BROADCASTS.com

b"Information Security\\n 1. Introduction\\n \\u25cb Security by obscurity\\n \\xa7 Steganography\\n \\u25a1 Hiding data inside another form of data, like using non-used bits in image to hide a message\\n \\xa7 Cool, but not practical.\\n \\xa7 Disadvantages\\n \\u25ca Algorithm secrecy vs. key secrecy\\n \\u25cb Cryptography is everywhere and yet if done right, you can barely see it.\\n \\u25cb Goals: \\n \\xa7 Confidentiality\\n \\u25a1 Secrets stay secret.\\n \\xa7 Integrity\\n \\u25a1 Data is not tampered with.\\n \\xa7 Non-Repudiation\\n \\u25a1 No party can deny sending messages.\\n \\xa7 Authentication\\n \\u25a1 Each party can ensure that the sender is what they expect.\\n \\u25cb Cryptography\\n \\xa7 Hashing\\n \\xa7 Encryption\\n \\xa7 Signing\\n \\xa7 Protocols\\n \\u25cb Random Number Generators\\n \\xa7 Extremely important, almost all encryption/hashing strength is affected by how random the random number generator is.\\n \\xa7 Don't use simple random number, use a cryptographic random number generator with a sophisticated source of entropy.\\n \\xa7 Pseudorandom number generator\\n \\xa7 Dual_EC_DRBG random generator backdoor\\n 2. Body\\n \\u25cb Hashing (one Way)\\n \\xa7 Properties\\n \\u25a1 Fixed length output no matter what size the input was\\n \\u25a1 Very easy to compute the hash of a given message, however very hard to compute from a hash the corresponding input.\\n \\u25a1 Mathematically infeasible to generate a message that has a given hash\\n \\u25a1 Any modification to a message produces a completely different hash that has no relationship to the original message's hash.\\n \\u25a1 It is mathematically infeasible to find two messages with the same hash. Hash Collision\\n \\xa7 Hashing Functions\\n \\u25a1 Provides data integrity, however lacks authentication\\n \\u25a1 Examples\\n \\xae MD5 \\n \\u25ca Considered Insecure\\n \\xae Secure Hash Family SHA-X, Sha-1, Sha-2 [Sha256, Sha512], Sha-3\\n \\u25ca Sha-1 is considered insecure.\\n \\u25ca Sha-1, Sha-2 designed by NSA\\n \\u25ca Sha-3 is not designed by NSA, Competition winner.\\n \\u25a1 Attacks\\n \\xae Brute force\\n \\u25ca CPU's are getting faster and cheaper every day.\\n \\u25ca GPU's are getting faster and cheaper every day.\\n \\u25ca Special Hash calculating hardware is becoming more available especially with the BitCoin push.\\n \\xae Rainbow table attacks\\n \\u25ca Pre-Calculated tables where you can reverse lookup a hash to a value\\n \\u25ca Try www.crackstation.net\\n \\xa7 Hash Message Authentication Codes (HMAC)\\n \\u25a1 Adds authentication to integrity\\n \\u25a1 Can be used with all previous algorithms, HMACMD5, HMACShA1, HMAC256 \\u2026 etc.\\n \\xa7 Salted Hash\\n \\u25a1 Adds random salt to mitigate rainbow table\\n \\u25a1 Salts are unique per record, and not a secret.\\n \\xa7 Password Based Key Derivation Function (PBKDF2)\\n \\u25a1 RSA Public Key Cryptographic Standard PKCS #5 Version 2.0\\n \\u25a1 Internet Engineering Task Force RFC 2898 Specification\\n \\xae Adds a lot of iterations to slow it just enough to mitigate brute force (default 50,000 iterations)\\n \\xae Adds random salt to mitigate rainbow table\\n \\u25a1 Disadvantage: It can be easily implemented with hardware which makes it vulnerable to bruteforce even with high number of iterations\\n \\xa7 Bcrypt\\n \\u25a1 Password Hashing function\\n \\u25a1 State of the art password hashing\\n \\xa7 Usages\\n \\u25a1 Integrity Check\\nPassword Storage\\n\\nOur facebook Page\\nhttp://facebook.com/askdeveloper\\n\\nOn Sound Cloud\\nhttp://soundcloud.com/askdeveloper\\n\\nPlease Like & Subscribe"