illnesshacker: Medical information and health advice you can trust.

Encryption; Types, Functions, Process, Uses

Encryption is the method by which plaintext or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key. Encryption is one of the most important methods for providing data security, especially for end-to-end protection of data transmitted across networks.

Encryption is widely used on the internet to protect user information being sent between a browser and a server, including passwords, payment information and other personal information that should be considered private. Organizations and individuals also commonly use encryption to protect sensitive data stored on computers, servers and mobile devices like phones or tablets.

Types of Modern Encryption

All the fancy encryption algorithm that we have talked about earlier are mostly used for two different types of encryption:

Symmetric key algorithms use related or identical encryption keys for both encryption and decryption.
Asymmetric key algorithms use different keys for encryption and decryption—this is usually referred to as Public-key Cryptography.

Symmetric Key Encryption

To explain this concept, we’ll use the postal service metaphor described in Wikipedia to understand how symmetric key algorithms work.

Alice puts her secret message in a box and locks the box using a padlock to which she has a key. She then sends the box to Bob through regular mail. When Bob receives the box, he uses an identical copy of Alice’s key (which he has somehow obtained previously, maybe by a face-to-face meeting) to open the box and read the message. Bob can then use the same padlock to send his secret reply.

Encryption

Symmetric-key algorithms can be divided into stream ciphers and block ciphers—stream ciphers encrypt the bits of the message one at a time, and block ciphers take a number of bits, often in blocks of 64 bits at a time, and encrypt them as a single unit. There’s a lot of different algorithms you can choose from—the more popular and well-respected symmetric algorithms include Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, RC4, TDES, and IDEA.

Asymmetric Encryption

In an asymmetric key system, Bob and Alice have separate padlocks, instead of the single padlock with multiple keys from the symmetric example. Note: this is, of course, a greatly oversimplified example of how it really works, which is much more complicated, but you’ll get a general idea.

First, Alice asks Bob to send his open padlock to her through regular mail, keeping his key to himself. When Alice receives it she uses it to lock a box containing her message and sends the locked box to Bob. Bob can then unlock the box with his key and read the message from Alice. To reply, Bob must similarly get Alice’s open padlock to lock the box before sending it back to her.

Encryption

The critical advantage in an asymmetric key system is that Bob and Alice never need to send a copy of their keys to each other. This prevents a third party (perhaps, in the example, a corrupt postal worker) from copying a key while it is in transit, allowing said third party to spy on all future messages sent between Alice and Bob. In addition, if Bob were careless and allowed someone else to copy his key, Alice’s messages to Bob would be compromised, but Alice’s messages to other people would remain secret since the other people would be providing different padlocks for Alice to use.

Asymmetric encryption uses different keys for encryption and decryption. The message recipient creates a private key and a public key. The public key is distributed among the message senders and they use the public key to encrypt the message. The recipient uses their private key any encrypted messages that have been encrypted using the recipient’s public key.

There’s one major benefit to doing encryption this way compare to symmetric encryption. We never need to send anything secret (like our encryption key or password) over an insecure channel. Your public key goes out to the world—it’s no secret and it doesn’t need to be. Your private key can stay snug and cozy on your personal computer, where you generated it—it never has to be e-mailed anywhere, or read by attackers.

How Encryption is Used

Encryption was almost exclusively used only by governments and large enterprises until the late 1970s when the Diffie-Hellman key exchange and RSA algorithms were first published — and the first personal computers were introduced. By the mid-1990s, both public key and private key encryption were being routinely deployed in web browsers and servers to protect sensitive data.

Encryption is now an important part of many products and services, used in the commercial and consumer realms to protect data both while it is in transit and while it is stored, such as on a hard drive, smartphone or flash drive (data at rest).

Devices like modems, set-top boxes, smartcards and SIM cards all use encryption or rely on protocols like SSH, S/MIME, and SSL/TLS to encrypt sensitive data. Encryption is used to protect data in transit sent from all sorts of devices across all sorts of networks, not just the internet; every time someone uses an ATM or buys something online with a smartphone, makes a mobile phone call or presses a key fob to unlock a car, encryption is used to protect the information being relayed. Digital rights management systems, which prevent unauthorized use or reproduction of copyrighted material, are yet another example of encryption protecting data.

It’s a good idea to access sites utilizing SSL when

You store or send sensitive data online – If you use the Internet to carry out tasks such as filing your taxes, make purchases, renew your driver’s license, or conduct any other personal business, visiting sites utilizing SSL is a wise idea.
Your work requires it – Your workplace may have encryption protocols, or it may be subject to regulations that require encryption. In these cases, encryption is a must.

Reasons Why Encryption Matters

Why is encryption important? Here are three reasons

Internet privacy concerns are real – Encryption helps protect privacy by turning personal information into “for your eyes only” messages intended only for the parties that need them — and no one else. You should make sure that your emails are being sent over an encrypted connection, or that you are encrypting each message. Most email clients come with the option for encryption in the settings menu, and if you check your email with a web browser, take a moment to ensure that SSL encryption is available.
Hacking is big business – Hackers aren’t just bored kids in a basement anymore. They’re big business, and in some cases, they’re multinational outfits. Large-scale data breaches that you may have heard about in the news demonstrate that people are out to steal personal information to fill their pockets.
Regulations demand it – Healthcare providers are required by the Health Insurance Portability and Accountability Act (HIPAA) to implement security features that protect patients’ sensitive health information. Institutions of higher learning must take similar steps under the Family Education Rights and Privacy Act (FERPA), while retailers must contend with the Fair Credit Practices Act (FCPA) and similar laws. Encryption helps businesses stay compliant as well as helps protect the valuable data of their customers.

Cryptographic hash functions

Encryption is usually a two-way function, meaning the same algorithm can be used to encrypt plaintext and to decrypt the ciphertext. A cryptographic hash function can be viewed as a type of one-way function for encryption, meaning the function output cannot easily be reversed to recover the original input. Hash functions are commonly used in many aspects of security to generate digital signatures and data integrity checks. They take an electronic file, message or block of data and generate a short digital fingerprint of the content called a message digest or hash value. The key properties of a secure cryptographic hash function are:

Output length is small compared to the input
Computation is fast and efficient for any input
Any change to input affects lots of output bits
One-way value — the input cannot be determined from the output
Strong collision resistance — two different inputs can’t create the same output

The ciphers in hash functions are optimized for hashing: They use large keys and blocks, can efficiently change keys every block and have been designed and vetted for resistance to related-key attacks. General-purpose ciphers used for encryption tend to have different design goals. For example, the symmetric-key block cipher AES could also be used for generating hash values, but it’s key and block sizes make it nontrivial and inefficient.

Encrypting This Data is Achieved Mainly Through

Full disk encryption (FDE) – the primary way to protect computer hard drives and the at-rest data on them. Any files saved to the disk (or an external hard drive) are automatically encrypted. There are intermediate options for disk encryption, as well–folder encryption, volume encryption, etc.–that aren’t quite full-disk encryption, but in between.
File encryption – a way to encrypt at-rest data on a file-by-file basis so it cannot be read if intercepted. This isn’t automatic, but it’s beneficial because that data will stay encrypted after it’s left its place of origin.
End-to-end (E2E) encryption – obscures any content of messages so only senders and receivers can read it, like the early Pretty Good Privacy (PGP) email encryption software. The idea with E2E encryption is that it tackles all the vulnerabilities on the communication chain: the middle (intercepting a message during delivery), and both ends (sender and receiver). This is not just a niche offering any more, either—platforms like Facebook Messenger and Apple’s iMessage have E2E encryption now, too.
Encrypted web connections – via HTTPS, encrypted web connections use a Secure Sockets Layer (SSL) or transport layer security (TLS) protocols. With secure internet connections, we’re able to have better-protected communications on the web. These aren’t impenetrable, but there’s less risk of exploit. How it works: HTTPS uses SSL and TLS certificates when a browser and server communicate over the web. These are encryption keys, and when both browser and server have them, they’re authorized to access the encrypted data that’s passed between them. It’s a very basic, but very important, security measure when connecting to the web. If you’ve ever seen “https” instead of “HTTP,” or noticed a lock in the URL bar of your browser, you’re accessing a secure site.
Encrypted email servers – S/MIME (Secure/Multipurpose Internet Mail Extensions) public key encryption essentially gives SMTP (simple mail transfer protocol) email servers a leg up by allowing them to send and receive encrypted messages, not just simple text messages.
Pre-encrypting data that’s synced with the cloud – there’s plenty of software available that can pre-encrypt data before it even gets to the cloud, making it unreadable by the cloud or anyone who hacks into it. Note that any files still stored on the local machine aren’t encrypted and are still vulnerable. This accounts only for files sent to the cloud encrypting tech.

Encryption can be simple, like secret-key, or incredibly complex, like the Advanced Encryption Standard (AES), depending on the algorithm and the length of the key. The longer the key, the more protection, but also the more processing power required to handle the encrypting and decrypting process.

A Few Types of Encryption to Know Include

Secret-key algorithms – Also known as symmetric algorithms, or private-key, this algorithm uses the same key for encryption and decryption. This is a touch more vulnerable because anyone who gets a hold of that one key can read anything you encrypt. Also, passing that secret key over the internet or network connections makes it more vulnerable to theft.
Public-key algorithms – These are also known as asymmetric algorithms. With public-key encryption, there are two different, related encryption keys—one for encryption, and one for decryption. The public key is how the information is sent to you, and the private key decodes it (much like having a secure lock box on your front porch that a delivery person can put a package in, then only you can access that package with your private key). The benefit here is the key isn’t subject to being sent over insecure networks, but it does require more computer processing power so it’s a bit slower.
Block ciphers – Like the Triple Data Encryption Standard (DES), or 3DES, these encrypted data a block at a time. Triple DES uses three keys and is a pretty great encryption option for financial institutions that need to protect sensitive information.
Stream ciphers – A symmetric algorithm, it uses a keystream, a series of randomized numbers, to encrypt plaintext one character at a time. Rabbit, W7, and RC4 are popular stream ciphers.
Elliptic curve cryptography – A form of public-key encryption, it can be practically unbreakable for normal computers, or “hard.” This is security industry speak for technology that’s not completely unbreakable but is generally accepted to be up to best standards.
Blockchain cryptography – Blockchain technology is essentially a type of distributed database, best known as the basis for Bitcoin, that uses cryptography to safely store data about financial transactions. Blockchain cryptography is a form of “cryptocurrency,” using public-key encryption, and it’s valuable in its ability to provide direct, trustworthy and fraud-proof transactions between users on a peer-to-peer network. Because blockchain databases are distributed, they’re more resilient in the face of a DOS attack, so more companies are exploring this.

A Few Popular Algorithms Include

Advanced Encryption Standard (AES) – A block cipher, this is pretty much the gold standard, per the U.S. Government. It offers 128-, 192-, and 256-bit encryption, the last two reserved for instances that require extra-strength protection.
RSA – This asymmetric algorithm uses paired keys and is pretty standard for encrypting information sent over the internet, although it’s been through some issues of getting broken, which have then been resolved.
IDEA (International Data Encryption Algorithm) – This block cipher with a 128-bit key has a great track record for not being broken.
Signal Protocol – This open-source encryption protocol is used for asynchronous messaging, like email.
Blowfish and Twofish – Both of these block ciphers are free to use and popular among e-commerce platforms for protecting payment information. They were created by the same person and offer symmetric encryption with keys varying in bit length. Twofish is the successor and offers longer encryption keys.
Ring Learning With Errors or Ring-LWE – This protocol ramps up elliptic curves by adding in a new type of encryption that might be unbreakable by quantum computers.

What Is Key Management and Why Is It Important

Key management is another important aspect of encryption. Keys are how all of that encrypted data becomes readable, so how you handle them is just as sensitive as the data itself.

Many businesses worry about this aspect of encryption—after all, if you lose an encryption key, you lose access to your data, too. That’s why key management dictates how keys are stored (and shared) so prying eyes can’t get a hold of them, making your entire encryption schema moot.

Diffie-Hellman key exchange – This secure way for people to create a key allows them to share secure information. This method is also touted as “perfect forward secrecy,” meaning that theoretically, at no point in the future can message encrypted with a Diffie-Hellman key be decrypted.
Double Ratchet algorithm – Based on the above, the Double Ratchet algorithm is a key management algorithm used in end-to-end encryption of instant messaging, like the Signal messaging app.

This article just scratches the surface of the art and science of encryption, but hopefully, it gives you enough basic understanding of this important security technology. If you’re considering enlisting the help of a data security expert, you’re in luck: there are plenty of IT security freelancers on Upwork with expertise in encryption who are able to consult with you on an encryption strategy that’s best for you and your data

References

If the article is helpful, please Click to Star Icon and Rate This Post!

[Total: 0 Average: 0]

Programming Language; Should I Learn if I Want to be hacker

Programming Language for Hacking, Programming knowledge is necessary, although not mandatory to become a hacker. Some of the world’s best hackers started out as programmers. If you know to the program, you will be able to dissect code analyze it. You will be able to write your own scripts or your own hacking tools. So, which programming language should you learn then? HTML and JavaScript are languages of the internet. So make sure you learn them first. they are also incredibly easy to grasp and learn. If you are enrolled in an undergraduate computer science degree, you will most probably be learning C, C++, and Java. These three major languages are good and you should keep learning them, but for a hacker, Python is the best language. “Why?” You ask. Because Python is an extremely powerful language and it easy to learn at the same time. With Python, you can achieve your results with minimal coding, and it does not need to be compiled. That means, just as you finish writing a script, you can immediately run it without having to compile it. And later on in life, if you decide to become a programmer instead of a hacker, Python can develop GUI applications also. In fact, a large part of YouTube is written in Python.

Open Source

The hacker community is a big supporter of Open Source software. You should contribute to open source projects when you can. In order to improve your programming skills, you can start an open source project and work on it. Download the source code of popular open source projects and study the code. Sourceforge and Github are excellent starting points. Alternatively, start your own project and post the source code online. This will help you get recognition.

Linux

The Windows operating system may be easy and convenient for most users, but it is certainly not suited for hackers. With the exception of a few windows only tools, most hacking tools run best under Linux environment. I have given a list of 10 best hacking tools here. 9 out of those 10 tools run best under Linux. You can use any Linux distribution like Ubuntu or Fedora, but BackTrack and Kali are two major Linux distros specifically designed for hackers. They come loaded with all the popular hacking tools, saving you from the trouble of downloading them yourself. If you are not comfortable with leaving windows as yet, you can use VirtualBox to install BackTrack in your system, or you can dual boot your operating systems.
Information Technology is a huge field. If you look at your college or university, your professors know about programming concepts and theory, the System Administrator knows about networks and systems, the website developers know web programming and designing. You, as a hacker, must know all these things and more.

Best Programming Language for Hacking

HTML/JavaScript

In the web hacking world, we can’t talk about JavaScript without mentioning HTML. These are the core languages of the web. HTML is a static markup language which any aspiring web hacker should know in order to comprehend web responses, logic, structure and action. With knowledge of HTML, JavaScript comes next. JavaScript is a client-side scripting language. Hate it or love it, as a web hacker, you will have to someday face it. With JS, it gets easier to identify web application vulnerabilities, as well as perform attacks such as cross-site scripting.

C and C++

C and C++ are critical low-level programming languages that you need to know as a cybersecurity professional.

These languages provide access to low-level IT infrastructure such as RAM and system processes, which if not well protected, hackers can easily exploit.

The C programming language is the backbone of most operating systems. It is a lean, flexible, and efficient language that can be used to complete a wide range of tasks such as cryptography, image processing, and socket networking. Essentially, C++ is usually regarded as C’s big brother — which has been concocted with crack, meth, and steroids and mixed without any favors. C++ is a fantastic language that is largely based on C’s source code. There are several cybersecurity programs created using C++. For example, Nmap, the network mapper tool, is created using C++.

PHP (Hypertext Preprocessor)

PHP is a server-side programming language for developing websites. Because most websites are created using PHP, learning the language will enable you to know how to fend off intruders. For example, DDoS (Denial-of-service) attacks usually attempt to make web applications unavailable to intended users. With PHP programming knowledge, coupled with skills in other technologies like JavaScript, you can implement robust solutions to secure web applications.

SQL (Structured Query Language)

SQL (Structured Query Language) is mostly used in managing data stored in databases.

Because of the current explosion of data storage systems, SQL is widely used for maintaining and retrieving data. Similarly, hackers are increasingly orchestrating the language for damaging or exfiltrating the stored data. For example, SQL injection attacks involve exploiting SQL vulnerabilities to steal or modify data kept in databases.

Therefore, having a good understanding of the SQL language is critical in your cybersecurity career.

Python

This programming language is well known for its simplicity and also it is one of the most popular introductory languages in best U.S. universities.

Python provides an excellent development platform to build our own tools, or, in ethical hackers terms, it’s called offensive tools. It allows you for rapid development and testing – which are essential for ethical hackers, pen-testers, and security professionals. Pentesters (aka. Ethical Hackers) are those people who exploit security vulnerabilities in web-based applications, networks, and systems. In other words, they get paid to legally hack. Now Similar to JavaScript, Python is also very flexible and it’s being widely used from building web applications to bioinformatics. Python is a Hackers’ Language (I read it in TJ O’ Connor’s book) and I believe that. Definitely, Python is a Hackers’ Language. Many hackers prefer this as their first language as it is so easy to start with.

Python is a high-level programming language that is increasingly becoming popular among cyber experts. It’s gaining traction mainly because of its adherence to code readability, clear and simple syntax, and availability of an extensive number of libraries. So, whatever task you want to do, you can always complete it easily with Python. For example, you can use the language to send TCP-packets to machines, perform malware analysis, and create intrusion detection systems with minimal reliance on third-party tools.

Ruby

In the field of security researchers (aka. Ethical Hackers) Ruby got popular in no time. This particular programming language was influenced by Perl, Smalltalk, Eiffel, Ada, and Lisp. Similar to python. It’s easy to write, easy to read and pleasant to work with. Lot’s of companies like Shopify, Twitter, GitHub etc are looking for people who know Ruby. So you must have a belt of Ruby with you. Of course, you’ll need to know PHP, C++, HTML, etc, but Ruby is a good step to learn. It is also one of my favorite programming languages. Just like JavaScript, it’s easy to learn but difficult to master.

JavaScript

Javascript is widely used for web development purpose. It is one of the most flexible programming languages I’ve ever used. Apple has made JavaScript a first-class citizen as of Yosemite, allowing JavaScript to be used in place of AppleScript for various system-level customizations and scripting. With that in mind, there are a ton of ways you can use JavaScript to accomplish many different things, including hacking. It can be used for both Front-end and Back-end development purposes as well. For Beginners, JavaScript can be hard to debug and it’s difficult to learn some concepts such as asynchronism, prototype, objects and more. But over time anyone can master it.

JavaScript is a core technology that powers the Internet. Primarily, it’s the language that adds interactivity to web pages. Although JavaScript was initially implemented only on the client-side in web browsers, it’s now possible to use the language in other types of host infrastructure, such as server-side in databases and offline applications like PDF programs. Therefore, because of its extensive usage, learning JavaScript can make you go one step ahead of the hackers. You’ll understand the concepts of how websites and other applications work and the best designs to employ to ward off malicious users. For example, cross-site scripting is a JavaScript-based attack that involves an attacker implanting malicious code in a web application.

Perl

Perl is worth learning for practical reasons; it’s very widely used for active web pages and system administration so that even if you never write Perl you should learn to read it. Perl is a very useful programming language used in These days it is used for Ethical Hacking, Penetration Testing and many more.

C/C++

The mother of all programming language, C is most used in software creation for Linux, Windows etc. However, it is also used for Exploit writing and development. Although C++ is a more powerful language than C and is used in a lot of programs, like games. Here are some basic examples of C programming.

Java

Java was originally released with the slogan “write once, run anywhere,” which was intended to underscore its cross-platform capabilities. You can make tools using Java and it can also be used to create backdoor exploits as well as exploits that can kill a computer.

LISP

Lisp is the second-oldest high-level programming language in widespread use today. LISP is absolutely wide open and flexible, makes it hacker’s favorite. You can define your own syntax, and often do. You can create any sort of programming paradigm you like and include it in your programs.