The document provides an introduction to public key cryptography. It introduces Alice and Bob, who want to securely communicate. It first discusses weaknesses in traditional symmetric encryption algorithms, such as substitution ciphers and Caesar ciphers. It then explains how public key cryptography works using asymmetric key pairs, allowing Alice to securely send Bob messages using his public key without having to exchange a secret key. The document covers the RSA algorithm in particular and how it relies on the difficulty of factoring large numbers.
MVC, Media+Visual Communication Department, Chang Gung University, Teaching Curriculum, Department Introduction, Projects, Art Projects, Design Projects, Student Workshops, The D/sign Lounge Lab, Eleanor-Jayne Browne, Final Year Course Director, MVC PopUp Shop, The MVC Collective, Printmaking
This document provides feedback on Georgia's A2 First Assessment project. It notes that the "A2 transition project" page can be deleted as it is empty. It comments that Georgia's leaflet ideas were well-chosen but her motivation may have decreased after moving on from the project. It states that practical tasks and gallery visits are missing. It evaluates Georgia's starting points as competent but notes only one observational study has been completed despite grand plans. Next steps suggested include adapting conflict images into fashion photos and planning time to catch up on missing tasks. The target grade for the practical response project is a C.
Daniel McDonald passed away and is mourned by loved ones. Those who knew him feel his absence and remember the care and affection they shared. Though gone, Daniel McDonald lives on in the hearts and memories of family and friends who cherish the time they had with him.
The document summarizes the author's tour of new stores and shopping developments in Manhattan over twelve days. On the first day, the author describes elaborate holiday window displays at stores like Bergdorf Goodman and Saks Fifth Avenue. Tony Duquette inspired Bergdorf Goodman's windows depicting "The Elements." On the third day, the author visits newly renovated flagship stores like Dolce & Gabbana's store on Madison Avenue. By the twelfth day, the author sees new international stores opening in Manhattan from brands in countries like Belgium, Spain, Greece, and the UK.
- The document discusses cryptography concepts like symmetric and asymmetric encryption, hashing, and digital signatures. It uses an example of Alice communicating securely with Bob to illustrate these concepts and how threats like eavesdropping and message tampering can be countered.
- It then explains how Transport Layer Security (TLS) incorporates all these countermeasures to provide confidentiality, integrity, authentication for network communication, most commonly used to secure HTTPS connections on the web.
- Some current issues with TLS are discussed like attacks that have been found and problems with certificate authorities, but overall it remains very important for network security. Users and developers are encouraged to properly configure and use TLS.
This document recounts the traditional Christmas carol "The Twelve Days of Christmas." Each stanza describes the increasing number and variety of gifts received each day from the singer's true love, culminating in the twelfth day when they received twelve drummers drumming, eleven pipers piping, and all the previous days' gifts, including a partridge in a pear tree on the first day.
Lecture for LIS 644 "Digital Trends, Tools, and Debates." Not my strong point, so I won't swear there are no errors. If you reuse, please respect the CC-BY-NC-SA license on the photo.
The document discusses different types of energy, including potential and kinetic energy. It defines potential energy as energy stored due to an object's position and defines kinetic energy as the energy an object has due to its motion. It also discusses how an airplane's kinetic and potential energy changes as it approaches an airport. The document then discusses physical and chemical properties of matter and gives examples of each. Finally, it discusses the three main types of heat transfer: conduction, convection, and radiation, providing examples of each and mnemonic devices to remember them.
MVC, Media+Visual Communication Department, Chang Gung University, Teaching Curriculum, Department Introduction, Projects, Art Projects, Design Projects, Student Workshops, The D/sign Lounge Lab, Eleanor-Jayne Browne, Final Year Course Director, MVC PopUp Shop, The MVC Collective, Printmaking
This document provides feedback on Georgia's A2 First Assessment project. It notes that the "A2 transition project" page can be deleted as it is empty. It comments that Georgia's leaflet ideas were well-chosen but her motivation may have decreased after moving on from the project. It states that practical tasks and gallery visits are missing. It evaluates Georgia's starting points as competent but notes only one observational study has been completed despite grand plans. Next steps suggested include adapting conflict images into fashion photos and planning time to catch up on missing tasks. The target grade for the practical response project is a C.
Daniel McDonald passed away and is mourned by loved ones. Those who knew him feel his absence and remember the care and affection they shared. Though gone, Daniel McDonald lives on in the hearts and memories of family and friends who cherish the time they had with him.
The document summarizes the author's tour of new stores and shopping developments in Manhattan over twelve days. On the first day, the author describes elaborate holiday window displays at stores like Bergdorf Goodman and Saks Fifth Avenue. Tony Duquette inspired Bergdorf Goodman's windows depicting "The Elements." On the third day, the author visits newly renovated flagship stores like Dolce & Gabbana's store on Madison Avenue. By the twelfth day, the author sees new international stores opening in Manhattan from brands in countries like Belgium, Spain, Greece, and the UK.
- The document discusses cryptography concepts like symmetric and asymmetric encryption, hashing, and digital signatures. It uses an example of Alice communicating securely with Bob to illustrate these concepts and how threats like eavesdropping and message tampering can be countered.
- It then explains how Transport Layer Security (TLS) incorporates all these countermeasures to provide confidentiality, integrity, authentication for network communication, most commonly used to secure HTTPS connections on the web.
- Some current issues with TLS are discussed like attacks that have been found and problems with certificate authorities, but overall it remains very important for network security. Users and developers are encouraged to properly configure and use TLS.
This document recounts the traditional Christmas carol "The Twelve Days of Christmas." Each stanza describes the increasing number and variety of gifts received each day from the singer's true love, culminating in the twelfth day when they received twelve drummers drumming, eleven pipers piping, and all the previous days' gifts, including a partridge in a pear tree on the first day.
Lecture for LIS 644 "Digital Trends, Tools, and Debates." Not my strong point, so I won't swear there are no errors. If you reuse, please respect the CC-BY-NC-SA license on the photo.
The document discusses different types of energy, including potential and kinetic energy. It defines potential energy as energy stored due to an object's position and defines kinetic energy as the energy an object has due to its motion. It also discusses how an airplane's kinetic and potential energy changes as it approaches an airport. The document then discusses physical and chemical properties of matter and gives examples of each. Finally, it discusses the three main types of heat transfer: conduction, convection, and radiation, providing examples of each and mnemonic devices to remember them.
This document discusses the development of high-performance services at Mail.ru for tasks like serving avatars. It describes how they use technologies like Perl, AnyEvent, IProto and Tarantool to process over 100,000 requests per second on a single server. Key points are:
1. Mail.ru uses Perl 7 with AnyEvent and IProto to build asynchronous services that can handle 40,000-120,000 requests per second per core.
2. They store data in the Tarantool NoSQL database for its performance and ability to handle multiple indexes.
3. By using these technologies like async Perl and Tarantool, they can process over 100,000 requests per second with a
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
This document discusses the development of high-performance services at Mail.ru for tasks like serving avatars. It describes how they use technologies like Perl, AnyEvent, IProto and Tarantool to process over 100,000 requests per second on a single server. Key points are:
1. Mail.ru uses Perl 7 with AnyEvent and IProto to build asynchronous services that can handle 40,000-120,000 requests per second per core.
2. They store data in the Tarantool NoSQL database for its performance and ability to handle multiple indexes.
3. By using these technologies like async Perl and Tarantool, they can process over 100,000 requests per second with a
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
15. “algorithm”:
c = m + k mod 26
‣ CAESARIAN CIPHER or CAESARIAN SHIFT
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
9
vrijdag 20 april 12
16. “algorithm”:
c = m + k mod 26
Message: C O D E
‣ CAESARIAN CIPHER or CAESARIAN SHIFT
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
9
vrijdag 20 april 12
17. “algorithm”:
c = m + k mod 26
Message: C O D E
Ciphertext (key=1): DPEF
‣ CAESARIAN CIPHER or CAESARIAN SHIFT
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
9
vrijdag 20 april 12
18. “algorithm”:
c = m + k mod 26
Message: C O D E
Ciphertext (key=1): DPEF
Ciphertext (key=2): EQFG
‣ CAESARIAN CIPHER or CAESARIAN SHIFT
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
9
vrijdag 20 april 12
19. “algorithm”:
c = m + k mod 26
Message: C O D E
Ciphertext (key=1): D P E F
Ciphertext (key=2): E Q F G
Ciphertext (key=-1): B M C D
‣ CAESARIAN CIPHER or CAESARIAN SHIFT
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
9
vrijdag 20 april 12
20. “algorithm”:
c = m + k mod 26
Message: C O D E
Ciphertext (key=1): D P E F Ciphertext (key=0): C O D E
Ciphertext (key=2): E Q F G
Ciphertext (key=-1): B M C D
‣ CAESARIAN CIPHER or CAESARIAN SHIFT
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
9
vrijdag 20 april 12
21. “algorithm”:
c = m + k mod 26
Message: C O D E
Ciphertext (key=1): D P E F Ciphertext (key=0): C O D E
Ciphertext (key=2): E Q F G Ciphertext (key=26): C O D E
Ciphertext (key=-1): B M C D
‣ CAESARIAN CIPHER or CAESARIAN SHIFT
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
9
vrijdag 20 april 12
22. “algorithm”:
c = m + k mod 26
Message: C O D E
Ciphertext (key=1): D P E F Ciphertext (key=0): C O D E
Ciphertext (key=2): E Q F G Ciphertext (key=26): C O D E
Ciphertext (key=-1): B M C D Ciphertext (key=52): C O D E
‣ CAESARIAN CIPHER or CAESARIAN SHIFT
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
9
vrijdag 20 april 12
23. ‣ FLAWS IN THESE CIPHERS
10
vrijdag 20 april 12
24. ➡ Key is too easy to guess.
‣ FLAWS IN THESE CIPHERS
10
vrijdag 20 april 12
25. ➡ Key is too easy to guess.
➡ Key has to be send to Bob.
‣ FLAWS IN THESE CIPHERS
10
vrijdag 20 april 12
26. ➡ Key is too easy to guess.
➡ Key has to be send to Bob.
➡ Deterministic.
‣ FLAWS IN THESE CIPHERS
10
vrijdag 20 april 12
27. ➡ Key is too easy to guess.
➡ Key has to be send to Bob.
➡ Deterministic.
➡ Prone to frequency analysis.
‣ FLAWS IN THESE CIPHERS
10
vrijdag 20 april 12
29. ➡ The usage of every letter in the English (or
any other language) can be represented by
a percentage.
11
vrijdag 20 april 12
30. ➡ The usage of every letter in the English (or
any other language) can be represented by
a percentage.
➡ ‘E’ is used 12.7% of the times in english
texts, the ‘Z’ only 0.074%.
11
vrijdag 20 april 12
31. ➡ The usage of every letter in the English (or
any other language) can be represented by
a percentage.
➡ ‘E’ is used 12.7% of the times in english
texts, the ‘Z’ only 0.074%.
➡ ‘O’ is used 11.07% of the times in russian
texts, the ‘Ъ’ only 0.02%.
11
vrijdag 20 april 12
32. Once upon a midnight dreary, while I pondered, weak and weary,
Over many a quaint and curious volume of forgotten lore—
While I nodded, nearly napping, suddenly there came a tapping,
As of some one gently rapping—rapping at my chamber door.
"'Tis some visitor," I muttered, "tapping at my chamber door—
Only this and nothing more."
http://www.gutenberg.org/cache/epub/14082/pg14082.txt 12
vrijdag 20 april 12
33. A small bit of text can result in differences, but still there are
some letters we can deduce..
‣ “THE RAVEN”, FIRST PARAGRAPH 13
vrijdag 20 april 12
34. We can deduce almost all letters just without even CARING
about the crypto algorithm used.
‣ “THE RAVEN”, ALL PARAGRAPHS 14
vrijdag 20 april 12
35. ‣ FLAWS IN THESE CIPHERS
15
vrijdag 20 april 12
36. ➡ Determinism and the ability to use
frequency analysis are “bad things”
‣ FLAWS IN THESE CIPHERS
15
vrijdag 20 april 12
38. ➡ Previous examples were symmetrical encryptions.
‣ SYMMETRICAL ALGORITHMS 16
vrijdag 20 april 12
39. ➡ Previous examples were symmetrical encryptions.
➡ Same key is used for both encryption and decryption.
‣ SYMMETRICAL ALGORITHMS 16
vrijdag 20 april 12
40. ➡ Previous examples were symmetrical encryptions.
➡ Same key is used for both encryption and decryption.
➡ Good symmetrical encryptions: AES, Blowfish, (3)DES
‣ SYMMETRICAL ALGORITHMS 16
vrijdag 20 april 12
41. ‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS 17
vrijdag 20 april 12
42. How does Alice send over the key securely
to Bob? Everybody’s listening!
‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS 17
vrijdag 20 april 12
44. Two keys instead of one:
public key - available for everybody.
Can be published on your blog.
private key - For your eyes only!
19
vrijdag 20 april 12
45. ‣ USES 2 KEYS INSTEAD OF ONE: A KEYPAIR
20
http://upload.wikimedia.org/wikipedia/commons/f/f9/Public_key_encryption.svg
vrijdag 20 april 12
46. It is NOT possible to decrypt the message
with same key that is used to encrypt.
21
vrijdag 20 april 12
47. Encrypt with public key:
- only private key (thus Alice) can decrypt.
- message is only for Alice = encryption
22
vrijdag 20 april 12
48. Encrypt with public key:
- only private key (thus Alice) can decrypt.
- message is only for Alice = encryption
Encrypt with private key:
- only public key can decrypt.
- message is guaranteed coming for Alice = signing
22
vrijdag 20 april 12
49. Symmetrical Asymmetrical
✓ quick. ✓ no need to send over the
✓ not resource intensive. (whole) key.
✓useful for small and large ✓ can be used for encryption
messages. and validation (signing).
✗ need to send over the key
✗ very resource intensive.
to the other side.
✗ only useful for small messages.
23
vrijdag 20 april 12
50. Use symmetrical encryption for the (large) message
and encrypt the key used with an asymmetrical
encryption method.
24
vrijdag 20 april 12
51. Hybrid
✓ quick
✓ not resource intensive
✓ useful for small and large messages
✓ safely exchange key data
25
vrijdag 20 april 12
52. Hybrid
✓ quick
✓ not resource intensive
✓ useful for small and large messages
✓ safely exchange key data
+
http://www.zastavki.com/pictures/1152x864/2008/Animals_Cats_Small_cat_005241_.jpg 25
vrijdag 20 april 12
55. RSA
Ron Rivest, Adi Shamir, Leonard Adleman
27
vrijdag 20 april 12
56. RSA
Ron Rivest, Adi Shamir, Leonard Adleman
1978
27
vrijdag 20 april 12
57. RSA
Ron Rivest, Adi Shamir, Leonard Adleman
1978
Pierre de Fermat, Leonard Euler
17th - 18th century
27
vrijdag 20 april 12
58. Public key encryption works on the premise that it
is practically impossible to refactor a large number
back into 2 separate prime numbers
28
vrijdag 20 april 12
59. Public key encryption works on the premise that it
is practically impossible to refactor a large number
back into 2 separate prime numbers
Prime number is only divisible by 1 and
itself: 2, 3, 5, 7, 11, 13, 17, 19 etc...
28
vrijdag 20 april 12
62. “large” number: 221
but we cannot calculate its
prime factors without brute force.
There is no “formula” (like e=mc2)
29
vrijdag 20 april 12
63. “large” number: 221
but we cannot calculate its
prime factors without brute force.
There is no “formula” (like e=mc2)
(13 and 17)
29
vrijdag 20 april 12
65. ➡ There is no proof that it’s impossible to refactor
quickly (all tough it doesn’t look plausible)
30
vrijdag 20 april 12
66. ➡ There is no proof that it’s impossible to refactor
quickly (all tough it doesn’t look plausible)
➡ Brute-force decrypting is always lurking around
(quicker machines, better algorithms).
30
vrijdag 20 april 12
67. The math
behind the curtain
31
vrijdag 20 april 12
69. ➡ p = (large) prime number
32
vrijdag 20 april 12
70. ➡ p = (large) prime number
➡ q = (large) prime number (but not too close to p)
32
vrijdag 20 april 12
71. ➡ p = (large) prime number
➡ q = (large) prime number (but not too close to p)
➡ n = p .q (bit length of the RSA key)
32
vrijdag 20 april 12
72. ➡ p = (large) prime number
➡ q = (large) prime number (but not too close to p)
➡ n = p .q (bit length of the RSA key)
➡ φ = (p-1) . (q-1) (the φ thingie is called phi)
32
vrijdag 20 april 12
73. ➡ p = (large) prime number
➡ q = (large) prime number (but not too close to p)
➡ n = p .q (bit length of the RSA key)
➡ φ = (p-1) . (q-1) (the φ thingie is called phi)
➡ e = gcd(e, φ) = 1
32
vrijdag 20 april 12
74. ➡ p = (large) prime number
➡ q = (large) prime number (but not too close to p)
➡ n = p .q (bit length of the RSA key)
➡ φ = (p-1) . (q-1) (the φ thingie is called phi)
➡ e = gcd(e, φ) = 1
➡ d = (d . e) mod φ = 1
32
vrijdag 20 april 12
75. Step 1: select primes P and Q
‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33
vrijdag 20 april 12
76. Step 1: select primes P and Q
‣ P = 11
‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33
vrijdag 20 april 12
77. Step 1: select primes P and Q
‣ P = 11
‣ Q=3
‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33
vrijdag 20 april 12
78. Step 2: calculate N and Phi
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34
vrijdag 20 april 12
79. Step 2: calculate N and Phi
➡ N = P . Q = 11 . 3 = 33
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34
vrijdag 20 april 12
80. Step 2: calculate N and Phi
➡ N = P . Q = 11 . 3 = 33
➡ φ = (11-1) . (3-1) = 10 . 2 = 20
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34
vrijdag 20 april 12
81. Step 2: calculate N and Phi
➡ N = P . Q = 11 . 3 = 33
➡ φ = (11-1) . (3-1) = 10 . 2 = 20
33 decimal is 100001 in binary == 6 bit key
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34
vrijdag 20 april 12
82. Step 2: calculate N and Phi
➡ N = P . Q = 11 . 3 = 33
➡ φ = (11-1) . (3-1) = 10 . 2 = 20
33 decimal is 100001 in binary == 6 bit key
There are 20 co primes for 33 : φ(33) = 20
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34
vrijdag 20 april 12
83. Step 3: find e
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35
vrijdag 20 april 12
84. Step 3: find e
‣ e=3
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35
vrijdag 20 april 12
85. Step 3: find e
‣ e=3
‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35
vrijdag 20 april 12
86. Step 3: find e
‣ e=3
‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1
n
2
Fermat number: 2 + 1
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35
vrijdag 20 april 12
87. Step 3: find e
‣ e=3
‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1
n
2
Fermat number: 2 + 1
Fermat prime: Fermat that is prime: 3, 5, 17, 257, 65537
Study shows that 98.5% of the time 65537 is used
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35
vrijdag 20 april 12
88. Step 4: find d
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ? 36
vrijdag 20 april 12
89. Step 4: find d
‣ Extended Euclidean Algorithm gives 7
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ? 36
vrijdag 20 april 12
90. Step 4: find d
‣ Extended Euclidean Algorithm gives 7
‣ brute force: (e.d mod φ = 1)
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ? 36
vrijdag 20 april 12
91. Step 4: find d
‣ Extended Euclidean Algorithm gives 7
‣ brute force: (e.d mod φ = 1)
3 . 1 = 3 mod 20 = 3 3 . 6 = 18 mod 20 = 18
3 . 2 = 6 mod 20 = 6 3 . 7 = 21 mod 20 = 1
3 . 3 = 9 mod 20 = 9 3 . 8 = 24 mod 20 = 4
3 . 4 = 12 mod 20 = 12 3 . 9 = 27 mod 20 = 7
3 . 5 = 15 mod 20 = 15 3.10 = 30 mod 20 = 10
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ? 36
vrijdag 20 april 12
92. ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 37
vrijdag 20 april 12
93. That’s it:
➡ public key = (n, e) = (33, 3)
➡ private key = (n, d) = (33, 7)
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 37
vrijdag 20 april 12
94. The actual math is much more complex since
we use very large numbers, but it all comes
down to these (relatively simple) calculations..
38
vrijdag 20 april 12
97. jthijssen@debian-jth:~$ openssl rsa -text -noout -in server.key
Private-Key: (256 bit)
modulus:
n
00:c2:d0:c4:1f:6f:78:16:82:d1:0c:dd:5a:af:de:f2:ff:31:c6:
9b:3b:9f:e8:24:2a:5c:06:56:ea:d7:7c:c6:19
publicExponent: 65537 (0x10001)
e
privateExponent:
22:8f:fd:2b:82:90:30:96:36:d6:6c:73:09:5e:a9:87:73:6e:
d
2d:d4:d5:78:fc:3b:20:ea:0d:02:e5:2b:cb:3d
prime1:
00:f0:49:fd:91:18:01:53:92:8f:87:d7:2b:c8:19:7d:17 p
prime2:
00:cf:8d:a1:3b:93:af:61:77:8f:c9:8f:1d:aa:8d:b4:4f
exponent1: q
00:e1:d8:c9:89:bc:84:52:a6:a8:5d:47:32:91:6a:d3:95
exponent2:
5a:88:b1:fa:d5:d9:db:8f:16:a6:5a:0a:1b:ba:42:1b
d mod (p-1)
coefficient:
00:99:fa:de:80:d4:ee:f3:69:59:e5:8a:72:ad:e5:30:3d
e mod (q-1)
(inverse q) mod p
39
vrijdag 20 april 12
98. Encrypting a message:
c = me mod n
Decrypting a message:
m = cd mod n
40
vrijdag 20 april 12
99. Encrypting a message: private key = (n,d) = (33, 7):
Decrypting a message: public key = (n,e) = (33, 3):
m = 13, 20, 15, 5
13^7 mod 33 = 7
20^7 mod 33 = 26
15^7 mod 33 = 27
5^7 mod 33 = 14
c = 7, 26, 27,14
41
vrijdag 20 april 12
100. Encrypting a message: private key = (n,d) = (33, 7):
Decrypting a message: public key = (n,e) = (33, 3):
m = 13, 20, 15, 5 c = 7, 26, 27,14
13^7 mod 33 = 7 7^3 mod 33 = 13
20^7 mod 33 = 26 26^3 mod 33 = 20
15^7 mod 33 = 27 27^3 mod 33 = 15
5^7 mod 33 = 14 14^3 mod 33 =5
c = 7, 26, 27,14 m = 13, 20, 15, 5
41
vrijdag 20 april 12
102. ➡ A message is an “integer”
42
vrijdag 20 april 12
103. ➡ A message is an “integer”
➡ A message must be between 2 and n-1.
42
vrijdag 20 april 12
104. ➡ A message is an “integer”
➡ A message must be between 2 and n-1.
➡ Deterministic, so we must use a padding
scheme to make it non-deterministic.
42
vrijdag 20 april 12
106. ➡ Public Key Cryptography Standard #1
43
vrijdag 20 april 12
107. ➡ Public Key Cryptography Standard #1
➡ Pads data with (random) bytes up to n bits
in length (v1.5 or OAEP/v2.x).
43
vrijdag 20 april 12
108. ➡ Public Key Cryptography Standard #1
➡ Pads data with (random) bytes up to n bits
in length (v1.5 or OAEP/v2.x).
➡ Got it flaws and weaknesses too. Always
use the latest available version (v2.1)
43
vrijdag 20 april 12
109. Data = 4E636AF98E40F3ADCFCCB698F4E80B9F
The encoded message block, EMB, after encoding but before encryption, with random
padding bytes shown in green:
0002257F48FD1F1793B7E5E02306F2D3228F5C95ADF5F31566729F132AA12009
E3FC9B2B475CD6944EF191E3F59545E671E474B555799FE3756099F044964038
B16B2148E9A2F9C6F44BB5C52E3C6C8061CF694145FAFDB24402AD1819EACEDF
4A36C6E4D2CD8FC1D62E5A1268F496004E636AF98E40F3ADCFCCB698F4E80B9F
After RSA encryption, the output is:
3D2AB25B1EB667A40F504CC4D778EC399A899C8790EDECEF062CD739492C9CE5
8B92B9ECF32AF4AAC7A61EAEC346449891F49A722378E008EFF0B0A8DBC6E621
EDC90CEC64CF34C640F5B36C48EE9322808AF8F4A0212B28715C76F3CB99AC7E
609787ADCE055839829E0142C44B676D218111FFE69F9D41424E177CBA3A435B
http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemes 44
vrijdag 20 april 12
112. HTTPS
➡ HTTP encapsulated by TLS (previously SSL).
46
vrijdag 20 april 12
113. HTTPS
➡ HTTP encapsulated by TLS (previously SSL).
➡ More or less: an encryption layer on top of http.
46
vrijdag 20 april 12
114. HTTPS
➡ HTTP encapsulated by TLS (previously SSL).
➡ More or less: an encryption layer on top of http.
➡ Myth: HTTPS uses public key encryption for
communication.
46
vrijdag 20 april 12
115. HTTPS
➡ HTTP encapsulated by TLS (previously SSL).
➡ More or less: an encryption layer on top of http.
➡ Myth: HTTPS uses public key encryption for
communication.
➡ Fact: HTTPS uses public key encryption to SETUP
communication.
46
vrijdag 20 april 12
116. jthijssen@debian-jth:~$ openssl x509 -text -noout -in github.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0e:77:76:8a:5d:07:f0:e5:79:59:ca:2a:9d:50:82:b5
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV CA-1
Validity
Not Before: May 27 00:00:00 2011 GMT
Not After : Jul 29 12:00:00 2013 GMT
Subject: businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/
1.3.6.1.4.1.311.60.2.1.2=California/serialNumber=C3268102, C=US, ST=California, L=San Francisco, O=GitHub, Inc.,
CN=github.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:ed:d3:89:c3:5d:70:72:09:f3:33:4f:1a:72:74:
d9:b6:5a:95:50:bb:68:61:9f:f7:fb:1f:19:e1:da:
04:31:af:15:7c:1a:7f:f9:73:af:1d:e5:43:2b:56:
09:00:45:69:4a:e8:c4:5b:df:c2:77:52:51:19:5b:
d1:2b:d9:39:65:36:a0:32:19:1c:41:73:fb:32:b2:
3d:9f:98:ec:82:5b:0b:37:64:39:2c:b7:10:83:72:
cd:f0:ea:24:4b:fa:d9:94:2e:c3:85:15:39:a9:3a:
f6:88:da:f4:27:89:a6:95:4f:84:a2:37:4e:7c:25:
78:3a:c9:83:6d:02:17:95:78:7d:47:a8:55:83:ee:
13:c8:19:1a:b3:3c:f1:5f:fe:3b:02:e1:85:fb:11:
66:ab:09:5d:9f:4c:43:f0:c7:24:5e:29:72:28:ce:
d4:75:68:4f:24:72:29:ae:39:28:fc:df:8d:4f:4d:
83:73:74:0c:6f:11:9b:a7:dd:62:de:ff:e2:eb:17:
e6:ff:0c:bf:c0:2d:31:3b:d6:59:a2:f2:dd:87:4a:
48:7b:6d:33:11:14:4d:34:9f:32:38:f6:c8:19:9d:
f1:b6:3d:c5:46:ef:51:0b:8a:c6:33:ed:48:61:c4:
1d:17:1b:bd:7c:b6:67:e9:39:cf:a5:52:80:0a:f4:
ea:cd
Exponent: 65537 (0x10001)
47
vrijdag 20 april 12
118. HTTPS
➡ Browser sends over its encryption methods.
48
vrijdag 20 april 12
119. HTTPS
➡ Browser sends over its encryption methods.
➡ Server decides which one to use.
48
vrijdag 20 april 12
120. HTTPS
➡ Browser sends over its encryption methods.
➡ Server decides which one to use.
➡ Server send certificate(s).
48
vrijdag 20 april 12
121. HTTPS
➡ Browser sends over its encryption methods.
➡ Server decides which one to use.
➡ Server send certificate(s).
➡ Client sends “session key” encrypted by the
public key found in the server certificate.
48
vrijdag 20 april 12
122. HTTPS
➡ Browser sends over its encryption methods.
➡ Server decides which one to use.
➡ Server send certificate(s).
➡ Client sends “session key” encrypted by the
public key found in the server certificate.
➡ Server and client uses the “session key” for
symmetrical encryption.
48
vrijdag 20 april 12
124. HTTPS
➡ Thus: Public/private encryption is only used in
establishing a secondary (better!?) encryption.
49
vrijdag 20 april 12
125. HTTPS
➡ Thus: Public/private encryption is only used in
establishing a secondary (better!?) encryption.
➡ SSL/TLS is a separate talk (it’s way more complex
as this)
49
vrijdag 20 april 12
126. HTTPS
➡ Thus: Public/private encryption is only used in
establishing a secondary (better!?) encryption.
➡ SSL/TLS is a separate talk (it’s way more complex
as this)
➡ http://www.moserware.com/2009/06/first-few-
milliseconds-of-https.html
49
vrijdag 20 april 12
130. Questions:
➡ Did Bill really send this email?
52
vrijdag 20 april 12
131. Questions:
➡ Did Bill really send this email?
➡ Do we know for sure that nobody has read
this email (before it came to us?)
52
vrijdag 20 april 12
132. Questions:
➡ Did Bill really send this email?
➡ Do we know for sure that nobody has read
this email (before it came to us?)
➡ Do we know for sure that the contents of
the message isn’t tampered with?
52
vrijdag 20 april 12
133. Questions:
➡ Did Bill really send this email?
➡ Do we know for sure that nobody has read
this email (before it came to us?)
➡ Do we know for sure that the contents of
the message isn’t tampered with?
➡ We use signing!
52
vrijdag 20 april 12
135. Signing a message
➡ Signing a message means adding a signature
that authenticates the validity of a message.
53
vrijdag 20 april 12
136. Signing a message
➡ Signing a message means adding a signature
that authenticates the validity of a message.
➡ Like md5 or sha1, so when the message
changes, so will the signature.
53
vrijdag 20 april 12
137. Signing a message
➡ Signing a message means adding a signature
that authenticates the validity of a message.
➡ Like md5 or sha1, so when the message
changes, so will the signature.
➡ This works on the premise that Alice and
only Alice has the private key that can
create the signature.
53
vrijdag 20 april 12
138. Signing a message
http://en.wikipedia.org/wiki/File:Digital_Signature_diagram.svg 54
vrijdag 20 april 12
141. Introduction a pretty-good-privacy
➡ GPG / PGP: Application for signing and/or
encrypting data (or emails).
➡ Try it yourself with Thunderbird’s Enigmail
extension.
55
vrijdag 20 april 12
142. Introduction a pretty-good-privacy
➡ GPG / PGP: Application for signing and/or
encrypting data (or emails).
➡ Try it yourself with Thunderbird’s Enigmail
extension.
➡ Public keys can be send / found on PGP-
servers so you don’t need to send your
keys to everybody all the time.
55
vrijdag 20 april 12
144. ‣ Everybody can send emails that ONLY YOU can read.
56
vrijdag 20 april 12
145. ‣ Everybody can send emails that ONLY YOU can read.
‣ Everybody can verify that YOU have send the email
and that it is authentic.
56
vrijdag 20 april 12
146. ‣ Everybody can send emails that ONLY YOU can read.
‣ Everybody can verify that YOU have send the email
and that it is authentic.
‣ Why is this not the standard?
56
vrijdag 20 april 12
147. ‣ Everybody can send emails that ONLY YOU can read.
‣ Everybody can verify that YOU have send the email
and that it is authentic.
‣ Why is this not the standard?
‣ No really, why isn’t it the standard?
56
vrijdag 20 april 12
150. SSH
➡ Public key authentication
58
vrijdag 20 april 12
151. SSH
➡ Public key authentication
➡ Because you suck at creating and/or
remembering passwords
58
vrijdag 20 april 12
152. ➡ Run ssh-keygen
➡ copy id_rsa.pub over to server’s ~/.ssh/
authorized_keys
➡ Easy for tools / scripts to connect
➡ Easy for you (no remembering passwords)
➡ More fine grained security model.
59
vrijdag 20 april 12
156. ➡ Don’t “invent” your own encryption. It will
NOT be secure, and it WILL fail.
62
vrijdag 20 april 12
157. ➡ Don’t “invent” your own encryption. It will
NOT be secure, and it WILL fail.
➡ Encryption is as strong as the weakest link,
which 9 out of 10 times will be you.
62
vrijdag 20 april 12
158. ➡ Don’t “invent” your own encryption. It will
NOT be secure, and it WILL fail.
➡ Encryption is as strong as the weakest link,
which 9 out of 10 times will be you.
➡ Encryptions evolve. Do not use today what
you used 10 years ago.
62
vrijdag 20 april 12
159. ➡ Don’t “invent” your own encryption. It will
NOT be secure, and it WILL fail.
➡ Encryption is as strong as the weakest link,
which 9 out of 10 times will be you.
➡ Encryptions evolve. Do not use today what
you used 10 years ago.
➡ Every encryption will become obsolete!
62
vrijdag 20 april 12
160. ➡ Don’t “invent” your own encryption. It will
NOT be secure, and it WILL fail.
➡ Encryption is as strong as the weakest link,
which 9 out of 10 times will be you.
➡ Encryptions evolve. Do not use today what
you used 10 years ago.
➡ Every encryption will become obsolete!
➡ Always follow the best practices.
62
vrijdag 20 april 12
162. Thank you
Find me on twitter: @jaytaph
Find me on email: jthijssen@noxlogic.nl
Find me for blogs: www.adayinthelifeof.nl
Find me for development and training: www.noxlogic.nl
http://xkcd.com/153/ 64
vrijdag 20 april 12