Cryptography

• CISSP Training - Cryptography

Cryptography: the science of hiding information in plain sight
encryption-ciphertext-decryption
encryption-transforming data into an unreadable format
plaintext-readable data
the ciphertext-scrambled format of data after encryption

• Java Cryptography

Cryptography is a field looking at techniques for "encoding and verifying things securely". It tends to focus on the following issues:

    encryption of data so that an unauthorized third party cannot read it without a key of some sort;
    authentication and validation (or certification): broadly speaking, checking that a piece of data is "what it should be" or "hasn't been tampered with"— e.g. whether the data was transmitted error-free, whether it was deliberately altered by third parties, and indeed whether the parties are who we believe they are;
    computer protocols for using the previous two techniques correctly and in a way that allows all parties to know how they're being used (e.g. the TLS protocol allows a client to connect to a server over the Internet without the two machines previously knowing things such as session key or even preferred encryption method, maximum key length etc).
    http://www.javamex.com/tutorials/cryptography/

•     Lesson 3: Cryptography

    Encryption is the process of applying a key to plain text that transforms that plain text into unintelligible (cipher) text. Only programs with the key to turning the ciphertext back to original text can decrypt the protected information.
    http://www.oracle.com/technetwork/java/crypto-142375.html

• Homomorphic encryption is a method of performing calculations on encrypted information without decrypting it first. 

http://www.wired.com/2014/11/hacker-lexicon-homomorphic-encryption

• Storing User Passwords Securely: hashing, salting, and Bcrypt

Bad Solution #1: plain text password
It would be very insecure to store each user's "plain text" password in your database:
This is insecure because if a hacker gains access to your database, they'll be able to use that password to log in as that user on your system.
Or even worse, if that user uses the same password for other sites on the internet, the hacker can now login there as well


Bad Solution #2: sha1(password)
A better solution is to store a "one-way hash" of the password, typically using a function like md5() or sha1():
in theory, it should be impossible to "undo" a one-way hash function and find an input string that outputs the same hash value
security experts suggest that these functions not be used anymore for security applications. (Instead, you should use better hash functions like sha256() which don't have any known vulnerabilities so far.)
they can just keep guessing input passwords until they find a match. This is similar to trying all the combinations of a combination lock
storing a simple hash (with no salt) is not secure -- if a hacker gains access to your database, they'll be able to figure out the majority of the passwords of the users


Bad Solution #3: sha1(FIXED_SALT + password)
One attempt to make things more secure is to "salt" the password before hashing it:
The salt is supposed to be a long random string of bytes.
If the hacker gains access to these new password hashes (but not the salt), it will make it much more difficult for the hacker to guess the passwords because they would also need to know the salt
However, if the hacker has broken into your server, they probably also have access to your source code as well, so they'll learn the salt too
Those rainbow tables are built assuming there are no salt, so salted hashes stop them.


Bad Solution #4: sha1(PER_USER_SALT + password)
create a new column in the database and store a different salt for each user.
The salt is randomly created when the user account is first created (or when the user changes their password
By having a per-user-salt, we get one huge benefit: the hacker can't attack all of your user's passwords at the same time



Good Solution: bcrypt(password)
how Bcrypt works, the "trick" is that it executes an internal encryption/hash function many times in a loop.
Bcrypt is configurable, with a log_rounds parameter that tells it how many times to execute that internal hash function
http://dustwell.com/how-to-handle-passwords-bcrypt.html

• If you want to find a given plaintext for a certain hash there are two simple methods:

- Hash each plaintext one by one, until you find the hash.
- Hash each plaintext one by one, but store each generated hash in a sorted table so that you can easily look the hash up later without generating the hashes again

Going one by one takes a very long time, and storing each hash takes an amount of memory which simply doesn't exist (for all but the smallest of plaintext sets). Rainbow tables are a compromise between pre-computation and low memory usage.

It's important to note that it does the reverse of a hash function (mapping hashes to plaintexts), but it is /not/ an inverse hash function. The whole purpose of hash functions is that inverse hash functions can't be made. If you take the hash of a plaintext, and take the reduction of the hash, it will not give you the original plaintext; but some other plaintext.

If the set of plaintexts is [0123456789]{6} (we want a rainbow table of all numeric passwords of length 6), and the hashing function is MD5(), a hash of a plaintext might be MD5("493823") -> "222f00dc4b7f9131c89cff641d1a8c50".
In this case the reduction function R() might be as simple as taking the first six numbers from the hash; R("222f00dc4b7f9131c89cff641d1a8c50") -> "222004".
We now have generated another plaintext from the hash of the previous plaintext, this is the purpose of the reduction function.

The algorithm is:

    Look for the hash in the list of final hashes, if it is there break out of the loop.
    If it isn't there reduce the hash into another plaintext, and hash the new plaintext.
    Goto the start.
    If the hash matches one of the final hashes, the chain for which the hash matches the final hash contains the original hash.

http://kestas.kuliukas.com/RainbowTables/

• bcrypt is a hashing algorithm which is scalable with hardware (via a configurable number of rounds).

Its slowness and multiple rounds ensure that an attacker must deploy massive funds and hardware to be able to crack your passwords
Add to that per-password salts (bcrypt REQUIRES salts) and you can be sure that an attack is virtually unfeasible without either ludicrous amount of funds or hardware.
bcrypt uses the Eksblowfish algorithm to hash passwords.
While the encryption phase of Eksblowfish and Blowfish are exactly the same, the key schedule phase of Eksblowfish ensures that any subsequent state depends on both salt and key (user password), and no state can be precomputed without the knowledge of both
Because of this key difference, bcrypt is a one-way hashing algorithm
You cannot retrieve the plain text password without already knowing the salt, rounds, and key (password)
http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php

• what exactly is a good option for secure password hashing? 

Bcrypt is an adaptive hash function based on the Blowfish symmetric block cipher cryptographic algorithm
It uses a Key Factor (or Work Factor) which adjusts the cost of hashing, which is probably Bcrypt’s most notable feature.
The ability to increase the cost (time and processing power) of hashing in the future as computers become more powerful is what really sets Bcrypt apart from other functions.
Changing the Key Factor also influences the hash output, so this makes Bcrypt extremely resistant to rainbow table-based attacks.
Bcrypt is incredibly slow to hash input compared to other functions this results in a much better output hash
it comes to hashing and encryption, faster is never better.
The longer it takes to encode something, the longer it takes a computer to try and identify the input
How much slower is bcrypt than, say, MD5?
Depends on the work factor.
Using a work factor of 12, bcrypt hashes the password yaaa in about 0.3 seconds on my laptop. MD5, on the other hand, takes less than a microsecond.
Bcrypt is much slower than SHA-2, and thus theoretically better
SHA-2 also isn’t adaptive like Bcrypt and its Key Factor, so it will be more susceptible to table-based attacks as computer processing power increases

http://www.sitepoint.com/why-you-should-use-bcrypt-to-hash-stored-passwords/

• org.springframework.security.crypto.bcrypt.BCrypt

BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.
This password hashing system tries to thwart off-line password cracking using a computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. The work factor of the algorithm is parameterized so it can be increased as computers get faster.


To hash a password for the first time, call the hashpw method with a random salt, like this:
String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());

To check whether a plaintext password matches one that has been hashed previously, use the checkpw method:
if (BCrypt.checkpw(candidate_password, stored_hash))
    System.out.println("It matches");
else
    System.out.println("It does not match");

The gensalt() method takes an optional parameter (log_rounds) that determines the computational complexity of the hashing:

String strong_salt = BCrypt.gensalt(10)
String stronger_salt = BCrypt.gensalt(12)

The amount of work increases exponentially (2**log_rounds), so each increment is twice as much work.
The default log_rounds is 10, and the valid range is 4 to 31.

http://docs.spring.io/autorepo/docs/spring-security/3.2.x/apidocs/org/springframework/security/crypto/bcrypt/BCrypt.html

• org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

Implementation of PasswordEncoder that uses the BCrypt strong hashing function.
Clients can optionally supply a "strength" (a.k.a. log rounds in BCrypt) and a SecureRandom instance
The larger the strength parameter the more work will have to be done (exponentially) to hash the passwords.
The default value is 10.

public BCryptPasswordEncoder(int strength,SecureRandom random)
Parameters:
    strength - the log rounds to use
    random - the secure random instance to use

http://docs.spring.io/autorepo/docs/spring-security/3.2.x/apidocs/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.html

• The file name is Windows-KB841290-x86-ENU.exe in case you're looking for it in whatever folder you downloaded it to.

Checking MD5 and SHA-1 checksums can still be accomplished with a tool available for download from the Microsoft website
Now that FCIV has been extracted and is on your Desktop, you need to move it to the correct folder in Windows so it can be used like other commands.
Locate the just extracted fciv.exe file on your Desktop, right-click on it, and choose Copy.
copy fciv.exe from your Desktop to the C:\Windows folder.
Now that File Checksum Integrity Verifier is located in the C:\Windows directory, you can execute the command from any location on your computer, making it much easier to create checksums for file verification purposes.

Some types of files you download, like ISO images, service packs, and even entire software programs or operating systems, are often large and high-profile, making them prone to downloading errors and even alteration by malicious third parties
Fortunately, many websites offer a piece of data called a checksum that can be used to help verify that the file you end up with on your computer is exactly the same as the file they're providing.

A checksum, also called a hash or hash value, is produced by running a cryptographic hash function, usually MD5 or SHA-1, on a file
Comparing the checksum produced by running a hash function on your version of the file, with the one published by the download provider, can prove with near certainty that both files are identical.
http://pcsupport.about.com/od/software-tools/ht/file-checksum-integrity-verifier.htm

• Verifying File Copy/Move Operations With Microsoft File Checksum Integrity Verifier

http://www.bobpusateri.com/archive/2013/02/verifying-file-copymove-operations-with-microsoft-file-checksum-integrity-verifier/

• While MD5 is no longer considered cryptographically secure and is being replaced by the SHA-2 family of hash functions, it is nevertheless still widely used to provide a hash value for files that are downloaded from the Internet

FCIV can also recursively generate hash values for all the files in a folder and its subfolders so you could create hash values for your entire C drive with the command:

to calculate a checksum for each system file and store them in an XML file database so you can see if any of them have been changed at a later date.
the following command will calculate and store the hash value for every file in the systemroot -- the folder where the operating system files are located -- and store them in an XML file called windowsystemhashes.XML located in the C drive:

fciv.exe -add %systemroot% -r -XML c:\windowsystemhashes.XML
http://www.computerweekly.com/tip/How-to-use-the-Microsoft-FCIV-command-line-checksum-tool

• Availability and description of the File Checksum Integrity Verifier utility

https://support.microsoft.com/en-us/kb/841290

generate hash
fciv thieb.jpg > thiebhash.txt

//
// File Checksum Integrity Verifier version 2.05.
//
336b0a1e9227648b45be68b31761bce7 thieb.jpg



check hash
Steganography>fciv.exe ../thieb.png
//
// File Checksum Integrity Verifier version 2.05.
//
7c23a18aa23cf4ba0b8ca62985152c14 ../thieb.png

• The popular argument for storing passwords in plain text is that it reduces the required labor for help desk staff in that they'll easily be able to tell a person what their password is if they happen to forget it. This strikes me as very unconvincing. First, it's easy to design a page where the user can reset their password if they forget it—the "Forgot your password?" page—and second, if you use a more secure method like storing the output of a hash function instead of the password itself, help desk staff can still reset a user's password if they've forgotten it. It's probably also a bad idea for help desk staff to have access to the plain text password of a large corporations' CEO or CFO.)

A one-way hash function is a series of mathematical operations that transform some input into a sort of "fingerprint" called a digest
As the name implies, these functions are one-way, meaning you can turn something into a digest, but you can't turn the digest into what it originally was.
When a user creates an account, the system stores their account information, but instead of storing their password on the disk, it runs the password through the one-way hash function and stores the digest instead.
When a user wants to log in to the system in the future, the system takes the password that they provide, runs it through the one-way hash function, then compares it to the existing digest stored for that user. T
The system only needs to be able to check if the output from the hash function is the same; it doesn't need to store any details about the password, and it doesn't need to remember the password itself.
A good cryptographic hash function-the sort of one-way hash-should produce digests that are very different when the input is altered even a little. (This is known as the avalanche effect.)should produce digests that are very different when the input is altered even a little. (This is known as the avalanche effect.)should produce digests that are very different when the input is altered even a little. This is known as the avalanche effect

there are many problems with simply hashing passwords. The two major ones are:

Recognizability
What is the major downside of the fact that a digest of a certain message always returns the same digest? Well, if an attacker spends a lot of resources pre-computing digests for as many passwords as possible, and they get access to your user database, they can check all of those digests against the ones you've stored. Furthermore, they can use the list of digests they've created to try to find matches in many different user databases that they've compromised. (This form of digest list is commonly called a rainbow table.)
What's even worse is that, if the attacker guesses, or "cracks", a password, they can simply search your database to find all users with the same password digest—they'll know that anyone with the same password digest uses the same password as the user whose password they've guessed.
Speed
Hash functions are used for many things in cryptography, most commonly verifying messages—a message can be a block of data in an encrypted data stream—but they were not designed for password storage/to be used as stored secrets
For something like MD5, it's possible to make up to, and more than, 5.6 billion guesses per second using commodity hardware.) Even if the password cannot be deduced by looking directly at the digest, the password, if it is not very long or very complex, can be guessed very easily. The vast majority of user-chosen passwords are not very long, nor very complex. The speed ends up hurting the user instead of helping them.

there are solutions to these problems(speed  & recognizability):
A salt is a random sequence of bytes which is added to the hash function, or just to the password string itself,
so you create a digest for e.g. 6zvz3ylalpkp03lua8r4yyzdoq7e2js2 + sw0rdf1sh! rather than just sw0rdf1sh!.
If each user has their own salt, there is no easy way to group users with identical digests to find users with the same passwords. This largely solves the recognizability problem.
Every password should have its own salt, and that salt should be at least 32 bytes or more to make it much harder to guess both the correct salt and digest.

Stretching
If you create a digest of a password, then create a digest of the digest, and a digest of that digest, and a digest of that digest, you've made a digest that is the result of four iterations of the hash function. You can no longer create a digest from the password and compare it to the iterated digest, since that is the digest of the third digest, and the third digest is the digest of the second digest. To compare passwords, you have to run the same number of iterations, then compare against the fourth digest. This is called stretching.

Adaptive Key Derivation Functions
Adaptive key derivation functions are exactly the functions that generate digests from passwords whilst applying salting and stretching
key derivation functions derive strong keys to be used for subsequent encryption, however, since the functions we'll be discussing are one-way, they can be used for "password digests."

bcrypt
bcrypt is an adaptive hash function designed specifically for password "storage.
It uses a modified version of Blowfish by Bruce Schneier rather than iterating a hash function
its "work factor" which determines how much processing is needed to produce a single hash digest
the password salt and a number indicating the work factor are included in the output
bcrypt is the default password authentication mechanism in OpenBSD
Its major limitation is that, unlike PBKDF2 and scrypt, it places a hard size limit of 72 bytes/ASCII characters on the input.

MD5, SHA-1, SHA-256, SHA-512, et al, are not "password hashes." By all means use them for message authentication and integrity checking, but not for password authentication.MD5, SHA-1, SHA-256, SHA-512, et al, are not "password hashes." By all means, use them for message authentication and integrity checking, but not for password authentication.
If you are a government contractor, want to be compliant with security certifications or regulations like ISO 27001 or FIPS 140-2, or don't want to depend on third-party or less-scrutinized libraries, use PBKDF2-HMAC-SHA-256/SHA-512 with a large number of iterations to generate digests of your users' passwords. (Ideally it should take a second or more to generate a single digest.)
If you want very strong password digests, and a system that is very easy to use, use bcrypt. Simple, easy-to-use libraries exist for nearly every programming language. (Just google "bcrypt <language name>", and chances are you'll find a solid implementation.)
If you are designing a new system which either relies on encryption to store very sensitive information using a weak secret (user passwords), or where it is imperative that nobody guesses any of the passwords in any reasonable amount of time, you should investigate if there is a solid implementation of scrypt for the language or framework you're using.

http://throwingfire.com/storing-passwords-securely

• ROT13 ("rotate by 13 places", sometimes hyphenated ROT-13) is a simple letter substitution cipher that replaces a letter with the letter 13 letters after it in the alphabet.

ROT13 is an example of the Caesar cipher, developed in ancient Rome.
In the basic Latin alphabet, ROT13 is its own inverse;

Applying ROT13 to a piece of text merely requires examining its alphabetic characters and replacing each one by the letter 13 places further along in the alphabet, wrapping back to the beginning if necessary
A becomes N, B becomes O, and so on up to M, which becomes Z,
then the sequence continues at the beginning of the alphabet: N becomes A, O becomes B, and so on to Z, which becomes M
Only those letters which occur in the English alphabet are affected; numbers, symbols, whitespace, and all other characters are left unchanged.
Because there are 26 letters in the English alphabet and 26 = 2 × 13, the ROT13 function is its own inverse

For example, in the following joke, the punchline has been obscured by ROT13:
How can you tell an extrovert from an
introvert at NSA? Va gur ryringbef,
gur rkgebireg ybbxf ng gur BGURE thl'f fubrf.

Transforming the entire text via ROT13 form, the answer to the joke is revealed
Ubj pna lbh gryy na rkgebireg sebz na
vagebireg ng AFN? In the elevators,
the extrovert looks at the OTHER guy's shoes.

http://en.wikipedia.org/wiki/ROT13

• A pseudo-random number generator (PRNG) is a program written for, and used in, probability and statistics applications when large quantities of random digits are needed. Most of these programs produce endless strings of single-digit numbers, usually in base 10, known as the decimal system. When large samples of pseudo-random numbers are taken, each of the 10 digits in the set {0,1,2,3,4,5,6,7,8,9} occurs with equal frequency, even though they are not evenly distributed in the sequence.

the very existence of the algorithm, no matter how sophisticated, means that the next digit can be predicted!
The digits in the decimal expansions of irrational number s such as pi (the ratio of a circle's circumference to its diameter in a Euclidean plane), e (the natural- logarithm base), or the square roots of numbers that are not perfect squares (such as 2 1/2 or 10 1/2 ) are believed by some mathematicians to be truly random.
But computers can be programmed to expand such numbers to thousands, millions, billions, or trillions of decimal places; sequences can be selected that begin with digits far to the right of the decimal (radix) point, or that use every second, third, fourth, or n th digits
However, again, the existence of an algorithm to determine the digits in such numbers is used by some theoreticians to argue that even these single-digit number sequences are pseudo-random, and not truly random.
The question then becomes, Is the algorithm accurate (that is, random) to infinity, or not?
and because no one can answer such a question definitively because it is impossible to travel to infinity and find out, the matter becomes philosophical.
http://whatis.techtarget.com/definition/pseudo-random-number-generator-PRNG

• A pseudo-random number generator (PRNG) refers to an algorithm that uses mathematical formulas to produce sequences of random numbers. PRNGs generate a sequence of numbers approximating the properties of random numbers. This is determined by a small group of initial values. PRNGs are fundamental to the use of cryptographic mechanisms and key generation as they ensure message uniqueness. A pseudo-random number generator (PRNG) refers to an algorithm that uses mathematical formulas to produce sequences of random numbers. PRNGs generate a sequence of numbers approximating the properties of random numbers. This is determined by a small group of initial values. PRNGs are fundamental to the use of cryptographic mechanisms and key generation as they ensure message uniqueness.

Widely used PRNG algorithms include: linear congruential generators, lagged Fibonacci generators, linear feedback shift registers, Blum Blum Shub, Fortuna, and Mersenne Twister.
A pseudo-random number generator starts from an arbitrary starting state using a seed state. Many numbers are generated in a short time and can also be reproduced later if the starting point in the sequence is known. Hence, the numbers are deterministic and efficient.

http://www.techopedia.com/definition/25842/pseudo-random-number-generator-prng

• pseudo-

false or not real:
determinism [uncountable]
the belief that what you do and what happens to you are caused by things that you cannot control
—deterministic  adjective
arbitrary
decided or arranged without any reason or plan, often unfairly:

• A pseudorandom number generator (PRNG), also known as a deterministic random bit generator (DRBG)[1], is an algorithm for generating a sequence of numbers that approximates the properties of random numbers. The sequence is not truly random in that it is completely determined by a relatively small set of initial values, called the PRNG's state. Although sequences that are closer to truly random can be generated using hardware random number generators, pseudorandom numbers are important in practice for simulations (e.g., of physical systems with the Monte Carlo method), and are central in the practice of cryptography and procedural generation.

http://www.princeton.edu/~achaney/tmve/wiki100k/docs/Pseudorandom_number_generator.html

• Hashing is a one-way algorithm; cannot be reversed

Hashing is a technique of creating semi-unique keys based on larger pieces of data.
A hash is a one-way algorithm used to compare input with a reference without compromising the reference.
if you shop using credit-card.
There you will find your credit-card-number with some numbers hidden, this way you can prove with high probability that your card was used to buy the stuff while someone searching through your garbage won't be able to find the number of your card.
A very naive and simple hash is "The first 3 letters of a string".
That means the hash of "abcdefg" will be "abc".
This function can obviously not be reversed which is the entire purpose of a hash.
However, note that "abcxyz" will have exactly the same hash, this is called a collision.
a hash only proves with a certain probability that the two compared values are the same.
Another very naive and simple hash is the 5-modulus of a number, here you will see that 6,11,16 etc.. will all have the same hash: 1.
Modern hash-algorithms are designed to keep the number of collisions as low as possible but they can never be completely avoided.
A rule of thumb is the longer your hash is, the fewer collisions it has.
Hashing typically reduces a large amount of data to a much smaller size. This is useful for verifying the contents of a file without having to have two copies to compare, for example.
Hashing is a one-way task of creating one value from another. The algorithm should try to create a value that is as short and as unique as possible.
Hashing takes an input, runs it through a function, and generates an output that can be a reference to the input.
It is not necessarily unique, a function can generate the same output for different inputs.


Obfuscation is similar to encryption but doesn't require any "secret" to understand
obfuscation generally involves trying to remove helpful clues (i.e. meaningful variable/function names), removing whitespace to make things hard to read, and generally doing things in convoluted ways to make following what's going on difficult. It provides no serious level of security like "true" encryption would.
Obfuscation is hiding some information without a separate key (or with a fixed key). In this case, keeping the method a secret is how you keep the data safe.
obfuscation is making something unreadable without changing semantics. It involves value transformation, removing whitespace, etc. Some forms of obfuscation can also be one-way, so it's impossible to get the starting value


Encryption is reversible but a "secret" is required to do so
Encryption can follow several models, one of which is the "secret" method, called private key encryption where both parties have a secret key.
Public key encryption uses a shared one-way key to encrypt and a private recipient key to decrypt. With public key, only the recipient needs to have the secret.
Encryption involves storing some secret data, and the security of the secret data depends on keeping a separate "key" safe from the bad guys.
encryption is two-way, and there's always some decryption working the other way around.
Encryption transforms the input into an output in a unique manner. There is a one-to-one correlation so there is no potential loss of data or confusion - the output can always be transformed back to the input with no ambiguity.
Encryption - using a key to transform data so that only those with the correct key can understand it. The encrypted data can be decrypted to obtain the original data. Typical standards are DES, TDES, AES, RSA etc.

http://stackoverflow.com/questions/184328/what-is-the-difference-between-obfuscation-hashing-and-encryption

• Spring Security is a Java/Java EE framework that provides authentication, authorization and other security features for enterprise applications. The project was started in late 2003 as 'Acegi Security' (pronounced Ah-see-gee)[1] by Ben Alex, with it being publicly released under the Apache License in March 2004. Subsequently, Acegi was incorporated into the Spring portfolio as Spring Security, an official Spring sub-project

http://en.wikipedia.org/wiki/Spring_Security

• MAVEN ARTIFACTS

The dependencies you need to add to your project will depend on what features you require. For example, a typical Spring Security web application using namespace configuration would have the following artifacts added to its maven pom:
http://www.springsource.org/spring-security#maven

• Specifically, we will see how you can use techniques from cryptography—hashing and salting your passwords

Problem
You want to store passwords securely to prevent anybody—even yourself and other technical staff—from being able to view them.

Solution
In this recipe, we’re going to use Spring Security 2 to store passwords securely. We’ll also show how to authenticate against secured passwords.
Spring Security makes it fairly easy to store passwords securely. The actual storage mechanism (database, LDAP or other) doesn’t really matter since that’s abstracted away, which is nice.

Understanding hash functions
The idea behind this recipe is that we want to store passwords in encrypted form in the persistent store. 
There are in general two different approaches to encryption here: ciphers and hash functions. 
The two are similar in that each provides a way to encrypt data, but they differ in that only ciphers provide an easy way (assuming you know a secret key) to decrypt the data. 
Hash functions don’t provide for easy decryption; hence they are sometimes referred to as one-way hash functions. 
All hash functions, however, are one-way.
When storing encrypted passwords, the typical practice is to use a hash function, such as MD5 or SHA-1, to encrypt the password before saving it. 
The reason for preferring a hash function to a cipher is that we don’t usually want anybody to be able to recover the password: 
we never (or should never) display it on the screen or in e-mails, for example. 
A string of plaintext encrypted by a hash function is called a hash.

You might ask how we can use stored password hashes to authenticate users if we can’t recover the plaintext password from the hash. The answer is that we don’t compare plaintext passwords, but rather we compare the hashes. When the user submits a username/password pair, we hash the submitted password and compare that hash with the stored hash. If the two match, then we conclude that the submitted password was correct.


we can assume that different passwords will have different hashes. So if the hashes match, then the submitted password was correct.

Your app has an existing user account model is called Account, with a corresponding AccountDao interface and implementation to support CRUD operations.
You also have a service bean, which we’ll assume is AccountServiceImpl, that supports user registrations. The registrations store the passwords as plaintext.


Meet the dictionary attack
To understand how it works, recall that hashing different strings generally results in different hashes. We can use that fact to create a big lookup table for a dictionary of potential passwords. The lookup table takes a hash and then returns the string that generated it.
As luck would have it, we don’t even have to create our own lookup table. Helpful folks on the Internet have already done it for us. For instance, go to
http://tools.benramsey.com/md5/
and enter the MD5 hash we presented earlier; namely,
3af00c6cad11f7ab5db4467b66ce503e
Voilà! You’ve unhashed a hash. This is called a dictionary attack.
If an attacker were to acquire a list of hashed passwords, he could make quick work of it using a dictionary of the sort just described. In some contexts that might be very bad.

Add a little salt to that hash
The strategy behind salt is to make it much more painful for the attacker to recover hashed passwords. 
Instead of allowing ourselves to be attacked by a single well-known dictionary, we are going to force the attacker to create a new and unique dictionary for every single password he wants to try to recover
Can he still do it? Sure. But it’s just a lot more work now.
Instead of hashing passwords, we concatenate a string—called a salt—to the plaintext password, and then hash the concatenated string. This effectively breaks the standard dictionary attack, because now all of the hashes in your password store are “new.”
if we use a single, common salt across all users? While this is better than using no salt at all, it’s still not hard to overcome if the attacker knows the salt. The attacker simply has to create a single new dictionary, this time concatenating the salt to each individual dictionary word before hashing. Then it’s the same as before.
Instead of using a common salt across all users, we want the salt to be different for each user. That way, the attacker has to create a new dictionary for every single user he wants to attack. Again, he can do it, but it’s much more time-consuming.

One good way to create a salt is to use some property of the user. It is better to choose something that won’t change, such as a numeric primary key, than it is to choose something that might change, such as an e-mail address. If you use (say) e-mail addresses for salt, and a user changes his e-mail address, he won’t be able to log in anymore because the authentication system won’t be able to create the correct hash.

Usernames are a reasonable choice as they don’t usually change, but a numeric primary key is even better
For example, if my password/salt is college/willie, then Spring Security will hash the string college{willie}.

http://springinpractice.com/2008/10/11/hashing-and-salting-passwords-with-spring-security-2/

• The Dos

Okay, enough lecturing on what not to do. Here are the things you need to focus on:
Choose a one-way encryption algorithm. As I mentioned above, once you’ve encrypted and stored a user’s password, you never need to know the real value again. When a user attempts to authenticate, you’ll just apply the same algorithm to the password they entered, and compare that to the encrypted password that you stored.
Make the encryption as slow as your application can tolerate. Any modern password encryption algorithm should allow you to provide parameters that increase the time needed to encrypt a password (i.e. in PBKDF2, specifying the number of iterations). Why is slow good? Your users won’t notice if it takes an extra 100ms to encrypt their password, but a hacker trying a brute-force attack will notice the difference as they run the algorithm billions of times.
Pick a well-known algorithm. The National Institute of Standards and Technology (NIST) recommends PBKDF2 for passwords. bcrypt is a popular and established alternative, and scrypt is a relatively new algorithm that has been well-received. All these are popular for a reason: they’re good.

http://www.javacodegeeks.com/2012/05/secure-password-storage-donts-dos-and.html

• PBKDF2

PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function that is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series

PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations.

The added computational work makes password cracking much more difficult, and is known as key stretching

When the standard was written in 2000, the recommended minimum number of iterations was 1000, but the parameter is intended to be increased over time as CPU speeds increase.

Having a salt added to the password reduces the ability to use precomputed hashes (rainbow tables) for attacks, and means that multiple passwords have to be tested individually, not all at once.

The standard recommends a salt length of at least 64 bits.

http://en.wikipedia.org/wiki/PBKDF2

• Cryptographic hash functions

Cryptographic hashes are used for message authentication, digital signatures, password storage

The hash function should

1. Take variable size input

2. Produce fixed output size (Size of the

table)

3. Be easy to compute

4. Be pseudorandom so that it distributes uniformly over the table

Minimizes collisions

Secure Hash Algorithm (SHA)

SHA-1 produces 160 bit output,

SHA-224, SHA-256, SHA-384, and SHA-512 produce 224, 256, 384, and 512 bit outputs.

All consist of 80 rounds.

A successor to and similar to MD5

SHA-1 is used in TLS, SSL, PGP, SSH, S/MIME, and IPsec

Required by law in US Govt applications

? Used in Digital Signature Standard

Examples of Crypto Hash Functions

MD4 = Message Digest 4 [RFC 1320] - 32b operations

MD5 = Message Digest 5 [RFC 1321] - 32b operations

SHA = Secure hash algorithm [NIST]

SHA-1 = Updated SHA

SHA-2 = SHA-224, SHA-256, SHA-384, SHA-512

SHA-512 uses 64-bit operations

Applications of Crypto Hash Functions

1.Message Authentication = Integrity

MD5 has is used to check if a file has been modified.

Use a secret value before hashing so that no one else can modify M and hash

2.Digital Signatures: Encrypt hash with the private key

3.Password storage: Hash of the user’s password is compared with that in the storage.

Hackers can not get password from storage.

4.Pseudorandom number generation

http://www.cse.wustl.edu/~jain//cse571-11/ftp/l_11chf.pdf

• The SHA hash functions are a set of cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard

SHA stands for Secure Hash Algorithm

The three SHA algorithms are structured differently and are distinguished as SHA-0, SHA-1, and SHA-2.

The SHA-2 family uses an identical algorithm with a variable digest size which is distinguished as SHA-224, SHA-256, SHA-384, and SHA-512.

http://www.mkyong.com/java/java-sha-hashing-example/

• The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. 

MD5 has been utilized in a wide variety of cryptographic applications and is also commonly used to verify data integrity.

http://en.wikipedia.org/wiki/MD5

• Cryptography Goals

Authentication:

This means that before sending and receiving data using the system, the receiver and sender identity should be verified.

Secrecy or Confidentiality:

It means that only the authenticated people are able to interpret the message (date) content and no one else.

Integrity:

Integrity means that the content of the communicated data is assured to be free from any type of modification between the endpoints (sender and receiver).

Non-Repudiation:

This function implies that neither the sender nor the receiver can falsely deny that they have sent a certain message.

Service Reliability and Availability:

Since secure systems usually get attacked by intruders, which may affect their availability and type of service to their users. Such systems should provide a way to grant their users the quality of service they expect.

http://www.cse.wustl.edu/~jain/cse567-06/ftp/encryption_perf/index.html#2_1

• what is cipher?

A cipher is an algorithm for performing encryption (reverse is decryption)

Block Cipher

you divide the plain text into blocks which are then fed into the cipher system to produce blocks of cipher text.

Stream Ciphers

Stream cipher functions on a stream of data by operating on it bit by bit

http://www.cse.wustl.edu/~jain/cse567-06/ftp/encryption_perf/index.html#2_1

• substitution cipher

In cryptography, a substitution cipher is a method of encoding by which units of plaintext are replaced with ciphertext, according to a regular system; the "units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing an inverse substitution.

Simple substitution

Traditionally, mixed alphabets may be created by first writing out a keyword, removing repeated letters in it, then writing all the remaining letters in the alphabet in the usual order.

Using this system, the keyword "zebras" gives us the following alphabets

Plaintext alphabet:  ABCDEFGHIJKLMNOPQRSTUVWXYZ

Ciphertext alphabet:  ZEBRASCDFGHIJKLMNOPQTUVWXY

A message of "flee at once. we are discovered!"

enciphers to "SIAA ZQ LKBA. VA ZOA RFPBLUAOAR!"

http://en.wikipedia.org/wiki/Substitution_cipher

• Transposition cipher

In cryptography, a transposition cipher is a method of encryption by which the positions held by units of plaintext (which are commonly characters or groups of characters) are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext. That is, the order of the units is changed. Mathematically a bijective function is used on the characters' positions to encrypt and an inverse function to decrypt.

Route cipher

In a route cipher, the plaintext is first written out in a grid of given dimensions, then read off in a pattern given in the key

a message of 'WE ARE DISCOVERED. FLEE AT ONCE'

W R I O R F E O E

E E S V E L A N J

A D C E D E T C X

Then reads off:

EJXCTEDECDAEWRIORFEONALEVSE

http://en.wikipedia.org/wiki/Transposition_cipher

• Caesar cipher

In cryptography, a Caesar cipher, also known as Caesar's cipher, the shift cipher, Caesar's code or Caesar shift, is one of the simplest and most widely known encryption techniques.

It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet.

For example, with a left shift of 3, D would be replaced by A, E would become B, and so on.

The method is named after Julius Caesar, who used it in his private correspondence.

http://en.wikipedia.org/wiki/Caesar_cipher

• Bijection

In mathematics, a bijection (or bijective function or one-to-one correspondence) is a function between the elements of two sets. Every element of one set is paired with exactly one element of the other set, and every element of the other set is paired with exactly one element of the first set. There are no unpaired elements. In formal mathematical terms, a bijective function f: X › Y is a one to one and onto mapping of a set X to a set Y.

http://en.wikipedia.org/wiki/Bijective

• Compared Algorithms

DES:

(Data Encryption Standard) was the first encryption standard

many attacks and methods recorded that exploit the weaknesses of DES, which made it an insecure block cipher.

3DES:(Triple DES)

the encryption method is similar to the one in the original DES but applied 3 times to increase the encryption level.

AES:

(Advanced Encryption Standard), is the new encryption standard to replace DES. Both AES and DES are block ciphers

Blowfish:

Blowfish is a variable length key, 64-bit block cipher.

http://www.cse.wustl.edu/~jain/cse567-06/ftp/encryption_perf/index.html#2_1

• Symmetric and Asymmetric encryptions

Data encryption procedures are mainly categorized into two categories depending on the type of security keys used to encrypt/decrypt the secured data.

These two categories are: Asymmetric and Symmetric encryption techniques

Symmetric Encryption

In this type of encryption, the sender and the receiver agree on a secret (shared) key.

Then they use this secret key to encrypt and decrypt their sent messages

The main concern behind symmetric encryption is how to share the secret key securely between the two peers. If the key gets known for any reason, the whole system collapses

Asymmetric Encryption

two keys are used.

To explain more, what Key1 can encrypt only Key2 can decrypt, and vice versa.

It is also known as Public Key Cryptography (PKC), because users tend to use two keys: public key, which is known to the public, and private key which is known only to the user.

this unique feature of public key encryption makes it mathematically more prone to attacks.

Moreover, asymmetric encryption techniques are almost 1000 times slower than symmetric techniques, because they require more computational processing power

hybrid technique

In this technique, asymmetric encryption is used to exchange the secret key, symmetric encryption is then used to transfer data between sender and receiver.

http://www.cse.wustl.edu/~jain/cse567-06/ftp/encryption_perf/index.html#2_1

Q: State the difference between Symmetric Key Cryptography and Public Key Cryptography.
Both of this cryptography, that is, the Symmetric Key Cryptography and the Public Key Cryptography, does the same job of encrypting and decrypting, thereby, here lies the main difference between them. Thus, the main difference between them is that in Symmetric Key Cryptography, only one key is put into use for encryption and decryption. On the other hand, in the case of Public Key Cryptography, they make use of two different keys. The public key for encryption and the private key for decryption. Generally, the Symmetric Key Cryptography is known to be faster and simpler.
https://mindmajix.com/cyber-security-interview-questions

• Symmetric and Asymmetric Encryption 

 A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.

 The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message. One answer is asymmetric encryption, in which there are two related keys--a key pair. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it.

 About Digital Certificates

 To use asymmetric encryption, there must be a way for people to discover other public keys. The typical technique is to use digital certificates (also known simply as certificates). A certificate is a package of information that identifies a user or a server, and contains information such as the organization name, the organization that issued the certificate, the user's e-mail address and country, and the user's public key.

 https://support.microsoft.com/en-us/kb/246071

•  Asymmetric encryption is used when a large number of subsets of people shall be able to share information.

 In a set of 10 people, allowing every pair of people to communicate securely, requires 45 unique keys (9+8+7+6+5+4+3+2+1). And now think about of the internet instead of the small set of 10 people. It's obvious that this cannot be handled with symmetric keys.

 https://security.stackexchange.com/questions/7219/asymmetric-vs-symmetric-encryption

• Symmetric encryption

 the encryption and decryption operations utilize the same key.

 or two communicating parties using symmetric encryption for secure communication, the key represents a shared secret between the two.

 There exist many symmetric encryption algorithms. A few of the well-known ones include AES, DES, Blowfish, and Skipjack

 Symmetric encryption is typically more efficient than asymmetric encryption, and is often used for bulk data encryption.

 Asymmetric encryption

  known as public-key encryption, symmetric vs asymmetric encryption utilizes a pair of keys – a public key and a private key. If you encrypt data with the public key, only the holder of the corresponding private key can decrypt the data, hence ensuring confidentiality

   asymmetric algorithms are often used to secure key exchanges rather than used for bulk data encryption.

   Many “secure” online transaction systems rely on asymmetric encryption to establish a secure channel. SSL, for example, is a protocol that utilizes asymmetric encryption to provide communication security on the Internet.

   RSA became the most widely deployed asymmetric encryption algorithm.

   The most basic way to attack a symmetric cryptosystem is brute-force attacks, where you essentially try every combination of a key. For a 128-bit key, there are 2^128 combinations to attempt, which requires extensive computing resources

   Symmetric key ciphers can be composed together to produce a stronger cryptosystem.

   Keys for symmetric-key cryptosystems are shorter, compared to public key algorithms

   Symmetric key cryptosystems have been shown to be more efficient and can handle high rates of data throughput

   In a large network, asymmetric key cryptography yields a more efficient system for key management, as you don’t have to manage pair-wise keys for every communicating pair.

   Asymmetric key cryptosystems are good for digital signatures and key exchange use cases

   In many cases, the public and private key pairs in an asymmetric-key cryptosystem can remain intact for many years without compromising the security of the system. SSL certificates are one such example.

   http://www.ciphercloud.com/blog/cloud-information-protection-symmetric-vs-asymmetric-encryption/

• As a general rule, one can say that asymmetric algorithms are much more computing intensive than symmetric algorithms. Thus it is very common case to use an asymmetric algorithms to exchange a symmetric key that will be used to exchange the data. It is also considered as sufficiently safe security wise.

https://stackoverflow.com/questions/3649689/ssl-is-half-symmetric-and-half-asymmetric

2. What is the difference between Asymmetric and Symmetric encryption and which one is better?
Asymmetric on the other hand is more secure but slow. Hence, a hybrid approach should be preferred. Setting up a channel using asymmetric encryption and then sending the data using symmetric process.
https://www.greycampus.com/blog/information-security/top-cyber-security-interview-questions

• In cryptography, the ElGamal encryption system is an asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie–Hellman key exchange.

ElGamal encryption is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems.

http://en.wikipedia.org/wiki/ElGamal_encryption

• PGP is commonly used for email encryption and uses public key cryptology.

PGP stands for Pretty Good Privacy and is actually an open standard called OpenPGP.

http://www.triatechnology.com/sending-a-pgp-encrypted-email-in-outlook-or-webmail/

• With PGP you must maintain both your public and private keys.

You are responsible for exchanging keys with other recipients.

https://ssd.eff.org/en/module/how-use-pgp-windows

• A Information on the GpgOL Outlook extension

http://www.gpg4win.org/doc/en/gpg4win-compendium_33.html

• Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications

https://en.wikipedia.org/wiki/Pretty_Good_Privacy

• OpenPGP is the most widely used email encryption standard in the world. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 4880. The OpenPGP standard was originally derived from PGP (Pretty Good Privacy), first created by Phil Zimmermann in 1991.

http://www.openpgp.org/

• Pretty Good Privacy (PGP) is a way to protect your email communications from being read by anyone except their intended recipients. It can protect against companies, governments, or criminals spying on your Internet connection, and, to a lesser extent, it can save your email from being read if the computer on which they are stored is stolen or broken into.

It can also be used to prove that an email came from a particular person, instead of being a fake message sent by another sender (it is otherwise very easy for email to be fabricated).

https://ssd.eff.org/en/module/how-use-pgp-windows

• Using PGP doesn't completely encrypt your email: the sender and receiver information is still unencrypted and so is the subject line!

Someone spying on your emails may still see the identities of the people you communicate with and when you email them.

https://ssd.eff.org/en/module/how-use-pgp-windows

• Enigmail is a security extension to Mozilla Thunderbird and Seamonkey. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard.

https://www.enigmail.net/home/index.php

• Windows installers of GnuPG 2.0 are available from Gpg4win, a sibling project to GnuPG. This is the recommended installer for Enigmail.

https://www.enigmail.net/documentation/quickstart-ch1.php#id2532629

• for file and email encryption. Gpg4win (GNU Privacy Guard for Windows) is Free Software and can be installed with just a few mice clicks.

http://www.gpg4win.org/

• How to enable Email Encryption in Outlook 2013

• How to Encrypt Gmail, Outlook, or Yahoo Webmail Using PGP

• How to: Use PGP for Windows

Pretty Good Privacy (PGP) is a way to protect your email communications from being read by anyone except their intended recipients

https://ssd.eff.org/en/module/how-use-pgp-windows

• ExQuilla

ExQuilla is an addon for Mozilla's Thunderbird email client that allows access to both messages and contacts stored on Exchange Server 2007 - 2015. ExQuilla uses EWS (Exchange Web Services) for access to the server

https://exquilla.zendesk.com/home

• Exchange with Thunderbird

The Lightning Plug-in and the Provider for Microsoft Exchange Plug-in need to be downloaded and installed on Thunderbird 3.1 and above.

https://cnc.ucr.edu/exchange/thunderbird.html

• PGP Tutorial For Windows (Kleopatra – Gpg4Win)

https://www.deepdotweb.com/2015/02/21/pgp-tutorial-for-windows-kleopatra-gpg4win

The principle is the same:

    You sign a file using your private certificate, to ensure that the file cannot be modified.

    Then encrypt the file using a public certificate, to prevent unauthorized persons from seeing it.

https://www.gpg4win.org/doc/en/gpg4win-compendium_24.html

• Secure your email with Gpg4win. Part 1: introduction and installation

Gnu Privacy Guard (also known as GnuPG or just GPG) is an open source clone of the highly popular email encryption program Pretty Good Privacy (which is now commercially available from Symantec). Developed by the Free Software Foundation, GnuPG is free, open source and completely compatible with PGP, using a full implementation of the OpenPGP standard (RFC 4880)

https://www.bestvpn.com/blog/7063/secure-your-email-with-gpg4win-part-1-introduction-and-installation/

• E-mail Encryption for Beginners: Gpg4Win, Outlook Privacy Plugin, and Mailvelope

• How to verify signatures for packages

Digital signature is a process ensuring that a certain package was generated by its developers and has not been tampered with. Below we explain why it is important and how to verify that the Tor program you download is the one we have created and has not been modified by some attacker.

Digital signature is a cryptographic mechanism. If you want to learn more about how it works see https://en.wikipedia.org/wiki/Digital_signature.
What is a signature and why should I check it?

How do you know that the Tor program you have is really the one we made? Digital signatures ensure that the package you are downloading was created by our developers. It uses a cryptographic mechanism to ensure that the software package that you have just downloaded is authentic.

For many Tor users it is important to verify that the Tor software is authentic as they have very real adversaries who might try to give them a fake version of Tor.

If the Tor package has been modified by some attacker it is not safe to use. It doesn't matter how secure and anonymous Tor is if you're not running the real Tor.

Before you go ahead and download something, there are a few extra steps you should take to make sure you have downloaded an authentic version of Tor.
Always download Tor from torproject.org

There are a variety of attacks that can be used to make you download a fake version of Tor. For example, an attacker could trick you into thinking some other website is a great place to download Tor. You should always download Tor from https://www.torproject.org/.
Always make sure you are browsing over https

https://www.torproject.org/ uses https. Https is the secure version of the http protocol which uses encryption and authentication between your browser and the website. This makes it much harder for the attacker to modify your download. But it's not perfect. Some places in the world block the Tor website, making users to download Tor somewhere else.

Large companies sometimes force employees to use a modified browser, so the company can listen in on all their browsing. We've even seen attackers who have the ability to trick your browser into thinking you're talking to the Tor website with https when you're not.
Always verify signatures of packages you have downloaded

Some software sites list sha1 hashes alongside the software on their website, so users can verify that they downloaded the file without any errors. These "checksums" help you answer the question "Did I download this file correctly from whoever sent it to me?" They do a good job at making sure you didn't have any random errors in your download, but they don't help you figure out whether you were downloading it from the attacker. The better question to answer is: "Is this file that I just downloaded the file that Tor intended me to get?"
Where do I get the signatures and the keys that made them?

Each file on our download page is accompanied by a file with the same name as the package and the extension ".asc". These .asc files are GPG signatures. They allow you to verify the file you've downloaded is exactly the one that we intended you to get. For example, torbrowser-install-7.0.10_en-US.exe is accompanied by torbrowser-install-7.0.10_en-US.exe.asc. For a list of which developer signs which package, see our signing keys page.

We now show how you can verify the downloaded file's digital signature on different operating systems. Please notice that a signature is dated the moment the package has been signed. Therefore every time a new file is uploaded a new signature is generated with a different date. As long as you have verified the signature you should not worry that the reported date may vary.
Windows

First of all you need to have GnuPG installed before you can verify signatures. Download it from https://gpg4win.org/download.html.

Once it's installed, use GnuPG to import the key that signed your package. In order to verify the signature you will need to type a few commands in windows command-line, cmd.exe.

Unless you edit your PATH environment variable, you will need to tell Windows the full path to the GnuPG program. If you installed GnuPG with the default values, the path should be something like this: C:\Program Files\Gnu\GnuPg\gpg.exe.

The Tor Browser team signs Tor Browser releases. Import its key (0x4E2C6E8793298290) by starting cmd.exe and typing:

"C:\Program Files\Gnu\GnuPg\gpg.exe" --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290

After importing the key, you can verify that the fingerprint is correct:

"C:\Program Files\Gnu\GnuPg\gpg.exe" --fingerprint 0x4E2C6E8793298290

You should see:

    pub   4096R/93298290 2014-12-15
          Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
    uid                  Tor Browser Developers (signing key)
    sub   4096R/F65C2036 2014-12-15
    sub   4096R/D40814E0 2014-12-15
    sub   4096R/C3C07136 2016-08-24

To verify the signature of the package you downloaded, you will need to download the ".asc" file as well. Assuming you downloaded the package and its signature to your Desktop, run:

"C:\Program Files\Gnu\GnuPg\gpg.exe" --verify C:\Users\Alice\Desktop\torbrowser-install-7.0.10_en-US.exe.asc C:\Users\Alice\Desktop\torbrowser-install-7.0.10_en-US.exe

Please substitute "Alice" with your own username.

The output should say "Good signature":

    gpg: Signature made Tue 24 Jan 2015 09:29:09 AM CET using RSA key ID D40814E0
    gpg: Good signature from "Tor Browser Developers (signing key) "
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290

Currently valid subkey fingerprints are:

    5242 013F 02AF C851 B1C7  36B8 7017 ADCE F65C 2036
    BA1E E421 BBB4 5263 180E  1FC7 2E1A C68E D408 14E0
    A430 0A6B C93C 0877 A445  1486 D148 3FA6 C3C0 7136

Notice that there is a warning because you haven't assigned a trust index to this person. This means that GnuPG verified that the key made that signature, but it's up to you to decide if that key really belongs to the developer. The best method is to meet the developer in person and exchange key fingerprints.


The next step is to use GnuPG to import the key that signed your package. The Tor Browser team signs Tor Browser releases. Import its key (0x4E2C6E8793298290) by starting the terminal (under "Applications" in Mac OS X) and typing:

gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290

After importing the key, you can verify that the fingerprint is correct:

gpg --fingerprint 0x4E2C6E8793298290

You should see:

    pub   4096R/93298290 2014-12-15
          Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
    uid                  Tor Browser Developers (signing key)
    sub   4096R/F65C2036 2014-12-15
    sub   4096R/D40814E0 2014-12-15
    sub   4096R/C3C07136 2016-08-24

To verify the signature of the package you downloaded, you will need to download the ".asc" file as well.
For Linux users (change 64 to 32 if you have the 32-bit package):

gpg --verify tor-browser-linux64-7.0.10_en-US.tar.xz.asc tor-browser-linux64-7.0.10_en-US.tar.xz

The output should say "Good signature":

    gpg: Signature made Tue 24 Jan 2015 09:29:09 AM CET using RSA key ID D40814E0
    gpg: Good signature from "Tor Browser Developers (signing key) "
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
https://www.torproject.org/docs/verifying-signatures.html.en

• Verify on Windows

How to verify with PGP/ASC signatures

    There are a few tools available like "Gpg4win", "GnuPG" just to name a few and not to prefer a specific tool. For the following instructions "GnuPG" will be used as an example an example to show for your convenience how the verification is working.
 
    For verifying signatures you need the software "GnuPg". This is a tool that runs not in the graphical mode but in the command prompt of Windows. Therefore you have to enter always the full path (default location after installation: C:\Program Files\Gnu\GnuPg\gpg.exe) until you add it to the $PATH system environment variable.
 
    Save the following file with your Internet browser to the location where the downloaded AOO and PGP/ASC file is stored:
    https://www.apache.org/dist/openoffice/KEYS
    Open the start menu and enter cmd.exe into the search box.
    Now change to the directory with the downloaded AOO, KEYS and PGP/ASC file, import and verify with the following commands:

    cd <path_to_AOO_and_KEYS_and_ASC_files>

    C:\Program Files\Gnu\GnuPg\gpg.exe --import KEYS

    C:\Program Files\Gnu\GnuPg\gpg.exe --verify <installation_file>.asc

    If the signature matches the file it is indicated with an "Good signature from <Person who has created the signature> statement.
    Otherwise with "BAD signature from ...".



Verify on Linux
How to verify with PGP/ASC signatures
    Open a terminal and change to the directory with the downloaded AOO and PGP/ASC file.
    Type in the following commands:
    cd <path_to_AOO_and_ASC_files>
    wget https://www.apache.org/dist/openoffice/KEYS
    gpg --import KEYS
  gpg --verify <installation_file>.asc
 
 
    https://www.openoffice.org/download/checksums.html

• GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications

https://gnupg.org/download/

• Diffie–Hellman key exchange is a specific method of exchanging cryptographic keys.

It is one of the earliest practical examples of key exchange implemented within the field of cryptography.

The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel.

 This key can then be used to encrypt subsequent communications using a symmetric key cipher.

http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

• Benefits/Drawbacks

The mechanisms that provide FS use the Diffie-Hellman (DH) key exchange as key material, precisely its Ephemeral mode. OWASP (Open Web Application Security Project) gives the following definition of ephemeral keys:

Ephemeral keys are temporary keys used for one instance of a protocol execution and then thrown away. An ephemeral key has the benefit of providing forward secrecy, meaning a compromise of the site or service's long term (static) signing key does not facilitate decrypting past messages because the key was temporary and discarded (once the session terminated).

In other words, the session key generated upon the negotiated DH parameters is unique for each individual session, does not rely on the server’s long-term keys (they are only used for the server’s authentication purposes) and will be erased after the session is ended. Obviously, this increases drastically the protection of the encrypted traffic.

Only the Diffie-Hellman Ephemeral (DHE) and its lighter version based on Elliptic Curves (ECDHE) key exchange mechanisms provide the Forward Secrecy.

After all, both DHE and ECDHE degrade the website’s performance (i.e. page’s loading speed) when used with RSA long-term keys, as both imply the heavy arithmetics that significantly increase the CPU load. When used with ECDSA (Elliptic-Curve Digital Signature Algorithm) long-term keys however, the difference in performance is not so crucial

https://www.namecheap.com/support/knowledgebase/article.aspx/9652/38/perfect-forward-secrecy-what-it-is

Diffie-Hellman Key Exchange

Problem: We have a symmetric encryption scheme and want to communicate. We don't want anybody else to have the key, so we can't say it out loud (or over a wire).

RSA Asymmetric Encryption

Problem: I want anybody to be able to encrypt a message, but I'm the only one who can decrypt it. I don't want to share decryption keys with anybody.

DH is a "key exchange" algorithm, which is different then "public key encryption"; It allows you and another person to mutually arrive at the same piece of information, while nobody else can. It is more or less equivalent to using public key encryption on a random message. This is in contrast to public key encryption, where you get to select the message that both parties will be aware of.

in situations like TLS, public key encryption will be used to encrypt a secret for encrypting the actual messages, as part of a hybrid cryptosystem. This is done because Asymmetric cryptography is significantly slower then symmetric cryptography.

there are other cryptosystems and applications that utilize public key encryption directly. As an example, ransomware is not concerned with how long it takes to encrypt something, and it benefits immensely from not possessing the decryption key.

There are also cryptographic logging schemes that make use of public key encryption directly:

https://crypto.stackexchange.com/questions/42180/whats-the-difference-between-rsa-and-diffie-hellman

• Public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic protocols based on algorithms that require two separate keys, one of which is secret (or private) and one of which is public. Although different, the two parts of this key pair are mathematically linked. The public key is used, for example, to encrypt plaintext or to verify a digital signature; whereas the private key is used for the opposite operation, in these examples to decrypt ciphertext or to create a digital signature. The term "asymmetric" stems from the use of different keys to perform these opposite functions, each the inverse of the other – as contrasted with conventional ("symmetric") cryptography which relies on the same key to perform both.

https://en.wikipedia.org/wiki/Public-key_cryptography

• Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.

The Public and Private key pair comprise of two uniquely related cryptographic keys (basically long random numbers).

For example, if Bob wants to send sensitive data to Alice, and wants to be sure that only Alice may be able to read it, he will encrypt the data with Alice's Public Key. Only Alice has access to her corresponding Private Key and as a result is the only person with the capability of decrypting the encrypted data back into its original form.

Even if someone else gains access to the encrypted data, it will remain confidential as they should not have access to Alice's Private Key.

https://www.comodo.com/resources/small-business/digital-certificates2.php

• PKI (public key infrastructure)

 A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.

 The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. 

 http://searchsecurity.techtarget.com/definition/PKI

• In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The third-party validation authority (VA) can provide this information on behalf of CA.

 http://en.wikipedia.org/wiki/Public_key_infrastructure

• Encoding, encryption, and hashing are all techniques used to transform data, but they have different purposes.

Encoding is the process of converting data from one format to another. For example, encoding text into ASCII or Unicode allows it to be displayed on a computer screen. Encoding can also be used to compress data, such as when using a JPEG or PNG image format.

Encryption is the process of converting data into a format that cannot be read by unauthorized users. This is done by using a mathematical algorithm and a secret key. Encryption is used to protect sensitive data, such as credit card numbers and passwords.

Hashing is the process of converting data into a fixed-length string of characters. This is done by using a mathematical algorithm. Hashing is often used to verify the integrity of data, such as when checking for file corruption or downloading a software update.

Here is a table that summarizes the key differences between encoding, encryption, and hashing:

Feature	Encoding	Encryption	Hashing
Purpose	Converts data from one format to another.	Protects data from unauthorized access.	Verifies the integrity of data.
Reversible	Yes	No	No
Requires a secret key	No	Yes	No
Output length	Variable	Variable	Fixed

Here are some examples of how encoding, encryption, and hashing are used in the real world:

• Encoding: When you type a web address into your browser, the browser encodes it into a format that can be understood by the web server. When you send an email, the email client encodes the message into a format that can be transmitted over the internet.
• Encryption: When you use a credit card to make an online purchase, the credit card number is encrypted before it is transmitted to the merchant. When you use a password to log into a website, your password is encrypted before it is stored on the website's server.
• Hashing: When you download a software update, the update file is typically hashed and the hash is compared to a known hash to verify that the file is not corrupted. When you create a password for a website, the website typically hashes the password and stores the hash instead of the plain text password.

• WHAT’S THE DIFFERENCE BETWEEN ENCODING, ENCRYPTION, AND HASHING?

Encoding, encryption, and hashing are three distinct techniques used in information security and data representation. They serve different purposes and have unique characteristics:

1. Encoding:

   • Purpose: Encoding is primarily used for data transformation, not security. It's a way to represent data in a different format while ensuring it remains readable and easily reversible.
   • Reversibility: Encoding is generally reversible; you can decode the data to its original form.
   • Example: Base64 encoding is commonly used to represent binary data as text.

2. Encryption:

   • Purpose: Encryption is used for data security. It transforms data into an unreadable format to protect its confidentiality. Only authorized parties with the decryption key can revert it to the original form.
   • Reversibility: Encryption is reversible with the decryption key.
   • Example: AES (Advanced Encryption Standard) is a widely-used encryption algorithm.

3. Hashing:

   • Purpose: Hashing is used for data integrity and verification, not for encryption. It converts data into a fixed-size hash value (digest) that represents the original data. Hashing is a one-way process; you cannot reverse it to retrieve the original data.
   • Reversibility: Hashing is not reversible. The same input will always produce the same hash value, but you cannot determine the original input from the hash value.
   • Example: The SHA-256 (Secure Hash Algorithm 256-bit) produces a 256-bit hash value.

In summary, encoding transforms data into a different format for various purposes, encryption is used to secure data by making it unreadable, and hashing creates a fixed-size representation of data to verify its integrity without revealing the original content. Each technique serves a specific role in information security and data processing.

• “What is the difference between a threat, vulnerability, and a risk?”

“A threat is from an attacker that will use a vulnerability that was not mitigated because someone forgot to identify it as a risk.”
https://www.simplilearn.com/cyber-security-interview-questions-and-answers-article
 

• WHAT’S THE DIFFERENCE BETWEEN ENCODING, ENCRYPTION, AND HASHING?

Encoding is designed to protect the integrity of data as it crosses networks and systems, i.e. to keep its original message upon arriving, and it isn’t primarily a security function. It is easily reversible because the system for encoding is almost necessarily and by definition in wide use. Encryption is designed purely for confidentiality and is reversible only if you have the appropriate key/keys. With hashing the operation is one-way (non-reversible), and the output is of a fixed length that is usually much smaller than the input.
https://danielmiessler.com/study/infosec_interview_questions/#gs.J2XfT0U 

Q: How encoding, hashing and encryption differs from one another.  
1. Encoding: Encoding converts the data in a desired format required for exchange between different systems. This doesn’t convert it into a secret data, but usable data. It can be further decoded through the same tools when necessary. 
2. Hashing: This serves for maintaining the integrity of a message or data. This way if any day it is hampered or changed, you will get to know. 
3. Encryption: Encryption ensures that the data is secure and one needs a digital verification code or image in order to open or access it. 
https://mindmajix.com/cyber-security-interview-questions

5. What is the difference between encryption and hashing?
Point 1: Encryption is reversible whereas hashing is irreversible. Hashing can be cracked using rainbow tables and collision attacks but is not reversible.
Point 2: Encryption ensures confidentiality whereas hashing ensures Integrity.

https://www.greycampus.com/blog/information-security/top-cyber-security-interview-questions

• Elliptic curve cryptography

Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC requires smaller keys compared to non-ECC cryptography (based on plain Galois fields) to provide equivalent security
https://en.wikipedia.org/wiki/Elliptic_curve_cryptography

What is the math behind elliptic curve cryptography?

When you create a bitcoin address for yourself (or an address/account for any other cryptocurrency), you generate the private key first. From the private key, you compute the corresponding public key and by hashing that public key you get your address. Hopefully you can’t choose an address first and then determine the private key from that, otherwise you could determine the private key for any address using the same method.

Public-key cryptography
Public keys, private keys, and digital signatures form the basic components of public-key cryptography.


It is computationally infeasible to derive the private key corresponding to a given public key
It is possible to prove that one knows the private key corresponding to a public key without revealing any useful information about the private key in the process
Furthermore, such a proof can be constructed in a way that it requires a specific message to be verified. This way, the proof forms a digital signature for that message

One way to do public-key cryptography is with elliptic curves. Another way is with RSA, which revolves around prime numbers. Most cryptocurrencies — Bitcoin and Ethereum included — use elliptic curves, because a 256-bit elliptic curve private key is just as secure as a 3072-bit RSA private key

Conclusion
If you want to obtain a Bitcoin address or Ethereum account, you generate a random 256-bit integer x.
x is then your private key.
Then you compute X= x•P using the parameters for the secp256k1 curve.
X will be your public key.
Your public key is safe to give out and cannot be used to determine your private key.
If you hash your public key, you will obtain your address.
https://hackernoon.com/what-is-the-math-behind-elliptic-curve-cryptography-f61b25253da3

• What is Elliptic Curve Cryptography?#

Elliptic Curve Cryptography, or ECC, is a powerful approach to cryptography and an alternative method from the well known RSA. It is an approach used for public key encryption by utilizing the mathematics behind elliptic curves in order to generate security between key pairs.
it’s ability to provide the same level of security as RSA with a much smaller key size.
ECC vs RSA#
The difference in size to yield the same amount of security between RSA and ECC keys is quite substantial. As can be seen by the comparison table below, for the level of security that can be achieved by an elliptic curve cryptography key of 256 bit requires an RSA key to be 3072 bit. It has been noted by the NSA that the encryption of a top-secret document by elliptic curve cryptography requires a key length of 384 bit. A key length of the same size by RSA would deliver no where near the same level of security.

Why is ECC Important?
For keys of the same size, solving for an elliptic curve discrete logarithm is significantly harder than factoring, which is how RSA encrypts keys.
https://www.keycdn.com/support/elliptic-curve-cryptography

• A cryptographic accumulator is a one-way membership function. It answers a query as to whether a potential candidate is a member of a set without revealing the individual members of the set.

https://en.wikipedia.org/wiki/Accumulator_(cryptography)

• After much debate, the Skipjack algorithm was finally declassified and published by the NSA on 24 June 1998

It used an 80-bit key and a symmetric cipher algorithm, similar to DES. 
Skipjack is an encryption algorithm for the transmission of information (voice data in particular), developed by the National Security Agency (NSA) in the USA. It uses the Diffie-Hellman key exchange algorithm for the distribution of the cryptographic session keys between peers.
https://www.cryptomuseum.com/crypto/usa/skipjack.htm

• In cryptography, Skipjack is a block cipher—an algorithm for encryption—developed by the U.S. National Security Agency (NSA). Initially classified, it was originally intended for use in the controversial Clipper chip. Subsequently, the algorithm was declassified

https://en.wikipedia.org/wiki/Skipjack_(cipher)

• sMPC algorithms

Secure multi-party computation
a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private

traditional cryptographic tasks where cryptography assures security and integrity of communication or storage and the adversary is outside the system of participants (an eavesdropper on the sender and receiver)
the adversary in this model controls actual participants.

traditionally, cryptography was about concealing content
this new type of computations and protocol is about concealing partial information about data while computing with the data from many sources and correctly producing outputs

mental poker, cryptographic work that simulates game playing/ computational tasks over distances without requiring a trusted third party


https://en.wikipedia.org/wiki/Secure_multi-party_computation

• S/MIME
  S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data.
  https://en.wikipedia.org/wiki/S/MIME

• TrueCrypt

Using TrueCrypt is not secure as it may contain unfixed security issues
http://truecrypt.sourceforge.net/

• BitLocker

BitLocker lets you encrypt the hard drive(s) on your Windows 7 and Vista Enterprise, Windows 7 and Vista Ultimate or Windows Server 2008 and R2.  BitLocker will not encrypt hard drives for Windows XP, Windows 2000 or Windows 2003.  Only Windows 7, Vista and Server 2008 include BitLocker.  BitLocker drives can be encrypted with 128 bit or 256 bit encryption, this is plenty strong to protect your data in the event the computer is lost or stolen.
BitLocker protects your hard drive from offline attack.This is the type of attack where a malicious user will take the hard drive from your mobile machine and connect it to another machine so they can harvest your data.  BitLocker also protects your data if a malicious user boots from an alternate Operating System.  With either attack method, BitLocker encrypts the hard drive so that when someone has physical access to the drive, the drive is unreadable.

http://blogs.technet.com/b/uspartner_ts2team/archive/2010/03/17/what-is-bitlocker-what-does-it-do-what-does-it-not-do.aspx

• X.509 certificate

An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.
Many of the certificates that people refer to as Secure Sockets Layer (SSL) certificates are in fact X.509 certificates.
http://searchsecurity.techtarget.com/definition/X509-certificate

• x.509 “client certificate” vs a normal SSL certificate

n TLS, the server is required to have a private key and a certificate (sometimes known as a server cert). The server cert identifies and authenticates the server. The client may optionally have its own private key and certificate as well (usually called a client cert). If a client cert is used, it identifies and authenticates the client.

On the web, with HTTPS, usually the server has a server cert but client certs are not used. This means that the client can authenticate what server it is talking to, but the server cannot authenticate what client is connecting to it.

However, in many programmatic contexts, you will typically want both endpoints to authenticate each other. Therefore, you will want to use both server certs and client certs.

In TLS, all certificates are x.509 certificates. x.509 is just the format of the data.
https://security.stackexchange.com/questions/1438/what-is-the-difference-between-an-x-509-client-certificate-and-a-normal-ssl-ce

• What is an SSL Certificate?

TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still refer to our security certificates as SSL because it is a more commonly used term, but when you are buying SSL from Symantec you are actually buying the most up to date TLS certificates with the option of ECC, RSA or DSA encryption.
https://www.websecurity.symantec.com/security-topics/what-is-ssl-tls-https

• What is an SSL Certificate and How Does it Work?

SSL certificates create an encrypted connection and establish trust.
SSL certificates have a key pair: a public and a private key. These keys work together to establish an encrypted connection.
The certificate also contains what is called the “subject,” which is the identity of the certificate/website owner.

To get a certificate, you must create a Certificate Signing Request (CSR) on your server.
This process creates a private key and public key on your server.
The CSR data file that you send to the SSL Certificate issuer (called a Certificate Authority or CA) contains the public key.
The CA uses the CSR data file to create a data structure to match your private key without compromising the key itself.
The CA never sees the private key.

Once you receive the SSL certificate, you install it on your server. You also install an intermediate certificate that establishes the credibility of your SSL Certificate by tying it to your CA’s root certificate. The instructions for installing and testing your certificate will be different depending on your server.
The most important part of an SSL certificate is that it is digitally signed by a trusted CA, like DigiCert. Anyone can create a certificate, but browsers only trust certificates that come from an organization on their list of trusted CAs. Browsers come with a pre-installed list of trusted CAs, known as the Trusted Root CA store.

What is Secure Sockets Layer (SSL)?
 Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook).
More specifically, SSL is a security protocol
All browsers have the capability to interact with secured web servers using the SSL protocol. However, the browser and the server need what is called an SSL Certificate to be able to establish a secure connection.

How Does the SSL Certificate Create a Secure Connection?
When a browser attempts to access a website that is secured by SSL, the browser and the web server establish an SSL connection using a process called an “SSL Handshake”
Essentially, three keys are used to set up the SSL connection: the public, private, and session keys.
Because encrypting and decrypting with private and public key takes a lot of processing power, they are only used during the SSL Handshake to create a symmetric session key.
After the secure connection is made, the session key is used to encrypt all transmitted data.


Browser connects to a web server (website) secured with SSL (https). Browser requests that the server identify itself.
Server sends a copy of its SSL Certificate, including the server’s public key.
Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired, unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session.
Server and Browser now encrypt all transmitted data with the session key.

Is My Certificate SSL or TLS?
However, when the time came to update from SSLv3.0, instead of calling the new version SSLv4.0, it was renamed TLSv1.0. We are currently on TLSv1.2.
When you purchase an SSL Certificate from us (e.g., Standard SSL, Extended Validation SSL, etc.), you are actually getting a TLS Certificate (RSA or ECC).
https://www.digicert.com/ssl/

• Behind the Scenes of SSL Cryptography

Asymmetric Encryption
Asymmetric encryption (or public-key cryptography) uses a separate key for encryption and decryption.
The most common asymmetric encryption algorithm is RSA

Symmetric Encryption
Symmetric encryption (or pre-shared key encryption) uses a single key to both encrypt and decrypt data.

Public-Key Encryption Algorithms
RSA
RSA is based on the presumed difficulty of factoring large integers (integer factorization)
ECC
Elliptic curve cryptography (ECC) relies on the algebraic structure of elliptic curves over finite fields.

Pre-Shared Key Encryption Algorithms
Pre-shared key encryption (symmetric) uses algorithms like Twofish, AES, or Blowfish, to create keys—AES currently being the most popular.
https://www.digicert.com/ssl-cryptography.htm

• There are two distinct ways that a program can initiate a secure connection with a server:

By Port (a.k.a. explicit): Connecting to a specific port means that a secure connection should be used.  For example, port 443 for https (secure web), 993 for secure IMAP, 995 for secure POP, etc.  These ports are setup on the server ready to negotiate a secure connection first, and do whatever else you want second.
By Protocol (a.k.a. implicit): These connections first begin with an insecure “hello” to the server and only then switch to secured communications after the handshake between the client and the server is successful. If this handshake fails for any reason, the connection is severed.  A good example of this is the command “STARTTLS” used in outbound email (SMTP) connections.
The “By Port” method is commonly referred to as “SSL” or “explicit” and the “By Protocol” method is commonly referred to as “TLS” or “implicit” in many program configuration areas.

the POODLE vulnerability have shown that SSL v3.0 is now completely insecure (especially for web sites using it).
Even before the POODLE was set loose, the US Government had already mandated that SSL v3 not be used for sensitive government communications or for HIPAA-compliant communications
the BEAST attack that can completely break web sites running on older SSL v3.0 and TLS v1.0 protocols.

 In email programs and other systems where you can select from SSL or TLS together with the port a connection will be made on:

SSL means a “by port” explicit connection to a port that expects to the session to start with security negotiation
TLS means a “by protocol” connection where the program will connect “insecurely” first and use special commands to enable encryption (implicit).
Use of either could result in a connection encrypted with either SSL v3 or TLS v1.0+, based on what is installed on the sever and what is supported by your program.
Both methods of connection (implicit and explicit) result in equally secure communications.

https://luxsci.com/blog/ssl-versus-tls-whats-the-difference.html

• HTTPS and SSL tutorial

https is more secure version of http protocol to access internet through a browser
SSL lets an application(i.e. browser) to establish a secure connection to a server
to  establish a secure connection --client(browser) and server creates a handshake process
types of ssl warnings
server sends a digital certificate which includes servername,certificate authority(ca),public key

ssl warning happens when digital certificate is sent and means there's a problem in handshake process

• How SSL works tutorial - with HTTPS example

Why SSL and certificates exists?
Encryption and identification
identification(how your browser trusts which server it is)

Why SSL exists?
encryption;hidigin what's sent from one pc to another
identification=making sure the computer you are speaking to is the one you trust

• SSL 

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser.
This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
http://info.ssl.com/article.aspx?id=10241

•  SSL Handshake

    Essentially, three keys are used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key
    Because encrypting and decrypting with private and public key takes a lot of processing power, they are only used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the session key is used to encrypt all transmitted data.

    Browser connects to a web server (website) secured with SSL (https). Browser requests that the server identify itself.
    Server sends a copy of its SSL Certificate, including the server’s public key.
    Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired, unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
    Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session.
    Server and Browser now encrypt all transmitted data with the session key.
https://www.digicert.com/ssl.htm

SSL TLS HTTPS process explained in 7 minutes 

• That will start the SSL/TLS negotiation:

Keys and Secrets during RSA SSL negotiation

The following is a standard SSL handshake when RSA key exchange algorithm is used:

    Client Hello
    - Information that the server needs to communicate with the client using SSL.
    - Including SSL version number, cipher settings, session-specific data.

    Server Hello
    - Information that the client needs to communicate with the server using SSL.
    - Including SSL version number, cipher settings, session-specific data.
    - Including Server’s Certificate (Public Key)

    Authentication and Pre-Master Secret
    - Client authenticates the server certificate. (e.g. Common Name / Date / Issuer)
    - Client (depending on the cipher) creates the pre-master secret for the session,
    - Encrypts with the server's public key and sends the encrypted pre-master secret to the server.

    Decryption and Master Secret
    - Server uses its private key to decrypt the pre-master secret,
    - Both Server and Client perform steps to generate the master secret with the agreed cipher.

    Generate Session Keys
    - Both the client and the server use the master secret to generate the session keys,  which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session

    Encryption with Session Key
    - Both client and server exchange messages to inform that future messages will be encrypted.

http://www.symantec.com/connect/blogs/how-does-ssl-work-what-ssl-handshake

• What is SSL and what are Certificates?

The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. This is in short how it works.

A browser requests a secure page (usually https://).

The web server sends its public key with its certificate.

The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.

The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.

The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.

The web server sends back the requested html document and http data encrypted with the symmetric key.

The browser decrypts the http data and html document using the symmetric key and displays the information.

http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html

• Transport Layer Security

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as 'SSL', are cryptographic protocols designed to provide communications security over a computer network
https://en.wikipedia.org/wiki/Transport_Layer_Security

• The main difference is that, while SSL connections begin with security and proceed directly to secured communications, TLS connections first begin with an insecure “hello” to the server and only switch to secured communications after the handshake between the client and the server is successful. If the TLS handshake fails for any reason, the connection is never created.

https://security.stackexchange.com/questions/5126/whats-the-difference-between-ssl-tls-and-https

• POODLE Attack and SSLv3 Deployment

 the POODLE attack, a padding oracle attack that targets CBC-mode ciphers in SSLv3. The vulnerability allows an active MITM attacker to decrypt content transferred an SSLv3 connection. While secure connections primarily use TLS (the successor to SSL), most users were vulnerable because web browsers and servers will downgrade to SSLv3 if there are problems negotiating a TLS session.
https://poodle.io/

• Tracking the FREAK Attack

a new SSL/TLS vulnerability called the FREAK attack. It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. This site is dedicated to tracking the impact of the attack and helping users test whether they’re vulnerable.
https://freakattack.com/

• Weak Diffie-Hellman and the Logjam Attack

Diffie-Hellman key exchange is a popular cryptographic algorithm that allows Internet protocols to agree on a shared key and negotiate a secure connection. It is fundamental to many protocols including HTTPS, SSH, IPsec, SMTPS, and protocols that rely on TLS.
https://weakdh.org/

• All mail sent to and from Intermedia servers will attempt to make a TLS connection, using Opportunistic TLS. When sending using Opportunistic TLS, if a TLS connection cannot be established, it will fall back to a basic connection and send the message in plain text using SMTP.

When a message is sent using a Forced TLS connection, if the TLS handshake cannot be established or if the target server is not configured to accept only Forced TLS connections, the message will not be delivered.
https://kb.intermedia.net/article/22904

• What is an X.509 Certificate?

An X.509 certificate binds a name to a public key value. The role of the certificate is to associate a public key with the identity contained in the X.509 certificate.

Authentication of a secure application depends on the integrity of the public key value in the application's certificate. If an impostor replaces the public key with its own public key, it can impersonate the true application and gain access to secure data.
To prevent this type of attack, all certificates must be signed by a certification authority (CA). A CA is a trusted node that confirms the integrity of the public key value in a certificate.


Contents of an X.509 certificate
An X.509 certificate contains information about the certificate subject and the certificate issuer (the CA that issued the certificate). A certificate is encoded in Abstract Syntax Notation One (ASN.1), a standard syntax for describing messages that can be sent or received on a network.

The role of a certificate is to associate an identity with a public key value. In more detail, a certificate includes:
A subject distinguished name (DN) that identifies the certificate owner.
The public key associated with the subject.
X.509 version information.
A serial number that uniquely identifies the certificate.
An issuer DN that identifies the CA that issued the certificate.
The digital signature of the issuer.
Information about the algorithm used to sign the certificate.
Some optional X.509 v.3 extensions; for example, an extension exists that distinguishes between CA certificates and end-entity certificates.
https://access.redhat.com/documentation/en-US/Fuse_ESB_Enterprise/7.1/html/ActiveMQ_Security_Guide/files/X509CertsWhat.html

• X.509 Digital Certification

X.509 digital certificates include not only a user's name and public key, but also other information about the user.
X.509 certificates and many other certificates have a valid time duration. A certificate can expire and no longer be valid. A CA can revoke a certificate for a number of reasons. To handle revocations, a CA maintains and distributes a list of revoked certificates called a certificate revocation list (CRL). Network users access the CRL to determine the validity of a certificate.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa388452(v=vs.85).aspx

• In cryptography, X.509 is an important standard for a public key infrastructure (PKI) to manage digital certificates[1] and public-key encryption[2] and a key part of the Transport Layer Security protocol used to secure web and email communication.

X.509 specifies formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

https://en.wikipedia.org/wiki/X.509

• Sage

Sage is free, open-source math software that supports research and teaching in algebra, geometry, number theory, cryptography, numerical computation, and related areas
http://doc.sagemath.org/html/en/tutorial/index.html

• steganography

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.
http://en.wikipedia.org/wiki/Steganography

• steganalysis

Steganalysis is the art and science of detecting messages hidden using steganography; this is analogous to cryptanalysis applied to cryptography.
http://en.wikipedia.org/wiki/Steganography_detection

• What is Steganography?

Steganography is the science of hiding secret message inside another larger and harmless looking message. This is one notch above regular cryptography; which just obscures the original message. Steganography tries to conceal the fact that there is a message in the first place. Steganographic message often appears to be something else than the original (secret) message, like a picture, sound, larger text, etc.

Some terms related to Steganography:

    plaintext: The original secret message that needs to be communicated.
    ciphertext: Secret message is often first encrypted using traditional methods. Encrypted message is known as ciphertext.
    covertext: A larger and harmless looking data which is used as container for the plaintext/ciphertext. This can be a picture, sound, text, etc.
    stegotext: The data generated after embedding the plaintext/ciphertext into the covertext.
http://www.openstego.com/

• I shall talk about how to detect the existence of hidden information such as  innocent looking carriers of digital media like text, JPEG images, and MP3 audio files with the help of various tools.

The word steganography comes from the Greek name “steganos” (hidden or secret) and “graphy” (writing or drawing) and literally means hidden writing.Steganography uses techniques to communicate information in a way that is hidden.

Steganography hides the existence of a message by transmitting information through various carriers. Its goal is to prevent the
 detection of a secret message.The most common use of steganography is hiding information from one file within
the  information  of  another  file. For  example,  cover  carriers,  such  as  images, audio, video, text, or code represented digitally, hold the hidden information.The hidden  information  may  be  plaintext,  ciphertext,  images,  or  information  hidden
into  a  bit  stream. The  cover  carrier  and  the  hidden  information  create  a  stegocarrier.A  stegokey,  such  as  a  password,  is  additional  information  to  further conceal  a  message.An  investigator  who  does  not  possess  the  name  of  the  file and the password cannot know about the file’s existence.

For example, the result of information hidden within a cover image is a stego-image, and the result of information hidde
n within a video is a stego-video and so forth.

cover medium + hidden information + stegokey = stego-medium

For example, some photo agencies will use steganography to create digital “watermarks” of their pictures to protect their trademark
Steganography is different from cryptography. Cryptography enciphers or garbles files to hide the information. A decryption key or password is needed to retrieve the  information.

It  can  be  used  to  communicate  with  complete  freedom  even under  conditions  that  are  censured  or  monitored.  It  s
an  also  be  used to protect private  communications  where  the  use  of  the  cryptography  is  normally  not
allowed or would raise suspicion.

Watermarking:
-Protects copyright owners of digital documents by hiding a signature in the information in a way that even a modified part of the document conserves the signature.
-Prevents discovery by marking in a hidden and unique way every copy of a confidential document.

Cover channel:
-Allows people to communicate secretely by establishing  a secret communication protocol.
-Allows non-authorized communication through authorized communication of a firewall.

There  are  two  possible  groups  of  steganographic  tools:  the image  domain  and the transform domain.

Image domain tools include bit-wise methods that apply least significant bit (LSB) insertion and noise manipulation. The tools used in this group are StegoDos, S-Tools,  Mandelsteg,  EzStego,  Hide  and  Seek  (versions  4.1  through  1.0  for
Windows  95),  Hide4PGP,  Jpeg-Jsteg,  White  Noise  Storm,  and  Steganos.  The image  formats  used  in  these  steganography  methods  cannot  be  lost  and  the information can be rearranged or recovered.

The transform domain tools include those groups that manage algorithms and image transforms such as Discrete Cosine Transformation (DCT).The DCT is a technique used to compress JPEG, MJPEG and MPEG in which pixel values are converted to frequency values for further processing.This process makes it difficult for visual analysis attacks against the JPEG images.

https://www.sans.org/reading-room/whitepapers/stenganography/steganalysis-detecting-hidden-information-computer-forensic-analysis-1014

• What is Digital Watermarking?

Digital Watermarking is the process of embedding a covert marker in a noise-tolerant signal such as image data. It is typically used to identify ownership of the copyright of such signal. The hidden information should but does not necessarily need to contain a relation to the carrier signal. Digital watermarks may be used to verify the authenticity or integrity of the carrier signal or to show the identity of its owners. It is prominently used for tracing copyright infringements and for banknote authentication. Like traditional watermarks, digital watermarks are only perceptible under certain conditions, i.e. after using some algorithm, and imperceptible anytime else. If a digital watermark distorts the carrier signal in a way that it becomes perceivable, it is of no use.
http://www.openstego.com/

• Knapsack Problem

Statement A thief robbing a store and can carry a maximal weight of w into their knapsack. There are n items and ith  item weigh wi and is worth vi dollars. What items should thief take?


Fractional knapsack problem
The setup is same, but the thief can take fractions of items, meaning that the items can be broken into smaller pieces so that thief may decide to carry only a fraction
Exhibit greedy choice property.
Greedy algorithm exists

0-1 knapsack problem
Exhibit No greedy choice property.
No greedy algorithm exists.
Exhibit optimal substructure property.
Only dynamic programming algorithm exists.


http://www.personal.kent.edu/~rmuhamma/Algorithms/MyAlgorithms/Greedy/knapsackIntro.htm

• Public Key Algorithm Cryptography  based on the Knapsack Problem

http://www.cs.fsu.edu/~yasinsac/Crypto08/class20.pdf

GRE Computer Science Question 57

• Daily Tip: how to use QR codes on your iPhone or iPad

QR codes are used to store useful information like web URLs, contact cards, e-mail addresses, etc

• Create your QR code for free

http://www.qr-code-generator.com/

• 5 Ways to Use QR Codes

1) QR your business card:
2) QR your print advertisements:
3) QR your business stationery and invoices:
4) QR your events:
5) QR your inventory:
http://www.waspbarcode.com/buzz/5-ways-qr-codes/

• QR code (abbreviated from Quick Response Code) is the trademark for a type of matrix barcode (or two-dimensional barcode) first designed for the automotive industry in Japan. A barcode is a machine-readable optical label that contains information about the item to which it is attached. A QR code uses four standardized encoding modes (numeric, alphanumeric, byte/binary, and kanji) to efficiently store data; extensions may also be used

https://en.wikipedia.org/wiki/QR_code

• A hardware security module (HSM) is a dedicated crypto processor that is specifically designed for the protection of the crypto key lifecycle

https://safenet.gemalto.com/data-encryption/hardware-security-modules-hsms/

SafeNet KeySecure: Centralized Cryptographic Key Management

Gemalto brings security to Platform-as-a-Service

• TPM and HSM

TPM and HSM are two types of hardware modules used for encryption. Trusted Platform Module (TPM) and a hardware security module (HSM) can be used for hardware encryption
TPM
A Trusted Platform Module (TPM) is a hardware chip on the computer’s motherboard that stores cryptographic keys used for encryption.
Once enabled, the Trusted Platform Module provides full disk encryption capabilities. It keeps hard drives locked, or sealed, until the system completes a system verification or authentication process.
The TPM includes a unique RSA key burned into it, which is used for asymmetric encryption. Additionally, it can generate, store, and protect other keys used in the encryption and decryption process.
HSM
A hardware security module (HSM) is a security device you can add to a system to manage, generate, and securely store cryptographic keys.
High performance HSMs are external devices connected to a network using TCP/IP. Smaller HSMs come as expansion cards you install within a server, or as devices you plug into computer ports.

One of the noteworthy differences between the two is that HSMs are removable or external devices. In comparison, a TPM is a chip
embedded into the motherboard. You can easily add an HSM to a system or a network, but if a system didn’t ship with a TPM, it’s not feasible to add one later. Both provide secure encryption capabilities by storing and using RSA keys.

https://blogs.getcertifiedgetahead.com/tpm-hsm-hardware-encryption-devices/

• RedHat offers a community-powered development approach to reliable and high-performing cloud, Linux, middleware, storage, and virtualization technologies. For enhanced cryptographic operations for its Certificate Systems and JBoss Web Services, RedHat integrates with SafeNet Luna SA and ProtectServer Hardware Security Modules (HSMs).

https://safenet.gemalto.com/partners/redhat/

• Enterprises running Exchange Server have been operating under a false sense of security with regard to two-factor authentication implementations on Outlook Web Access (OWA) adding an extra layer of protection.

https://threatpost.com/outlook-web-access-two-factor-authentication-bypass-exists/121777/