Software security


). Asymmetric Key Encryption



Download 121,59 Kb.
bet4/5
Sana12.07.2022
Hajmi121,59 Kb.
#782939
1   2   3   4   5
Bog'liq
softwaresec

2). Asymmetric Key Encryption: This is a type of encryption that uses two separate, yet mathematically related keys to encrypt and decrypt data. The public key encrypts data while its corresponding private key decrypts it. The public is available for the general public, and the private key is secret. Generation of the private key, given the public key, is computationally hard. The General Process of Asymmetric Key Encryption;

  • The recipient generates a pair of keys(Public and Private) and publishes the public key by a trusted service.

  • The sender obtains the public key of a recipient and uses it to encode the message, then sends it to the recipient.

  • The recipient decodes the message using the key that the recipient kept in private. In order to reply, the recipient uses the sender’s public key and the recipient decodes the message with his or her private key.

  • Information cannot eavesdrop from messages that are captured, as the eavesdropper does not have the private key to decode the message. Also, messages cannot tamper in a meaningful way as this would require to get the plain text message.

The main advantage of asymmetric encryption is that it will get rid of the key distribution problem since using two key pairs. the disadvantage is that it will be slow due to the generation and usage of two key pairs. Some of the Asymmetric Key Encryptions are;

  • RSA Algorithm

  • Diffie Hellman Algorithm

  • Diffie Hellman Elliptic Curve Algorithm

  • Digital Signature Algorithm




Figure 3: Asymmetric Key Encryption Process


PGP is for the encryption of email messages and digital signatures. It combines Symmetric and Asymmetric encryption together.
** Symmetric has a key distribution problem
** Asymmetric is slower, but no key distribution pro
Therefore as a solution, it uses Asymmetric Encryption to encrypt and distribute key used for Symmetric encryption.
2. Hashing
Hashing is the process of obtaining fixed-size blocks from plaintext and updating the state of internal bit representation(160 bits, 128 bits, 256 bits, etc) of hashing algorithm iteratively. After that, at the end of all the iterations, get the state of the internal bit representation called the message digest or hash code. A Hash Function is used to generate the new scramble data according to advanced mathematical algorithms. The result of a hash function is known as a hash code or sometimes a message digest. A good hash function uses a one-way hashing algorithm, or in other words, the hash value cannot be converted back into the original value. It is really difficult to mess with a good hashing function because if you change one character in a stream of characters, the hash value will be completely different from the previous hash value. There are several types of hashing algorithms, but some of them are outdated now;

  • MD5 ((size of hash code: 128 bits)

  • SHA-1 (size of hash code: 160 bits)

  • SHA-256 (size of hash code: 256 bits)

  • SHA-512 (size of hash code: 512 bits)

Some applications of hashing are password protection, designing blockchain applications, and protect the integrity of software licenses and integrity of digital certificates. So when talking about password protection, if any data leakage happens, since the hashed password is stored in the database, it will be difficult to guess the original password from the hashed password for the attacker, because of the one-way nature of the hash functions. But if we are just storing the hash value of the password it is susceptible to Rainbow Table Attacks and Dictionary Attacks.
1   2   3   4   5




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish