Cryptography is the computerized
deciphering of information.
Greek roots translate to "hidden writing".
graphein-graphy (photography, calligraphy),
Employs two keys - one is used for encryption, and the other is used for decryption.
It was developed to counteract the major issue with symmetric encryption: key distribution.
Attempt at solving symmetric key issues by Dr. Diffie and Dr. Hellman.
First asymmetric key exchange.
Both users in an exchange agree on a shared private key. There's a complex algorithm associated with it, but the basis is that if you know your key, you can then decrypt the message.
For instance, if my key is 367 and yours is 235, we end up wwith
367 x 235 = 86245.
Created by Ron Rivest, Adi Shamir, Leonard Adleman (hence the RSA from last names).
Widely used today for secure data transmissions.
In RSA, each user has a widely available public key as well as a secret private key.
When sending a message, the sender uses the receiver's public key to encrypt that message.
The only key that can be used to decrypt that message is the receiver's private key.
Job is to:
Order of operations:
Request order goes:
SSL is the standard protocol by which we keep an internet connection secure and safeguards sensitive data as it is communicated between two systems. SSL has been superseded and replace by
Transport Layer Security (TLS), but it is still commonly referred to as SSL.
This is accomplished through the use of
encryption to scramble data in transit, preventing others (such as attackers) from being able to read it. This is done from the client's browser to the web server (ie it relies on the application itself).
SSL/TLS operates at the
Transport layer of the OSI model to create a wrapper of sorts around the communications.
FTP, SMTP and HTTP operate at the
Application layer of the OSI model.
When we're securing these with
SSL/TLS, we put a
cryptographic wrapper around the communication at the
Came about for several reasons due to issues with the encryption types.
The issue with
Symmetric encryption requires both parties having to share a key, usually across an untrusted, secure medium.
The issue with
Asymmetric encryption comes with its own drawbacks. Extremely slow, taking lots of processing power and thus impractical when encrypting large chunks of data.
This is also known as the
Although there were only minor differences between SSL 3.0 and TLS 1.0, they are not interoperable.
With that being the case, there was a
fallback option built into TLS 1.0 that allowed the use of SSL 3.0.
When we select to use SSL, we are telling our systems to communicate via a
specific port number. This is sometimes referred to as
explicit port selection.
There particular ports (such as 443 for HTTPS) that handle secure traffic. These ports are configured on the server to initialize a connected by negotiating that secure connection first. This is the basis of SSL.
When we use TLS, the client and server negotiate the protocol that will be used. These sessions begin with an insecure "hello" message, and only after the handshake has been completed successfully do we switch to a secure connection.
The entire handshake is conducted prior to allowing the session to continue. This is sometimes referred to as implicit port selection.