An Introduction to OpenSSL, Part Three: PKI- Public Key Infrastructure

By Holt Sorenson

This is the third article in a series on OpenSSL, a library written in the C programming language that provides routines for cryptographic primitives utilized in implementing the Secure Sockets Layer (SSL) protocol. In the first article in the series, we discussed some of the basics of cryptography. The second article showed how to use OpenSSL’s openssl application to explore cryptographic basics. This article will introduce Public Key Infrastructure and show the commands that OpenSSL provides for managing PKI.

» Read more

SSL Attacks

By rohit

In the last few years, we have witnessed a wide range of attacks on the SSL/TLS mechanism. In this article, we will try to cover various attacks that were prominent in the field of cryptography. Transport layer security (TLS) ensures integrity of data transmitted between two parties (server and client) and also provides strong authentication for both parties. The attacks launched in the last few years have exploited various features in the TLS mechanism. We are going to discuss these attacks one by one.

» Read more

Free CISSP Training and Study Guide

By Jack Koziol

If you are looking to prepare for the CISSP, one of the domains that gives many students trouble is Cryptography. Quite often IT professionals have experience with crypto, but not on the level of detailed required to pass the CISSP. InfoSec Institute trains more IT pros on the CISSP than any other organization, and we have now released a free CISSP training resource specifically on the cryptography domain. Take a look at the Free CISSP Training course here. Additionally, we have published a CISSP Study Guide, at 45 pages, it lets you know what you need to study, and what not to. Lastly, if you are ready for formal CISSP training, we offer the often awarded InfoSec Institute CISSP Boot Camp in many locations in the US and L

» Read more

Foundations of Cryptography

By LearnSecurityOnline

Cryptography has been employed for keeping secrets since the time of Caesar. From the simplest ciphers of shifting letters, to mathematically provably secure ciphers of today, cryptography has progressed a long way. It also has widened to a number of uses and capabilities to fit an ever growing number of applications. Cryptography makes it possible to keep data secure over an insecure network. It also makes it possible to keep private data on your computer safe from prying eyes. Even car thieves can be foiled by crypto systems in your remote unlock system.

The basic idea of cryptography is to take a plaintext message, combine it with a key, and get ciphertext output. Once ciphertext is generated, its secrecy is not that important as long as the key is secret. Only those with the key to decrypt the message are able to read it. The process of encrypting plaintext messages is encryption. Getting the plaintext back from the ciphertext is decryption. The process of trying to break a cryptosystem is cryptanalysis.
» Read more

CISSP Question of the Day: Symmetric Encryption and Integrity

By Jack Koziol

A new feature here, lets discuss a popular CISSP topic and review a single potential question you may see on the CISSP exam. Symmetric key cryptography is an important concept you need to know to pass the CISSP, and is a subject you should know if you are planning on doing anything related to information security in your daily job function. A common area of confusion, is: does symmetric cryptography support integrity? When you encrypt data with a symmetric key, it may stand to reason that because the data is encrypted, it cannot be tampered with, and the decryption will fail if the cipher text is modified. Is this assumption valid? Lets check at our assessment partner, Skillset, and see what a likely CISSP question related to this subject is, and get answers to our questions:

» Read more

Elliptic Curve Cryptography: A Case for Mobile Encryption

By rohit

It is needless to start this article explaining about the rise of mobile devices in the last few years. We all know about how smart phones have swept the world. But with mobiles you always look for concepts or solutions which are computationally cheap. For example, Android OS uses a dex compiler to convert the Java Byte code to .dex files before compiling them. Why? Because dex files are optimized code for low memory and low processing systems. Similarly when it comes to encryption on mobile devices we look for solutions which are computationally cheap and yet secure. ECC (Elliptic Curve Cryptography) provides exactly the same. This article explains about the why and how ECC is different from the other encryptions.

» Read more

How a VPN Fits into a Public Key Infrastructure

By Ravi Das

Before our series on the Virtual Private Network Infrastructure, we had also written a series of articles on the science and technology of Cryptography. Essentially, this is a sophisticated way in which to scramble a text message, also known as a “Plaintext.” Once this message has been converted over to its garbled format, this becomes known as the “Ciphertext.” This specific process is known formally as “Encryption.”

» Read more

Solutions to Net-Force Cryptography CTF Challenges

By Pranshu Bajpai

Cryptanalysis refers to the study of ciphers with the objective of breaking the code and obtaining plaintext (sensible) information. While older cryptosystems such as Caesar cipher depended on the secrecy of the encrypting algorithm itself, modern cryptosystems assume adversarial knowledge of algorithm and the cryptosystem. The promise of secrecy is offered by a protected key, which is crucial for the decryption of ciphertext within a practical timeframe. During cryptanalysis, we do not have the key and are required to obtain the corresponding plaintext.

» Read more

An Introduction to OpenSSL, Part Two: Cryptographic Functions Continued

By Holt Sorenson

This is the second article in a series on OpenSSL, a library written in the C programming language that provides routines for cryptographic primitives utilized in implementing the Secure Sockets Layer (SSL) protocol. In the first article in the series, we discussed some of the basics of cryptography. This article will cover acquiring and compiling OpenSSL and explore some commands that facilitate encryption and decryption.

» Read more

CISSP – Cryptography – What’s New in 3rd Edition of CBK

By Kenneth Magee

ISC2 published the 3rd edition of their CISSP CBK in late 2012. I ordered my copy in December 2012 and said, “So what’s new in Crypto?” First, let me say that all quoted material in this article is from the “Official (ISC)2 Guide to the CISSP® CBK Third Edition.” Generally, with respect to all the domains, ISC2 and the authors of the 3rd Edition have placed emphasis (by bolding, bullet-pointing, or indenting) on some of the material that was in the 2nd Edition. You can take that for what it is worth. For example, in the section on “Key Concepts and Definitions”, the 2nd Edition simply had them listed as: Key Clustering – Where the 3rd Edition has them listed as: Key Clustering – As I said, you can take that for what it is worth; the information remains the same. Here are the things that I found different in Cryptography.

» Read more

1 2 3 4 7