calculating hardware is becoming more available especially with the BitCoin push. ® Rainbow table attacks ? Pre-Calculated tables where you can reverse lookup a hash to a value ? Try www.crackstation.net § Hash Message Authentication Codes (HMAC) ? Adds authentication to integrity ? Can be used with all previous algorithms, HMACMD5, HMACShA1, HMAC256 … etc. § Salted Hash ? Adds random salt to mitigate rainbow table ? Salts are unique per record, and not a secret. § Password Based Key Derivation Function (PBKDF2) ? RSA Public Key Cryptographic Standard PKCS #5 Version 2.0 ? Internet Engineering Task Force RFC 2898 Specification ® Adds a lot of iterations to slow it just enough to mitigate brute force (default 50,000 iterations) ® Adds random salt to mitigate rainbow table ? Disadvantage: It can be easily implemented with hardware which makes it vulnerable to bruteforce even with high number of iterations § Bcrypt ? Password Hashing function ? State of the art password hashing § Usages ? Integrity Check Password Storage Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe
…
continue reading
93 에피소드
Tất cả các tập
×플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.