2004. december 9., csütörtök
Data Encryption - How It Works...
Problem/Question/Abstract:
How does Data Encryption Work
Answer:
Encryptions Early Predecessors
“Since man was created, war began”
A little known fact is that even since the days of the Greeks- Encryption was a priority, people trying to stay one step ahead of there rivals, Text Messages where good as gold and a great way to communicate, but in war it is an indispensable tool but not so secure.
the “Cesar” cipher is a good example, Cesar used a very simple but effective method for protecting his messages that where sent to his army.
Normal
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Coded
EFGHIJKLMNOPQRSTUVWXYZABCD
The letters where shifted left 4 spaces
A message might look like this:
MCFVNH
Meaning this:
HYBRID
Even in the early 1900’s the USA used a similar form to communicate with its troops, a BOOK a Paragraph was used as the CODEC, starting by logging the letters so they wouldn’t repeat them self’s:
For example:
“IT WAS THE BEST OF TIMES, IT WAS THE WORST OF TIMES”
The letters get logged starting from the beginning.
“IT ” = “AB”
“WAS” = “CDE”
“THE” = “BFG”
Notice that the ‘T’ got repeated so its value is still ‘B’ and so on.
How Data Gets Encrypted
“The virtual age”
Now encryption changed thanks to computers, since the birth of the all mighty BYTE one single change and you have a whole new number.
Now a BYTE is made of 8 BITS
8-7-6-5-4-3-2-1
each BIT has a value (the double of the last) assigned to it
128-64-32-16-8-4-2-1
The max value of a BYTE is 255 (the sum of all the BITS)
Logical operators are used to modify the bits in a byte or more
OR
(Add)
The OR operator is used to set the BITS in a value. example:
If you decided to OR the value: 4
(00000100)
with the value: 2
(00000010)
the result will be the number 6
(00000110)
since the sum of the 3rd BIT and the 2nd BIT gives us 6
AND
(Extract)
The AND operator is used to check if the BITS in a VALUE are set.
If you decided to AND the value: 4
(00000100)
with the value: 8
(00001000)
the result will be the number 0
(00000000)
Since the value 8 (the 4th BIT) is not set
If the BIT where set
the result will be the number 8 (AGAIN)
(00001000)
XOR
(Toggle)
The all mighty XOR operator is used to toggle the BITS in a VALUE (1=0 and 0=1)
If you decided to XOR the value: 255
(11111111)
with the value: 4
(00000100)
the result will be the number 251
(11111011)
The all the BITS in the value where toggled now if we repeat the process with the last result (251)
(11111011)
with the value: 4
(00000100)
the result will be the number 255 again
(11111111)
Now you see why the XOR is used so much, since you need not remember the original value only the KEY or in this case the 4
All values that you XOR are changed BIT by BIT so if you use a VALUE (KEY) lower than the DATA you will only change the first bytes in that value
For example an Integer (123456789) uses 4-Bytes and the value 90210 uses 2-Bytes, so if you XOR 123456789 with 90210 the changes will only affect the first 2-Bytes.
Random numbers are great but you must find a better way to generate them, since most Compilers have there own way of generating them (using the TIME is the most common) the DATA may get lost or corrupted easily.
Now the most popular is the PGP type of Encryption that I will explain later,
But first we need to explain how to generate a GOOD and SAFE key
Data Types
“One spoon or two”
The key as well as the data gets split in different data sets for example you can toggle 1 byte / 2 bytes (word) / 4 bytes (W32 Integer) / 8 bytes (int64). This way you can toggle more data and take less time. But you must always remember where your algorithm is going to be used; some systems can’t handle a 64bit Integer (some handhelds, etc). And a must is to always pair up the data size with the key size, you don’t want to encrypt text and leave readable hole.
Cipher Logic
“Lose your self in the numbers”
A KEY is always important, the time for the magical “SWORDFISH” password has ended; now you need not remember a single word but the less similar to a WORD the better.
A good KEY is longer than 128-BITS (32 BYTES/CHARS)
It is always recommended to use the full 8-BITS in each BYTE rather than just the ones used for the ‘Letter Characters’, the less repetitive the better.
Yes in the case of some PGP like keys they can still use the small passwords, that is because the DATA is not encrypted with the key it self instead it is Encrypted with a Session key, that key is created via any temporary data on the machine, memory, mouse position, windows version, etc.
And then the Session key is encrypted with the user key. In the case of PGP the Session key is encrypted with the Public Key.
Predetermined Keys
“Does size REALLY matter”
One of the best ways to encrypt data is to use predetermined
Keys for example the well known BLOWFISH and TWOFISH use this technique as well as many others. The USER KEY gets split in multiple sections that are used to toggle the Predetermined Keys, which in turn toggle the data in various passes.
Time and Time Again
“Shake well”
The best technique is to toggle the same part more than once, in most cases 16 times is enough. Another use for this is to shred data like most programs you can scramble the data so much that it will become unrecognizable to any data recovery program, others just zero-out the bytes, but in most cases the data on a disk can still be recovered if it was just zeroed, the Hard Disk leaves a small trace or residue of the last value there (un-format for example).
Cover your tracks
“Crouching Tiger, Hidden Footprint”
Now it is best to learn assembler for this but any language will do, since time is of the essence, I use assembler, to cover your tracks it is best to add fake procedures or moves like shifting and switching variables, in the event that a cracker might want to break the encryption. Now a days it is useless since the world revolves around keys, the cracker can have the code but not the data.
Feliratkozás:
Megjegyzések küldése (Atom)
Nincsenek megjegyzések:
Megjegyzés küldése