Continued from page 1
Advanced Encryption Standard (AES) was adopted as a standard by National Institute of Standards & Technology, U.S.A. (NIST) in 2001. AES is based on Rijndael (pronounced "rhine-doll") cipher developed by two Belgian cryptographers, Victor Rijmen and Joan Daemen. Typically, AES uses 256-bits (equivalent to 78 digits) for its keys. The key is any number between 0 and 15792089237316195423570985008687907853269984665640564039457584007913129639935. This number is same as estimated number of atoms in universe.
The National Security Agency (NSA) approved AES in June 2003 for protecting top-level secrets within US governmental agencies (of course subject to their approval of implementation methods). They are reputedly ones that can eavesdrop on all telephone conversations going on around world. Besides, this organization is recognized to be largest employer of mathematicians in world and may be largest buyer of computer hardware in world. The NSA probably have cryptographic expertise many years ahead of public and can undoubtedly break many of systems used in practice. For reasons of national security, almost all information about NSA - even its budget is classified.
A brute force attack is basically to use all possible combinations in trying to decrypt encrypted materials.
A dictionary attack usually refers to text-based passphrases (passwords) by using commonly used passwords. The total number of commonly used passwords is surprisingly small, in computer terms.
An adversary is somebody, be it an individual, company, business rival, enemy, traitor or governmental agency who would probably gain by having access to your encrypted secrets. A determined adversary is one with more "brains" and resources. The best form of security is to have zero adversary (practically impossible to achieve), next best is to have zero determined adversary!
A keylogger is a software program or hardware to capture all keystrokes typed. This is by far most effective mechanism to crack password-based implementations of cryptosystems. Software keylogger programs are more common because they are small, work in stealth-mode and easily downloaded from internet. Advanced keyloggers have ability to run silently on a target machine and remotely deliver recorded information to user who introduced this covert monitoring session. Keystroke monitoring, as everything else created by man, can either be useful or harmful, depending on monitor’s intents. All confidential information which passes through keyboard and reaches computer includes all passwords, usernames, identification data, credit card details, and confidential documents (as they are typed).
For last definition, we will use an example. Let's say you have your house equipped with latest locks, no master keys and no locksmith can tamper with them. Your doors and windows are unbreakable. How then does an adversary get into your house without using a bulldozer to break your front door? Answer: roof - by removing a few tiles, adversary can get into your house. This is an exploit (weakness point). Every system, organization, individual has exploits.
See, it is not that difficult after all. If you can understand material presented in this article, congratulations - you have become crypto-literate (less than 1% of all current computer users). If you do not believe me, try using some of this newfound knowledge on your banker friends or computer professionals.
Stan Seecrets’ Postulate: “The sum total of all human knowledge is a prime number.”
Corollary: “The sum total of all human wisdom is not a prime number.”
This article may be freely reprinted providing it is published in its entirety, including author’s bio and link to URL below.
The author, Stan Seecrets, is a veteran software developer with 25+ years experience at (http://www.seecrets.biz) which specializes in protecting digital assets. This site provides quality software priced like books, free-reprint articles on stock charts and computer security, free downloads and numerous free stuff. © Copyright 2005, Stan Seecrets. All rights reserved.