Encryption & cryptography

Editor's Notes

• #2: ---[ SEAN ]---
• #3: ---[ JAMES ]---So what is the difference between Encryption & Cryptography?The terms have become very interchangeable over the years, but in fact Encryption is the process of applying cryptography methods.For example, If I was to encrypt something, I could be using any number of cryptography methods.
• #4: ---[ JAMES ]---What is Encryption?The translation of data into secret code which is either impossible or extremely hard to decode without knowledge of the encryption method.Used heavily in environments where personal data is used and stored, for example database, ecommerce systems (online shops), banking/payment processing or simply login user authentication. Used more and more as technology improves and hacking attacks become a larger problem.
• #5: ---[ JAMES ]---Cryptography Thousands of years oldTypically Utilises Secret Keys
• #6: ---[ JAMES ]---Uses of cryptographyWhile we’ve already mentioned some of the data-related uses for encryption and cryptography, it’s also used for a wide range of other instances when information needs to be stores securely and in secret.-Governments around the world use encryption techniques to pass information from agent to agent, so much so that most (if not all) countries now have a government department solely to decrypt foreign material.-Digital Watermarking to reduce copyright-Images within images – give an example of eBay and the way it was compromised in illegal child pornography.-Terrorist attacks and other illegal activities.
• #7: ---[ TOM ]---Classic Cryptographyhas been used for thousands of years and refers to encryption through the use of pen and paper, or perhaps at the very most simple mechanical aids.First record of cryptography found on wall writing in 1900Bc in the Old Kingdom of Egypt
• #8: ---[ TOM ]---ClassicCryptography Substitution Ciphers…One of the simplest forms of encryption…Most famous is the Caesar Cipher (also known as shift cipher), This worked by replacing each letter in a document to the letter 3 steps down the alphabet (known as a 3 point shift), for example the word Hello would become Khoor
• #9: ---[ TOM ]---TranspositionCiphersLetters remain unchanged however the order in which they are displayed is.***refer to example**---[ HAND OVER TO JOSH]---
• #10: ---[ TOM ]---Modern CryptographyWorld War 2 (1940s) – Present Day
• #11: ---[ TOM ]---Enigma Machine…Thought to be the first form of modern cyptography…Invented in 1918 by AthurScherbiusin Berlin, Germany....Heavily regarded as greatly helping to win the war as war operations and secrets could be decrypted.…Improved encryption later resulted in a M4 model.2 layers of random substitution encryption along with an additional encryption layer using Caesar Cipher, followed by a reflector layer than the entire process is reversed, totalling 7 layers on encryption.So…How does it work?---[ HAND OVER TO JOSH ]---
• #12: ---[ JOSH ]---Stage1First the code is encrypted using a substitute method, this would be based upon one of the 3 wheels on a Enima Machine to define which letters are “swapped”
• #13: ---[ JOSH ]---Stage 2This is then repeated again, forming the second layer of encryption.
• #14: ---[ JOSH ]---Stage 3The next layer of encryption uses the Caesar cipher to move each letter 3 places to the left based upon the alphabet.
• #15: ---[ JOSH ]---Stage 4Stage 4 uses a Reflector encryption method to swap each group of 2 charcters.
• #16: ---[ JOSH ]--- Finallythe entire process is then repeated, the number is encrypted using the Caesar cipher, then substituted twice, resulting in the encrypted word.---[ HAND OVER TO SEAN ]---
• #17: ---[ SEAN ]---Web EncryptionQuote from WikiLeaks owner JuilianAssange, explain how among other techniques he uses encryption to hide from the law within different countries around the world.
• #18: ---[ SEAN ]---Web EncryptionFirst created by MIT in 1991and is now the most commonly used encryption method on the internet.MySQL databases now tend to store an MD5 encrypted password only for its users,This means even the web administrator cannot view passwordsCan only be authorised through encrypting data entered on the systems login page, For example if you were to login to Facebook, that password would be encrypted using MD5 encryption in realtime and checked against the already encrypted password in the users database.Users are now require you to enter a “new password” in the result of a user forgetting his/hers (as the actual password is not known to the system to output).MD5 hashs are also used to check data integrity, for example if you were to download a file from the internet, the file would more than likely include an MD5 hash value, once the file has been downloaded to the system the MD5 hash value will be checked against the original hash value to ensure the data matches.
• #19: ---[ SEAN ]---Salt – is a method of improving encryptionAlthoughnot an encryption method in itself, Salting greatly improves security and reduces the chance of decryption using a hash database.Many simply words or phrases are stored in large databases online alongside their hash value, this allows users to search for a specific MD5 hash, returning the corresponding phrase or word prior to encryption, to avoid this many systems add a string of charcters before data is encrypted, this is known as “salting”.
• #20: ---[ SEAN ]---TLS and SSL encryption methods help secure data traveling over the internet.Originally developed by Netscape, SSL was first released in 1995, unfortunately soon after security flaws in the technology were revealed and a new version was released in 1996.Several years later in 1999, TLS was developed as a further improvement on its successful predecessor, however wasn’t widely used until 2006TLS uses a handshake encryption protocol, there are 4 main phases to this method:The users system tells the server the latest TLS encryption method it can support, a Pre Master Key is then combined with a set of random numbers to form a Master Key which both systems will have access to.The client then send a message to the server to say “everything I send you from now on will be encrypted”The server then returns the same message to the client telling it any data returned will also be encryptedThen a handshake is complete to ensure all passing data is encrypted.The best way to know if data you’re imputing into a website is encrypted using TLS or SSL technology is to check the websites certificate and that the URL contains the string “https” rather than “http”. (REFER TO EXAMPLE IMAGE).
• #21: ---[ SEAN ]---We’ve gone from the enigma machine to complex algorithmswhich are seen to be impossible to crack, as technology improves and hackers develop new ways of decrypting data, modifications and improvements will have to be made. As technology becomes a necessity in life, more and more personal data is being stored.The cat and mouse game between encryption and technology has only just begun..
• #22: ---[ SEAN ]---Any Questions?