We show how those are applied
in today??™s technologies and highlight how they sometimes fall
short in trying to resolve key aspects of the problem of security
online.
Cryptography: A Minimal Introduction
In this section, we introduce a few basic concepts that are instrumental
for understanding some security considerations
throughout the book. If you are already familiar with X.509 certi
?¬?cates and public/private keys, feel free to skip this section.
Symmetric Key Cryptography
In the introduction, we mentioned the term encryption,and we
quickly dismissed the subject saying that it means ???scrambling
data to the point of making it useless for the casual reader.??? This
is substantially true, but also very simplistic. Messing with the
sheer order of characters and/or substituting all a??™s with @ is an
incredibly na??ve way of protecting data; current hackers and
tooling would not be fooled by it for a second. Relying on the
fact that the attacker does not know how you jumbled the data
is known as security by obscurity, and it is one of the biggest
delusions in this space. One of the basic principles of modern
Security by
obscurity trusts the
safety of the data in
the hope that attackers
will not
discover what
criteria was used for
scrambling the
information.
Pages:
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90