Image Source: stockfreeimages.com
The stuff about which I am going to talk about right now, you probably wont find much about it on the Internet. Heck, when I was learning this myself, I had a lot of trouble learning each and every bit of Algorithms, Math, Encryption, cryptography and programming, the trusted keys and stuff.
And the worst was when I came to know that every other Encrypted thing in the world can be decrypted or hacked; no matter what. Yeah, there is no such thing as FoolProof Security. But the main reason for me to write this blog was because there is hardly anyone helping you out there related to this. So, my aim is to help people understand what exactly is encryption and how it is related to Cryptography and Math.
Firstly, encryption is just but one branch of cryptography. So, now the question must be what is cryptography. I actually prefer cryptography to Art. It is not totally related to Programming or similar stuff. Cryptography was used even in ancient times. The most famous cryptographer of all times was Leonardo DaVinci. His methods of encrypte were so challenging that even today most of his works are still not decrypted.
So, cryptography is an art of writing or coding something in such a manner that only a specific person to whom it is addressed can understand that. No one else would be able to understand it. This cryptography can be in the form of images, or writing, text, design, architecture or anything. There is no limit to that.
Ever heard of Mona Lisa (Yes, it was drawn by Leonardo Davinci)? Yes, its even said that her left eye is also encrypted in the painting. Not to mention that there could be a lot of conspiracies here as well. But, now you may have gotten an approximate idea as to what I am talking about and where I am heading.
Also, do you remember the part previously where I told you that even images are encrypted? Yes. Speaking virtually, hand drawn images can be encrypted to show some sort of code of a map or some other stuff. Similarly images can also be encrypted in sentences. This is called as Steganography. Steganography is a form of encryption where you write one thing but you actually mean something else.
Now-a-days terrorists and a lot of ISIS people use this form to communicate to each other. They post ads on newspapers, which actually look like some normal advertisement but they actually mean something else.
Digital Cryptography and Encryption
So, after reading all of this you might be wondering how does this all get entangled with computers. It is simple. When you store something digitally, you may need some sort of security. For example we all have a lot of internet accounts and we need to keep them secure. So, the encryption part here is with the server. For example, lets say you create a email account.
Now, the Password you used would have to stored on the server. But this password cannot be in plain-text. The reason for that is because if the server gets compromised by some hacker, then all the data inside it would then get released and anyone can misuse it. So, this data needs to be secured. And this is where the encryption part comes in between.
The encryption which is created here in a not a simple process. For example, lets say the password is [email protected](just assume). So, when this password is entered, it gets converted into a Hash File of a 32-bit which is stored on the server. So, whenever you enter the password, the converted hash file needs to match the hash file stored on the server. Now you may think, what if there is some hacker doing a Man-in-the-Middle-Attack and he gets the hash file. That’s the magic here. Each hash file has almost ‘n’ number of possibilities here.
This means that even if the hacker gets the encrypted hash file, and to say even if he or she decryptes it, he won’t get the same password. The possibility of getting the same password i.e. [email protected] from the hash file is one in a million. In short, this is again what the main aim of cryptography is. That is only the concerned party should recognize the code. In our case the concerned party is the Server and the User entering the password.
To be frank, there are very less email providers who provide encrypted security. The worst part here is, nowadays, hackers don’t even tend to go for hash cracking. They straight away social engineer their way into the accounts. Besides, pro hackers don’t even need your password to enter your account. Assuming the same situation you are in of the man-in-the-middle attack, an attacker can straight away sniff your email which is sent in the form packets.
Thus the only way to secure yourself is to get an email provider who provides email encryption as well and not just password encryption. And the only one I know of as of now is Protonmail.com. They are very sophisticated. Recently, some hackers even tried to hack into their accounts, but due to extreme security, they weren’t able to, and they later ended up DDOSing protonmail’s system which went on for 3-4 days until it became live again(DDOS: Distributed Denial of Service Attack is a method of sending extreme number of packets to disrupt the system).
Encryptions and Security
Encryption has several forms. Though it is hard to decrypt an encrypted service, it is not the impossible. WEP for example is a type of Wi-Fi security, but it is extremely insecure, whereas WPA and WPA2 Personal are totally secure. But being totally secure, doesn’t mean foolproof. A WPA2 encrypted Wi-Fi with a 12 character can take upto 15-20 days to crack but it can be cracked.
Similarly, with a good-enough computer, it can crack the same password in 3-5 days. I have a system at my home running PIMP OS(PIMP is a bitcoin-mining operating system) with core i7 6th gen(processor doesn’t matter though) and a 15000-RPM SSD along with two gtx980 graphics card. With this setup and a wordlist Dictionary from Kali Linux(Kali Linux is a penetration testing OS), I can easily crack the same password in 10-12 hours. Shocked? Yes. But that’s just me.
Extremist hackers mostly employ bots that take control of hundreds not to mention thousands of computer and babysit them for cracking passwords. By doing this, they can easily crack passwords in a few minutes. Now how scary it is, just think. It straight away escalated from 20 days to 20 minutes. And these are just pure math. According to the decryption philosophy of mathematics, every other encryption can be cracked with enough time. Its just pure probability and brute force password cracking.
If you are more interested in encryption, I would recommend you to read the book “Digital Fortress”. Its an extremely good book for a beginner to understand how encryption works. And NO! Its not a math or programming book. It’s a fictitious novel, but the encryption details are near enough close to real life.
Types of Encryption
As I said previously, encryption has multiple forms. Following are the main types of encryption:
Symmetric encryption gathers plain-text data and then shuffles it to make it unreadable. And just before reaching the required party, it re-arranges the data again. Symmetric type of encryption is the fastest of other encryptions. The viable part to remember here is that the encrypter and decrypter party both need to have the same key to intercept the data.
The bad part about symmetric key is that even if your data is encrypted, the software readily needs the unencrypted data to the match the password and not the encrypted one. This indirectly proves that the software itself is compromised. The only to protect yourself is to design the software in such a way that the data remains encrypted when the user logs out of the system, and the leave the key only in unreadable encrypted format which is actually tough to begin with.
Asymmetric encryption similar to symmetric ones also gathers plain-text, shuffles it, and re-arranges it again at the other end, but here multiple variable keys are used for each end. Users and decrypters use public key and private key to shuffle and re-arrange the data.The only problem with public key is to make sure you trust the public key you hold. If the public-key is somewhat compromised, then everything is. A simple Man-in-the-middle attack is an easy way to compromise it.
Nowadays when you hear the term encryption, its actually hashing what is happening in the background. Hashing is not a pure form of encryption though. Remember, the example I gave previously about email security?
Yeah! That’s what hashing is really. Hashing a string will always produce the same string, but the reverse string is never the same. Buth with enough information, one can easily use some other data to create a same hash. As a matter of fact, in case of hashes, the hash is the password itself.
Speaking of encryption, no matter what you do, there is no foolproof security. It will always be Security through Obscurity. One can only be paranoid enough to be safe enough.
The post The Process of Encryption appeared first on eduCBA.
This post first appeared on Free Online CFA Calculator Training Course | EduCB, please read the originial post: here