October 10th, 2004, 05:34 AM
Protecting the Keys to the Kingdom
Protecting the Keys to the Kingdom
Cryptography has been around for eons. In fact countries, businesses, spies, and so forth, employ it today and it’s no secret Julius Caesar practiced it as well. In his particular crypto, in a predetermined pattern, he would simply exchange one character for another in a message and thus it was encrypted. That pattern of movement or similar exchanges would be considered a “Key”. A simplistic example would be: the letter “a” would become the letter “e”, the letter “b” would become the letter “f”, etc. Then utilizing the “Key” to reverse the pattern, the message could be deciphered. For as long as encryption has been around, protecting the “Key” was and is paramount! If Caesar’s enemies were able to get their hands on his “Key”, it would have been mere child’s play to decrypt his messages and endanger his empire (sooner). In our time, the quest to obtain an enemy’s “Keys” continues. With the weapons of war becoming more lethal and accurate in their deployment, imagine a foreign enemy acquiring the “Keys” to your military’s encryption!
There are still some that will shout, “The secrecy of the algorithm is more important!” That statement is simply not true. An Algorithm that is kept hidden and not tried by the fire of analysts and crackers will not be as strong as one that is. So if you develop algorithms obviously you will want to publish them so everyone can take a poke at them. Then as one flaw is discovered, you can fix it and as successive patches are needed and applied, it will become stronger and stronger. So in the long run if you want to make it tougher on the deviants then turn them loose and let everyone bang away at you work. Thus the strength of the algorithm not its secrecy is more of a factor in how long it takes to crack the “Key”.
A few abbreviated definitions related to “Keys”, that you should be aware of:
Hash – a one-way encryption that cannot be decrypted. Commonly used with passwords (i.e. when the password passes through the “Hash”, it is stored in that state. When the password is required again for access to the account, computer, or whatever, the person enters the password. It is also encrypted using the “Hash”. Once that takes place, the two hashes are compared. If they match then access is granted.) On a security standpoint, the “Hash” provides a reasonable manner in which to store passwords.
Symmetric – a single key is utilized to encrypt and decrypt. If you are employing “Symmetric Encryption”, you must make absolutely sure that any transmission of the key is completed in the most secure means!
Asymmetric: a key pair – one private and one public. To employ this key pair, you would transmit your public key to a person that needed to send you an encrypted message. When that person was ready, they would use your public key to encrypt the message. Once in encrypted in that manner, the only way the message can be decrypted is by use of your private key. Protect that private key!
Other items you may want to study up on if you are considering transmitting your “Keys to the Kingdom”:
Secure versus Trusted Mediums, the Diffie-Hellman Key Exchange or similar procedures, MD5, Triple-DES, etc.
As discussed, crypto is based on “Keys”. As such it is reasonable to assume that given sufficient time, all crypto can be cracked by “Brute Force” (trying every possible key combination). A very simple example is found here: where clusters were employed to expedite password cracking. To expedite a “Key” compromise, clusters could also be employed in a Brute Force Attack.
With that in mind, the answer to keeping your secrets rests with the strength of the algorithm and how well you keep secret, the “Keys to Your Kingdom”. You should bear in mind that if your nemesis is able to acquire even a small part of the “Key”, then some of the message could be deciphered. And then as she progresses with her attacks it won’t be long and the whole “Key” will be discovered along with your message. So what do we do?
With the increased use of wireless networks you should be concerned. So if you haven’t hardened your wireless network as recommended in some of the threads, then you are susceptible. How is that possible? Your Service Set Identifier (SSID) may be enabled and some joker cruising your area, “War Driving with a laptop”, could connect to your network. How is he able to do that? Your network name is required to connect to your Access Point and you are broadcasting it to everyone within range. Some good examples are found just by entering “War Driving” into the AO Search Engine. Additionally go enjoy: Video Release 0001: Enter thebroken at here:
So he is connected to your wireless now and intercepting your traffic. I hope you’re not feeling safe because you have Wire Equivalent Privacy (WEP) enabled. If you do, then you are mistaken. Your “Keys to the Kingdom” are hanging out there to be had. Although WEP does encrypt and stronger encryption is forthcoming, one of its major weaknesses is that buried within your message is the “Key”! Although it may take her a while to locate it, the end result will be the same. Regardless of its shortcomings, do not disable WEP because after a prescribed number of transmissions it alters the “Key” making it more difficult to crack. However do disable your Service Set Identifier (SSID). Depending on your router, there may be firmware updates available that will assist you in hardening your system.
Now go and read how to secure your wireless network here:
What else can you do? Harden your wired network as well and keep your OS patched/ updated. Additionally, employ any other hardening procedures you would follow to keep the wily cracker at bay. There are a multitude of great threads in AO that pertain directly to accomplishing that goal. They list making networks and OS’s more secure, and also the preventative measures (Firewalls, AV, etc.) you should take. I don’t want to knowingly duplicate the work of others so please use the search engine to locate that information.
In closing, just remember that if someone compromises your network or home computer, they may very well be looking for your “Keys to the Kingdom”. Once obtained, they will own you and your secrets
Connection refused, try again later.