General Tech
|
MapInfo / GIS
|
Oracle / Database
|
Misc / Useless
|
Security Information
AES
Advanced Encryption Algorityhm (Rijndael algorithm) - a symmetric-key algorithm, cosnidered the most secure. Support 128, 192, and 256-bit keys (only supported on Windows XP or later - also need .Net framework (runs in completely managed code).
asymmetric cryptography
Public key/private key system used to encrypt and decrypt messages or files. Public keys are for encryption; secret private key for decryption. Best suited for secure key exchange and digital data signing. Much slower than symmetric-key encryption.
biometric device
Device that scans a unique physical characteristic of a user, for input to a network authentication service.
Capstone
U.S. government’s long-term project to develop a set of standards for publicly-available cryptography. Primary agencies: NIST and NSA. Four major components: bulk data encryption algorithm (Skipjack), digital signature algorithm (DSS), key exchange protocol (not yet announced), and hash function (SHS).
ciphertext
The message, after being encrypted.
Clipper
Encryption chip developed by U.S. government under Capstone. Encrypts communications with a secure algorithm, via a key held by an escrow agency. Key could be made available to law enforcement agencies when authorized by a court-issued warrant.
DES
Data Encryption Standard - a secret-key symmetric cryptosystem. In other words, both the sender and the receiver must know the same secret key, to encrypt and decrypt the message. Originally developed by IBM, designed to be implemented in hardware. Operates on 64-bit blocks with a 56-bit key. A standard for the U.S government and the financial industry. Secure key distribution can be difficult in a multi-user environment; thus the invention of public-key cryptography. If running on Windows 2000 or ealier Triple DES is the most secure symmetric algorithm to use.
digital certificate
A signed, encoded certificate containing a public key and secret private key for use in public key server authentication.
DSS
Digital Signature Standard - specifies a Digital Signature Algorithm. Part of Capstone project. Public-key authentication uses digital signatures.
GSSAPI
Generic Security Service Application Programming Interface - used to interface to single-sign-on network authentication services.
Hashing
One-way encryption (unlike symmetric encyption which is two-way). Does not use encryption keys. Does not support decryption though so if need to know text value of sensitive data can't use hashing. For instance can compare password hashes when authenticating user. Can also use salt values with hashes to reduce dictionary attacks (see http://msdn.microsoft.com/msdnmag/issues/03/08/SecurityBriefs/default.aspx. MD5 (128-bits long) and SHA-1 (160-bits long) are the most popular hasing algorithms. .Net also supports 256, 384, and 512-bit versions of SHA algorithm. See http://www.obviex.com/samples/ for hash examples.
Kerberos
Secret-key network authentication system developed at MIT. Uses DES (a symmetric "secret key" encryption method) for encryption and authentication. Provides real-time authentication of users in a distributed environment, but does not generate digital signatures. Requires trust in a "third party" - the kerberos server where the secret keys are maintained. See also public-key authentication systems.
MD4 and MD5
Message Digest 4 and 5 - publicly available message digest functions (hash functions). MD4 is faster, MD5 more secure. MD5 provides a 128-bit message digest, and is the most commonly used of all message digest algorithms. Oracle’s ANO supports MD5.
Message digest
One-way (difficult to invert) hash function on a text string. Provides a concise representation of a longer document or message. Can be used in the original message’s place for certain functions, or to verify that the message itself was transmitted without modification.
network authentication service
Centralized service providing single sign-on capability to network and services.
plaintext
The original message, before being encrypted. Also called cleartext.
RC4
Variable-key-size cipher function for fast bulk encryption. Symmetric secret key encryption method. Alternative to DES; as fast and can be faster. Short keys lead to less security; longer keys to more. ANO supports RC4, licensed from RSA Data Security.
RSA Certificate Services
A subsidiary of RSA Data Security that issues signed digital certificates for use in public key server authentication. This is the service currently used by Netscape’s Commerce Server
RSA Data Security
Cryptographic research and development firm from which Oracle has licensed the RC4 encryption algorithm, MD5 has function for message digesting, and the Diffie-Hellman key negotiation algorithm used in ANO. Netscape also licenses the cryptographic algorithms RC4, RC2, DES, and DES3 from RSA.
SHS
Hash function for encrypting messages. Part of the Capstone project. Produces a 160-bit message digest.
SHTTP
Security-enhanced HTTP Protocol - Encrypts http traffic across the internet. Proposed by EIC to W3C as a web standard for encryption.
Skipjack
Encryption algorithm contained in Clipper chip.
symmetric cryptography
Single secret key system used to encrypt and decrypt messages or files. Two-way encryption (hashing is one-way). Important to be able to generate the same key over time (brings up problem of having to protect the key bytes or the key-generation logic). Can define key yourself or have operating system generate it using certain unchangeable characteristics). Examples are AES/Rijndael, Triple DES, DES, RC2, RC4.
Ticket
Credentials provided by an authentication server to a client for use in gaining access to services.
Token
Physical device which must be in the user’s possession before connection to a service can be established. Example: SecureID cards.
