Understanding the Role of Cryptography
• Cryptography is a discipline used to secure sensitive data.
• Many encrypted messages cannot be deciphered without a ‘secret key’:
• Other forms of cryptography employ a pair of keys, rather than a single key.
• Cryptography addresses the following security issues:
• Integrity: If the message has been intercepted and modified during transport, this should be detectable
by the receiver. This is ensured using a cryptographic hash code.
• Confidentially: The message data should not be directly readable if it were to be intercepted by prying
eyes. This is accomplished using encryption and decryption techniques.
• Authentication: The receiver of the message should be able to ensure the message came from the correct
sender. This is achieved using digital signatures.
• There are several forms of cryptographic services included in the .NET base class libraries:
• Hash code services.
• Encryption services.
• Digital signature services.
• Mathematically strong random number generation services.
Getting to Know Bob, Alice and Eve
• When discussing cryptographic services, it is common to use the names Alice, Bob and Eve to represent
the entities in a message exchange scenario:
• Alice: Represents the sender of a message.
• Bob: Represents the recipient of the message.
• Eve: The evil doer who is attempting to intercept the message to read and possibly alter the message
data.
• Understand that Alice, Bob and Eve typically don’t represent real humans, but provide a layer of
abstraction to discuss cryptographic services:
• Bob or Alice could represent e-mail software, a set of networked computers, or asynchronous method
calls between objects.
• By abstracting the sending, receiving and intercepting agents using friendly names, we can focus on
securing the message data itself.
• Even when you employ cryptographic techniques in your software, Eve may attack using various
approaches, for example:
• Brute Force Attack: The process of trying every possible key combination until a match has been
found, blindly guessing the key values or perhaps finding a way to steal the key files.
• Cryptanalysis: The process of figuring out which algorithms were used to generate the keys and exploit
a weakness in the underlying logic. Luckily, modern day algorithms have undergone substantial testing, which
minimize this form of attack.
• Software Bugs: Finally, the software making use of cryptographic techniques may have bugs which
allow Eve to uncover key values.
• The point to understand here is that once you encrypt your application’s sensitive data, it is still
possible (though statistically improbable) that Eve could break the code.
• When employing encryption services, there is always a point where you say to yourself “This message
is secure enough for all practical purposes”.
• While it is true that nothing is 100% safe from Eve, whenever your application makes use of sensitive
information (credit card numbers, customer information, etc), cryptographic techniques are a must.
• As you would guess, the .NET platform supplies various cryptographic services.
• This chapter will focus on a form of ‘one way encryption’ termed a hash code.
• The next chapter will examine symmetrical and asymmetrical cryptography.
• Cryptography is a discipline used to secure sensitive data.
• Many encrypted messages cannot be deciphered without a ‘secret key’:
• Other forms of cryptography employ a pair of keys, rather than a single key.
• Cryptography addresses the following security issues:
• Integrity: If the message has been intercepted and modified during transport, this should be detectable
by the receiver. This is ensured using a cryptographic hash code.
• Confidentially: The message data should not be directly readable if it were to be intercepted by prying
eyes. This is accomplished using encryption and decryption techniques.
• Authentication: The receiver of the message should be able to ensure the message came from the correct
sender. This is achieved using digital signatures.
• There are several forms of cryptographic services included in the .NET base class libraries:
• Hash code services.
• Encryption services.
• Digital signature services.
• Mathematically strong random number generation services.
Getting to Know Bob, Alice and Eve
• When discussing cryptographic services, it is common to use the names Alice, Bob and Eve to represent
the entities in a message exchange scenario:
• Alice: Represents the sender of a message.
• Bob: Represents the recipient of the message.
• Eve: The evil doer who is attempting to intercept the message to read and possibly alter the message
data.
• Understand that Alice, Bob and Eve typically don’t represent real humans, but provide a layer of
abstraction to discuss cryptographic services:
• Bob or Alice could represent e-mail software, a set of networked computers, or asynchronous method
calls between objects.
• By abstracting the sending, receiving and intercepting agents using friendly names, we can focus on
securing the message data itself.
• Even when you employ cryptographic techniques in your software, Eve may attack using various
approaches, for example:
• Brute Force Attack: The process of trying every possible key combination until a match has been
found, blindly guessing the key values or perhaps finding a way to steal the key files.
• Cryptanalysis: The process of figuring out which algorithms were used to generate the keys and exploit
a weakness in the underlying logic. Luckily, modern day algorithms have undergone substantial testing, which
minimize this form of attack.
• Software Bugs: Finally, the software making use of cryptographic techniques may have bugs which
allow Eve to uncover key values.
• The point to understand here is that once you encrypt your application’s sensitive data, it is still
possible (though statistically improbable) that Eve could break the code.
• When employing encryption services, there is always a point where you say to yourself “This message
is secure enough for all practical purposes”.
• While it is true that nothing is 100% safe from Eve, whenever your application makes use of sensitive
information (credit card numbers, customer information, etc), cryptographic techniques are a must.
• As you would guess, the .NET platform supplies various cryptographic services.
• This chapter will focus on a form of ‘one way encryption’ termed a hash code.
• The next chapter will examine symmetrical and asymmetrical cryptography.
Cryptography
Table of Contents
Copyright (c) 2008. Intertech, Inc. All Rights Reserved. This information is to be used exclusively as an
online learning aid. Any attempts to copy, reproduce, or use for training is strictly prohibited.
online learning aid. Any attempts to copy, reproduce, or use for training is strictly prohibited.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Courseware
Training Resources
Tutorials