Posted: Tue Nov 20, 2007 2:44 pm Post subject: The Basics Of Cryptography
Dear friends,
I read this topic and it is interesting...Enjoy
Subhas
Disclaimer
This guide is for educational purposes only I do not take any responsibility
about anything happen after reading the guide. I'm only telling you how to do
this not to do it. It's your decision. If you want to put this text on your
Site/FTP/Newsgroup or anything else you can do it but don'tu can do it but don't
change anything without the permission of the author.
Table of Contents
What is this text about?
About Encryption and how it works
About the Cryptography and PGP
Ways of breaking the encryption
-Bad pass phrases
-Not deleted files
-Viruses and trojans
-Fake Version of PGP
1. What is this text about?
In this text I'll explain you everything about encryption, what is it, PGP, ways
that someone can read your encrypted files etc. Every hacker or paranoid should
use encryption and keep the other from reading their files. The encryption is
very important thing and I'll explain you how can someone break and decrypt your
files.
2. About Encryption and how it works
The Encryption is very old. Even Julius Caesar used it when he was sending
messages because he didn't trust to his messengers. You see encryption is
everywhere, when you watch some spy film you see there's always a computer with
encrypted files or some film about hackersrypted files or some film about
hackers when the feds busted the hacker and they see all of the hacker's files
are encrypted.
When you have simple .txt file that you can read this is called "plain text".
But when you use encryption and encrypt the file it will become unreadable by
the time you don't enter the password.This text is called cipher text. The
process of converting a cipher text into plain text is called decryption.
Here's a little example:
Plain text ==>Encryption==>Ciphertext==>Descryption==>Plaintext
This example shows you the way when you encrypt and decrypt a file.
3. About the Cryptography and PGP
Cryptography is science that use the mathematics to encrypt and decrypt data.
This science let you keep your files and documents safe even on insecure
networks like the Internet. The cryptography can be weak and strong. The best is
of course the strong one. Even when you use all the computers in the world and
they're doing billion operations in second you'll just need BILLIONS of years to
decrypt strong encryption.
PGP (Pretty Good Privacy) is maybe the best encryption program to encrypt your
files and documents. It work in this way:
When you encrypt one file with PGP,PGP first compress the file. This saves you
disk space and modem transmition. Then it creates a session key. This session
key works with a veon key. This session key works with a very secure and fast
confidential encryption algorithm to encrypt the file. Then the session key is
encrypted with the recipient's public key.
PGP ask you for pass phrase not for password. This is more secure against the
dictionary attacks when someone tries to use all the words in a dictionary to
get your password. When you use pass phrase you can enter a whole phrase with
upper and lowercase letters with numeric and punctuation characters.
Ways of breaking the encryption
PGP has been written for people that want their files encrypted for people that
want privacy. When you send an e-mail it can be read from other people if you
use PGP only the person for who is the message will be able to read it.
Now you know many things about PGP and the encryption but you may like to know
can someone break it and read your private Text and files. In fact if you use
all the computers in the world to decrypt a simple PGP message they'll need 12
million times the age of the universe to break it. You see this is the BEST the
encryption is so strong noone can break it. The people that program it has done
their work now everything depends on you.
-Bad pass phrases
The algorithm is unbreakable but they're other ways to decrypt the text and read
it. One of the biggest mistakes when someone writes his/her pass phrase is that
the pass phss phrase is that the pass phrase is something like : "John" "I love
you" and such lame phrases. Other one are the name of some friend or something
like that. This is not good because this is pass phrase not password make it
longer put numbers and other characters in it. The longer your pass phrase is
the harder it will be guessed but put whole sentences even one that doesn't make
sense just think in this way: Someone is brute-forcing thousands of pass phrases
from a dictionary therefore my pass phrase should be someone that is not there
in the dictionary something very stupid like:
This is easy to remember because it's funny and there are only a few numbers but
you may not use upper and lowercase characters. I hope you know will put some
very good pass phrase and be sure noone will know it.
Another mistake is that you may write the pass phase on a paper and if someone
find it you'll loose it and he/she will be able to read your encrypted files.
-Not deleted files
Another big security problem is how most of the operating systems delete files.
So when you encrypt the file you delete the plain text and of course leave the
encrypted one.
But the system doesn't actually delete the file.It just mark those blocks of the
disk deleted and free. Someone may run a disk recovery program and sti a disk
recovery program and still see all the files but in plaintext.Even when you're
writing your text file with a word editor it can create some temporary copies of
it.When you close it these files are deleted but as I told you they're still
somewhere on your computer. PGP has tool called PGP Secure Wipe that complete
removes all deleted files from your computer by overwriting them. In this way
you'll only have the encrypted files on your computer.
-Viruses and Trojans
Another dangerous security problem are the viruses and the trojans. So when you
infect with a trojan the attacker may run a key logger on your system.
*Note A key logger is a program that captures all keystrokes pressed by you then
saves them on your hard drive or send them to the attacker
So after the attacker run it he/she will be able to see everything you have
written on your computer and of course with your PGP pass phrase. There are also
a viruses designed to do this. Simpy record your pass phrase and send it back to
the attacker.
-Fake Version of PGP
Another security problem is the PGP source that is available so someone can make
a fake copy of it that is recording your pass phase and sending it back to the
attacker.The program will look real and it will work but it may also have
functions you even don't know about.
A way of defending of these security problems is to use a trojan and a virus
scanner.You should also be sure your computer is clean from viruses and trojans
when you install PGP and also be sure you get PGP from Network Associates Inc.
not from some other pages.
So now I hope you understand that PGP can't be braked but if you use it wisely
and be sure your pass phrase is good one, you're not infected with viruses or
trojans and you're using the real version of PGP you'll be secure. of PGP you'll
be secure.
Code:
This paper was originally written by "tHe mAnIaC" on November 16, 1999. It can be found in it's original form at http://www.ussrback.com/docs/papers/cryptography/encryption. txt
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Forum FAQ
Search
Usergroups
Profile
Log in to check your private messages
Log in
