Historicalsources
Thereasonwhyencryptionissafeisnotbecauseyoudon’tknowtheencryptionanddecryptionalgorithms,buttheencryptionkeyisabsolutelyhidden.PopularRSAandAESencryptionalgorithmsarebothFullypublic,ifonepartyobtainstheencrypteddata,evenifitknowstheencryptionalgorithm,ifthereisnoencryptionkey,itcannotopentheencryptedinformation.Theconcealmentofencryptionalgorithmstoprotectinformationhasbeendiscussedinacademiaandindustry,anditisgenerallyconsideredtobeinsecure.Thepublicencryptionalgorithmisforhackersandencryptionparentstoattackandtestovertheyears.Comparedwiththehiddenencryptionalgorithm,itismuchsafer.
Incryptography,encryptionistoconcealplaintextinformation,makingitunreadableintheabsenceofspecialinformation.Althoughencryptionhasexistedforcenturiesasameansofkeepingcommunicationsconfidential,onlythoseorganizationsandindividualswithparticularlyhighsecurityrequirementswilluseit.Inthemid-1970s,theuseofstrongencryption(StrongEncryption)begantoextendfromgovernmentsecretagenciestothepublicdomain,andhasnowbecomeamethodofprotectingmanywidelyusedsystems,suchasInternete-commerce,mobilephonenetworks,andbankATMs..
Encryptioncanbeusedtoensuresecurity,butothertechnologiesarestillnecessarytoensurecommunicationsecurity,especiallywithregardtodataintegrityandinformationverification;forexample,informationverificationcode(MAC)ordigitalsignature.Anotherconsiderationistocopewithtrafficanalysis.
EncryptionorCodeObfuscationisalsousedinsoftwarecopyrightprotectiontodealwithreverseengineering,unauthorizedprogramanalysis,crackingandsoftwarepiracy,anddigitalrightsmanagement(DRM)fordigitalcontentWait.
Althoughtheconceptofencryptionordecodinginformationforsecuritypurposesisverysimple,itstillneedstobeexplainedhere.Thebasicprocessofdataencryptionincludestranslatingtheoriginalreadableinformationcalledplaintextintoacodeformcalledciphertextorpassword.Thereverseofthisprocessisdecryption,thatis,theprocessoftransformingtheencodedinformationintoitsoriginalform.
Origin
Inancienttimes,encryptionwasaccomplishedbymanymethods.Itismore"popular"inChinatousestarchwatertowriteonpaper,andthensoakitiniodinewatertomakethewordsappear.Butforeigncountriesaredifferent.ThemostclassicisthePeloponnesianWar.In405BC,thePeloponnesianWarbetweenAthensandSpartahadcometoanend.TheSpartanarmygraduallygainedanadvantage,readytolaunchafinalblowtoAthens.Atthistime,thePersianEmpire,whichwasonthesideofSparta,suddenlychangeditsattitudeandstoppedassistingSparta.TheintentionwastomakeAthensandSpartalosebothintheongoingwarinordertoprofitfromit.Undersuchcircumstances,SpartaurgentlyneededtofigureoutthespecificactionplanofthePersianEmpireinordertoadoptanewstrategicapproach.Atthismoment,theSpartanarmycapturedanAthenianmessengerwhohadsentaletterbacktoAthensfromthePersianEmpire.TheSpartansoldierssearchedthemessengercarefully,buttheysearchedforalongtime,andfoundnothingbutanormalbeltfullofmessyGreeklettersfromhim.Whereistheinformationhidden?TheSpartanarmycommanderLysanderfocusedhisattentiononthatbelt,andtheintelligencemustbeinthosemessyletters.Herepeatedlyponderedandstudiedthesescripture-likecharacters,rearrangingandcombiningthelettersonhisbeltinvariousways,buthecouldn'tfigureitout.Intheend,Lysanderlosthisconfidence.Hefiddledwiththebeltwhilethinkingaboutotherwaystogetinformation.Whenheaccidentallytwistedthebeltaroundthescabbardinhishand,amiraclehappened.Itturnedoutthatthemessylettersonthebeltformedaparagraphoftext.ThisisthepieceofinformationsentbackbytheAthenianspy.IttoldAthensthatthePersianarmywaspreparingtoattacktheSpartanarmysuddenlywhentheSpartanarmylauncheditsfinalattack.Basedonthisinformation,theSpartanarmyimmediatelychangeditscombatplan,firstattackedthedefenselessPersianarmyatlightningspeed,anddefeateditinonefellswoop,alleviatingitsworries.Subsequently,theSpartanarmyreturnedtothearmytoconquerAthensandfinallywonthefinalvictoryofthewar.
ThebeltintelligencesentbackbytheAthensspyistheearliestcryptographicintelligenceintheworld.Thespecificmethodofuseisthatthecommunicatingpartiesfirstagreeonthepasswordinterpretationrules,andthencommunicate—thepartywrapsthebelt(orsheepskinandotherthings)Writeonwoodensticksofagreedlengthandthickness.Receivingletter-Afterreceivingtheletter,ifyoudon'twrapyourbeltaroundawoodenstickofthesamelengthandthickness,youwillonlyseesomeirregularletters.Later,thiscryptographiccommunicationmethodwaswidelycirculatedinGreece.Themodernciphertelegramissaidtohavebeeninspiredbyitandinvented.
Origin
Encryptionisawaytoensuredatasecurity.Itisnotunique.Ithasalonghistory.Itoriginatedin2000BC(Forcenturies),althoughitisnottheencryptiontechnologywearetalkingabout(notevencalledencryption),asaconceptofencryption,itwasindeedbornafewcenturiesago.Atthattime,theEgyptianswerethefirsttousespecialhieroglyphsasinformationcodes.Astimewenton,Babylon,Mesopotamia,andtheGreekcivilizationsallbegantousemethodstoprotecttheirwritteninformation.
Recently,encryptiontechnologyismainlyusedinmilitaryfields,suchastheAmericanWarofIndependence,theAmericanCivilWarandthetwoworldwars.ThemostwidelyknownencodingmachineistheGermanEnigmamachine,whichwasusedbytheGermanstocreateencryptedmessagesduringWorldWarII.Sincethen,thankstotheeffortsoftheAlanTuringandUltraprojectsandothers,theGermanpasswordwasfinallycracked.Atthebeginning,computerresearchwasaimedatcrackingGermanpasswords.Peopledidnotexpecttheinformationrevolutionbroughtaboutbycomputers.Withthedevelopmentofcomputersandtheenhancementofcomputingpower,passwordsinthepasthavebecomeverysimple,sopeoplecontinuetoresearchnewdataencryptionmethods,suchastheprivatekeyandpublickeygeneratedbytheRSAalgorithm.Producedon.
Introduction
Concept
ThebasicprocessofdataencryptionistoprocesstheoriginalplaintextfileordataaccordingtoacertainalgorithmtomakeitunreadableApieceofcode,usuallycalled"ciphertext",enablesittodisplayitsoriginalcontentonlyafterenteringthecorrespondingkey.Thisway,thepurposeofprotectingthedatafrombeingstolenandreadbyunauthorizedpersonsisachieved.
Thereverseprocessofthisprocessisdecryption,thatis,theprocessoftransformingtheencodedinformationintoitsoriginaldata.
Reasons
Intoday'snetworksociety,wehavenochoicebuttochooseencryption.Oneisthatweknowthattherearemanyinsecurefactorsinfiletransfersande-mailbusinesstransactionsontheInternet,especiallyItisforsomelargecompaniesandsomeconfidentialdocumentstobetransmittedonthenetwork.Moreover,thisinsecurityisthebasisoftheexistenceoftheInternet-inherentintheTCP/IPprotocol,includingsomeTCP/IP-basedservices;ontheotherhand,theInternethasbroughtunlimitedbusinessopportunitiestomanybusinesses,andtheInternetconnectstheworld.Together,goingtotheInternetmeansgoingtotheworld,whichisundoubtedlyagoodthingforcountlessbusinesses,especiallyforsmallandmedium-sizedenterprises.Inordertoresolvethiscontradictionandtoopenthedoortotheworldonasafebasis,wehadnochoicebuttochoosedataencryptionanddigitalsignaturesbasedonencryptiontechnology.
Theroleofencryptiononthenetworkistopreventusefulorprivatizedinformationfrombeinginterceptedandstolenonthenetwork.Asimpleexampleisthetransmissionofpasswords.Computerpasswordsareextremelyimportant.Manysecurityprotectionsystemsarebasedonpasswords.Inasense,thedisclosureofpasswordsmeansthecompletecollapseoftheirsecuritysystems.
Whenlogginginthroughthenetwork,thetypedpasswordistransmittedtotheserverincleartext,andeavesdroppingonthenetworkisextremelyeasy,soitisverylikelythathackerswillstealtheuser’spassword,IftheuserisaRootuseroranAdministratoruser,theconsequenceswillbeextremelyserious.
Also,ifyourcompanyisbiddingforabiddingproject,thestaffwillsendtheirunit’sbidtothebiddingunitbye-mail,ifatthistimeanothercompetitorisfromIfyoustealyourcompany’sbiddocumentsontheInternetandknowwhatyourcompany’sbidsare,whatwillbetheconsequences,Ibelieveyoucanunderstandwithoutsayingmore.
Therearetoomanyexampleslikethis.Thesolutiontotheabove-mentionedproblemsisencryption.Theencryptedpasswordisunreadableevenifitisobtainedbyhackers.Theencryptedtenderdoesnothavetherecipient’sprivatekey.Unabletounravel,thebiddingdocumentsbecamealotofgarbledcodeswithoutanypracticalsignificance.Inshort,whetheritisaunitoranindividual,inasense,encryptionhasalsobecomeasymboloftheeraforthesecuretransmissionoffilesoremailsintoday'sonlinesociety!
Digitalsignatureisbasedonencryptiontechnology,anditsfunctionistodeterminewhethertheuserisauthentic.Emailisthemostwidelyused.Forexample,whenauserreceivesanemail,theemailismarkedwiththesender’snameandmailboxaddress.Manypeoplemaysimplythinkthatthesenderisthepersonstatedintheletter,butinfactForgingane-mailisextremelyeasyforanordinaryperson.Inthiscase,adigitalsignaturebasedonencryptiontechnologymustbeusedtoconfirmtheauthenticityofthesender'sidentity.
Thereisalsoanidentityauthenticationtechnologysimilartodigitalsignaturetechnology.SomesitesprovideinboundFTPandWWWservices.Ofcourse,thesetypesofservicesthatusersusuallycontactareanonymousservices.Therightsofusersarelimited,buttherearealsoThistypeofserviceisnotanonymous.Forexample,acompanyprovidesnon-anonymousFTPservicesforusers’partnersforinformationexchange,oradevelopmentteamuploadstheirWebpagestotheuser’sWWWserver.Thequestionis,howdoestheuserdeterminethattheuserisaccessingtheuser?Thepersonoftheserveristhepersonthattheuserthinks,andtheidentityauthenticationtechnologyisagoodsolution.
Itshouldbeemphasizedherethatfileencryptionisnotonlyusedfore-mailorfiletransmissionontheInternet,butalsostaticfileprotectioncanalsobeapplied.Forexample,PIPsoftwarecanprotectThefileorfolderisencryptedtopreventothersfromstealingtheinformation.
Classification
Encryptionisbasedonmathematicalencodinganddecodingofinformation.Therearetwotypesofencryption,symmetricencryptionandasymmetricencryption.Bothpartiesofsymmetricencryptionuseacommonkey.(Ofcourse,thiskeyneedstobekeptsecret).Herewetalkaboutasymmetricencryption.Therearetwokeysforthisencryptionmethod.,Key-oneisapublickey(asitsnamesuggests,thisisakeyvaluethatcanbedisclosed),andtheotherisaprivatekey(secrettotheoutsideworld).Whenyousendinformationtous,usethepublickeytoencrypttheinformation.Oncewereceiveyourencryptedinformation,weusetheprivatekeytodeciphertheinformationpassword(theinformationencryptedbyourpublickeycanonlybedecryptedbyourprivatekey,sothatitistechnicallyguaranteedthatthisletterisonlyavailabletousInterpretation-becausesomeoneelsedoesnothaveourprivatekey).Theinformationencryptedwiththeprivatekeycanonlybedecryptedwiththepublickey(thisfunctionisappliedtothefieldofdigitalsignature,thedataencryptedbymyprivatekeycanonlybedecodedbymypublickey,andthespecificcontentreferstotheinformationofthedigitalsignature)andviceversaOfcourse,toensurethesecurityofyourinformation.
Standard
TheearliestandmostfamoussecretkeyorsymmetrickeyencryptionalgorithmDES(DataEncryptionStandard)wasdevelopedbyIBMinthe1970sandwasapprovedbythegovernment.Aftertheencryptionstandardwasscreened,itwasadoptedbytheUSgovernmentinNovember1976,andDESwassubsequentlyrecognizedbytheAmericanNationalStandardsInstituteandtheAmericanNationalStandardInstitute(ANSI).
DESusesa56-bitkeytoencrypta64-bitdatablockandperforms16roundsofencodingonthe64-bitdatablock.Witheachroundofencoding,a48-bit"per-round"keyvalueisderivedfroma56-bitcompletekey.DESusessoftwaretodecodeittakesalongtime,andhardwaredecodingspeedisveryfast.Fortunately,atthetime,mosthackersdidnothaveenoughequipmenttomakesuchhardwaredevices.In1977,itwasestimatedthatitwouldcost20millionU.S.dollarstobuildaspecialcomputerforDESdecryption,anditwouldtake12hourstogettheresult.Atthattime,DESwasconsideredaverypowerfulencryptionmethod.
Withtheincreasingspeedofcomputerhardware,thecostofmanufacturingsuchaspecialmachinehasdroppedtoaboutonehundredthousanddollars,anditisobviouslynotenoughtouseittoprotectabillion-dollarbankInsured.Ontheotherhand,ifyouonlyuseittoprotectanordinaryserver,thenDESisindeedagoodway,becausehackerswillneverspendsomuchmoneytocrackDESciphertextjusttoinvadeaserver.
AnotherveryfamousencryptionalgorithmisRSA.TheRSA(Rivest-Shamir-Adleman)algorithmisapublickeysystembasedontheassumptionthatlargenumberscannotbedecomposedbyprimefactors.Simplyput,itistofindtwoverylargeprimenumbers.Oneisthe"Publickey"(Publickey),andtheotheriscalledthe"Privatekey"withouttellinganyone.Thetwokeysarecomplementary,whichmeansthattheciphertextencryptedwiththepublickeycanbedecryptedwiththeprivatekey,andviceversa.
SupposeuserAwantstosendalettertouserB,andtheyknoweachother’spublickey.AusesB’spublickeytoencryptthemailandsendsitout.AfterBreceivesit,hecanusehisprivatekeytodecrypttheoriginaltextofA.SinceothersdonotknowB'sprivatekey,evenAhimselfcannotdecrypttheletter,whichsolvestheproblemofconfidentialityoftheletter.Ontheotherhand,sinceeveryoneknowsB'spublickey,theycanallsendalettertoB,sohowcanBbesurethatitisaletterfromA?Thenweneedtousedigitalsignaturebasedonencryptiontechnology.
Auseshisownprivatekeytoencryptthecontentofthesignature,attachesittotheemail,andthenusesB'spublickeytoencrypttheentireemail(notetheorderhere,ifyouencryptandthensign,otherscansignAfterremovingit,signyourownsignature,therebytamperingwiththesignature).Inthisway,aftertheciphertextisreceivedbyB,Buseshisprivatekeytodecrypttheemail,obtainsA’soriginaltextanddigitalsignature,andthenusesA’spublickeytodecryptthesignature,sothattwoaspectsofsecuritycanbeensured.
Encryptiontechnology
Definition
Encryptiontechnologyisthemostcommonlyusedmeansofsecurityandconfidentiality,usingtechnicalmeanstotransformimportantdataintogarbled(encrypted)transmission,andthenAfterthedestination,usethesameordifferentmeanstorestore(decrypt).
Encryptiontechnologyincludestwoelements:algorithmandkey.Algorithmisthestepofcombiningordinaryinformationorunderstandableinformationwithastringofnumbers(keys)toproduceincomprehensibleciphertexts.Thekeyisanalgorithmusedtoencodeanddecryptdata.Insecurityandconfidentiality,thesecurityofnetworkinformationcommunicationcanbeensuredthroughappropriatekeyencryptiontechnologyandmanagementmechanisms.
Application
Theapplicationofencryptiontechnologyismany,butthemostwidelyusedistheapplicationofe-commerce,VPNanddatasecurity,whicharebrieflydescribedbelow.
E-commerce
E-business(E-business)requirescustomerstoconductvariousbusinessactivitiesonlinewithoutworryingabouttheircreditcardbeingstolen.Inthepast,inordertopreventthenumberofthecreditcardfrombeingstolen,theusergenerallyplacedanorderbyphoneandthenusedtheuser'screditcardtomakethepayment.PeoplebegantouseRSA(apublic/privatekey)encryptiontechnologytoimprovethesecurityofcreditcardtransactions,makingitpossiblefore-commercetobecomepractical.
ManypeopleknowthatNETSCAPEisaleadingtechnologyproviderinInternetcommerce.ThecompanyprovidesatechnologybasedonRSAandsecretkeysthatisappliedtotheInternet,whichiscalledtheSecureSocketLayer(SecureSocketLayer).SocketsLayer,SSL).
PerhapsmanypeopleknowthatSocketisaprogramminginterfaceanddoesnotprovideanysecuritymeasures.SSLnotonlyprovidesaprogramminginterface,butalsoprovidesasecureservice.SSL3.0hasbeenappliedtotheserverandOnthebrowser,SSL2.0canonlybeappliedtotheserverside.
AfterSSL3.0usesanelectriccertificatetoverifyidentity,bothpartiescanusethesecretkeytoconductasecureconversation.Itusesboth"symmetric"and"asymmetric"encryptionmethods.Duringthecommunicationbetweenthecustomerandthee-commerceserver,thecustomergeneratesaSessionKey,andthenthecustomerencryptstheSessionKeywiththeserver-sidepublickey,andthensendsittoOntheserverside,afterbothpartiesknowtheSessionKey,thetransmitteddataisencryptedanddecryptedbytheSessionKey,butthepublickeysentbytheservertotheusermustfirstapplytotherelevantissuingauthorityfornotarization.
BasedonthesecurityprovidedbySSL3.0,userscanfreelyordergoodsandgivecreditcardnumbers,andtheycanalsoexchangebusinessinformationwithpartnersonlineandallowsupplierstoorderandreceiveordersfromSenditonline,whichcansavealotofpaperandsavethecompanyalotofphoneandfaxcosts.Inthepast,electronicinformationexchange(ElectricDataInterchange,EDI),informationtransaction(informationtransaction)andfinancialtransaction(financialtransaction)wereallcompletedonaprivatenetwork,andthecostofusingaprivatenetworkwasmuchhigherthanthatoftheInternet.Itisthishugetemptationthatmakespeoplebegintodevelope-commerceontheInternet,butdon'tforgetaboutdataencryption.
VPN
Moreandmorecompaniesaregoinginternational.Acompanymayhaveofficesorsalescentersinmultiplecountries.EachorganizationEachhasitsownlocalareanetworkLAN(LocalAreaNetwork),butintoday'snetworksociety,people'srequirementsarenotonlythat.UserswanttoconnecttheseLANstogethertoformacompany'sWAN,whichisnotdifficult.
Infact,manycompanieshavealreadydonethis,buttheygenerallyuseleaseddedicatedlinestoconnecttheselocalareanetworks.Whattheyconsideristhesecurityofthenetwork.Routerswithencryption/decryptionfunctionsareeverywhere,whichmakesitpossibleforpeopletoconnecttotheselocalareanetworksthroughtheInternet.ThisiswhatweusuallycallVirtualPrivateNetwork(VPN).Whenthedataleavesthelocalareanetworkwherethesenderislocated,thedataisfirstlyencryptedbyhardwarebytherouterconnectedtotheInternetattheuserend.ThedataistransmittedinencryptedformontheInternet.WhenitreachestherouterofthedestinationLAN,therouterwillDecryptthedatasothatusersinthedestinationLANcanseetherealinformation.
Datasecurity
Computershaveenteredthousandsofhouseholds,andtheyplayanirreplaceableroleincommercialoffices.Thesecurityofimportantandconfidentialdatastoredincomputershasbecomeanissuethatallcomputerusersattachgreatimportanceto.Whetheritispersonalcomputerdataorcompanycomputerdata,ifthesecretsareleaked,thelossandimpactwillbehuge.
Relatedinformation
Relatedsoftware
Encryptionorsoftwarecodeobfuscation(CodeObfuscation)isalsointhesoftwarecopyrightprotection,whichisusedtodealwithreverseengineering.Authorizedprogramanalysis,crackingandsoftwarepiracyanddigitalrightsmanagement(DRM)ofdigitalcontent,etc.
ThiskindofencryptionserviceisespeciallyobviousinAndroidapplications.Duetotheincreaseinpackagingparties,manyespeciallyAndroidapplicationshavebeendecompiled,reverseanalyzed,andre-packaged.Therefore,manyAndroiddevelopershavetoperformonAndroidapplications.Encryption,however,sincemostdevelopersfocusonAppdevelopmentandoperation,theydon’thavemuchtimeandenergytodevelopeffectiveAppencryptionmethodsontheirown,sothethird-partyAndroidapplicationencryption,LoveEncryption,wasborn.Serviceproviders,accordingto36Krreports,AiEncryptionisathird-partyAppencryptionplatformbasedontheSaaSdeliverymodel,allowingdeveloperstocompletetheadvancedreinforcementoftheApponlineinonly5-10minutes,addingaprotectiveshelltotheApp.ItcaneffectivelypreventtheAppfrombeingimplantedwithmaliciouscode,secondarypackaging,andcopycatpiracyduringtheoperationprocess,anditcanalsohelpdeveloperssavedevelopmenttimeandcosts.
Categories
Encryptionalgorithmscanbedividedintotwocategories:symmetricencryptionandasymmetricencryption
encryptiontechniques
thefollowingtechniquescanbestrengthenedEncryptionsecurity:
1.Donotuseoldencryptionalgorithms
EnterprisesshouldstopusingoldencryptionalgorithmssuchasDES,anddonotusetheirrelatives3DES(TripleDataEncryptionStandard).
2.Usethelongestencryptionkeysupportedbytheenterprise
Itisrecommendedthatenterprisesusethelongestkeyasmuchaspossible,whichcanmakethosewhocannotaccessItisdifficultforbackdoorcompaniestocrackthecompany’sencryption.Today,AES128isrobust,butifpossible,useAES512orlongerkeys.
3.Multi-layerencryption
Itisrecommendedthatenterprisesusemulti-layerencryptionasmuchaspossible,whichcanincreasethedifficultyofattackers.Ifpossible,encrypteveryfield,everytable,andtheentiredatabaseinthedatabase.
4.Safelystoreencryptionkeys
ThebiggestproblemfacingenterprisesmaynotbetheencryptionalgorithmleftbehindbytheUSNationalSecurityAgency,butthepasswordItisonlypartoftheencryptionscheme.Forotherelementsoftheinfrastructure,suchaskeymanagementsystems,companiesmustalsoensuretheirsecurity.Attackersarewillingtodealwiththeweakestlinkofthesecuritysystem.Ifanattackercaneasilystealthekey,whybothertocracktheencryptionalgorithm?
Somecompaniesgivethekeytoprotecttheirdatatoathirdparty,especiallywhenthecompanystoresthedatainapubliccloudandisencryptedandprotectedbythecloudprovider.Theproblemhereisthatthecompanyhasnocontroloverthekeys,butmusttrustthecloudprovider’semployeestokeepthekeyssecurely.
Ifanenterprisecanimplementanencryptionsystemthatcancontrolthekeyinthecloud,itwillbemuchsafer.Cloudencryptiongatewaysthatautomaticallyhandleencryptioncanhelpcompaniesachievethiskindofsecurity.
5.Ensuringthecorrectimplementationofencryption
Infact,implementinganencryptionsystemisnoteasybecauseithasmanydynamiccomponents,andanyoneofthemispossibleBecomeaweaklink.Youmustconductextensiveinvestigationstoensurethatencryptionisimplementedcorrectly.
Intheprocessofimplementingencryption,whichaspectsarepronetoerror?Inadditiontothevulnerabilityofthekeytoattack,thereisalsotheimplementationofCBC(CipherBlockChaining).UsingCBC,arandomtextblock(alsocalledaninitializationvector)ofthesamelengthcanbeusedtoperformanexclusiveORoperationontheplaintext,andthenencryptittogenerateanencryptedtextblock.Then,thepreviouslygeneratedciphertextblockisusedasaninitializationvectortoperformanXORoperationonthenextplaintextblock.
ThecorrectimplementationofCBCrequiresanewinitializationvectoratthebeginningofeachprocess.AcommonmistakeistoimplementCBCwithanunchangedstaticinitializationvector.IfCBCisimplementedcorrectly,thenifweencryptthetextblockontwodifferentoccasions,theproducedciphertextblockwillnotbethesame.
6.Don'tignoreexternalfactors
Externalfactorsthatthecompanycanhardlycontrolmaydestroythesecurityoftheencryptionsystem.Forexample,SSLreliesondigitalcertificates,andthesefactorsdependontheintegrityoftherootcertificationauthorityembeddedinthebrowser(suchasIE,Firefox,Chrome,etc.).Buthowdoweknowifitiscredible,orifthesecertificationauthoritiesarenotundertheguiseofaforeignintelligenceagency?Doyouthinkthissoundsfar-fetched,butitmaybetrue.
Inaddition,DNSisalsoaweaknessthathastobepaidattentionto.AslongasDNSiscompromised,attackerscanusephishingtechniquestobypassencryption.
Ofcourse,thevariouspossibilitiesofencryptionareemphasizedhere.Aproperlyimplementedencryptionsystemcanonlybeovercomeinonecase,thatis,thekeyistested.Itisnotimpossibletoguessthekeyinashorttime,butthepossibilityisverysmall.