Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Where does Ciphering & Encryption occur?
Special Forums Cybersecurity Where does Ciphering & Encryption occur? Post 302880598 by jim mcnamara on Friday 20th of December 2013 11:37:22 PM
Old 12-21-2013
They are algorithmic, and are completely free and open. All ciphers depend on mathematical difficulty (long long long computation to decode, as in years), not secrecy.
Any cipher that depends on a "secret" algorithm is practically guaranteed to be garbage. Any dependable cipher that is commonly used has had mathematicians and computer scientists pound on it for years. AES128, RSA, DES3, etc., all went thru this process.

After a while, someone publishes a method to speed up cracking the cipher. It gets dropped from favor, and new ones are tested and tested. RSA is in that boat.

The goal of ciphers is perfect forward secrecy. Meaning every one knows the rules and how the computation works, but doing the computations could take literally forever.

Hashes are different. Passwords are hashed. These depend on being able to enter some characters on a keyboard and getting the particular hash (string of numbers) that is saved as the hash. One of the reasons /etc/shadow has 400 permissions is: if you know the hash you can use trial and error to get a collision (an accidental hash) that matches the saved hash. And then break in. This is a case where some secrecy adds to security. MD5 is a hash that someone has shown how to match a known hashed result. Takes a big computer time to do it, bu it is at least slightly feasible. So MD5 is going out of favor.

ssh encrypts all connections with block ciphers. As a sysadmin you get to choose one of usually a dozen block ciphers. By default the system automatically changes the cipher's key every hour.

There may not be a best cipher every time. If you always send AES128, and the bad guys figure that out it becomes very, very slightly possible to crack it. Meaning some published result shows how to launch an attack with a smal but measurable possibility of breaking it. Part of encryption is to block data with junk and to change ciphers periodically. Places the odds in our favor.
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

File encryption/Key encryption ????

My dilemma, I need to send, deemed confidential, information via e-mail (SMTP). This information is sitting as a file on AIX. Typically I can send this data as a e-mail attachment via what we term a "mail filter" using telnet. I now would like to somehow encrypt the data and send it to a e-mail... (1 Reply)
Discussion started by: hugow
1 Replies

2. Shell Programming and Scripting

Why SIGKILL will occur?

Hi Gurus, I am executing my Datastage jobs on UNIX operating System. While running the jobs i am getting the following error: main_program: Unexpected termination by Unix signal 9(SIGKILL) Can any one please let me know what are the possible situations where this SIGKILL will arrise? ... (9 Replies)
Discussion started by: choppas
9 Replies

3. Shell Programming and Scripting

how many times a word occur in afile

i want a shell script program for how many times a word occur in a file. i need not the line number but i want the counts of the particular word for eg:- hai how r u.. i am from andhra pradesh.. i am from tenali.i need this answer.i need it urgently.. i hope u will answer this ... ... (9 Replies)
Discussion started by: madhu.it
9 Replies

4. Solaris

encryption & decryption functions in sun solaries

hi, is there any library functions available in sun solaries for encryption and decryption functions. regards suresh (1 Reply)
Discussion started by: suresh_rtp
1 Replies

5. UNIX for Dummies Questions & Answers

C shell loop problem occur

Hi all, i create 2 file Config path1 5 group1 path2 6 group2 path3 10 group1 path4 15 group2 Confine group1 andrew group2 alan In my C shell script i write like this: set line_array = (`cat $app_dir/config`) set line_array_2 =... (0 Replies)
Discussion started by: proghack
0 Replies

6. Cybersecurity

File encryption tools with MAC address as an encryption key

Hi all, I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS. For example: when A wants to send file to B A will encrypt the file with B's computer MAC/IP address as an encryption key This file can only be decrypted... (2 Replies)
Discussion started by: sergionicosta
2 Replies

7. Solaris

Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm

Hi All Is any one know how to diable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm in solaris 10. Regards (4 Replies)
Discussion started by: amity
4 Replies

8. Solaris

Zfs send & receive with encryption - how to retrieve data?

Good morning everyone, I'm looking for some help to retrieve data in a scenario where I might have made a big mistake. I'm hoping to understand what I did wrong. My system is made of two Solaris 11 Express servers (old free version for evaluation). The first if for data and the second is... (7 Replies)
Discussion started by: rnd
7 Replies

LEARN ABOUT OSX

ssl_set_cipher_list

SSL_CTX_set_cipher_list(3)					      OpenSSL						SSL_CTX_set_cipher_list(3)

NAME

       SSL_CTX_set_cipher_list, SSL_set_cipher_list - choose list of available SSL_CIPHERs

SYNOPSIS

	#include <openssl/ssl.h>

	int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
	int SSL_set_cipher_list(SSL *ssl, const char *str);

DESCRIPTION

       SSL_CTX_set_cipher_list() sets the list of available ciphers for ctx using the control string str. The format of the string is described in
       ciphers(1). The list of ciphers is inherited by all ssl objects created from ctx.

       SSL_set_cipher_list() sets the list of ciphers only for ssl.

NOTES

       The control string str should be universally usable and not depend on details of the library configuration (ciphers compiled in). Thus no
       syntax checking takes place. Items that are not recognized, because the corresponding ciphers are not compiled in or because they are
       mistyped, are simply ignored. Failure is only flagged if no ciphers could be collected at all.

       It should be noted, that inclusion of a cipher to be used into the list is a necessary condition. On the client side, the inclusion into
       the list is also sufficient. On the server side, additional restrictions apply. All ciphers have additional requirements. ADH ciphers don't
       need a certificate, but DH-parameters must have been set. All other ciphers need a corresponding certificate and key.

       A RSA cipher can only be chosen, when a RSA certificate is available.  RSA export ciphers with a keylength of 512 bits for the RSA key
       require a temporary 512 bit RSA key, as typically the supplied key has a length of 1024 bit (see SSL_CTX_set_tmp_rsa_callback(3)).  RSA
       ciphers using EDH need a certificate and key and additional DH-parameters (see SSL_CTX_set_tmp_dh_callback(3)).

       A DSA cipher can only be chosen, when a DSA certificate is available.  DSA ciphers always use DH key exchange and therefore need DH-
       parameters (see SSL_CTX_set_tmp_dh_callback(3)).

       When these conditions are not met for any cipher in the list (e.g. a client only supports export RSA ciphers with a asymmetric key length
       of 512 bits and the server is not configured to use temporary RSA keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
       and the handshake will fail.

RETURN VALUES

       SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher could be selected and 0 on complete failure.

SEE ALSO

       ssl(3), SSL_get_ciphers(3), SSL_CTX_use_certificate(3), SSL_CTX_set_tmp_rsa_callback(3), SSL_CTX_set_tmp_dh_callback(3), ciphers(1)

0.9.8								    2009-04-03						SSL_CTX_set_cipher_list(3)
All times are GMT -4. The time now is 12:52 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy