Block Party: A Cryptographic Standard Shindig

By Justin Troutman

If you were to ask me about my opinion on the best contributions to cryptography, over the past few decades, my answer wouldn’t really be specific to cryptography at all. It’s not a stream cipher, a block cipher, a hash function, or a protocol. In fact, it’s really nothing we “use”, as consumers of security, per se. However, it is something that gages what we use; it’s a cryptographic competition. Such a competition is basically a selection process that involves cryptographers with competing designs. These designs are pummeled by rounds and rounds of cryptanalysis. Aside from scrutinizing the security aspects of the designs, various design metrics and criteria are introduced, to examine their performance and efficiency attributes, in a myriad of software and hardware environments. A potential standard must obviously be secure, but it’s vital that it makes good time, and keeps the cost down, in the process. Otherwise it’s not going to cut it. Even robust security isn’t enough to make…

» Read more

Calamitous Cryptography: The Extortoise and the Haregretful

By Justin Troutman

Pardon me for being a connoisseur of portmanteaux, but George Washington Carver once made a resounding point, among his many, in that one commands the attention of the world by doing a common thing in an uncommon way. Well, I may not command the attention of the world with my blatantly Aesopian play on words, but coupled with my elaboration on a premature subject, I may have an almost-magnetically fixating effect on the eyes of my audience. I’ll attempt to arrive somewhere close to this goal by talking about a very ubiquitous subject – cryptography – within a context that only a devil would advocate.

» Read more

A Critical Review of PKI Security Policies and Message Digests/Hashes

By Ravi Das

All of our articles in this series have looked at using the principles of Cryptography to secure the lines of communications from the sending party to the receiving party. Simply put, Cryptography is the science (or for that matter, the art of) scrambling and descrambling a message while it is in transit. The purpose of this process is to make sure that the message remains in an undecipherable state if it should be intercepted by a malicious third party, such as that of a Cyberattacker. However, given the sophistication Cyber hacks and attacks today, even a fully encrypted message can still be hijacked, very covertly.

» Read more

Prime Numbers in Public Key Cryptography

By Gerald Crow

The use of public-key cryptography is pervasive in the information protection and privacy arenas. Public key crypto algorithms utilize prime numbers extensively; indeed, prime numbers are an essential part of the major public key systems. This paper provides an introduction to prime numbers and how they are chosen, identified and used in public key systems. The content of this paper is specifically targeted at an audience that has only basic mathematical knowledge. A reader who has taken a high school or college algebra class should be able to follow the math herein.

» Read more

Advanced Encryption Standard by Example

By Adam Berent

The following document provides a detailed and easy to understand explanation of the implementation of the AES (RIJNDAEL) encryption algorithm. The purpose of this paper is to give developers with little or no knowledge of cryptography the ability to implement AES.

» Read more

DNA Cryptography and Information Security

By Ashiq JA

Cryptography is the science of study of secret writing. It helps in encrypting a plain text message to make it unreadable. It is a very ancient art; the root of its origin dates back to when Egyptian scribes used non-standard hieroglyphs in an inscription. Today, electronic or Internet communication has become more prevalent and a vital part of our everyday life. Securing data at rest and data in transit has been a challenge for organizations. Cryptography plays a very important role in the CIA triad of Confidentiality, Integrity and Availability. It provides mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication. Over the ages, these techniques have evolved tremendously with technological advancements and growing computing power.

» Read more

Vulnerable Encoded URL

By Ajay Yadav

This paper especially pinpoints the poor practice of cryptography in URL, which is typically implemented to encrypt sensitive data residing in the website URL in the form of a query string that is transmitted across a variety of networks. Websites can be compromised and such subtle information (query string) can be disclosed by exploiting this vulnerability. This article demonstrates a real-time scenario in which developers commit mistakes by practicing weak cryptographic methods inadvertently. Finally, this article addresses the various disadvantages of applying weak cryptography algorithm and suggests a variety of alternative methods to secure URL data properly.

» Read more

Malicious cryptography, part one

By Frederic Raynal

Cryptology is everywhere these days. Most users make good use of it even if they do not know they are using cryptographic primitives from day to day. This two-part article series looks at how cryptography is a double-edged sword: it is used to make us safer, but it is also being used for malicious purposes within sophisticated viruses. Part one introduces the concepts behind cryptovirology and offers examples of malicious potential with the SuckIt rookit and a possible SSH worm. It then introduces armored viruses that use shape shifting (polymorphism and metamorphism) to avoid detection.

» Read more

Elliptic Curve Cryptography and Smart Cards

By Ahmad Kayali

Elliptic curve cryptosystems (ECCs) are becoming more popular because of the reduced number of key bits required in comparison to other cryptosystems (for example, a 160 bit ECC has roughly the same security strength as 1024 bit RSA).

» Read more

1 2 3 4 5 7