بودكاست ينزل يومي الأحد و الخميس من كل اسبوع يهتم بجميع انواع الترفيه من العاب، افلام، مسلسلات، كوميكس ، انمي، مانجا، بعفوية يحبها قلبك
…
continue reading
תוכן מסופק על ידי Mohamed Elsherif. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Mohamed Elsherif או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
EP46 - AskDeveloper Podcast - Cryptography - Part 1 - Introduction and Hashing
MP3•בית הפרקים
Manage episode 161857741 series 26781
תוכן מסופק על ידי Mohamed Elsherif. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Mohamed Elsherif או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Information Security 1. Introduction ? Security by obscurity § Steganography ? Hiding data inside another form of data, like using non-used bits in image to hide a message § Cool, but not practical. § Disadvantages ? Algorithm secrecy vs. key secrecy ? Cryptography is everywhere and yet if done right, you can barely see it. ? Goals: § Confidentiality ? Secrets stay secret. § Integrity ? Data is not tampered with. § Non-Repudiation ? No party can deny sending messages. § Authentication ? Each party can ensure that the sender is what they expect. ? Cryptography § Hashing § Encryption § Signing § Protocols ? Random Number Generators § Extremely important, almost all encryption/hashing strength is affected by how random the random number generator is. § Don't use simple random number, use a cryptographic random number generator with a sophisticated source of entropy. § Pseudorandom number generator § Dual_EC_DRBG random generator backdoor 2. Body ? Hashing (one Way) § Properties ? Fixed length output no matter what size the input was ? Very easy to compute the hash of a given message, however very hard to compute from a hash the corresponding input. ? Mathematically infeasible to generate a message that has a given hash ? Any modification to a message produces a completely different hash that has no relationship to the original message's hash. ? It is mathematically infeasible to find two messages with the same hash. Hash Collision § Hashing Functions ? Provides data integrity, however lacks authentication ? Examples ® MD5 ? Considered Insecure ® Secure Hash Family SHA-X, Sha-1, Sha-2 [Sha256, Sha512], Sha-3 ? Sha-1 is considered insecure. ? Sha-1, Sha-2 designed by NSA ? Sha-3 is not designed by NSA, Competition winner. ? Attacks ® Brute force ? CPU's are getting faster and cheaper every day. ? GPU's are getting faster and cheaper every day. ? Special Hash calculating hardware is becoming more available especially with the BitCoin push. ® Rainbow table attacks ? Pre-Calculated tables where you can reverse lookup a hash to a value ? Try www.crackstation.net § Hash Message Authentication Codes (HMAC) ? Adds authentication to integrity ? Can be used with all previous algorithms, HMACMD5, HMACShA1, HMAC256 … etc. § Salted Hash ? Adds random salt to mitigate rainbow table ? Salts are unique per record, and not a secret. § Password Based Key Derivation Function (PBKDF2) ? RSA Public Key Cryptographic Standard PKCS #5 Version 2.0 ? Internet Engineering Task Force RFC 2898 Specification ® Adds a lot of iterations to slow it just enough to mitigate brute force (default 50,000 iterations) ® Adds random salt to mitigate rainbow table ? Disadvantage: It can be easily implemented with hardware which makes it vulnerable to bruteforce even with high number of iterations § Bcrypt ? Password Hashing function ? State of the art password hashing § Usages ? Integrity Check Password Storage Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe
…
continue reading
93 פרקים
MP3•בית הפרקים
Manage episode 161857741 series 26781
תוכן מסופק על ידי Mohamed Elsherif. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Mohamed Elsherif או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Information Security 1. Introduction ? Security by obscurity § Steganography ? Hiding data inside another form of data, like using non-used bits in image to hide a message § Cool, but not practical. § Disadvantages ? Algorithm secrecy vs. key secrecy ? Cryptography is everywhere and yet if done right, you can barely see it. ? Goals: § Confidentiality ? Secrets stay secret. § Integrity ? Data is not tampered with. § Non-Repudiation ? No party can deny sending messages. § Authentication ? Each party can ensure that the sender is what they expect. ? Cryptography § Hashing § Encryption § Signing § Protocols ? Random Number Generators § Extremely important, almost all encryption/hashing strength is affected by how random the random number generator is. § Don't use simple random number, use a cryptographic random number generator with a sophisticated source of entropy. § Pseudorandom number generator § Dual_EC_DRBG random generator backdoor 2. Body ? Hashing (one Way) § Properties ? Fixed length output no matter what size the input was ? Very easy to compute the hash of a given message, however very hard to compute from a hash the corresponding input. ? Mathematically infeasible to generate a message that has a given hash ? Any modification to a message produces a completely different hash that has no relationship to the original message's hash. ? It is mathematically infeasible to find two messages with the same hash. Hash Collision § Hashing Functions ? Provides data integrity, however lacks authentication ? Examples ® MD5 ? Considered Insecure ® Secure Hash Family SHA-X, Sha-1, Sha-2 [Sha256, Sha512], Sha-3 ? Sha-1 is considered insecure. ? Sha-1, Sha-2 designed by NSA ? Sha-3 is not designed by NSA, Competition winner. ? Attacks ® Brute force ? CPU's are getting faster and cheaper every day. ? GPU's are getting faster and cheaper every day. ? Special Hash calculating hardware is becoming more available especially with the BitCoin push. ® Rainbow table attacks ? Pre-Calculated tables where you can reverse lookup a hash to a value ? Try www.crackstation.net § Hash Message Authentication Codes (HMAC) ? Adds authentication to integrity ? Can be used with all previous algorithms, HMACMD5, HMACShA1, HMAC256 … etc. § Salted Hash ? Adds random salt to mitigate rainbow table ? Salts are unique per record, and not a secret. § Password Based Key Derivation Function (PBKDF2) ? RSA Public Key Cryptographic Standard PKCS #5 Version 2.0 ? Internet Engineering Task Force RFC 2898 Specification ® Adds a lot of iterations to slow it just enough to mitigate brute force (default 50,000 iterations) ® Adds random salt to mitigate rainbow table ? Disadvantage: It can be easily implemented with hardware which makes it vulnerable to bruteforce even with high number of iterations § Bcrypt ? Password Hashing function ? State of the art password hashing § Usages ? Integrity Check Password Storage Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe
…
continue reading
93 פרקים
כל הפרקים
×ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.