Dan Houser, profile picture
Uploaded byDan Houser
66 views

Cryptography Overview Presentation circa 2005

High level overview of cryptography for general audience of business users, for awareness training

Embed presentation

Download to read offline
Encryption Delivering Trust by Protecting Information Assets Daniel D. Houser, CISSP, e-Biz+, MBA Sr. Security Engineer 9D5696C3CF44E7E7C6FD55E146C35F9467CD854AEF0FD89A
Overview Terms & History Value of encryption Environmental changes Use of encryption in business Future encryption projects 9D5696C3CF44E7E7C6FD55E146C35F9467CD854AEF0FD89A
Terms Cryptography (aka “Encryption”)  The study of codes & ciphers for use in secret transmission of messages.  Making information unreadable by unauthorized persons Codes  Substitution of code words for words or phrases  “meet me at drop zone” -> “pretzel fusion bingo” Cipher  Methods of transforming cleartext into encoded text  ABCDE becomes 34567 or  E56CC3CF44E7E7C6FD55E146C35F9467A85SEF0FD8.
Terms Cleartext / plaintext - Unencrypted data Ciphertext - The scrambled message Key - That which locks and unlocks messages Hashing - One-way encryption hello G! d7&4 kU9n R30vb hello encryp t decryp t key key E56CC3CF44E7E7C6FD55E146TA9467A85SEF0FD8.
Terms Symmetric (secret key) cryptography  The same key encrypts and decrypts  Based on algorithm and a secret key - Fast  DES, Caesar Cipher, AES, PKZip Asymmetric cryptography  Different keys to encrypt and decrypt  Used for key exchange  Based on highly complex math problem - Slow  Examples: X.509 certificates* , RSA, Diffie- Hellman, PGP* * PGP and X.509 certs actually use both symmetric & asymmetric cryptography E56CRCPCF4ENE7E7C6FD55E146TA9467A85SEF0FD8.
History Kamasutra Julius Caesar & Caesar Cipher Mary Queen of Scots Purple & Midway DSS & pirated CDs E56CRCPCF4ENE7E7C6ROD55E146TA9467A85SS0FS.
Value of Encryption E56CRCPCF4ENE7E&C6ROD5CES46TA9467A85SS0FS.
Value of Encryption Confidentiality Integrity  Often overlooked value of encryption Non-repudiation Authentication component Enables the business Obligation to protect information assets E56CRCPCF4ENE7E& PROD5CES46TA9467AL5SS0FS.
Frequent Uses of Encryption Password encryption & hashing TLS & PGP protecting Internet traffic SSH for remote management/connections Secure eMail encrypt & sign functions SHA-1 authentication of software patches E5CRCPCF4ENETR7E& PROD5CES46TA9467AL5SS0FS.
Why now? Emerging privacy law  Single greatest driver of InfoSec today  HIPAA, Gramm-Leach-Bliley, COPPA  EU GDPR/ Safe Harbor/ DDP  Breach Notification Laws  Danny Kyllo v. United States Increased use by business partners Court of public opinion – table stakes We live in a post-9/11 world E5CRYPCF4ENSUETR7& PROD5CES46TA9467AL5SS0FS.
Positioning us for Success Liken encryption management to password management  400+ authentication repositories  Expensive to maintain, “impossible” to integrate  NOT the model we want for encryption repositories Goal: Minimizing impact to customers, producers & agents Phased approach – walk, crawl, run SC&A process to ensure due diligence E5CRYPCF4ENSURES TR7ST& PROD5CES46TA97AL5SS0FS.
Future uses of encryption Information Classification Information Classification provides the framework necessary to ensure that information assets are consistently managed, handled, and protected according to customer expectations and government regulations. Establishes a data classification standard which ensures that information is protected in accordance with its value E5CRYPCF4ENSURES TR7ST& PROTE5CES46TA97AL5SS0FS.
Future uses of Encryption Information Classification Enables an organization to live up the promises made in the corporate privacy statements Aligns with existing regulatory requirements (e.g. FTC, SEC, GLBA, HIPAA, SOX, PCI-DSS…) E5CRYPCIOF ENSURES TR7ST& PROTE5CES46TA97AL5SS0FS.
Future uses of Encryption Encryption Framework Goals Create information security policies, rules, standards and procedures for the Nationwide cryptographic framework architecture Develop cryptography requirements and specifications Recommend organizational roles and responsibilities to select, secure, deploy, administer, and maintain cryptography framework. Develop a selection methodology for cryptographic products and services. E5CRYPCIOF ENSURES TR7ST & PROTECES46TA97AL5SS0TS.
Encryption Framework: End State Hub = Encryption Framework Target 1. Policy, rules, standards and procedures 2. Cryptographic requirements and specifications 3. Organizational roles, responsibilities, etc. 4. Selection methodologies for framework alignment and interoperability. 1 2 3 4 Terminals = Applications Digital Signatures Secure e-mail FTPTransfers Document Encryption K ey & C er t M gm t, et c. E5CRYPTIOF ENSURES TR7ST & PROTECES 6TA97AL5SS0TS.
Future uses of Encryption Secure e-mail Establish secure e-mail system for communicating B2B, B2C, B2E Enable business objectives requiring electronic transmission of sensitive data Making it easy for partners and customers to communicate securely Trusted Time & proof of provinence Privileged Access & Machine Identity E5CRYPTION ENSURES TR7ST & PROTECTS 6ITA97A5SS0TS.
Future uses of Encryption Federated Identity Enables cross-company Single Signon Standards-based, extensible architecture, repeatable solution. Vendor agnostic Architecture for future cross-company Web Services authentication Powerful tool for leveraging e-business E5CRYPTION ENSURES TR7ST & PROTECTS 6VITA97ASS0TS.
Future uses of Encryption Federated Identity A CCA B: B2E B A: SSO Partner Web Site C: Supply Chain C Partner Web Service D Partner Web Site D: Service E5CRYPTION ENSURES TRUST & PROTECTS VITAL ASS0TS. Redacted
Future uses of Encryption Secure file transfer Digital signatures Web Services security Enhancing privacy protection ENCRYPTION ENSURES TRUST & PROTECTS VITAL ASS0TS.
Recap Privacy & Identity Theft – Strong drivers Business partner & customer expectations for cryptographic protection Encryption provides a vital component of ensuring trust & protecting vital access Multiple encryption projects coming 2003
Q&A ENCRYPTION ENSURES TRUST & PROTECTS VITAL ASSETS.

More Related Content

PDF
Encryption: Who, What, When, Where, and Why It's Not a Panacea
byResilient Systems
 
PPTX
Protecting Sensitive Data (and be PCI Compliant too!)
bySecurity Innovation
 
PPTX
The network security and cryptography topic
byPavitraVaishnavi
 
PPT
Cyber security Unit 3 Cryptography and Network security
byeticket4403
 
PPTX
Fundamental Concept of Cryptography in Computer Security
byUttara University
 
PPTX
Information Security and Privacy-Unit-2.pptx
byNiharikaDubey17
 
PPT
Lesson 2 Cryptography tools
byMLG College of Learning, Inc
 
PDF
cryptography and network security principles and practice
bymanuelconde35
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
byResilient Systems
 
Protecting Sensitive Data (and be PCI Compliant too!)
bySecurity Innovation
 
The network security and cryptography topic
byPavitraVaishnavi
 
Cyber security Unit 3 Cryptography and Network security
byeticket4403
 
Fundamental Concept of Cryptography in Computer Security
byUttara University
 
Information Security and Privacy-Unit-2.pptx
byNiharikaDubey17
 
Lesson 2 Cryptography tools
byMLG College of Learning, Inc
 
cryptography and network security principles and practice
bymanuelconde35
 

Similar to Cryptography Overview Presentation circa 2005

PPT
Hardware Network Trojans for neural Networks
bygayathrid55
 
PPTX
Computer Introduction (Data Encryption)-Lecture05
byDr. Mazin Mohamed alkathiri
 
PPT
Cryptography
byJohnsonDaniel JohnsonDaniel
 
PDF
Chapter 1 2
byBaggam Sailusha
 
ODP
CISSP Week 16
byjemtallon
 
PPTX
Key distribution code.ppt
byPrabhat Kumar
 
DOCX
network security
byBishalWosti1
 
PPT
Lesson 2
byMLG College of Learning, Inc
 
PPTX
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)
byPace IT at Edmonds Community College
 
PPTX
Cyber security
byJahirUddinKomol
 
PDF
Network Security and Cryptography.pdf
byAdityaKumar1548
 
PPTX
https://www.slideshare.net/slideshow/computing-assessment-criteria-y8-3564449...
byanishjepron2
 
PPTX
Computer Introduction-Lecture05
byDr. Mazin Mohamed alkathiri
 
PPTX
Encryption by fastech
byAbdulafeez Fasasi
 
PPT
Encryption
byNaiyan Noor
 
PPTX
SEMINAR CRYPTOGRAPHY AND NETWORK BASICS.pptx
byJeevaR43
 
PPTX
Network security & cryptography
bypinkutinku26
 
PPTX
Network security & cryptography
byKiran Patil
 
PPT
Computer and Network Security
byMuhammad Yousuf Abdul Qadir
 
PPT
Network securities cn
byDhaval Bhatia
 
Hardware Network Trojans for neural Networks
bygayathrid55
 
Computer Introduction (Data Encryption)-Lecture05
byDr. Mazin Mohamed alkathiri
 
Cryptography
byJohnsonDaniel JohnsonDaniel
 
Chapter 1 2
byBaggam Sailusha
 
CISSP Week 16
byjemtallon
 
Key distribution code.ppt
byPrabhat Kumar
 
network security
byBishalWosti1
 
Lesson 2
byMLG College of Learning, Inc
 
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)
byPace IT at Edmonds Community College
 
Cyber security
byJahirUddinKomol
 
Network Security and Cryptography.pdf
byAdityaKumar1548
 
https://www.slideshare.net/slideshow/computing-assessment-criteria-y8-3564449...
byanishjepron2
 
Computer Introduction-Lecture05
byDr. Mazin Mohamed alkathiri
 
Encryption by fastech
byAbdulafeez Fasasi
 
Encryption
byNaiyan Noor
 
SEMINAR CRYPTOGRAPHY AND NETWORK BASICS.pptx
byJeevaR43
 
Network security & cryptography
bypinkutinku26
 
Network security & cryptography
byKiran Patil
 
Computer and Network Security
byMuhammad Yousuf Abdul Qadir
 
Network securities cn
byDhaval Bhatia
 

More from Dan Houser

PPT
MFA, 42 & Compliance - Answers to the Wrong Questions
byDan Houser
 
PPTX
Protect passwords - User Awareness Training
byDan Houser
 
PPTX
RSA2003: Forget Firewalls - early Zero Trust
byDan Houser
 
PPTX
Digital Deception: Raising the Stakes on Hackers
byDan Houser
 
PPTX
The Hidden Enemy Within - Why Ungoverned Data is Such a Big Problem
byDan Houser
 
PPT
RSA2008: Sins of our Fathers, for which we still are punished
byDan Houser
 
PPTX
Now More than Ever: Ethics in Cybersecurity
byDan Houser
 
PPT
RSA 2005 H&T: Die Script Kiddie! Die, Die, Die!
byDan Houser
 
PPTX
Crypto in the Real World - ISACA 10-Jan-2008
byDan Houser
 
PPT
Power Up your LinkedIn Profile, Effectively Highlight your Branc
byDan Houser
 
PPTX
My Baby Done Bad Crypto - My Sweet Baby Done Me Wrong
byDan Houser
 
PPTX
The Death of Best-of-Breed - Leveraging Cloud for Security Transformation
byDan Houser
 
PPTX
2024 Security Outlook & Essential Security Practices
byDan Houser
 
PPTX
Hacking and Armoring Identity Ecosystems: When MFA Isn't Good Enough Any Longer
byDan Houser
 
PPTX
Driving Change and Resilience: Aligning Cybersecurity with Organizational St...
byDan Houser
 
ODP
2013 (ISC)² Congress: This Curious Thing Called Ethics
byDan Houser
 
PPTX
Securing Big Data and the Grid
byDan Houser
 
PPT
RSA2008: What Vendors Won’t Tell You About Federated Identity
byDan Houser
 
PPT
The Challenges & Risks of New Technology: Privacy Law & Policy
byDan Houser
 
PPT
Perimeter Defense in a World Without Walls
byDan Houser
 
MFA, 42 & Compliance - Answers to the Wrong Questions
byDan Houser
 
Protect passwords - User Awareness Training
byDan Houser
 
RSA2003: Forget Firewalls - early Zero Trust
byDan Houser
 
Digital Deception: Raising the Stakes on Hackers
byDan Houser
 
The Hidden Enemy Within - Why Ungoverned Data is Such a Big Problem
byDan Houser
 
RSA2008: Sins of our Fathers, for which we still are punished
byDan Houser
 
Now More than Ever: Ethics in Cybersecurity
byDan Houser
 
RSA 2005 H&T: Die Script Kiddie! Die, Die, Die!
byDan Houser
 
Crypto in the Real World - ISACA 10-Jan-2008
byDan Houser
 
Power Up your LinkedIn Profile, Effectively Highlight your Branc
byDan Houser
 
My Baby Done Bad Crypto - My Sweet Baby Done Me Wrong
byDan Houser
 
The Death of Best-of-Breed - Leveraging Cloud for Security Transformation
byDan Houser
 
2024 Security Outlook & Essential Security Practices
byDan Houser
 
Hacking and Armoring Identity Ecosystems: When MFA Isn't Good Enough Any Longer
byDan Houser
 
Driving Change and Resilience: Aligning Cybersecurity with Organizational St...
byDan Houser
 
2013 (ISC)² Congress: This Curious Thing Called Ethics
byDan Houser
 
Securing Big Data and the Grid
byDan Houser
 
RSA2008: What Vendors Won’t Tell You About Federated Identity
byDan Houser
 
The Challenges & Risks of New Technology: Privacy Law & Policy
byDan Houser
 
Perimeter Defense in a World Without Walls
byDan Houser
 

Recently uploaded

PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
apidays New York 2025 | AI in Application Security
byapidays
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 

Cryptography Overview Presentation circa 2005

  • 1.
    Encryption Delivering Trust byProtecting Information Assets Daniel D. Houser, CISSP, e-Biz+, MBA Sr. Security Engineer 9D5696C3CF44E7E7C6FD55E146C35F9467CD854AEF0FD89A
  • 2.
    Overview Terms & History Valueof encryption Environmental changes Use of encryption in business Future encryption projects 9D5696C3CF44E7E7C6FD55E146C35F9467CD854AEF0FD89A
  • 3.
    Terms Cryptography (aka “Encryption”) The study of codes & ciphers for use in secret transmission of messages.  Making information unreadable by unauthorized persons Codes  Substitution of code words for words or phrases  “meet me at drop zone” -> “pretzel fusion bingo” Cipher  Methods of transforming cleartext into encoded text  ABCDE becomes 34567 or  E56CC3CF44E7E7C6FD55E146C35F9467A85SEF0FD8.
  • 4.
    Terms Cleartext / plaintext- Unencrypted data Ciphertext - The scrambled message Key - That which locks and unlocks messages Hashing - One-way encryption hello G! d7&4 kU9n R30vb hello encryp t decryp t key key E56CC3CF44E7E7C6FD55E146TA9467A85SEF0FD8.
  • 5.
    Terms Symmetric (secret key)cryptography  The same key encrypts and decrypts  Based on algorithm and a secret key - Fast  DES, Caesar Cipher, AES, PKZip Asymmetric cryptography  Different keys to encrypt and decrypt  Used for key exchange  Based on highly complex math problem - Slow  Examples: X.509 certificates* , RSA, Diffie- Hellman, PGP* * PGP and X.509 certs actually use both symmetric & asymmetric cryptography E56CRCPCF4ENE7E7C6FD55E146TA9467A85SEF0FD8.
  • 6.
    History Kamasutra Julius Caesar &Caesar Cipher Mary Queen of Scots Purple & Midway DSS & pirated CDs E56CRCPCF4ENE7E7C6ROD55E146TA9467A85SS0FS.
  • 7.
  • 8.
    Value of Encryption Confidentiality Integrity Often overlooked value of encryption Non-repudiation Authentication component Enables the business Obligation to protect information assets E56CRCPCF4ENE7E& PROD5CES46TA9467AL5SS0FS.
  • 9.
    Frequent Uses ofEncryption Password encryption & hashing TLS & PGP protecting Internet traffic SSH for remote management/connections Secure eMail encrypt & sign functions SHA-1 authentication of software patches E5CRCPCF4ENETR7E& PROD5CES46TA9467AL5SS0FS.
  • 10.
    Why now? Emerging privacylaw  Single greatest driver of InfoSec today  HIPAA, Gramm-Leach-Bliley, COPPA  EU GDPR/ Safe Harbor/ DDP  Breach Notification Laws  Danny Kyllo v. United States Increased use by business partners Court of public opinion – table stakes We live in a post-9/11 world E5CRYPCF4ENSUETR7& PROD5CES46TA9467AL5SS0FS.
  • 11.
    Positioning us forSuccess Liken encryption management to password management  400+ authentication repositories  Expensive to maintain, “impossible” to integrate  NOT the model we want for encryption repositories Goal: Minimizing impact to customers, producers & agents Phased approach – walk, crawl, run SC&A process to ensure due diligence E5CRYPCF4ENSURES TR7ST& PROD5CES46TA97AL5SS0FS.
  • 12.
    Future uses ofencryption Information Classification Information Classification provides the framework necessary to ensure that information assets are consistently managed, handled, and protected according to customer expectations and government regulations. Establishes a data classification standard which ensures that information is protected in accordance with its value E5CRYPCF4ENSURES TR7ST& PROTE5CES46TA97AL5SS0FS.
  • 13.
    Future uses ofEncryption Information Classification Enables an organization to live up the promises made in the corporate privacy statements Aligns with existing regulatory requirements (e.g. FTC, SEC, GLBA, HIPAA, SOX, PCI-DSS…) E5CRYPCIOF ENSURES TR7ST& PROTE5CES46TA97AL5SS0FS.
  • 14.
    Future uses ofEncryption Encryption Framework Goals Create information security policies, rules, standards and procedures for the Nationwide cryptographic framework architecture Develop cryptography requirements and specifications Recommend organizational roles and responsibilities to select, secure, deploy, administer, and maintain cryptography framework. Develop a selection methodology for cryptographic products and services. E5CRYPCIOF ENSURES TR7ST & PROTECES46TA97AL5SS0TS.
  • 15.
    Encryption Framework: End State Hub= Encryption Framework Target 1. Policy, rules, standards and procedures 2. Cryptographic requirements and specifications 3. Organizational roles, responsibilities, etc. 4. Selection methodologies for framework alignment and interoperability. 1 2 3 4 Terminals = Applications Digital Signatures Secure e-mail FTPTransfers Document Encryption K ey & C er t M gm t, et c. E5CRYPTIOF ENSURES TR7ST & PROTECES 6TA97AL5SS0TS.
  • 16.
    Future uses ofEncryption Secure e-mail Establish secure e-mail system for communicating B2B, B2C, B2E Enable business objectives requiring electronic transmission of sensitive data Making it easy for partners and customers to communicate securely Trusted Time & proof of provinence Privileged Access & Machine Identity E5CRYPTION ENSURES TR7ST & PROTECTS 6ITA97A5SS0TS.
  • 17.
    Future uses ofEncryption Federated Identity Enables cross-company Single Signon Standards-based, extensible architecture, repeatable solution. Vendor agnostic Architecture for future cross-company Web Services authentication Powerful tool for leveraging e-business E5CRYPTION ENSURES TR7ST & PROTECTS 6VITA97ASS0TS.
  • 18.
    Future uses ofEncryption Federated Identity A CCA B: B2E B A: SSO Partner Web Site C: Supply Chain C Partner Web Service D Partner Web Site D: Service E5CRYPTION ENSURES TRUST & PROTECTS VITAL ASS0TS. Redacted
  • 19.
    Future uses ofEncryption Secure file transfer Digital signatures Web Services security Enhancing privacy protection ENCRYPTION ENSURES TRUST & PROTECTS VITAL ASS0TS.
  • 20.
    Recap Privacy & IdentityTheft – Strong drivers Business partner & customer expectations for cryptographic protection Encryption provides a vital component of ensuring trust & protecting vital access Multiple encryption projects coming 2003
  • 21.
    Q&A ENCRYPTION ENSURES TRUST& PROTECTS VITAL ASSETS.

Editor's Notes

  • #5 Steganography examples exist in modern times with embedding documents in .JPG and .BMP files, which are then posted to innocuous web servers, enabling covert communication over a clear channel. Ancient examples included tattooing messages on the heads of slaves, letting their hair grow out, then having them walk to the recipient. Hashing can be thought of as the process of making hash: potatoes, onions, peppers & sausage are chopped up fine and sauteed. Once you’ve made hash, you can’t return it to the original potato, onion, pepper & sausage links. Examples include SHA, MD5, and checksum algorithms. Symmetric encryption examples: DES, AES, Caesar cipher, code wheel. However, presents a big problem in key exchange… how do you exchange keys with the recipients of the message? During the Cold War, all warships going to see would have pallets of key materials they would have to load to support them during their tour of duty. Asymmetric cryptography is revolutionary and very powerful – permits key exchange, because I can sign messages, but permit anyone to decrypt them if I like. Enables digital certificates, “signed” documents, encrypted e-mail, SSL, and a host of other technologies.
  • #6 Kama-Sutra includes references to “secret writing” as 45th in a list of arts women should know. Caesar Cipher used by Julias Caesar for sending messages, simple substitution cipher by shifting the alphabet 3 characters to the right. HAL is a 25 position Caesar Cipher of IBM in 2001 – A Space Odyssey. Mary Queen of Scots used a combination cipher and codes to communicate with co-conspirators against Queen Elizabeth.
  • #10 “Security is an essential predicate to privacy. You can't have privacy without security, but you can have security without privacy. Basically, my interpretation of the law is that it's quickly evolving towards a zero tolerance for security screw ups (strict liability).” - Kirk Herath, CPO Health Insurance Portability and Accountability Act of 1996, Gramm-Leach-Bliley Privacy Act, Children’s Online Privacy Protection Act, European Union Directive on Data Protection Browse over to www.privacylaw.net and read their main page press clippings – painful! S.B. 1386 regulates any person or business that conducts business in California, and that "owns or licenses" computerized data that includes personal information. The law defines a "breach of the security of the system" as an "unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained" by a person, business, or agency. If a security breach occurs, the owner or licensor of the data "shall disclose any breach ... to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person."