IT Security Blog

Hashing Algorithms From A Cryptographic Perspective

By

With the news of collisions and reductions in attack complexity in both MD5, a commonly used algorithm for checksums on file downloads and integrity checkers, and SHA-1, a commonly used cryptographic hash algorithm in many encryption products, this brings up the question of where to go next, if you are implementing software which uses cryptographically strong hashing.

The SHA (Secure Hash Algorithm) family of algorithms, validated by NIST, and standard hash algorithms for cryptographic use, contains not only SHA-1 but an older algorithm called SHA-0, for which attacks have also been reported, and the SHA-2 family, which consists of SHA-224, SHA-256, SHA-384 and SHA-512, collectively.

SHA-256 forms a new minimum recommendation, in many cryptographers eyes, given the attacks on SHA-1. Whilst these attacks do not rule out SHA-1 for general use, in order for new software making use of hashing algorithms to be secure for the near future; perhaps a decade, it is important to prepare for the attacks on SHA-0 and SHA-1 becoming more feasible, especially as the cost of computing goes down, and the power continues to rise.

SHA-224, SHA-256, SHA-384 and SHA-512 are all named respective to the number of bits in the output hash. The more output bits, the harder it is to create a collision, in general, unless there is a weakness in the hash function itself, as has been found in SHA-0 and SHA-1.

Of course, the SHA-2 family are based on SHA-1, with slight differences in design and larger output, so it is possible that these have potential attacks also, but the size of the brute-force space is dramatically increased, and so these variants of the SHA family will withstand attack for longer, and should prove reliable for the near future.

Looking into the long term, few solutions exist currently that are not based on the SHA format. There are two main contenders, currently, in the form of the RIPEMD family, and the WHIRLPOOL family.

RIPEMD comes in the following flavours, in each case, the number represents the hash size in bits: RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320. RIPEMD-128 is a replacement for the original RIPEMD, which was found to have security issues, whereas the others all increase the output size, and therefore the associated security. Again, this family is based on a construct which has been proven susceptible to attacks in the past, so it is possible that the entire family could have weaknesses.

The other main alternative, WHIRLPOOL, has no known attacks, and has had two major changes to further improve its security.

WHIRLPOOL is a 512-bit hash function. The changes mentioned involve a change from a randomly generated s-box (substitution box) to one designed to be cryptopgrahically stronger, and also easier to implement in hardware, along with a change in the diffusion matrix.

Some leading cryptographers are calling for new cryptographic hash functions to be designed, perhaps in the same design-by-committee method as the AES encryption standard.

Better Security by Thinking as a Hacker

By

The best way to find out the security breaches is to think like a hacker on how to penetrate a secure network through various means. Accessibility to servers may have to go through different stages since various encrypted usernames and passwords would stand in the way of a successful hack.

Network Hacker

The approach is quite simple. It is a reverse psychology of sorts since to become a full-proof secure system, ways on how to be able to get over the fences for such walls that have been put off must be severely tested.

Unorthodox as it may seem, the various approaches to be done will certainly be simple at this point because at the rate that hackers are able to go around security fences today, a lot of progress has been made in being able to make the lives of administrators a living hell as far as IT security is concerned.

[tags]hacker, network security, breach, coding, cracks, cryptography[/tags]

Password Protection for Word and Excel

By

For confidential files that people would want to be kept at maximum security, applying passwords to ensure that only proper personnel will be able to open them has been the regular exercise for basic security measures. Among the usual files that would require such security levels are that of payrolls, business plans, and management projections and outlook, a lot of which are kept in safe storage to avoid people and competitors from planning to gain access to them.

Password Protection on Word and Excel

Payrolls, especially for people who are at higher levels are usually restricted materials. The only person allowed to access them would usually be the finance, personnel and upper management honchos. In organizations, curiosity and challenge are the usual culprits for people to try and crack the passwords. However, if they are already under wraps and given advanced warnings, access can be limited and contained so that they would not even entertain the thought of doing such mischief which will not do them any good anyway.

[tags]password protect, cryptography, file access[/tags]

Unveiling Operating System Secrets

By

The complete commands and processes to which a computer operates cannot be covered in a day nor will be remembered in one sitting. Ideally, only the important things for consideration such as that of user friendly commands to allow proper interface between the computer and the user behind the keyboard will always be the only know-how that would remain.

Computer Secrets

Computer operating systems such as Linux and Windows offer a wide variety of benefits for people, especially in maximizing the capabilities of a computer and the installed software. Speed and reliability are among the important aspects that computer owner will always want and to be able to perform them, proper identification and references would need to be researched on.

It is a given that most people would not spend time studying all the aspects of a computer system. However, there will be instances when such accidental discoveries from exploring the computer operating system and its resources would ignite interest and push a person into further exploring information surrounding the issue and perhaps look at other benefits that operating systems provide but are not given much attention.

[tags]windows, linux, secrets, system hints, system resources[/tags]

Why Users Should Change Their Password Regularly

By

Password Theft

Anyone would often be advised to regularly change his password in any access points such as e-mails, log on servers and websites. Reason for this is to increase the need for security as far as gaining access and safeguarding files and pertinent information that is usually stored.

With the large number of hackers that have been cropping up one by one, various means to steal passwords,also known as phishing, or hack accounts have been their main course of action. While some would disregard such acts, the real pain begins once important messages, attachments and relevant information are tampered. True that some would not need to change passwords regularly, but just to be on the safe side, it is best to maintain a regular schedule of updating password security and make it a combination of numbers and letters to establish a more secure and harder way of being cracked or accessed by anyone today.

[tags]password theft, passwords, hacking, cracks, codes, security[/tags]

Choosing which data encryption to use

By

Harddisk-head.jpgOften we think of security in terms of applications that can be used to safeguard our data, but there can always be different approaches to the same problem. Encrypting the data in your hard drive may be the key to keeping it safe in these days of laptop theft.

Data encryption for hard drives can come in two forms. You can either use a software to encrypt your data, or have a drive that required password identification before gaining access to the files inside. The first method can be performed with a selection of open source and licensed software. The files are protected even when the Operating System is not on. This works in different ways. Some software create a virtual drive inside the hard drive to store the data. the virtual drive will take up an allotted amount of space in the drive, but it cannot be accessed unless the password or set of passwords have been given. This type of data encryption can also be performed on drives that had no form of security encryption originally like the computer you’re currently or even thumb drives.

Hard drives with encryption has been available for the past year, most often in the form of external drives that can be brought to different places and handled by more than one user. These hard drives operate with full encryption, where the data in the whole disk is encrypted. Some of them combine password identification with biometrics to give double security to the files inside them. These drives come with a chip containing special software that does the decrypting and encrypting without taking too much time. The problem with this method is that if the password is forgotten, the data can’t be recovered. Seagate had recently announced that they will be shipping hard drives with an improved full disk encryption they call DriveTrust on January. These two methods will protect the files in the hard drive, and it’s only a matter of choosing which suits you best.

[tags]data encryption, data, security, drive encryption[/tags]