Add your site to
62 directories FREE

Site title

Site description

Site URL

Site keywords (optional)

Your email (optional)





Thursday, October 06, 2005

Seecrets on Security: A Gentle Introduction on Cryptography Part 2. Tell the World About You.

A slightly longer series of articles "Keeping Your Secrets Secret" will examine practical examples in greater detail and provides useful tips and advice. Of course, these will continue with the theme of making crypto and computer security easily understood.

One-Way Hash

Also known as a one-way function, a message digest, a fingerprint or a checksum, the algorithm creates a fixed-length output that cannot be reversed. One-way hashes provide checksums to validate files, create digital certificates and played a central part in many authentication schemes.

Let us consider this example. For ages, the Chinese have a fortune-telling method that relies on "Ba Ji" (eight characters) which uses the time, day, month and year of birth according to their calendar. There are sixty possibilities (almost equal to 6 bits) for each of the four variables. Since the Chinese use two characters for each variable, the result is always eight characters. This is an example of a nonsecure 24-bit one-way hash.

Obviously, this way of producing a one-way hash is not acceptable for security purposes because of the huge number of collisions (different inputs producing the same output).

The most commonly used hashes are SHA-1 (Secure Hash Algorithm uses 160 bits) and MD5 (Message Digest uses 128 bits). In August 2005, a team of cryptographers led by Xiaoyun Wang of Shandong University, China, presented a paper that found faster ways of finding collisions than the usual brute force method. These exploits (vulnerabilities) may make digital certificates forgery a reality.

The implications to e-commerce may be widespread not to mention the millions of websites which used MD5 to hash the users' passwords in their databases. Any webmaster can tell you that converting these sites to use SHA-256 or SHA-512 will not be a trivial task.

In a recent directive, NIST (National Institute of Standards & Technology, U.S.A.) has advised U.S. governmental agencies to use SHA-256 or SHA-512 (256 and 512 bits respectively) instead.

Biometrics

A biometric device is one that can identify unique characteristics from a finger, eye or voice. Many believe that biometrics should provide a higher level of security than other forms of authentication.

There is a news story in March 2005 of how a Malaysian owner lost his Mercedes car and index finger to car thieves armed with machetes. Obviously the keyless ignition electronics cannot detect whether the finger is still part of the original body nor whether the finger (and by extension the person) is alive or not.

Recent security breaches have heightened concern over depositories of personal information stored on many financial sites. When such breaches occurred, the incidence of identity thefts will thus rise also.

If you lose your credit card, you can always void the card and get a new one. When you lose your fingerprint (stored digitally), or other biometric features, who can replace those?

Passwords

When asked to conjure a random number or characters, most people inevitably used materials that are familiar to them like birthdays, names of family members, pets' names and so forth.

For example, most will choose dates when asked to choose a six-digit number for their ATM Personal Identification Number (PIN). Doing so will reduce the number of possibilities by nine times.

Random Numbers and Generators

Random numbers are central to crypto.

To qualify as true random numbers, the output from random number generators (RNG) must pass statistical tests of randomness. Two suites considered as de facto standards are the "diehard" suite developed by Prof. George Marsaglia of State University of Florida and "Statistical Test Suite" from NIST.

Second, the RNG's output must be unpredictable even with complete knowledge of the algorithm or hardware producing the series and all the previous bits produced.

Third, the RNG's output cannot be cloned in a repeat run even with the same input.

The most common approach to producing random numbers is by using an algorithm carried out by a computer program (Yarrow, Tiny, Egads, Mersenne Twister). Such algorithms cannot produce random numbers, hence their names, pseudo-random number generators (PRNG).

Another approach is to use physical events such as entropy produced by the keyboard, mouse, interrupts, white noise from microphones or speakers and disk drive behavior as the seed (initial value).

Some may argue that true random generators are those that can detect quantum behavior in subatomic physics. This is because randomness is inherent in the behavior of subatomic particles - remember the electron cloud from your high school physics.

One-time Pad

The most effective system is often the simplest. A one-time pad (OTP) is a series of random bits that has the same length as the digital object to be encrypted. To encrypt, just use a simple computer operation, exclusive OR (XOR). To decrypt, simply XOR the encrypted result with the same random bits.

The downside of using OTP is that once used, it must be discarded. Second, the OTP and the digital object must have the same number of bits. Lastly, the obvious problem of synchronizing the OTP between the receiver and sender.

[Author's note: The concluding Part 3 will focus on keys management and public key cryptography.]

"In God we trust, others use crypto."

The author, Stan Seecrets, is a veteran software developer with 25+ years experience. © Copyright 2005, Stan Seecrets. All rights reserved. For more of his articles and website promotion, visit http://www.seecrets.biz or http://www.rushprnews.com

Article Source: http://EzineArticles.com/



You have a new website, or a new business, or both - or your site isn't getting the kind of traffic you want and need. How are you going to tell the world about what you have to offer and where to find it?

If you have deep pockets, you can start buying ads in newsletters and ezines and hope somebody reads them. If you have even deeper pockets, you can have press releases sent out in major markets all over the country, even around the world. (Actually, those are not deep pockets - they're more like mine shafts!) OR...

You can write articles for other people to publish in their ezines and newsletters. Who, me? Write? Right. It isn't that difficult, assuming you have an average command of the English language. Or, more correctly, the American language, which is quite similar yet substantially different from English. George Bernard Shaw said, "England and America are two countries divided by a common language." But, enough of that.

The Internet is awash in "gurus", the vast majority of them self-appointed. I make no such claim. I am a practical writer and editor who believes the primary goal of this kind of writing is clear, concise communication. On that basis, I offer some advice and tips:

  1. Write about what you know. If you're Joe or Jane, an office worker whose hobby is gardening, don't write about search engine optimization. Your goal is to publicize your new gardening website or ezine (or both). Write about gardening, and let someone else handle the SEO.
  2. Write a "conversation". By that, I mean write as though you were speaking to another person, one-to-one. You're not writing for some literary journal, but for folks pretty much like yourself. "Talk" to a friend, and avoid expressions like "some of you", which is impersonal and puts distance between you and your reader. Bad idea. Instead say "some people", or something similar. Keep it conversational.
  3. Facts count. If you're not sure about something, find out before including it in your article. Otherwise, you'll become known as unreliable, which can be fatal in business.
  4. Grammar counts. Let me guess: you hated English class and just barely passed. Well, if achieving your goals is important to you, make the effort. Here's a free site that can answer more grammar questions than you can likely ask: http://www.grammarnow.com.

    For punctuation questions, get my free guide (in Adobe PDF) at http://www.catnipchronicles.com/ebook/punctuation_power.pdf

  5. Be concise. If you want people to read your articles, give them something of value and make them easy to read.
  6. Numbers count. The more your articles get published, the more you will be thought of as an expert, and the more people will visit your website or subscribe to your ezine..

Once you've written an article, how do you market it to publishers who might want to use it? Well, you can:

  1. Search for ezines and newsletters covering your topic and email the individual publishers, offering your article. I used to do that - time consuming and frustrating. OR
  2. Do what I do - use OpportunityUpdate.com and have them do it for you (No, I am not an affiliate, but we are friends.) Here's what they do:
    1. Promote your article to hundreds of publishers
    2. Send it directly to all their registered publishers
    3. Give you the advantage of great positions with Google and Yahoo, and others (but they're the monsters)
    4. List your article in their "Authors We Recommend" section
    5. List your article in their search directory
    6. Your article gets a full search engine optimized Web page, including your website (in your Author's Resource Box).
    7. Promote your article for a full year - or more
    8. Submit your article to 40+ search engines and directories

Is it free? Of course not - would you do all that for free? But, I guarantee you this: it's dirt cheap and much less than it would cost you to do it yourself! So what good is writing if nobody reads it? You want results, right? Go with the pros.

Recap: If you want exposure - publicity - and increased traffic/subscribers, write decent articles and have them extensively marketed by http://OpportunityUpdate.com/doorwaytosubmit.html .

I don't believe in "luck", so I'll wish you: Good Writing!

About The Author

Kent Butler is an entrepreneur, writer, and editor, who publishes a free cat-lover's digital magazine called Catnip Chronicles . He has a service

that makes fully-personalized, custom-made crossword and word search puzzles at http://Personal-Puzzles.com, and he edits the weekly journal of iCop, the International Council of Online Professionals, where he is a Founding Member.

© 2004 Kent Butler All Rights Reserved

publisher@catnipchronincles.com

Article Source: http://EzineArticles.com/



OTHER INTERESTING POSTS
How Do You Measure Success?
Creative Real Estate Investing
Questions to Ask Yourself When Starting a New Home Business
Grandpa's Mantel Clock [1959]
Figure Out the Pebble in Your Shoe
How to Use Scentual Seduction
Integrity At Work - How Do You Show Up?
A Turning Point
Carlton Ware: A Colourful Collectible
Besides the organism of tsar not on years has been worn out...

5:40 PM