Cryptography
Five primary functions today: privacy/confidentiality (ensuring that no one can read the message except the intended receiver), authentications (the process of proving one’s identity), integrity (assuring the receiver that the received message has not been altered in any way from the original), non-repudiation (a mechanism to prove that the sender really sent this message), and key exchange (the method by which crypto keys are shared between sender and receiver).
There are several ways of classifying cryptographic algorithms. One type is hash functions. One common hash function used until recently is SHA-1.
Five primary functions today: privacy/confidentiality (ensuring that no one can read the message except the intended receiver), authentications (the process of proving one’s identity), integrity (assuring the receiver that the received message has not been altered in any way from the original), non-repudiation (a mechanism to prove that the sender really sent this message), and key exchange (the method by which crypto keys are shared between sender and receiver).
There are several ways of classifying cryptographic algorithms. One type is hash functions. One common hash function used until recently is SHA-1.
Technical terms?
Encryption: The process of encoding messages (or information) in such a way that eavesdroppers cannot read it, but that authorized parties can.
Hash function: An algorithm that takes an arbitrary block of data and returns a fixed-size bit string, the cryptographic hash value, such that any change to the data will (with very high probability) change the hash value.
Encryption provides confidentiality while Hash functions provide integrity.
Collision: what happens when a hashtag function breaks, causing two files to produce the same hash - this allows an attacker to smuggle in a malicious file because it shares its hash with a file that is legitimate.
Encryption
Encryption turns data into a series of unreadable characters, that aren't of a fixed length. The key difference between encryption and hashing is that encrypted strings can be reversed back into their original decrypted form if you have the right key.
Encryption turns data into a series of unreadable characters, that aren't of a fixed length. The key difference between encryption and hashing is that encrypted strings can be reversed back into their original decrypted form if you have the right key.
There are two primary types of encryption, symmetric key encryption(AES) and public key encryption(PGP). In symmetric key encryption, the key to both encrypt and decrypt is exactly the same. This is what most people think of when they think of encryption.
Public key encryption by comparison has two different keys, one used to encrypt the string (the public key) and one used to decrypt it (the private key). The public key is is made available for anyone to use to encrypt messages, however only the intended recipient has access to the private key, and therefore the ability to decrypt messages.
Public key encryption by comparison has two different keys, one used to encrypt the string (the public key) and one used to decrypt it (the private key). The public key is is made available for anyone to use to encrypt messages, however only the intended recipient has access to the private key, and therefore the ability to decrypt messages.
AES
Advanced Encryption Standard (AES) is a symmetric block cipher used by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.
Advanced Encryption Standard (AES) is a symmetric block cipher used by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.
PGP
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. PGP is the most popular public key encryption algorithm.
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. PGP is the most popular public key encryption algorithm.
SHA-1
(Secure Hash Algorithm 1) A hashtag function that dates back to 1995; it produces a digital fingerprint from a given file that allows you to verify a file’s integrity without exposing the entire file by simply checking the hash.
(Secure Hash Algorithm 1) A hashtag function that dates back to 1995; it produces a digital fingerprint from a given file that allows you to verify a file’s integrity without exposing the entire file by simply checking the hash.
Current state?
“Insecure and obsolete”
“Insecure and obsolete”
Who's using it?
Almost no one is still using it, however, GitHub and Subversion software repositories are heavily dependent on Sha-1, according to the researchers from Google. Despite efforts to phase out the use of SHA-1, the algorithm is still fairly widely used to validate credit card transactions, electronic documents, email PGP/GPG signatures, open-source software repositories, backups and software updates. In 2017, it has been widely used for document and TLS certificate signatures according to the researchers. Apple, Google, Microsoft and Mozilla have worked in recent years to fully block the use of SHA-1 from their browsers
Almost no one is still using it, however, GitHub and Subversion software repositories are heavily dependent on Sha-1, according to the researchers from Google. Despite efforts to phase out the use of SHA-1, the algorithm is still fairly widely used to validate credit card transactions, electronic documents, email PGP/GPG signatures, open-source software repositories, backups and software updates. In 2017, it has been widely used for document and TLS certificate signatures according to the researchers. Apple, Google, Microsoft and Mozilla have worked in recent years to fully block the use of SHA-1 from their browsers
How was it broken?
Google announced a public collision in the SHA-1 algorithm. The research was carried out using two PDF files. It’s research was conducted by researchers at the Cryptology Group at Centrum Wiskunde & Informatica (CWI) in the Netherlands and the Google Research Security, Privacy, and Anti-Abuse Group. Google is waiting 90 days to say exactly how they broke it, as stated in its 90-day vulnerability disclosure policy. Microsoft also gets some credit for the research because they produced a tool that can be used to test files to see if they’ve been subject to a collision attack. (Ironically, the tool is available at GitHub, which is one of the code repositories described as being heavily dependent on SHA-1)
Google announced a public collision in the SHA-1 algorithm. The research was carried out using two PDF files. It’s research was conducted by researchers at the Cryptology Group at Centrum Wiskunde & Informatica (CWI) in the Netherlands and the Google Research Security, Privacy, and Anti-Abuse Group. Google is waiting 90 days to say exactly how they broke it, as stated in its 90-day vulnerability disclosure policy. Microsoft also gets some credit for the research because they produced a tool that can be used to test files to see if they’ve been subject to a collision attack. (Ironically, the tool is available at GitHub, which is one of the code repositories described as being heavily dependent on SHA-1)
How much processing power took to break it?
The attack was 100,00 times faster than a typical brute-force attack, although researchers had to run more than 9 quintillion SHA-1 computations in order to complete the attack. To give a sense of how large scale the computation was 6,500 years of CPU computation to complete the first phase of the attack and 110 years of GPU computation to complete the second phase.
The attack was 100,00 times faster than a typical brute-force attack, although researchers had to run more than 9 quintillion SHA-1 computations in order to complete the attack. To give a sense of how large scale the computation was 6,500 years of CPU computation to complete the first phase of the attack and 110 years of GPU computation to complete the second phase.
http://www.theverge.com/2017/2/23/14712118/google-sha1-collision-broken-web-encryption-shattered
https://redmondmag.com/articles/2017/02/24/broken-sha1-web-security.aspx
https://www.quora.com/Cryptography-Why-are-MD5-and-SHA1-called-broken-algorithms
http://www.pcworld.com/article/3173791/security/stop-using-sha1-it-s-now-completely-unsafe.htm
http://security.stackexchange.com/questions/29482/is-sha-1-encryption
http://www.garykessler.net/library/crypto.html
http://www.securityinnovationeurope.com/blog/whats-the-difference-between-hashing-and-encrypting
https://redmondmag.com/articles/2017/02/24/broken-sha1-web-security.aspx
https://www.quora.com/Cryptography-Why-are-MD5-and-SHA1-called-broken-algorithms
http://www.pcworld.com/article/3173791/security/stop-using-sha1-it-s-now-completely-unsafe.htm
http://security.stackexchange.com/questions/29482/is-sha-1-encryption
http://www.garykessler.net/library/crypto.html
http://www.securityinnovationeurope.com/blog/whats-the-difference-between-hashing-and-encrypting