Understanding the basics of algorithms and basic security applications

Understanding the basics of algorithms and basic security applications.
@ Articles -> Encryption     May 28 2002 - 20:32 EST
gregory_a_e writes: Simply put, this article is a brief overview of algorithms. What they are, how they tie into computers.

By no means is this a technical article, nor an obscure tutorial of some sort, so if you're expecting to learn the specifics of
cryptography and algorithms, I'm sorry to say you won't find it here. If you do become interested in the subject, I would suggest
some reading material that is suitable. Applied Cryptography and Digital Security in a Networked world by Bruce Schneier,
Introduction to algorithms which was compiled by a vast board of academics (a broad and extremely dry and technical book, not the
first one you should read).


Now that I've made that clear, let's get on with the article.

What are algorithms?

An algorithm is any computational procedure, or protocol, that begins with certain set value (x) and produces some other set value
(y). The algorithm is the process by which x becomes y.

Algorithms have quite a few uses in computers:

A. Algorithms are used to manipulate and manage the massive heap of data transferred through this automation, this wonderful system,
we call the internet.

B. Fixing computational problems between x and y relations by analyzing the set specifications vs. the specifications where any
problems might occur.

C. Cryptography and digital signatures depend on number theory, and determined, specific algorithms. Meaning that half of the
security of the net, at least as far as information trading, and transactions go, depends on algorithms, mathematics in effect, to
provide the proper level of security. This is a sensitive thing for several reasons. One, algorithms are highly difficult to
successfully produce, and too many of them are filled with holes, and are fairly unstable. And it should be noted that one of the
biggest risks to security is unstable algorithms in sensitive settings/mediums.

D. Algorithms are used in building programs to determine efficiency, distribution of work, and the like in industrial and
manufacturing settings. Basically algorithms are written to illustrate ideal work and the work in practice vs. the work in the ideal
algorithms are compared and this is often how efficiency can be decided, improved, and mathematically represented.

There are other purposes to algorithms, but not ones that are quite as common, or integral as the ones listed above.

The fact is algorithms are everywhere, even the human mind, is based on some obscure, inefficient, and undiscovered algorithm. It's
a fact that security widely depends on it, and it's a fact that it has practical uses in the modern world. This is the most
important part, what makes having a basic understanding of it, so important.

Standards of algorithms -
1. The algorithm has to be based on mathematical functions that are difficult to reverse engineer (integer factorization, reversing
exponential values, any integers written in scientific notation can be easily represented, but not easily discovered, etc.).

2. The human component has to keep any keys, codes, and information that is meant to be secret, secret. (This is no doubt the
biggest problem, and why social engineering is so dangerous. Everyone knows this, and smart people know to prevent it, and smart
hackers, they take advantage of it).

3. The algorithms have to be constructed in such a way that brute force attacks are only effective vs. plaintext keys and visible
cyphertext (this implies that both the plaintext and cyphertext have to be hidden so as to not be revealed.

4. That a plaintext and cyphertext copy cannot be both readily available to any parties that might want to intercept them. (They can
easily be compared and eventually decoded. Same as what I mentioned in step 3).

Probably the most widespread use for cryptography is in internet security. It's not the cure for all the problems, but it's
important, it is essential to the survival of business and e-commerce most importantly.

A. Symmetric Encryption -
The main idea behind cryptography, is that the message, the plaintext, is sent securely, and is turned into cyphertext gibberish and
incomprehensible symbols so that only the one that it is meant for can read it (after it is deciphered).

For this to work the cryptography has to be good from two angles. One, the algorithm has to be good, so that it cannot be
reverse-engineered, or cracked. Two, that it cannot be universal, and thus can only work within a certain medium (I.E. a certain
language, or only with certain software, etc.) This makes creating good algorithms difficult, and stressful, and making them
universal, impossible.

OK, simply put the idea behind this type of encryption is simple, person A can switch data with person B, and big brother C can't
read it. This is where the public-key encryption comes in. The algorithm and process is known to everybody, but the key, ah the
wonderful key, therein lies the trick. Assuming the algorithm is secure, then the only way to turn the cyphertext back into
plaintext is by unlocking it with the key. The key is essentially a (preferably) secret plaintext password that decrypts the
message.

This kind of thing is simple, and assuming people can be trusted, pretty secure.

It of course gets more complicate the more people are involved, but the idea generally remains the same.


B. MACs or message authentication codes -
MACs are the checkers of cryptography. They don't have anything to do with cryptography, but have their own algorithms.

The idea behind MACs is extremely simple, when information, packets, are sent, they are tagged with a code, and the MAC recognizes
the code so that it can authenticate the source and confirm that the packet comes from the place where it's supposed to come from,
and that it should, theoretically, contain the proper data.

It is my opinion that this process is painfully obvious, and painfully obviously necessary. And, if you think about it, a fairly
ingenious, and almost completely error-proof verification method, assuming that the human component is not in error, because the
technology is almost impossible to be.

C. Hash-Functions -
The idea behind Hash functions is that they are mathematically computer bits of data that are easily read to confirm something, but
impossible to reverse engineer so as to forge the source.

This could be used in various ways. Say you came upon some source code, there is nothing to lead you to who made it. Now say you
receive a second copy, who's to say which is the real program, you could compile and run it, but then you risk possible damage. This
is where the has function comes in. If you have the hash function for the real book, see which one it matches with, it's that
simple. (Of course you'd have to have a copy of the Hash, distribution of hashes is not widespread yet, but it's certainly something
to think about. And of course, I realize very few people would be stupid enough to compile programs w/o analyzing the code, etc.).

Well, as many people may have noticed, this was as I stated a very basic article, I hope those of you new to the field and the
concepts learned something here, and that those of you who are experts in the field, well, I just hope I didn't make any noticeable,
technical mistakes, though I'm quite sure I did.
http://neworder.box.sk/newsread.php?newsid=4638
--
Regard:
Joh@nnes
1216771 Ont.Inc.
"Today is memory & Tomorrow is history"
0
Johannes
5/29/2002 12:26:00 PM
grc.security 16608 articles. 3 followers. Follow

0 Replies
521 Views

Similar Articles

[PageSpeed] 7

Reply:

Similar Artilces:

BASIC, BASIC SECURITY QUESTION
*** edited by: master4eva *** Please enclose your code in < code ></ code> tags (without the spaces). This will make your code easier to read online; therefore, encouraging a response to be faster. It is to your own benefit for your question to be answered in future. I have already done the editing to include the < code ></ code> tags for this post. ********* I have a very basic question relating to forms authentication. What exactly is the meaning of name=".ASPXAUTH" in the following XML element and is the first character always a ".&qu...

basic application security
Hello everyone, I've created a a couple small jsp/servlet programs where I could hide the URL to my app. I've moved on the c#.net and I was curious how not displaying the full path to your application in the url is done. ww.myapp.com/heresMyApp/hereItIsInTheRoot.axpx? . Is there a way to hide this from the address window? Maybe thats not the greatest security measure I'm not very experienced but I'm just looking for ways to keep me from being hacked. thanks for anything -wiley Hello, I don't know if this can be a major issue hackers look at. But here is a small trick try...

Basic security
I'm using a w2k pro machine as a server, running mailserver, webmail, ftp, webserver and a remote connection program. It's set up to share it's internet connection with two other machines. I'm connecting to the internet through a Cisco 677 router. What security matters should i focus on. What software/hardware should i by to be protected. I want the "server" to monito all incoming events - also traffic for the two other computers (that should be possible since the connect through the server, right?) What suggestions do you have? Hello, > I'm u...

Redirect to a page secured by basic authentication from a non-secure page?
Hello,I am working on an ASP.NET 2.0 webapp which is secured via our own mechanism which is similar to forms based security.  Thus, the web application itself has anonymous authentication enabled.However, our help site, a straight html app that is low sensitivity, but sensitive enough that we want to prevent the casual browser from viewing it, is secured via Basic Authentication.The question is, is there some way by which our main application can perform a redirect or transfer to the help site w/out prompting the user for credentials? Basically, what happens is that ther...

Security Basics
Hi Gurus, I am new in ASP.net. I never used Web.Security namespace. Please help me to learn, any article, link, docs. Thanks At the top of this page, you will see a tab named Tutorials. In the listing of tutorials on the left of each tutorial page, you will see a whole collection dedicated to security in ASP.NET. That would be a good place for you to start. Alister...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

security basics
I'm using Kerio 2.1.15 behind a router. There is one other machine also behind the router, and these two machines have fixed IPs assigned by the router, and have connectivity with both each other and the Net. The router is on a very high speed glass line, virtually permanent connection, however it goes down every 30 days for 30 seconds, at which time a new dynamic IP is assigned by the ISP. My first serious question has to do with stealthing. When I run the popular stealthing tests from the Net (like Shields UP), my machine is failing the stealth section. Ports are closed, but...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

Security and basics
I finally got my wireless working and I'm curious as to how i should approach security(antivirus programs etc, firewall etc). Also if someone could suggest a good source to read which will explain suse or linux basics, in partticular I have no idea how to manage software, i.e where or how to install or even what that entails in linux. i dont know what and what not to put in certain directories etc. Well I guess I should have just said i know nothing! Any help would be appreciated. -- quietthought ------------------------------------------------------------------------ ...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

Basic information on incorporating AD security into our own application
Hi, I'm looking for pointers to resources where I can find information on the following. We develop and sell a HRM software package. Our system allows to create users ans security profiles and combine these two to provide the necessary security on a user level. At the moment users login to our application using a username and password that are stored in our underlying database. I am looking for information to see if and how we can incorporate AD based security into our application. any suggestion are welcome regards Paul Hi Paul, I've just rolled one of our inter...

Basic Security Ramblings
Greetings:I'm taking some time out of my development frenzy to actually start poking around with security concerns.  I'm building a web application where all of the data access code is within a separate Business Object library - there is nothing sensitive behind the main web project, only .aspx pages with no data access information, user ids or nonsense like that. Now then, I've been doing some readin':Security recommendations:http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000028.aspWorking with Medium Trust:http://msdn.microsoft.c...

The Basic Security Flaw
Observing all the problems created by DDoS, viruses, trojans and all the other nasties floating around, leads me to one simple conclusion - we are patching a system which has evolved into an unmanageable creation. Originally, ages ago when my children were still suckling, the CPU was born. The central processing unit was made to do more and more "central processing". All kinds of new and better programs learned to talk to each other within the confines of the "home computer". Then they started to talk to other computers across the room, the city, the world. An...

Basic computer security?
'Alleged Russian spies wrote passwords on paper | TR Dojo | TechRepublic.com' (http://blogs.techrepublic.com.com/itdojo/?p=1888&tag=nl.e101) -- Sewermonger ------------------------------------------------------------------------ D'OH! Didn't they at least know they're supposed to hide the paper under the keyboard for total security!!!!???? Sewermonger wrote: > 'Alleged Russian spies wrote passwords on paper | TR Dojo | > TechRepublic.com' > (http://blogs.techrepublic.com.com/itdojo/?p=1888&tag=nl.e101) > > I use...

Web resources about - Understanding the basics of algorithms and basic security applications - grc.security

YouTube to stream the Democratic presidential debate in January
The Democratic presidential debate is heading to YouTube. The Google-owned video giant announced Wednesday that it's partnering with NBC News ...

Disney CEO: ‘Star Wars’ One of the Best Moments in Company History
Walt Disney Co. Chairman and CEO Bob Iger has sent Disney employees a thank-you letter just ahead of the company’s “Star Wars: The Force Awakens” ...

Pandora to pay royalty of 17 cents per 100 songs, up from 14 cents, after copyright board decision, with ...
Joe Mullin / Ars Technica : Pandora to pay royalty of 17 cents per 100 songs, up from 14 cents, after copyright board decision, with rates rising ...

Congress: NASA must not only go to Europa, it must land
Plumes of water vapor on Europa? We may find out in about a decade. (credit: NASA/ESA/K. Retherford/SWRI) In November Ars revealed exclusive ...

Facebook Messenger app can now directly request your Uber or Lyft rides
What better way to tell your friends you’re on your way than by requesting an Uber ride mid-Facebook chat? On Wednesday, Facebook Messenger ...

Freddie Gray: Hung Jury Results In Mistrial
Freddie Gray, 25, was fatally injured in April 2015 — while in the custody of the Baltimore Police Department. Although the young man’s death ...

Google Car could become an autonomous Uber competitor
Filed under: Emerging Technologies , Technology , Autonomous , Future Google's work on autonomous vehicles could lead to a dedicated business ...

Full Text of Threatening Letter That Caused L.A. Schools to Close Gets Released
Multiple local news outlets have obtained the full text of the letter that caused all Los Angeles schools to close yesterday . There were questions ...

Jeb! Promises To Break The Safety Record Of President Obama
Osama Bin Laden is dead, The U.S. Auto Industry and Wall Street are alive, and we haven't been hit with a large scale terror attack like 9/11/2001 ...

Paris attacks and Lamar Odom top 2015 Google searches
Terror attacks in Paris topped the global ranking of Google searches in 2015 alongside the public debut of transgender celebrity Caitlyn Jenner ...

Resources last updated: 12/16/2015 11:14:08 PM