Security elements are foundation of any security archietecture. Following are security elements that builds secuirty periphery of any application
Keys
Keys are the mechanism that is used to lock & unlock the important information that requires security. Various algorithms are used to generate these keys are DES, RC2, and RC4
Types of keys
· Public Key – Known to everyone. Postbox analogy.
· Private Key – Know only to you [ who decrypt]
Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.
CAipher (Algorithms)
Algorithm is a logic that is implemented on a set of data to make it unreadable. There are two types of algorithms or popularly known as Ciphers:
Symmetric Ciphers:
# An algorithm that uses same key to encrypt & decrypt e.g. Caesar Cipher
# Faster as uses the same key
# Insecure than Asymmetric
# Examples : RC4, FISH, Py, QUAD, SNOW etc. and block ciphers like AES, Blowfish, DES, Serpent, Camellia
# Shared Key/Shared Secret Encryption
# Very insecure to share key - solution is to encapsulate the symmetric key inside a message encrypted with an asymmetric algorithm. You have never transmitted your private key to anybody, then the message encrypted with the public key is secure (relatively secure, nothing is certain except death and taxes). The symmetric key is also chosen randomly, so that if the symmetric secret key is discovered then the next transaction will be totally different.
Symetric Key-->[Public Key]-->Encrypted Symetric Key-->[Private Key]-->Symetric Key
ASymmetric Ciphers:
# An algorithm that uses different keys to encrypt & decrypt.
# Known as public key cryptography
# one key is publicly available, and the other key is private and is known only to you
# Sender encrypts the message using the public key and make transform the plain text to cipher text, and this can only be decrypted using the corresponding private key which enables anyone to send you a message without ever having to share a secret key. Examples - ElGamal, RSA, Elliptic curve techniques, PGP, SSH etc
Comentarios