Software security

). Asymmetric Key Encryption

Download 121,59 Kb.

bet	4/5
Sana	12.07.2022
Hajmi	121,59 Kb.
	#782939

1 2 3 4 5

Bog'liq
softwaresec

Hash Function
Rainbow Table Attacks and Dictionary Attacks

2). Asymmetric Key Encryption: This is a type of encryption that uses two separate, yet mathematically related keys to encrypt and decrypt data. The public key encrypts data while its corresponding private key decrypts it. The public is available for the general public, and the private key is secret. Generation of the private key, given the public key, is computationally hard. The General Process of Asymmetric Key Encryption;

The recipient generates a pair of keys(Public and Private) and publishes the public key by a trusted service.
The sender obtains the public key of a recipient and uses it to encode the message, then sends it to the recipient.
The recipient decodes the message using the key that the recipient kept in private. In order to reply, the recipient uses the sender’s public key and the recipient decodes the message with his or her private key.
Information cannot eavesdrop from messages that are captured, as the eavesdropper does not have the private key to decode the message. Also, messages cannot tamper in a meaningful way as this would require to get the plain text message.

The main advantage of asymmetric encryption is that it will get rid of the key distribution problem since using two key pairs. the disadvantage is that it will be slow due to the generation and usage of two key pairs. Some of the Asymmetric Key Encryptions are;

RSA Algorithm
Diffie Hellman Algorithm
Diffie Hellman Elliptic Curve Algorithm
Digital Signature Algorithm

Figure 3: Asymmetric Key Encryption Process

PGP is for the encryption of email messages and digital signatures. It combines Symmetric and Asymmetric encryption together.
** Symmetric has a key distribution problem
** Asymmetric is slower, but no key distribution pro
Therefore as a solution, it uses Asymmetric Encryption to encrypt and distribute key used for Symmetric encryption.
2. Hashing
Hashing is the process of obtaining fixed-size blocks from plaintext and updating the state of internal bit representation(160 bits, 128 bits, 256 bits, etc) of hashing algorithm iteratively. After that, at the end of all the iterations, get the state of the internal bit representation called the message digest or hash code. A Hash Function is used to generate the new scramble data according to advanced mathematical algorithms. The result of a hash function is known as a hash code or sometimes a message digest. A good hash function uses a one-way hashing algorithm, or in other words, the hash value cannot be converted back into the original value. It is really difficult to mess with a good hashing function because if you change one character in a stream of characters, the hash value will be completely different from the previous hash value. There are several types of hashing algorithms, but some of them are outdated now;

MD5 ((size of hash code: 128 bits)
SHA-1 (size of hash code: 160 bits)
SHA-256 (size of hash code: 256 bits)
SHA-512 (size of hash code: 512 bits)

Some applications of hashing are password protection, designing blockchain applications, and protect the integrity of software licenses and integrity of digital certificates. So when talking about password protection, if any data leakage happens, since the hashed password is stored in the database, it will be difficult to guess the original password from the hashed password for the attacker, because of the one-way nature of the hash functions. But if we are just storing the hash value of the password it is susceptible to Rainbow Table Attacks and Dictionary Attacks.

Download 121,59 Kb.

Do'stlaringiz bilan baham:

1 2 3 4 5