SlideShare a Scribd company logo

CRYPTOGRAPHY (2).pdf

B
BhuvanaR13

The document discusses the RSA algorithm for cryptography. It begins by explaining that RSA was created by Ron Rivest, Adi Shamir, and Leonard Adleman in 1977. It uses logarithmic functions to encrypt and decrypt data in a way that is difficult to break, even with powerful computers. RSA can encrypt generic data to enable secure sharing and can verify digital signatures. It works using a public key that encrypts data and a private key that decrypts it. The document then provides examples of how RSA encryption works step-by-step using prime numbers to generate keys. It discusses the security of RSA and how increasing the key size makes it more difficult to break through brute force attacks or factorization. Proper key management is

Education
1 of 26
Download to read offline
CRYPTOGRAPHY RSA ALGORITHM What Is RSA Algorithm in Cryptography? A public-key signature algorithm called RSA was created by Ron Rivest, Adi Shamir, and Leonard Adleman. The algorithm, which was first described in their 1977 publication, makes use of logarithmic functions to maintain the working complicated enough to withstand brute force attacks while being streamlined and quick after deployment. The graphic below demonstrates how it uses the RSA approach to validate digital signatures. Along with handling the verification of digital signatures, RSA can also encrypt and decrypt generic data to enable secure data sharing. Along with handling the verification of digital signatures, RSA can also encrypt and decrypt generic data to enable secure data sharing. It uses the opposite key set while encrypting and decrypting generic data with RSA. In contrast to signature verification, it encrypts data using the recipient's public key and decrypts it using the recipient's private key. Therefore, in this situation, no keys need to be exchanged.
When it comes to RSA cryptography, there are two parts:  Key generation is the process of creating the keys that will be used to encrypt and decode the data that will be transferred.  The function of encryption and decryption: The procedures to be followed when data needs to be recovered after being scrambled. Both the public and the private keys in RSA cryptography can be used to encrypt a message. The key used to decrypt a message is the opposite of the key used to encrypt it. RSA's ability to guarantee the secrecy, integrity, authenticity, and non-repudiation of electronic communications and data storage is one of the reasons it has grown to be the most popular asymmetric algorithm. RSA is used for encryption and digital signature capabilities in numerous protocols, including Secure Shell (SSH), OpenPGP, S/MIME, and SSL/TLS. Additionally, it is used in software programs. Browsers are a prime example of this since they frequently need to validate digital signatures or create safe connections over unreliable networks like the internet. One of the most often carried out operations in network-connected systems is the verification of an RSA signature. Since it is challenging to factor huge integers that are the product of two large prime numbers, RSA is secure. These two numbers multiply easily, but extracting the original prime numbers from the sum, or factoring, is thought to be impractical due to the time required, even with today's supercomputers. The most challenging aspect of RSA cryptography is the algorithm used to generate public and private keys. The Rabin-Miller primality test procedure yields two enormous prime numbers, p, and q. Calculating a modulus, n, requires multiplying p and q. The connection between the public and private keys is made possible by the usage of this number. The key length is the length of the key, which is often given in bits. The public key is made up of a public exponent, e, and a modulus, n, which is typically chosen at 65537 because it is a manageable prime number. Given that everyone has access to the public key, the e-figure doesn't have to be a prime number that was privately chosen. The Extended Euclidean algorithm is used to calculate the multiplicative inverse about the totient of the modulus n and the private exponent d, which make up the private key.
RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means that it works on two different keys i.e. Public Key and Private Key. As the name describes that the Public Key is given to everyone and the Private key is kept private. An example of asymmetric cryptography:  A client (for example browser) sends its public key to the server and requests some data.  The server encrypts the data using the client’s public key and sends the encrypted data.  The client receives this data and decrypts it. Since this is asymmetric, nobody else except the browser can decrypt the data even if a third party has the public key of the browser. RSA algorithm uses the following procedure to generate public and private keys: o Select two large prime numbers, p and q. o Multiply these numbers to find n = p x q, where n is called the modulus for encryption and decryption. o Choose a number e less than n, such that n is relatively prime to (p - 1) x (q -1). It means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is prime to φ (n), gcd (e,d(n)) =1 o If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public key <e, n>. To find ciphertext from the plain text following formula is used to get ciphertext C. C=me modn
o Here, m must be less than n. A larger message (>n) is treated as a concatenation of messages, each of which is encrypted separately. o To determine the private key, we use the following formula to calculate the d such that: De mod{(p-1)x(q-1)}=1 Or De mod φ (n) = 1 o The private key is <d, n>. A ciphertext message c is decrypted using private key <d, n>. To calculate plain text m from the ciphertext c following formula is used to get plain text m. m = cd mod n Let's take some example of RSA encryption algorithm: Example 1: This example shows how we can encrypt plaintext 9 using the RSA public-key encryption algorithm. This example uses prime numbers 7 and 11 to generate the public and private keys. Explanation: Step 1: Select two large prime numbers, p, and q. p = 7 q = 11 Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and decryption. First, we calculate n = p x q n = 7 x 11 n = 77 Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is prime to φ (n), gcd (e, d (n)) =1.
Second, we calculate φ (n) = (p - 1) x (q-1) φ (n) = (7 - 1) x (11 - 1) φ (n) = 6 x 10 φ (n) = 60 Let us now choose relative prime e of 60 as 7. Thus the public key is <e, n> = (7, 77) Step 4: A plaintext message m is encrypted using public key <e, n>. To find ciphertext from the plain text following formula is used to get ciphertext C. To find ciphertext from the plain text following formula is used to get ciphertext C. C = me mod n C = 97 mod 77 C = 37 Step 5: The private key is <d, n>. To determine the private key, we use the following formula d such that: De mod {(p - 1) x (q - 1)} = 1 7d mod 60 = 1, which gives d = 43 The private key is <d, n> = (43, 77) Step 6: A ciphertext message c is decrypted using private key <d, n>. To calculate plain text m from the ciphertext c following formula is used to get plain text m. m = cd mod n m = 3743 mod 77 m = 9 In this example, Plain text = 9 and the ciphertext = 37
Example 2: A RSA cryptosystem uses two prime numbers 3 and 13 to generate the public key= 3 and the private key = 7. What is the value of cipher text for a plain text? Explanation: Step 1: In the first step, select two large prime numbers, p and q. p = 3 q = 13 Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and decryption. First, we calculate n = p x q n = 3 x 13 n = 39 Step 3: If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public key <e, n>. Thus the public key is <e, n> = (3, 39). To find ciphertext from the plain text following formula is used to get ciphertext C. C = me mod n C = 53 mod 39 C = 125 mod 39 C = 8 Hence, the ciphertext generated from plain text, C = 8.
SECURITY OF RSA: These are explained as following below 1. Plain text attacks: It is classified into 3 subcategories:- Short message attack: In this we assume that attacker knows some blocks of plain text and tries to decode cipher text with the help of that. So, to prevent this pad the plain text before encrypting. Cycling attack: In this attack, the attacker thinks that the cipher text has been generated by using some permutation. He uses all possible permutations of plain text to decipher the cipher text by ‘cycling’ the permutations. Unconcealed Message attack: Sometimes it happens that plain text is same as cipher text after encryption. So it must be checked or it will be of no use as the attacker will see right through it.
2. Chosen cipher attack: In this attacker is able to find out plain text based on cipher text using the Extended Euclidean Algorithm. 3. Factorization attack: If the attacker is able to know P and Q using N, then he can find out value of private key. This fails when N contains at least 300 longer digits in decimal terms, attacker will not able to find it. Hence this is infeasible for larger numbers. 4. Attacks on Encryption key: If we take smaller value of E in RSA this may occur so to avoid this take value of E = 2^16+1 (at least). 5. Attacks on Decryption key:  Revealed decryption exponent attack: If attacker somehow guess decryption key D, not only the cipher text generated by encryption the plain text with corresponding encryption key is in danger, but even future messages are also in danger. So, it is advised to take fresh values of two prime numbers (i.e.: P and Q), N and E.  Low decryption exponent attack: If we take smaller value of D in RSA this may occur so to avoid this take value of D = 2^16+1(at least). Four possible approaches to attacking the RSA algorithm are  Brute force: This involves trying all possible private keys.  Mathematicalattacks:Thereareseveralapproaches,allequivalentineffortto factoring the product of two primes.  Timingattacks:Thesedependontherunningtimeofthedecryptionalgorithm.  Chosen ciphertext attacks: This type of attack exploits properties of the RSA algorithm. The defense against the brute-force approach is the same for RSA as for other cryptosystems, namely, to use a large key space. Thus, the larger the number of bits in d, the better. However, because the calculations involved, both in key generation and inen cryption/decryption, are complex, the larger the size of the key, the slower thesystem will run.
KEY MANAGEMENT: Cryptographic keys are a vital part of any security system. They do everything from data encryption and decryption to user authentication. The compromise of any cryptographic key could lead to the collapse of an organization’s entire security infrastructure, allowing the attacker to decrypt sensitive data, authenticate themselves as privileged users, or give themselves access to other sources of classified information. Luckily, proper management of keys and their related components can ensure the safety of confidential information. Key Management is the process of putting certain standards in place to ensure the security of cryptographic keys in an organization. Key Management deal with the creation, exchange, storage, deletion, and refreshing of keys. They also deal with the members access of the keys. Why is Key Management Important ? Key management forms the basis of all data security. Data is encrypted and decrypted via the use of encryption keys, which means the loss or compromise of any encryption key would invalidate the data security measures put into place. Keys also ensure the safe transmission of data across an Internet connection. With authentication methods, like code signing, attackers could pretend to be a trusted service like Microsoft, while giving victim’s computers malware, if they steal a poorly protected key. Keys provide compliance with certain standards and regulations to ensure companies are using best practices when protecting cryptographic keys. Well protected keys are only accessible by users who need them. Types of Keys: There are two types of cryptographic keys, symmetric and asymmetric keys. Symmetric keys deal with data-at-rest, which is data stored in a static location, such as a database. Symmetric key encryption uses the same key for both encryption and decryption. Using data in a database as an example, while the data is stored in the database, it is encrypted with the symmetric key. Once an authorized user attempts to access the data, the information is decrypted with the same symmetric key and made accessible to the user. The other type of cryptographic key is an asymmetric key.
Encryption using asymmetric keys is a little more complicated than symmetric key encryption. Instead of using the same key for both encryption and decryption, two separate keys called a public and private key, are used for the encryption and decryption of data. These keys are created as a pair, so that they relate to each other. The public key of a pair of asymmetric keys is mainly used to encrypt data. This key can be shared with anyone since it encrypts, not decrypts, data. The private key is used for the decryption of data encrypted by its public key counterpart, so it must stay secure. Asymmetric keys focus on encrypting data-in-motion. Data-in-motion is data sent across a network connection, whether it be a public or private connection. When transporting sensitive data, most encryption processes use both symmetric and asymmetric keys to encrypt data.  The data is first encrypted-at-rest by a symmetric encryption key.  The symmetric key is now encrypted by the public key of the person who the data is being sent to. That encrypted symmetric key and the ciphertext are sent to the recipient of the data.  Once the ciphertext and key reach the recipient, the symmetric key is decrypted by that user’s private key, and the ciphertext is decrypted.
Key management follows a lifecycle of operations which are needed to ensure the key is created, stored, used, and rotated securely. Most cryptographic keys follow a lifecycle which involves key  Generation  Distribution  Use  Storage  Rotation  Backup/Recovery  Revocation  Destruction The generation of a key is the first step in ensuring that key is secure. If the key in question is generated with a weak encryption algorithm, then any attacker could easily discover the value of the encryption key. Also, if the key is generated in an insecure location, the key could be compromised as soon as it is created, resulting in a key that cannot be safely used for encryption. Key generators, AES encryption algorithms, or random number generators tend to be used for secure key generation. The next step of the key lifecycle is ensuring the safe distribution of the keys. Keys should be distributed to the required user via a secure TLS or SSL connection, to maintain the security of the keys being distributed. If an insecure connection is used to distribute the cryptographic keys, then the security of any data encrypted by these keys is in question, as an attacker could execute a man-in-the- middle attack and steal the keys. After distribution of the key, it is used for cryptographic operations. As previously noted, the key should only be used by authorized users, to make certain the key is not misused, copied, etc. When the key is used to encrypt data, it must then be stored for later decryption. The most secure method is via a Hardware Security Module (HSM) or CloudHSM. If an HSM is not used, then the keys can either be securely stored on the client’s side, or, if the keys are used on the Cloud, then the Cloud Service Provider’s Key Management Service can be used.
First the data is decrypted by the old key or key pair and then encrypted by the new key or key pair. Rotation is necessary because the longer a key is in rotation, the more chance there is for someone to steal or find out the key. Rotation of keys can happen before the cryptoperiod expires in cases where the key is suspected to be compromised. Two other ways of dealing with a compromised key are revoking or destroying the key in question. Revoking a key means the key can no longer be used to encrypt or decrypt data, even if its cryptoperiod is still valid. Destroying a key, whether that is due to compromise or due to it no longer being used, deletes the key permanently from any key manager database or other storage method. This makes it impossible to recreate the key, unless a backup image is used. NIST standards require that deactivated keys be kept in an archive, to allow for reconstruction of the keys if data encrypted in the past must now be decrypted by that key or key pair.
SECURE HASH ALGORITHM Secure Hash Algorithms, also known as SHA, are a family of cryptographic functions designed to keep data secured. It works by transforming the data using a hash function: an algorithm that consists of bitwise operations, modular additions, and compression functions. The hash function then produces a fixed-size string that looks nothing like the original. These algorithms are designed to be one-way functions, meaning that once they’re transformed into their respective hash values, it’s virtually impossible to transform them back into the original data. A few algorithms of interest are SHA-1, SHA-2, and SHA-3, each of which was successively designed with increasingly stronger encryption in response to hacker attacks. SHA-0, for instance, is now obsolete due to the widely exposed vulnerabilities. A common application of SHA is to encrypting passwords, as the server side only needs to keep track of a specific user’s hash value, rather than the actual password. This is helpful in case an attacker hacks the database, as they will only find the hashed functions and not the actual passwords, so if they were to input the hashed value as a password, the hash function will convert it into another string and subsequently deny access. Additionally, SHAs exhibit the avalanche effect, where the modification of very few letters being encrypted causes a big change in output; or conversely, drastically different strings produce similar hash values. This effect causes hash values to not give any information regarding the input string, such as its original length. In addition, SHAs are also used to detect the tampering of data by attackers, where if a text file is slightly changed and barely noticeable, the modified file’s hash value will be different than the original file’s hash value, and the tampering will be rather noticeable. SHA Characteristics One-way Function Alice and Bob are pen pals who share their thoughts via mail. When Alice visited Bob, she gave him a phone book of her city. In order to keep their messages safe from intruders, Alice tells Bob that she will encrypt the message. She tells Bob that he will find a bunch of numbers on every letter, and each sequence of numbers represents a phone number. Bob’s job is to find the phone number in the book and write down the first letter of the person’s last name. With this function, Bob is to decrypt the entire message.
To decrypt the message, Bob has to read the entire phone book to find all the numbers on the letter, whereas Alice can quickly find the letters and their respective phone numbers in order to encrypt her message. For this reason, before Bob is able to decrypt the message by hand, Alice can re-hash the message and keep the data secure. This makes Alice’s algorithm a one-way function. The second safety characteristic is called second pre-image resistance, granted by SHA when a message is known, m1, yet it’s hard to find another message, m2, that hashes to the same value: Hm1 =Hm2. Without this characteristic, two different passwords would yield the same hash value, deeming the original password unnecessary in order to access secured data. The last safety characteristic is collision resistance, which is provided by algorithms that make it extremely hard for an attacker to find two completely different messages that hash to the same hash value: Hm1=Hm2. In order to provide this characteristic, there must be a similar number of possible inputs to possible outputs, as more inputs than outputs, by the pigeonhole principle, will definitively incur potential collisions. For this reason, collision resistance is necessary, as it implies that finding two inputs that hash to the same hash value is extremely difficult. Without collision resistance, digital signatures can be compromised as finding two messages that produce the same hash value may make users believe two documents were signed by two different people when one person was able to produce a different document with the same hash value. Recent cryptographic functions have stronger security characteristics to block off recently developed techniques such as length extension attacks, where given a hash value, hash(m), and the length of the original message, m, an attacker can find a message, ’m’, and calculate the hash value of the concatenation of the original message and the new message: hash (m∣∣m’). As a general guideline, a hash function should be as seemingly random as possible while still being deterministic and fast to compute.
SHA-1: Secure Hash Algorithm 1, or SHA-1, was developed in 1993 by the U.S. government's standards agency National Institute of Standards and Technology (NIST). It is widely used in security applications and protocols, including TLS, SSL, PGP, SSH, IPsec, and S/MIME. SHA-1 works by feeding a message as a bit string of length less than 264264 bits, and producing a 160-bit hash value known as a message digest. Note that the message below is represented in hexadecimal notation for compactness. There are two methods to encrypt messages using SHA-1. Although one of the methods saves the processing of sixty-four 32-bit words, it is more complex and time-consuming to execute, so the simple method is shown in the example below. At the end of the execution, the algorithm outputs blocks of 16 words, where each word is made up of 16 bits, for a total of 256 bits. Albeit SHA-1 is still widely used, cryptanalysts in 2005 were able to find vulnerabilities on this algorithm that detrimentally compromised its security. These vulnerabilities came in the form of an algorithm that speedily finds collisions with different inputs, meaning that two distinct inputs map to the same digest . As of 2010, many organizations have recommended its replacement by SHA-2 or SHA-3. Companies like Microsoft, Google, or Mozilla have announced that their browsers will stop accepting SHA-1 encryption certificates by 2017. EXAMPLE: Below program shows the implementation of SHA-1 hash in Java import java.math.BigInteger; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; public class GFG { public static String encryptThisString(String input) { try {
// getInstance() method is called with algorithm SHA-1 MessageDigest md = MessageDigest.getInstance("SHA-1"); // digest() method is called // to calculate message digest of the input string // returned as array of byte byte[] messageDigest = md.digest(input.getBytes()); // Convert byte array into signum representation BigInteger no = new BigInteger(1, messageDigest); // Convert message digest into hex value String hashtext = no.toString(16); // Add preceding 0s to make it 32 bit while (hashtext.length() < 32) { hashtext = "0" + hashtext; } // return the HashText return hashtext; } // For specifying wrong message digest algorithms catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } } // Driver code public static void main(String args[]) throws NoSuchAlgorithmException { System.out.println("HashCode Generated by SHA-1 for: "); String s1 = "GeeksForGeeks"; System.out.println("n" + s1 + " : " + encryptThisString(s1)); String s2 = "hello world"; System.out.println("n" + s2 + " : " + encryptThisString(s2)); } }
SHA-2: Due to the exposed vulnerabilities of SHA-1, cryptographers modified the algorithm to produce SHA-2, which consists of not one but two hash functions known as SHA-256 and SHA-512, using 32- and 64-bit words, respectively. There are additional truncated versions of these hash functions, known as SHA- 224, SHA-384, SHA-512/224, and SHA-512/256, which can be used for either part of the algorithm. SHA-1 and SHA-2 differ in several ways; mainly, SHA-2 produces 224- or 256-sized digests, whereas SHA-1 produces a 160-bit digest; SHA-2 can also have block sizes that contain 1024 bits, or 512 bits, like SHA-1. Brute force attacks on SHA-2 are not as effective as they are against SHA-1. A brute force search for finding a message that corresponds to a given digest of length L using brute force would require 2L evaluations, which makes SHA-2 a lot safer against these kinds of attacks. Features of Hash Functions: The typical features of hash functions are Fixed Length Output (Hash Value)  Hash function coverts data of arbitrary length to a fixed length. This process is often referred to as hashing the data.  In general, the hash is much smaller than the input data, hence hash functions are sometimes called compression functions.  Since a hash is a smaller representation of a larger data, it is also referred to as a digest.  Hash function with n bit output is referred to as an n-bit hash function. Popular hash functions generate values between 160 and 512 bits. Efficiency of Operation  Generally for any hash function h with input x, computation of h(x) is a fast operation.  Computationally hash functions are much faster than a symmetric encryption.
MD5 ALGORITHM MD5 is a cryptographic hash function algorithm that takes the message as input of any length and changes it into a fixed-length message of 16 bytes. MD5 algorithm stands for the message-digest algorithm. MD5 was developed as an improvement of MD4, with advanced security purposes. The output of MD5 (Digest size) is always 128 bits. MD5 was developed in 1991 by Ronald Rivest. Use Of MD5 Algorithm:  It is used for file authentication.  In a web application, it is used for security purposes. e.g. Secure password of users etc.  Using this algorithm, We can store our password in 128 bits format. Working of the MD5 Algorithm: MD5 algorithm follows the following steps 1. Append Padding Bits: In the first step, we add padding bits in the original message in such a way that the total length of the message is 64 bits less than the exact multiple of 512. Suppose we are given a message of 1000 bits. Now we have to add padding bits to the original message. Here we will add 472 padding bits to the original message. After adding the padding bits the size of the original message/output of the first step will be 1472 i.e. 64 bits less than an exact multiple of 512 (i.e. 512*3 = 1536). Length(original message + padding bits) = 512 * i – 64 where i = 1,2,3 . . .
2. Append Length Bits: In this step, we add the length bit in the output of the first step in such a way that the total number of the bits is the perfect multiple of 512. Simply, here we add the 64-bit as a length bit in the output of the first step. i.e. output of first step = 512 * n – 64 length bits = 64. After adding both we will get 512 * n i.e. the exact multiple of 512. 3. Initialize MD buffer: Here, we use the 4 buffers i.e. J, K, L, and M. The size of each buffer is 32 bits. J = 0x67425301 K = 0xEDFCBA45 L = 0x98CBADFE M = 0x13DCE476 4. Process Each 512-bit Block: This is the most important step of the MD5 algorithm. Here, a total of 64 operations are performed in 4 rounds. In the 1st round, 16 operations will be performed, 2nd round 16 operations will be performed, 3rd round 16 operations will be performed, and in the 4th round, 16 operations will be performed. We apply a different function on each round i.e. for the 1st round we apply the F function, for the 2nd G function, 3rd for the H function, and 4th for the I function. We perform OR, AND, XOR, and NOT (basically these are logic gates) for calculating functions. We use 3 buffers for each function i.e. K, L, M. F(K,L,M) = (K AND L) OR (NOT K AND M) G(K,L,M) = (K AND L) OR (L AND NOT M) H(K,L,M) = K XOR L XOR M I(K,L,M) = L XOR (K OR NOT M)
After applying the function now we perform an operation on each block. For performing operations we need  add modulo 232  M[i] – 32 bit message.  K[i] – 32-bit constant.  <<<n – Left shift by n bits. Now take input as initialize MD buffer i.e. J, K, L, M. Output of K will be fed in L, L will be fed into M, and M will be fed into J. After doing this now we perform some operations to find the output for J.  In the first step, Outputs of K, L, and M are taken and then the function F is applied to them. We will add modulo 232 bits for the output of this with J.  In the second step, we add the M[i] bit message with the output of the first step.  Then add 32 bits constant i.e. K[i] to the output of the second step.  At last, we do left shift operation by n (can be any value of n) and addition modulo by 232 . After all steps, the result of J will be fed into K. Now same steps will be used for all functions G, H, and I. After performing all 64 operations we will get our message digest. Output: After all, rounds have been performed, the buffer J, K, L, and M contains the MD5 output starting with the lower bit J and ending with Higher bits M. Code: # importing the required libraries import hashlib inputstring = "This is a message sent by a computer user." # encoding the message using the library function output = hashlib.md5(inputstring.encode()) # printing the hash function print("Hash of the input string:") print(output.hexdigest())
Output: Hash of the input string: 922547e866c89b8f677312df0ccec8ee Application Of MD5 Algorithm:  We use message digest to verify the integrity of files/ authenticates files.  MD5 was used for data security and encryption.  It is used to Digest the message of any size and also used for Password verification.  For Game Boards and Graphics. Advantages of MD5 Algorithm:  MD5 is faster and simple to understand.  MD5 algorithm generates a strong password in 16 bytes format. All developers like web developers etc use the MD5 algorithm to secure the password of users.  To integrate the MD5 algorithm, relatively low memory is necessary.  It is very easy and faster to generate a digest message of the original message. Disadvantages of MD5 Algorithm:  MD5 generates the same hash function for different inputs.  MD5 provides poor security over SHA1.  MD5 has been considered an insecure algorithm. So now we are using SHA256 instead of MD5  MD5 is neither a symmetric nor asymmetric algorithm.
WEB SECURITY Web Security is very important nowadays. Websites are always prone to security threats/risks. Web Security deals with the security of data over the internet/network or web or while it is being transferred to the internet. For e.g. when you are transferring data between client and server and you have to protect that data that security of data is your web security. Hacking a Website may result in the theft of Important Customer Data, it may be the credit card information or the login details of a customer or it can be the destruction of one’s business and propagation of illegal content to the users while somebody hacks your website they can either steal the important information of the customers or they can even propagate the illegal content to your users through your website so, therefore, security considerations are needed in the context of web security. Security Threats: A Threat is nothing but a possible event that can damage and harm an information system. Security Threat is defined as a risk that which, can potentially harm Computer systems & organizations. Whenever an Individual or an Organization creates a website, they are vulnerable to security attacks. Security attacks are mainly aimed at stealing altering or destroying a piece of personal and confidential information, stealing the hard drive space, and illegally accessing passwords. So whenever the website you created is vulnerable to security attacks then the attacks are going to steal your data alter your data destroy your personal information see your confidential information and also it accessing your password. Top Web Security Threats : Web security threats are constantly emerging and evolving, but many threats consistently appear at the top of the list of web security threats. These include:  Cross-site scripting (XSS)  SQL Injection  Phishing  Ransomware  Code Injection  Viruses and worms  Spyware  Denial of Service
Security Consideration: Updated Software: You need to always update your software. Hackers may be aware of vulnerabilities in certain software, which are sometimes caused by bugs and can be used to damage your computer system and steal personal data. Older versions of software can become a gateway for hackers to enter your network. Software makers soon become aware of these vulnerabilities and will fix vulnerable or exposed areas. That’s why It is mandatory to keep your software updated, It plays an important role in keeping your personal data secure. Beware of SQL Injection: SQL Injection is an attempt to manipulate your data or your database by inserting a rough code into your query. For e.g. somebody can send a query to your website and this query can be a rough code while it gets executed it can be used to manipulate your database such as change tables, modify or delete data or it can retrieve important information also so, one should be aware of the SQL injection attack. Cross-Site Scripting (XSS): XSS allows the attackers to insert client-side script into web pages. E.g. Submission of forms. It is a term used to describe a class of attacks that allow an attacker to inject client-side scripts into other users’ browsers through a website. As the injected code enters the browser from the site, the code is reliable and can do things like sending the user’s site authorization cookie to the attacker. Error Messages: You need to be very careful about error messages which are generated to give the information to the users while users access the website and some error messages are generated due to one or another reason and you should be very careful while providing the information to the users. For e.g. login attempt – If the user fails to login the error message should not let the user know which field is incorrect: Username or Password.
Data Validation: Data validation is the proper testing of any input supplied by the user or application. It prevents improperly created data from entering the information system. Validation of data should be performed on both server-side and client-side. If we perform data validation on both sides that will give us the authentication. Data validation should occur when data is received from an outside party, especially if the data is from untrusted sources. Password: Password provides the first line of defense against unauthorized access to your device and personal information. It is necessary to use a strong password. Hackers in many cases use sophisticated software that uses brute force to crack passwords. Passwords must be complex to protect against brute force. It is good to enforce password requirements such as a minimum of eight characters long must including uppercase letters, lowercase letters, special characters, and numerals. Secure socket Layer (SSL/TLS): • Used to authenticate servers – Uses certificates, “root” CAs • Can authenticate clients • Inclusive security protocol • Security at the socket layer – Transport Layer Security (TLS) – Provides • authentication • confidentiality • integrity
SSL Handshake (1) Client Hello (algorithms,…) (2) Server Hello (alg. selection, …) (3) Server Certificate (4) ClientKeyRequest (5) ChangeCipherSuite (6) ChangeCipherSuite (7) Finished (8) Finished Simplified Protocol Detail Participants: Alice/A (client) and Bob/B (server) Crypto Elements : Random R, Certificate C, k+ i Public Key (of i) Crypto Functions : Hash function H(x), Encryption E(k, d), Decryption D(k, d), Keyed MAC HMAC(k, d) 1. Alice → Bob RA 2. Bob → Alice RB, CB Alice pick pre-master secret S Alice calculate master secret K = H(S, RA, RB) 3. Alice → Bob E(k+B, S), HMAC(K,! CLNT! + [#1, #2]) Bob recover pre-master secret S = D(k−B , E(k+B, S)) Bob calculate master secret K = H(S, RA, RB) 4. Bob → Alice HMAC(K,! SRV R! + [#1, #2])
Advantages:  Confidential session  Server authentication*  GUI clues for users  Built into every browser  Protocol has heavily analyzed Disadvantages:  Users don’t check certificates (don’t know meaning)  Too easy to obtain certificates  Too many roots in the browsers  Some settings are terrible  ssl v2 is on, totally insecure cipher suites included Reality of SSL: SSL is here to stay no matter what credit card over SSL connection is probably safer than credit card to waiter biggest hurdles: – performance – user education (check those certificates) – too many trusted sites (edit your browser prefs) – misconfiguration (turn off bad ciphersuites) – can be used for many non-web applications Now used for more than https, base for many distributed applications, etc.

Recommended

Rivest Shamir Adleman Algorithm and its variant : DRSA.pptx
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptxRivest Shamir Adleman Algorithm and its variant : DRSA.pptx
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptxwerip98386
 
PUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.pptPUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.pptRizwanBasha12
 
Rsa
RsaRsa
Rsaismaelhaider
 
Ch09
Ch09Ch09
Ch09Joe Christensen
 
F010243136
F010243136F010243136
F010243136IOSR Journals
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptographySuresh Thammishetty
 
RSA Algorithem and information about rsa
RSA Algorithem and information about rsaRSA Algorithem and information about rsa
RSA Algorithem and information about rsaMohsin Ali
 
Rsa
RsaRsa
RsaNavneet Sharma
 

Recommended

Rivest Shamir Adleman Algorithm and its variant : DRSA.pptx
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptxRivest Shamir Adleman Algorithm and its variant : DRSA.pptx
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptxwerip98386
 
PUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.pptPUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.pptRizwanBasha12
 
Rsa
RsaRsa
Rsaismaelhaider
 
Ch09
Ch09Ch09
Ch09Joe Christensen
 
F010243136
F010243136F010243136
F010243136IOSR Journals
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptographySuresh Thammishetty
 
RSA Algorithem and information about rsa
RSA Algorithem and information about rsaRSA Algorithem and information about rsa
RSA Algorithem and information about rsaMohsin Ali
 
Rsa
RsaRsa
RsaNavneet Sharma
 
RSA Algorithm report
RSA Algorithm reportRSA Algorithm report
RSA Algorithm reportMohamed Ramadan
 
Rsa Crptosystem
Rsa CrptosystemRsa Crptosystem
Rsa CrptosystemAmlan Patel
 
Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adlemanHossain Md Shakhawat
 
Unit 7 : Network Security
Unit 7 : Network SecurityUnit 7 : Network Security
Unit 7 : Network SecurityChandan Gupta Bhagat
 
Public key algorithm
Public key algorithmPublic key algorithm
Public key algorithmPrateek Pandey
 
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHYRSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHYQualcomm
 
ch09_rsa_nemo.ppt
ch09_rsa_nemo.pptch09_rsa_nemo.ppt
ch09_rsa_nemo.pptChandraB15
 
Unit --3.ppt
Unit --3.pptUnit --3.ppt
Unit --3.pptDHANABALSUBRAMANIAN
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithmSiva Rushi
 
RSA Algorithm.ppt
RSA Algorithm.pptRSA Algorithm.ppt
RSA Algorithm.pptArchanaT30
 
Ijetcas14 336
Ijetcas14 336Ijetcas14 336
Ijetcas14 336Iasir Journals
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmIndra97065
 
Cryptography based chat system
Cryptography based chat systemCryptography based chat system
Cryptography based chat systemJagsir Singh
 
ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMING
ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMINGANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMING
ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMINGIJNSA Journal
 
Analysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpuAnalysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpuIJNSA Journal
 
Presentation
PresentationPresentation
Presentationrokham khawaja
 
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys IJECEIAES
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsaMazin Alwaaly
 
An implementation of RSA policy
An implementation of RSA policyAn implementation of RSA policy
An implementation of RSA policySM NAZMUS SALEHIN
 
3 pkc+rsa
3 pkc+rsa3 pkc+rsa
3 pkc+rsaShashank Mishra
 
Linux File System.docx
Linux File System.docxLinux File System.docx
Linux File System.docxBhuvanaR13
 
UNIT I LINUX.docx
UNIT I LINUX.docxUNIT I LINUX.docx
UNIT I LINUX.docxBhuvanaR13
 

More Related Content

Similar to CRYPTOGRAPHY (2).pdf

RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHYRSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHYQualcomm
 
ch09_rsa_nemo.ppt
ch09_rsa_nemo.pptch09_rsa_nemo.ppt
ch09_rsa_nemo.pptChandraB15
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithmSiva Rushi
 
RSA Algorithm.ppt
RSA Algorithm.pptRSA Algorithm.ppt
RSA Algorithm.pptArchanaT30
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmIndra97065
 
Cryptography based chat system
Cryptography based chat systemCryptography based chat system
Cryptography based chat systemJagsir Singh
 
ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMING
ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMINGANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMING
ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMINGIJNSA Journal
 
Analysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpuAnalysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpuIJNSA Journal
 
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys IJECEIAES
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsaMazin Alwaaly
 
An implementation of RSA policy
An implementation of RSA policyAn implementation of RSA policy
An implementation of RSA policySM NAZMUS SALEHIN
 

Similar to CRYPTOGRAPHY (2).pdf (20)

RSA Algorithm report
RSA Algorithm reportRSA Algorithm report
RSA Algorithm report
 
Rsa Crptosystem
Rsa CrptosystemRsa Crptosystem
Rsa Crptosystem
 
Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adleman
 
Unit 7 : Network Security
Unit 7 : Network SecurityUnit 7 : Network Security
Unit 7 : Network Security
 
Public key algorithm
Public key algorithmPublic key algorithm
Public key algorithm
 
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHYRSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
 
ch09_rsa_nemo.ppt
ch09_rsa_nemo.pptch09_rsa_nemo.ppt
ch09_rsa_nemo.ppt
 
Unit --3.ppt
Unit --3.pptUnit --3.ppt
Unit --3.ppt
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithm
 
RSA Algorithm.ppt
RSA Algorithm.pptRSA Algorithm.ppt
RSA Algorithm.ppt
 
Ijetcas14 336
Ijetcas14 336Ijetcas14 336
Ijetcas14 336
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithm
 
Cryptography based chat system
Cryptography based chat systemCryptography based chat system
Cryptography based chat system
 
ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMING
ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMINGANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMING
ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMING
 
Analysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpuAnalysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpu
 
Presentation
PresentationPresentation
Presentation
 
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsa
 
An implementation of RSA policy
An implementation of RSA policyAn implementation of RSA policy
An implementation of RSA policy
 
3 pkc+rsa
3 pkc+rsa3 pkc+rsa
3 pkc+rsa
 

More from BhuvanaR13

Linux File System.docx
Linux File System.docxLinux File System.docx
Linux File System.docxBhuvanaR13
 
UNIT I LINUX.docx
UNIT I LINUX.docxUNIT I LINUX.docx
UNIT I LINUX.docxBhuvanaR13
 
networktopology-final.pptx
networktopology-final.pptxnetworktopology-final.pptx
networktopology-final.pptxBhuvanaR13
 
UNIT III_DCN.pdf
UNIT III_DCN.pdfUNIT III_DCN.pdf
UNIT III_DCN.pdfBhuvanaR13
 
UNIT 2_DCN-converted.pdf
UNIT 2_DCN-converted.pdfUNIT 2_DCN-converted.pdf
UNIT 2_DCN-converted.pdfBhuvanaR13
 
UNIT I_DCN.pdf
UNIT I_DCN.pdfUNIT I_DCN.pdf
UNIT I_DCN.pdfBhuvanaR13
 
INTRODUCTION TO MOBILE COMPUTING.pptx
INTRODUCTION TO MOBILE COMPUTING.pptxINTRODUCTION TO MOBILE COMPUTING.pptx
INTRODUCTION TO MOBILE COMPUTING.pptxBhuvanaR13
 
VB6_INTRODUCTION.ppt
VB6_INTRODUCTION.pptVB6_INTRODUCTION.ppt
VB6_INTRODUCTION.pptBhuvanaR13
 
VB_ERROR CONTROL_FILE HANDLING.ppt
VB_ERROR CONTROL_FILE HANDLING.pptVB_ERROR CONTROL_FILE HANDLING.ppt
VB_ERROR CONTROL_FILE HANDLING.pptBhuvanaR13
 
VB6_OBJECTS AND GRAPHICS.ppt
VB6_OBJECTS AND GRAPHICS.pptVB6_OBJECTS AND GRAPHICS.ppt
VB6_OBJECTS AND GRAPHICS.pptBhuvanaR13
 

More from BhuvanaR13 (10)

Linux File System.docx
Linux File System.docxLinux File System.docx
Linux File System.docx
 
UNIT I LINUX.docx
UNIT I LINUX.docxUNIT I LINUX.docx
UNIT I LINUX.docx
 
networktopology-final.pptx
networktopology-final.pptxnetworktopology-final.pptx
networktopology-final.pptx
 
UNIT III_DCN.pdf
UNIT III_DCN.pdfUNIT III_DCN.pdf
UNIT III_DCN.pdf
 
UNIT 2_DCN-converted.pdf
UNIT 2_DCN-converted.pdfUNIT 2_DCN-converted.pdf
UNIT 2_DCN-converted.pdf
 
UNIT I_DCN.pdf
UNIT I_DCN.pdfUNIT I_DCN.pdf
UNIT I_DCN.pdf
 
INTRODUCTION TO MOBILE COMPUTING.pptx
INTRODUCTION TO MOBILE COMPUTING.pptxINTRODUCTION TO MOBILE COMPUTING.pptx
INTRODUCTION TO MOBILE COMPUTING.pptx
 
VB6_INTRODUCTION.ppt
VB6_INTRODUCTION.pptVB6_INTRODUCTION.ppt
VB6_INTRODUCTION.ppt
 
VB_ERROR CONTROL_FILE HANDLING.ppt
VB_ERROR CONTROL_FILE HANDLING.pptVB_ERROR CONTROL_FILE HANDLING.ppt
VB_ERROR CONTROL_FILE HANDLING.ppt
 
VB6_OBJECTS AND GRAPHICS.ppt
VB6_OBJECTS AND GRAPHICS.pptVB6_OBJECTS AND GRAPHICS.ppt
VB6_OBJECTS AND GRAPHICS.ppt
 

Recently uploaded

POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 

Recently uploaded (20)

POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 

CRYPTOGRAPHY (2).pdf

  • 1. CRYPTOGRAPHY RSA ALGORITHM What Is RSA Algorithm in Cryptography? A public-key signature algorithm called RSA was created by Ron Rivest, Adi Shamir, and Leonard Adleman. The algorithm, which was first described in their 1977 publication, makes use of logarithmic functions to maintain the working complicated enough to withstand brute force attacks while being streamlined and quick after deployment. The graphic below demonstrates how it uses the RSA approach to validate digital signatures. Along with handling the verification of digital signatures, RSA can also encrypt and decrypt generic data to enable secure data sharing. Along with handling the verification of digital signatures, RSA can also encrypt and decrypt generic data to enable secure data sharing. It uses the opposite key set while encrypting and decrypting generic data with RSA. In contrast to signature verification, it encrypts data using the recipient's public key and decrypts it using the recipient's private key. Therefore, in this situation, no keys need to be exchanged.
  • 2. When it comes to RSA cryptography, there are two parts:  Key generation is the process of creating the keys that will be used to encrypt and decode the data that will be transferred.  The function of encryption and decryption: The procedures to be followed when data needs to be recovered after being scrambled. Both the public and the private keys in RSA cryptography can be used to encrypt a message. The key used to decrypt a message is the opposite of the key used to encrypt it. RSA's ability to guarantee the secrecy, integrity, authenticity, and non-repudiation of electronic communications and data storage is one of the reasons it has grown to be the most popular asymmetric algorithm. RSA is used for encryption and digital signature capabilities in numerous protocols, including Secure Shell (SSH), OpenPGP, S/MIME, and SSL/TLS. Additionally, it is used in software programs. Browsers are a prime example of this since they frequently need to validate digital signatures or create safe connections over unreliable networks like the internet. One of the most often carried out operations in network-connected systems is the verification of an RSA signature. Since it is challenging to factor huge integers that are the product of two large prime numbers, RSA is secure. These two numbers multiply easily, but extracting the original prime numbers from the sum, or factoring, is thought to be impractical due to the time required, even with today's supercomputers. The most challenging aspect of RSA cryptography is the algorithm used to generate public and private keys. The Rabin-Miller primality test procedure yields two enormous prime numbers, p, and q. Calculating a modulus, n, requires multiplying p and q. The connection between the public and private keys is made possible by the usage of this number. The key length is the length of the key, which is often given in bits. The public key is made up of a public exponent, e, and a modulus, n, which is typically chosen at 65537 because it is a manageable prime number. Given that everyone has access to the public key, the e-figure doesn't have to be a prime number that was privately chosen. The Extended Euclidean algorithm is used to calculate the multiplicative inverse about the totient of the modulus n and the private exponent d, which make up the private key.
  • 3. RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means that it works on two different keys i.e. Public Key and Private Key. As the name describes that the Public Key is given to everyone and the Private key is kept private. An example of asymmetric cryptography:  A client (for example browser) sends its public key to the server and requests some data.  The server encrypts the data using the client’s public key and sends the encrypted data.  The client receives this data and decrypts it. Since this is asymmetric, nobody else except the browser can decrypt the data even if a third party has the public key of the browser. RSA algorithm uses the following procedure to generate public and private keys: o Select two large prime numbers, p and q. o Multiply these numbers to find n = p x q, where n is called the modulus for encryption and decryption. o Choose a number e less than n, such that n is relatively prime to (p - 1) x (q -1). It means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is prime to φ (n), gcd (e,d(n)) =1 o If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public key <e, n>. To find ciphertext from the plain text following formula is used to get ciphertext C. C=me modn
  • 4. o Here, m must be less than n. A larger message (>n) is treated as a concatenation of messages, each of which is encrypted separately. o To determine the private key, we use the following formula to calculate the d such that: De mod{(p-1)x(q-1)}=1 Or De mod φ (n) = 1 o The private key is <d, n>. A ciphertext message c is decrypted using private key <d, n>. To calculate plain text m from the ciphertext c following formula is used to get plain text m. m = cd mod n Let's take some example of RSA encryption algorithm: Example 1: This example shows how we can encrypt plaintext 9 using the RSA public-key encryption algorithm. This example uses prime numbers 7 and 11 to generate the public and private keys. Explanation: Step 1: Select two large prime numbers, p, and q. p = 7 q = 11 Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and decryption. First, we calculate n = p x q n = 7 x 11 n = 77 Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is prime to φ (n), gcd (e, d (n)) =1.
  • 5. Second, we calculate φ (n) = (p - 1) x (q-1) φ (n) = (7 - 1) x (11 - 1) φ (n) = 6 x 10 φ (n) = 60 Let us now choose relative prime e of 60 as 7. Thus the public key is <e, n> = (7, 77) Step 4: A plaintext message m is encrypted using public key <e, n>. To find ciphertext from the plain text following formula is used to get ciphertext C. To find ciphertext from the plain text following formula is used to get ciphertext C. C = me mod n C = 97 mod 77 C = 37 Step 5: The private key is <d, n>. To determine the private key, we use the following formula d such that: De mod {(p - 1) x (q - 1)} = 1 7d mod 60 = 1, which gives d = 43 The private key is <d, n> = (43, 77) Step 6: A ciphertext message c is decrypted using private key <d, n>. To calculate plain text m from the ciphertext c following formula is used to get plain text m. m = cd mod n m = 3743 mod 77 m = 9 In this example, Plain text = 9 and the ciphertext = 37
  • 6. Example 2: A RSA cryptosystem uses two prime numbers 3 and 13 to generate the public key= 3 and the private key = 7. What is the value of cipher text for a plain text? Explanation: Step 1: In the first step, select two large prime numbers, p and q. p = 3 q = 13 Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and decryption. First, we calculate n = p x q n = 3 x 13 n = 39 Step 3: If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public key <e, n>. Thus the public key is <e, n> = (3, 39). To find ciphertext from the plain text following formula is used to get ciphertext C. C = me mod n C = 53 mod 39 C = 125 mod 39 C = 8 Hence, the ciphertext generated from plain text, C = 8.
  • 7. SECURITY OF RSA: These are explained as following below 1. Plain text attacks: It is classified into 3 subcategories:- Short message attack: In this we assume that attacker knows some blocks of plain text and tries to decode cipher text with the help of that. So, to prevent this pad the plain text before encrypting. Cycling attack: In this attack, the attacker thinks that the cipher text has been generated by using some permutation. He uses all possible permutations of plain text to decipher the cipher text by ‘cycling’ the permutations. Unconcealed Message attack: Sometimes it happens that plain text is same as cipher text after encryption. So it must be checked or it will be of no use as the attacker will see right through it.
  • 8. 2. Chosen cipher attack: In this attacker is able to find out plain text based on cipher text using the Extended Euclidean Algorithm. 3. Factorization attack: If the attacker is able to know P and Q using N, then he can find out value of private key. This fails when N contains at least 300 longer digits in decimal terms, attacker will not able to find it. Hence this is infeasible for larger numbers. 4. Attacks on Encryption key: If we take smaller value of E in RSA this may occur so to avoid this take value of E = 2^16+1 (at least). 5. Attacks on Decryption key:  Revealed decryption exponent attack: If attacker somehow guess decryption key D, not only the cipher text generated by encryption the plain text with corresponding encryption key is in danger, but even future messages are also in danger. So, it is advised to take fresh values of two prime numbers (i.e.: P and Q), N and E.  Low decryption exponent attack: If we take smaller value of D in RSA this may occur so to avoid this take value of D = 2^16+1(at least). Four possible approaches to attacking the RSA algorithm are  Brute force: This involves trying all possible private keys.  Mathematicalattacks:Thereareseveralapproaches,allequivalentineffortto factoring the product of two primes.  Timingattacks:Thesedependontherunningtimeofthedecryptionalgorithm.  Chosen ciphertext attacks: This type of attack exploits properties of the RSA algorithm. The defense against the brute-force approach is the same for RSA as for other cryptosystems, namely, to use a large key space. Thus, the larger the number of bits in d, the better. However, because the calculations involved, both in key generation and inen cryption/decryption, are complex, the larger the size of the key, the slower thesystem will run.
  • 9. KEY MANAGEMENT: Cryptographic keys are a vital part of any security system. They do everything from data encryption and decryption to user authentication. The compromise of any cryptographic key could lead to the collapse of an organization’s entire security infrastructure, allowing the attacker to decrypt sensitive data, authenticate themselves as privileged users, or give themselves access to other sources of classified information. Luckily, proper management of keys and their related components can ensure the safety of confidential information. Key Management is the process of putting certain standards in place to ensure the security of cryptographic keys in an organization. Key Management deal with the creation, exchange, storage, deletion, and refreshing of keys. They also deal with the members access of the keys. Why is Key Management Important ? Key management forms the basis of all data security. Data is encrypted and decrypted via the use of encryption keys, which means the loss or compromise of any encryption key would invalidate the data security measures put into place. Keys also ensure the safe transmission of data across an Internet connection. With authentication methods, like code signing, attackers could pretend to be a trusted service like Microsoft, while giving victim’s computers malware, if they steal a poorly protected key. Keys provide compliance with certain standards and regulations to ensure companies are using best practices when protecting cryptographic keys. Well protected keys are only accessible by users who need them. Types of Keys: There are two types of cryptographic keys, symmetric and asymmetric keys. Symmetric keys deal with data-at-rest, which is data stored in a static location, such as a database. Symmetric key encryption uses the same key for both encryption and decryption. Using data in a database as an example, while the data is stored in the database, it is encrypted with the symmetric key. Once an authorized user attempts to access the data, the information is decrypted with the same symmetric key and made accessible to the user. The other type of cryptographic key is an asymmetric key.
  • 10. Encryption using asymmetric keys is a little more complicated than symmetric key encryption. Instead of using the same key for both encryption and decryption, two separate keys called a public and private key, are used for the encryption and decryption of data. These keys are created as a pair, so that they relate to each other. The public key of a pair of asymmetric keys is mainly used to encrypt data. This key can be shared with anyone since it encrypts, not decrypts, data. The private key is used for the decryption of data encrypted by its public key counterpart, so it must stay secure. Asymmetric keys focus on encrypting data-in-motion. Data-in-motion is data sent across a network connection, whether it be a public or private connection. When transporting sensitive data, most encryption processes use both symmetric and asymmetric keys to encrypt data.  The data is first encrypted-at-rest by a symmetric encryption key.  The symmetric key is now encrypted by the public key of the person who the data is being sent to. That encrypted symmetric key and the ciphertext are sent to the recipient of the data.  Once the ciphertext and key reach the recipient, the symmetric key is decrypted by that user’s private key, and the ciphertext is decrypted.
  • 11. Key management follows a lifecycle of operations which are needed to ensure the key is created, stored, used, and rotated securely. Most cryptographic keys follow a lifecycle which involves key  Generation  Distribution  Use  Storage  Rotation  Backup/Recovery  Revocation  Destruction The generation of a key is the first step in ensuring that key is secure. If the key in question is generated with a weak encryption algorithm, then any attacker could easily discover the value of the encryption key. Also, if the key is generated in an insecure location, the key could be compromised as soon as it is created, resulting in a key that cannot be safely used for encryption. Key generators, AES encryption algorithms, or random number generators tend to be used for secure key generation. The next step of the key lifecycle is ensuring the safe distribution of the keys. Keys should be distributed to the required user via a secure TLS or SSL connection, to maintain the security of the keys being distributed. If an insecure connection is used to distribute the cryptographic keys, then the security of any data encrypted by these keys is in question, as an attacker could execute a man-in-the- middle attack and steal the keys. After distribution of the key, it is used for cryptographic operations. As previously noted, the key should only be used by authorized users, to make certain the key is not misused, copied, etc. When the key is used to encrypt data, it must then be stored for later decryption. The most secure method is via a Hardware Security Module (HSM) or CloudHSM. If an HSM is not used, then the keys can either be securely stored on the client’s side, or, if the keys are used on the Cloud, then the Cloud Service Provider’s Key Management Service can be used.
  • 12. First the data is decrypted by the old key or key pair and then encrypted by the new key or key pair. Rotation is necessary because the longer a key is in rotation, the more chance there is for someone to steal or find out the key. Rotation of keys can happen before the cryptoperiod expires in cases where the key is suspected to be compromised. Two other ways of dealing with a compromised key are revoking or destroying the key in question. Revoking a key means the key can no longer be used to encrypt or decrypt data, even if its cryptoperiod is still valid. Destroying a key, whether that is due to compromise or due to it no longer being used, deletes the key permanently from any key manager database or other storage method. This makes it impossible to recreate the key, unless a backup image is used. NIST standards require that deactivated keys be kept in an archive, to allow for reconstruction of the keys if data encrypted in the past must now be decrypted by that key or key pair.
  • 13. SECURE HASH ALGORITHM Secure Hash Algorithms, also known as SHA, are a family of cryptographic functions designed to keep data secured. It works by transforming the data using a hash function: an algorithm that consists of bitwise operations, modular additions, and compression functions. The hash function then produces a fixed-size string that looks nothing like the original. These algorithms are designed to be one-way functions, meaning that once they’re transformed into their respective hash values, it’s virtually impossible to transform them back into the original data. A few algorithms of interest are SHA-1, SHA-2, and SHA-3, each of which was successively designed with increasingly stronger encryption in response to hacker attacks. SHA-0, for instance, is now obsolete due to the widely exposed vulnerabilities. A common application of SHA is to encrypting passwords, as the server side only needs to keep track of a specific user’s hash value, rather than the actual password. This is helpful in case an attacker hacks the database, as they will only find the hashed functions and not the actual passwords, so if they were to input the hashed value as a password, the hash function will convert it into another string and subsequently deny access. Additionally, SHAs exhibit the avalanche effect, where the modification of very few letters being encrypted causes a big change in output; or conversely, drastically different strings produce similar hash values. This effect causes hash values to not give any information regarding the input string, such as its original length. In addition, SHAs are also used to detect the tampering of data by attackers, where if a text file is slightly changed and barely noticeable, the modified file’s hash value will be different than the original file’s hash value, and the tampering will be rather noticeable. SHA Characteristics One-way Function Alice and Bob are pen pals who share their thoughts via mail. When Alice visited Bob, she gave him a phone book of her city. In order to keep their messages safe from intruders, Alice tells Bob that she will encrypt the message. She tells Bob that he will find a bunch of numbers on every letter, and each sequence of numbers represents a phone number. Bob’s job is to find the phone number in the book and write down the first letter of the person’s last name. With this function, Bob is to decrypt the entire message.
  • 14. To decrypt the message, Bob has to read the entire phone book to find all the numbers on the letter, whereas Alice can quickly find the letters and their respective phone numbers in order to encrypt her message. For this reason, before Bob is able to decrypt the message by hand, Alice can re-hash the message and keep the data secure. This makes Alice’s algorithm a one-way function. The second safety characteristic is called second pre-image resistance, granted by SHA when a message is known, m1, yet it’s hard to find another message, m2, that hashes to the same value: Hm1 =Hm2. Without this characteristic, two different passwords would yield the same hash value, deeming the original password unnecessary in order to access secured data. The last safety characteristic is collision resistance, which is provided by algorithms that make it extremely hard for an attacker to find two completely different messages that hash to the same hash value: Hm1=Hm2. In order to provide this characteristic, there must be a similar number of possible inputs to possible outputs, as more inputs than outputs, by the pigeonhole principle, will definitively incur potential collisions. For this reason, collision resistance is necessary, as it implies that finding two inputs that hash to the same hash value is extremely difficult. Without collision resistance, digital signatures can be compromised as finding two messages that produce the same hash value may make users believe two documents were signed by two different people when one person was able to produce a different document with the same hash value. Recent cryptographic functions have stronger security characteristics to block off recently developed techniques such as length extension attacks, where given a hash value, hash(m), and the length of the original message, m, an attacker can find a message, ’m’, and calculate the hash value of the concatenation of the original message and the new message: hash (m∣∣m’). As a general guideline, a hash function should be as seemingly random as possible while still being deterministic and fast to compute.
  • 15. SHA-1: Secure Hash Algorithm 1, or SHA-1, was developed in 1993 by the U.S. government's standards agency National Institute of Standards and Technology (NIST). It is widely used in security applications and protocols, including TLS, SSL, PGP, SSH, IPsec, and S/MIME. SHA-1 works by feeding a message as a bit string of length less than 264264 bits, and producing a 160-bit hash value known as a message digest. Note that the message below is represented in hexadecimal notation for compactness. There are two methods to encrypt messages using SHA-1. Although one of the methods saves the processing of sixty-four 32-bit words, it is more complex and time-consuming to execute, so the simple method is shown in the example below. At the end of the execution, the algorithm outputs blocks of 16 words, where each word is made up of 16 bits, for a total of 256 bits. Albeit SHA-1 is still widely used, cryptanalysts in 2005 were able to find vulnerabilities on this algorithm that detrimentally compromised its security. These vulnerabilities came in the form of an algorithm that speedily finds collisions with different inputs, meaning that two distinct inputs map to the same digest . As of 2010, many organizations have recommended its replacement by SHA-2 or SHA-3. Companies like Microsoft, Google, or Mozilla have announced that their browsers will stop accepting SHA-1 encryption certificates by 2017. EXAMPLE: Below program shows the implementation of SHA-1 hash in Java import java.math.BigInteger; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; public class GFG { public static String encryptThisString(String input) { try {
  • 16. // getInstance() method is called with algorithm SHA-1 MessageDigest md = MessageDigest.getInstance("SHA-1"); // digest() method is called // to calculate message digest of the input string // returned as array of byte byte[] messageDigest = md.digest(input.getBytes()); // Convert byte array into signum representation BigInteger no = new BigInteger(1, messageDigest); // Convert message digest into hex value String hashtext = no.toString(16); // Add preceding 0s to make it 32 bit while (hashtext.length() < 32) { hashtext = "0" + hashtext; } // return the HashText return hashtext; } // For specifying wrong message digest algorithms catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } } // Driver code public static void main(String args[]) throws NoSuchAlgorithmException { System.out.println("HashCode Generated by SHA-1 for: "); String s1 = "GeeksForGeeks"; System.out.println("n" + s1 + " : " + encryptThisString(s1)); String s2 = "hello world"; System.out.println("n" + s2 + " : " + encryptThisString(s2)); } }
  • 17. SHA-2: Due to the exposed vulnerabilities of SHA-1, cryptographers modified the algorithm to produce SHA-2, which consists of not one but two hash functions known as SHA-256 and SHA-512, using 32- and 64-bit words, respectively. There are additional truncated versions of these hash functions, known as SHA- 224, SHA-384, SHA-512/224, and SHA-512/256, which can be used for either part of the algorithm. SHA-1 and SHA-2 differ in several ways; mainly, SHA-2 produces 224- or 256-sized digests, whereas SHA-1 produces a 160-bit digest; SHA-2 can also have block sizes that contain 1024 bits, or 512 bits, like SHA-1. Brute force attacks on SHA-2 are not as effective as they are against SHA-1. A brute force search for finding a message that corresponds to a given digest of length L using brute force would require 2L evaluations, which makes SHA-2 a lot safer against these kinds of attacks. Features of Hash Functions: The typical features of hash functions are Fixed Length Output (Hash Value)  Hash function coverts data of arbitrary length to a fixed length. This process is often referred to as hashing the data.  In general, the hash is much smaller than the input data, hence hash functions are sometimes called compression functions.  Since a hash is a smaller representation of a larger data, it is also referred to as a digest.  Hash function with n bit output is referred to as an n-bit hash function. Popular hash functions generate values between 160 and 512 bits. Efficiency of Operation  Generally for any hash function h with input x, computation of h(x) is a fast operation.  Computationally hash functions are much faster than a symmetric encryption.
  • 18. MD5 ALGORITHM MD5 is a cryptographic hash function algorithm that takes the message as input of any length and changes it into a fixed-length message of 16 bytes. MD5 algorithm stands for the message-digest algorithm. MD5 was developed as an improvement of MD4, with advanced security purposes. The output of MD5 (Digest size) is always 128 bits. MD5 was developed in 1991 by Ronald Rivest. Use Of MD5 Algorithm:  It is used for file authentication.  In a web application, it is used for security purposes. e.g. Secure password of users etc.  Using this algorithm, We can store our password in 128 bits format. Working of the MD5 Algorithm: MD5 algorithm follows the following steps 1. Append Padding Bits: In the first step, we add padding bits in the original message in such a way that the total length of the message is 64 bits less than the exact multiple of 512. Suppose we are given a message of 1000 bits. Now we have to add padding bits to the original message. Here we will add 472 padding bits to the original message. After adding the padding bits the size of the original message/output of the first step will be 1472 i.e. 64 bits less than an exact multiple of 512 (i.e. 512*3 = 1536). Length(original message + padding bits) = 512 * i – 64 where i = 1,2,3 . . .
  • 19. 2. Append Length Bits: In this step, we add the length bit in the output of the first step in such a way that the total number of the bits is the perfect multiple of 512. Simply, here we add the 64-bit as a length bit in the output of the first step. i.e. output of first step = 512 * n – 64 length bits = 64. After adding both we will get 512 * n i.e. the exact multiple of 512. 3. Initialize MD buffer: Here, we use the 4 buffers i.e. J, K, L, and M. The size of each buffer is 32 bits. J = 0x67425301 K = 0xEDFCBA45 L = 0x98CBADFE M = 0x13DCE476 4. Process Each 512-bit Block: This is the most important step of the MD5 algorithm. Here, a total of 64 operations are performed in 4 rounds. In the 1st round, 16 operations will be performed, 2nd round 16 operations will be performed, 3rd round 16 operations will be performed, and in the 4th round, 16 operations will be performed. We apply a different function on each round i.e. for the 1st round we apply the F function, for the 2nd G function, 3rd for the H function, and 4th for the I function. We perform OR, AND, XOR, and NOT (basically these are logic gates) for calculating functions. We use 3 buffers for each function i.e. K, L, M. F(K,L,M) = (K AND L) OR (NOT K AND M) G(K,L,M) = (K AND L) OR (L AND NOT M) H(K,L,M) = K XOR L XOR M I(K,L,M) = L XOR (K OR NOT M)
  • 20. After applying the function now we perform an operation on each block. For performing operations we need  add modulo 232  M[i] – 32 bit message.  K[i] – 32-bit constant.  <<<n – Left shift by n bits. Now take input as initialize MD buffer i.e. J, K, L, M. Output of K will be fed in L, L will be fed into M, and M will be fed into J. After doing this now we perform some operations to find the output for J.  In the first step, Outputs of K, L, and M are taken and then the function F is applied to them. We will add modulo 232 bits for the output of this with J.  In the second step, we add the M[i] bit message with the output of the first step.  Then add 32 bits constant i.e. K[i] to the output of the second step.  At last, we do left shift operation by n (can be any value of n) and addition modulo by 232 . After all steps, the result of J will be fed into K. Now same steps will be used for all functions G, H, and I. After performing all 64 operations we will get our message digest. Output: After all, rounds have been performed, the buffer J, K, L, and M contains the MD5 output starting with the lower bit J and ending with Higher bits M. Code: # importing the required libraries import hashlib inputstring = "This is a message sent by a computer user." # encoding the message using the library function output = hashlib.md5(inputstring.encode()) # printing the hash function print("Hash of the input string:") print(output.hexdigest())
  • 21. Output: Hash of the input string: 922547e866c89b8f677312df0ccec8ee Application Of MD5 Algorithm:  We use message digest to verify the integrity of files/ authenticates files.  MD5 was used for data security and encryption.  It is used to Digest the message of any size and also used for Password verification.  For Game Boards and Graphics. Advantages of MD5 Algorithm:  MD5 is faster and simple to understand.  MD5 algorithm generates a strong password in 16 bytes format. All developers like web developers etc use the MD5 algorithm to secure the password of users.  To integrate the MD5 algorithm, relatively low memory is necessary.  It is very easy and faster to generate a digest message of the original message. Disadvantages of MD5 Algorithm:  MD5 generates the same hash function for different inputs.  MD5 provides poor security over SHA1.  MD5 has been considered an insecure algorithm. So now we are using SHA256 instead of MD5  MD5 is neither a symmetric nor asymmetric algorithm.
  • 22. WEB SECURITY Web Security is very important nowadays. Websites are always prone to security threats/risks. Web Security deals with the security of data over the internet/network or web or while it is being transferred to the internet. For e.g. when you are transferring data between client and server and you have to protect that data that security of data is your web security. Hacking a Website may result in the theft of Important Customer Data, it may be the credit card information or the login details of a customer or it can be the destruction of one’s business and propagation of illegal content to the users while somebody hacks your website they can either steal the important information of the customers or they can even propagate the illegal content to your users through your website so, therefore, security considerations are needed in the context of web security. Security Threats: A Threat is nothing but a possible event that can damage and harm an information system. Security Threat is defined as a risk that which, can potentially harm Computer systems & organizations. Whenever an Individual or an Organization creates a website, they are vulnerable to security attacks. Security attacks are mainly aimed at stealing altering or destroying a piece of personal and confidential information, stealing the hard drive space, and illegally accessing passwords. So whenever the website you created is vulnerable to security attacks then the attacks are going to steal your data alter your data destroy your personal information see your confidential information and also it accessing your password. Top Web Security Threats : Web security threats are constantly emerging and evolving, but many threats consistently appear at the top of the list of web security threats. These include:  Cross-site scripting (XSS)  SQL Injection  Phishing  Ransomware  Code Injection  Viruses and worms  Spyware  Denial of Service
  • 23. Security Consideration: Updated Software: You need to always update your software. Hackers may be aware of vulnerabilities in certain software, which are sometimes caused by bugs and can be used to damage your computer system and steal personal data. Older versions of software can become a gateway for hackers to enter your network. Software makers soon become aware of these vulnerabilities and will fix vulnerable or exposed areas. That’s why It is mandatory to keep your software updated, It plays an important role in keeping your personal data secure. Beware of SQL Injection: SQL Injection is an attempt to manipulate your data or your database by inserting a rough code into your query. For e.g. somebody can send a query to your website and this query can be a rough code while it gets executed it can be used to manipulate your database such as change tables, modify or delete data or it can retrieve important information also so, one should be aware of the SQL injection attack. Cross-Site Scripting (XSS): XSS allows the attackers to insert client-side script into web pages. E.g. Submission of forms. It is a term used to describe a class of attacks that allow an attacker to inject client-side scripts into other users’ browsers through a website. As the injected code enters the browser from the site, the code is reliable and can do things like sending the user’s site authorization cookie to the attacker. Error Messages: You need to be very careful about error messages which are generated to give the information to the users while users access the website and some error messages are generated due to one or another reason and you should be very careful while providing the information to the users. For e.g. login attempt – If the user fails to login the error message should not let the user know which field is incorrect: Username or Password.
  • 24. Data Validation: Data validation is the proper testing of any input supplied by the user or application. It prevents improperly created data from entering the information system. Validation of data should be performed on both server-side and client-side. If we perform data validation on both sides that will give us the authentication. Data validation should occur when data is received from an outside party, especially if the data is from untrusted sources. Password: Password provides the first line of defense against unauthorized access to your device and personal information. It is necessary to use a strong password. Hackers in many cases use sophisticated software that uses brute force to crack passwords. Passwords must be complex to protect against brute force. It is good to enforce password requirements such as a minimum of eight characters long must including uppercase letters, lowercase letters, special characters, and numerals. Secure socket Layer (SSL/TLS): • Used to authenticate servers – Uses certificates, “root” CAs • Can authenticate clients • Inclusive security protocol • Security at the socket layer – Transport Layer Security (TLS) – Provides • authentication • confidentiality • integrity
  • 25. SSL Handshake (1) Client Hello (algorithms,…) (2) Server Hello (alg. selection, …) (3) Server Certificate (4) ClientKeyRequest (5) ChangeCipherSuite (6) ChangeCipherSuite (7) Finished (8) Finished Simplified Protocol Detail Participants: Alice/A (client) and Bob/B (server) Crypto Elements : Random R, Certificate C, k+ i Public Key (of i) Crypto Functions : Hash function H(x), Encryption E(k, d), Decryption D(k, d), Keyed MAC HMAC(k, d) 1. Alice → Bob RA 2. Bob → Alice RB, CB Alice pick pre-master secret S Alice calculate master secret K = H(S, RA, RB) 3. Alice → Bob E(k+B, S), HMAC(K,! CLNT! + [#1, #2]) Bob recover pre-master secret S = D(k−B , E(k+B, S)) Bob calculate master secret K = H(S, RA, RB) 4. Bob → Alice HMAC(K,! SRV R! + [#1, #2])
  • 26. Advantages:  Confidential session  Server authentication*  GUI clues for users  Built into every browser  Protocol has heavily analyzed Disadvantages:  Users don’t check certificates (don’t know meaning)  Too easy to obtain certificates  Too many roots in the browsers  Some settings are terrible  ssl v2 is on, totally insecure cipher suites included Reality of SSL: SSL is here to stay no matter what credit card over SSL connection is probably safer than credit card to waiter biggest hurdles: – performance – user education (check those certificates) – too many trusted sites (edit your browser prefs) – misconfiguration (turn off bad ciphersuites) – can be used for many non-web applications Now used for more than https, base for many distributed applications, etc.