A few facts

Inconvenient fact #1 - Cryptography is harder than it looks: Not just any encryption program will do. Most any competent programmer could grab the open-source code for a block cipher (cryptographic protocol) -- say AES -- and put together an encryption process to get from password entry to ciphertext.

But there is a special Murphy's Law for budding cryptographers: Somewhere else in the naive coder's encryption process - key generation, random number generation, hash processes, etc. - there will almost certainly be one or more fatal flaws. A skilled hacker can often find and break process vulnerabilities without much effort. Do-it-yourself encryption is much like thinking you could be competitive with Bobby Fischer or Garry Kasparov [more]

As Bruce Schneier puts it in Security Pitfalls in Cryptography:

A recent highly visible example shows that it's hard to know who's expertise to trust. [discussion] [examples of cryptographic vulnerabilities]

#2: Use of proprietary, closed-source cryptology leads to persistent folly:

#3 - Operating systems are messy: They leave behind echoes (cleartext) of the data you access or process - swap files, temp files, hibernation files, browser cache files, and other artifacts.

Windows Volume Shadow Copy Service presents a special problem. Even if you wipe the file after encrypting it, the cleartext copy of previous versions remain on the drive. Even though they are hidden, it is easy enough to find and restore them.

Many simple encryption programs simply encrypt from and/or decrypt to a cleartext file. Yes, some of them delete the cleartext file after you close the program, but they may not securely purge the file (make it unrecoverable).

Using a compression -- e.g. Zip -- program for encryption can be particularly hazardous. Unless you can create, open and save files directly in the encrypted archive you'll leave clear-text version of files behind on the host computer. You must purge (not just delete) those working files. You did know that deleted files are not actually erased didn't you?

If you lose your computer, or if anyone - burglar, snatch thief, snoopy co-worker - gains access to your computer, running or not, they are likely to find cleartext echoes of your encrypted data. You may want to use full-drive encryption to prevent that. All those cleartext echoes will be encrypted when your computer is off. Be sure your program also encrypts the whole hard drive when your laptop lid is closed, not just when you turn it off.

#4: Any encryption program can have a secret backdoor: The backdoor may simply be there to assist in recovery and other administrative functions. Some encryption is known to have mandated or coerced backdoors imposed by various government entities. There is just no way to know for sure if that is the case or not for any particular encryption solution. If there is a backdoor for any purpose, it is often easily discovered and exploited by attackers. Game over.

#5: Malware presents yet another threat: If any computer you use to access your data is infected by spyware, the cleartext (decrypted) data can easily be accessed and transmitted to an exploiter over the Internet. Encryption doesn't do a thing for you in this case. Your computer security system (or lack thereof) is what has let you down.

Final worry: Your computer and/or storage devices may be subject to search. It may be better to not have your sensitive data with you if you're traveling by air. Consider storing your data in the cloud (online in encrypted form) or accessing it over a VPN when you need it.

My evaluation of Pismo File Mount Audit Package provides a useful example of my approach tovetting encryption solutions.

I like the Private Folder feature of this audit package. It allows you to quickly access an encrypted file that you convert to an encrypted folder using a context menu command in Windows Explorer. The advantage is that you read and write direcctly to this folder, thus avoiding the problem of plain-text residue on your hard drive. But the critical question is the encryption trustworthy?

Fatal backup trap:

Encryption programs that create encrypted "volumes" (files that contain encrypted files) whose file size does not change, and they often intentionally do not change "date modified", even though files in the volume have been changed or added. The purpose is to maintain plausible deniability. But the result can be that your backup system will not recognize that the volume file has changed, and will skip it in the backup. Some encryption products offer an option like, "Preserve modification timestamp of file containers." Unchecking that option will allow the "date modified" to change.

VeraCrypt and TrueCrypt are examples of programs that by default do not change the modified date. However, a few cloud backup services - Dropbox for example - check the hash value of container files, not the date, and if that changes Dropbox stores a new copy of the container file.

Related information on the pitfalls of encryption:

Visit link:
Encryption is Not Enough | Gizmo's Freeware

anon298190Post 33

What is the advantage of encryption?

Encryption is used most commonly in e-mails, private websites, and generally any online network that needs security and hold personal information.

What are some of the most secure types of encryption and what sort of methods can be used to decrypt them?

What is the difference between 64-bit, 128-bit and 256-bit data cryptography?

Can I use encryption on my password to get into my computer?

what is the correct meaning of encryption?

Cryptography is a wide term which encapsulates both encryption and decryption of data. Cryptography, i.e. encryption and decryption, are done by using the cryptographic algorithms which are mathematics based. Cryptography algorithms require a key for the encryption and decryption of data.

what is encryption and online privacy?

I know the meaning of encryption but I don't know the meaning of online privacy.

What is encryption key and how it is used for encryption?

What is Encryption? Explain characteristics advantages and disadvantages and users.

i want ieee projects on AES. from where can i get those ieee papers?

what is meant by encryption and explain it?

how can i write a cryptography algorithm?

What is 128 Bit encryption?

what is secure and fast encryption algoritham[SAFER]

what is an encryption key and how it is used for encryption?

Cryptography is the field of study that stands for the methods and principles that are used to transform data and hide its contents. Apart from this, cryptography is also used to establish authenticity, prevent unauthorized access and/or modification of data. It uses mathematical algorithms to transform data into an unreadable format. The main purpose of cryptography comes into play when information is transmitted, when it is more susceptible to be eavesdropped. This transformation of plain text into an unreadable format is called encryption and the process of reversing it back to a readable form is called decryption.

What is the difference between Encryption and Cryptography?

Here is the original post:
What is Encryption? (with pictures) - wisegeek.com

Its no secret that we at DataShield are large proponents of data security. Not only are data breaches incredibly expensive, but there are also laws regarding data securitythat need to be followed if businesses want to avoid large fines.

And while we are obviously advocates of shredding hard drivesonce its time to get rid of your computer, doing that only guarantees the safety of your data once its time for new hard drives. So what about all the time in between?

Enter data encryption: a highly recommended way to keep your data out of the wrong hands the entire time its on your computer.

Encryption is a technique for transforming informationon a computer in such a way that it becomes unreadable. So, even if someone is able to gain access to a computer with personal data on it, they likely wont be able to do anything with the data unless they have complicated, expensive software or the original data key.

The basic function of encryption is essentially to translate normal text into ciphertext. Encryption can help ensure that data doesnt get read by the wrong people, but can also ensure that data isnt altered in transit, and verify the identity of the sender.

There are three different basic encryption methods, each with their own advantages (list courtesy of Wisegeek):

Any of these methods would likely prove sufficient for proper data security, and a quick Google search will reveal the multitude of software available for data encryption. Data encryption is a necessity (both for legal reasons and otherwise) when transmitting information like PHI, so no matter what method you choose, make sure youre doing everything you can to protect data.

Dont just stop with encryption, though. DataShield offers compliance consultingto ensure that all of your business data and policies are up-to-spec for local and federal laws.

Contact us today for more information on how DataShield can help your data stay safe through its entire life cycle, from its conception to its destruction, when your computer is finally thrown out.

Visit link:
3 Different Data Encryption Methods - DataShield blog

Turtl uses encryption to protect your data in such a way that only you, andthose you choose, are able to view your data. Keep reading for a high-leveloverview of Turts encryption and how it protects you.

Simply put, encryption is the process of scrambling data. Generally, this isdone using a key which is usually a passphrase. The only way to de-scramblethe data is using that passphrase.

Turtls encryption works by generating a key for you based on youremail and password. This key is used to lock and unlock (or encrypt anddecrypt) your data and keep it private. All of the encryption in Turtl happensbefore any data leaves the app, meaning that even if someone is snooping in onyour connection or someone hacks our database, everything youve put into Turtlis just gibberish to them.

Without the keys that only you hold, your data is useless.

As mentioned, Turtl creates a key for you when you log in based on your emailand password. It wouldnt be very useful if you had to give people this key whenyou shared data with them because it would give them access to all your data.Instead, Turtl generates a new, random key for each object. This key is whatis sent to people when sharing, allowing them to unlock the specific item yousend them and nothing else.

Keys are stored one of two ways:

If youre looking for a more comprehensive look at how Turtl does encryption,check out the encryption specifics page of the docswhich goes over the ciphers, block modes, and other methods Turtl uses whenhandling your data.

Encryption specifics

Turtl has a feature that keeps you logged in if the app is closed and reopened.This feature may have security implications. Read more about the Stay logged infeature.

Here are some possible scenarios where Turtls security measures will fail you.We try to provide an exhaustive list so youre aware of the dangers of relyingon Turtl.

Read the original:
Security and encryption | Documentation | Turtl

What Is Encryption?

You may hear people use the term encryption and how you should use it to protect yourself and your information. However, encryption can be confusing and you should understand its limitations. In this newsletter, we explain in simple terms what encryption is, how it protects you, and how to implement it properly.

You have a tremendous amount of sensitive information on your devices, such as personal documents, pictures, and emails. If you were to have one of your devices lost or stolen, all of your sensitive information could be accessed by whoever possesses it. In addition, you may conduct sensitive transactions online, such as banking or shopping. If anyone were to monitor these activities, they could steal your information, such as your financial account or credit card numbers. Encryption protects you in these situations by helping ensure unauthorized people cannot access or modify your information.

Encryption has been around for thousands of years. Today, encryption is far more sophisticated, but it serves the same purpose -- to pass a secret message from one place to another by ensuring only those authorized to read the message can access it. When information is not encrypted, it is called plain-text. This means anyone can easily read or access it. Encryption converts this information into a non-readable format called cipher-text. Todays encryption works by using complex mathematical operations and a unique key to convert your information into cipher-text. The key is what locks or unlocks your information. In most cases, your key is a password or passcode.

In general, there are two types of data to encrypt: data at rest (such as the data stored on your mobile device) and data in motion (such as retrieving email or messaging a friend).

Encrypting data at rest is vital to protect information in case your computer or mobile device is lost or stolen. Todays devices are extremely powerful and hold a tremendous amount of information, but are also very easy to lose. In addition, other types of mobile media can hold sensitive information, such as USB flash drives or external hard drives. Full Disk Encryption (FDE) is a widely used encryption technique that encrypts the entire drive in your system. This means that everything on the system is automatically encrypted for you; you do not have to decide what or what not to encrypt. Today, most computers come with FDE, but you may have to manually turn it on or enable it. It is called FileVault on Mac computers, while on Windows computers, depending on the version you have, you can use Bitlocker or Device Encryption. Most mobile devices also support FDE. iOS on iPhones and iPads automatically enable FDE once a passcode has been set. Starting with Android 6.0 (Marshmallow), Google is requiring FDE be enabled by default, provided the hardware meets certain minimum standards.

Information is also vulnerable when it is in transit. If the data is not encrypted, it can be monitored, modified, and captured online. This is why you want to ensure that any sensitive online transactions and communications are encrypted. A common type of online encryption is HTTPS. This means all traffic between your browser and a website is encrypted. Look for https:// in the URL, a lock icon on your browser, or your URL bar turning green. Another example is when you send or receive email. Most email clients provide encrypted capabilities, which you may have to enable. A third example of encrypting data in transit is between two users chatting with each other, such as with iMessage, Wickr, Signal, WhatsApp, or Telegram. Apps like these use end-to-end encryption, which prevents third parties from accessing data while its transferred from one end system or device to another. This means only you and the person youre communicating with can read what is sent.

To be sure you are protected when using encryption, it is paramount that you use it correctly:

OUCH! newsletter is under the Creative Commons license. You are free to share / distribute it but may not sell or modify it.

See the original post:
Encryption | SANS Security Awareness

What is AES and how does it work

AES, or Advanced Encryption Standards, is a cryptographic cipher that is responsible for a large amount of the information security that you enjoy on a daily basis.

Applied by everyone from the NSA to Microsoft to Apple, AES is one of the most important cryptographic algorithms being used in 2018.

What exactly is AES? How does it work? And can non-techie people like you and me apply it to be more secure in our daily lives?

Thats exactly what we will be discussing in this guide.

AES or Advanced Encryption Standards (also known as Rijndael) is one of the most widely used methods for encrypting and decrypting sensitive information in 2017.

This encryption method uses what is known as a block cipher algorithm (which I will explain later) to ensure that data can be stored securely.

And while I will dive into the technical nuances and plenty of fun cryptography jargon in a moment, in order to fully appreciate AES we must first backtrack for a brief history lesson.

Before diving into AES in all of its encrypted glory, I want to discuss how AES achieved standardization and briefly talk about its predecessor DES or Data Encryption Standards.

Basing their development on a prototype algorithm designed by Horst Feistel, IBM developed the initial DES algorithm in the early 1970s.

The encryption was then submitted to the National Bureau of Standards who, in a later collaboration with the NSA, modified the original algorithm and later published it as a Federal Information Processing Standard in 1977.

DES became the standard algorithm used by the United States government for over two decades, until, in January of 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in under 24 hours.

They successfully concluded their efforts after only 22 hours and 15 minutes, bringing the algorithms weakness into the spotlight for all to see.

Over 5-years, the National Institute of Standards and Technology stringently evaluated cipher designs from 15 competing parties including, MARS from IBM, RC6 from RSA Security, Serpent, Twofish, and Rijndael, among many others.

Their decision was not made lightly, and throughout the 5-year process, the entire cryptographic community banded together to execute detailed tests, discussions, and mock attacks in order to find potential weaknesses and vulnerabilities that could compromise each ciphers security.

While the strength of the competing ciphers was obviously of paramount importance, it was not the only factor assessed by the various panels. Speed, versatility, and computational requirements were also reviewed as the government needed an encryption that was easy to implement, reliable, and fast.

And while there were many other algorithms that performed admirably (in fact many of them are still widely used today), the Rijndael cipher ultimately took home the trophy and was declared a federal standard.

Upon its victory, the Rijndael cipher, designed by two Belgian cryptographers (Joan Daemen and Vincent Rijmen) was renamed Advanced Encryption Standard.

But this ciphers success didnt end with its standardization.

In fact, after the standardization of AES, the cipher continued to rise through the ranks, and in 2003 it was deemed suitable by the NSA for guarding Top Secret Information.

So why exactly am I telling you all of this?

Well, in recent years, AES has been the subject of much controversy as many cryptographers and hackers questions its suitability for continued use. And while I am not posing as an industry expert, I want you to understand the process required to develop the algorithm and the tremendous amount of confidence that even the most secretive agencies place in the Rijndael cipher.

Before I dive into some of the more technical details about how AES works, lets first discuss how its being used in 2017.

It should be noted that AES is free for any public, private, commercial, or non-commercial use. (Although you should proceed with caution when implementing AES in software since the algorithm was designed on a big-endian system and the majority of personal computers run on little-endian systems.)

If any of you have ever downloaded a file off the internet and then gone to open that file only to notice that the file was compressed, (meaning that the original file size was reduced to minimize its affect on your hard drive) then you have likely installed software that relies on an AES encryption.

Common compression tools like WinZip, 7 Zip, and RAR allow you to compress and then decompress files in order to optimize storage space, and nearly all of them use AES to ensure file security.

If youre already familiar with the concept of cryptography and have taken extra measures to ensure the security of your personal data, the disk/partition encryption software that you use likely uses an AES algorithm.

BitLocker, FileVault, and CipherShed are all encryption software that run on AES to keep your information private.

The AES algorithm is also commonly applied to VPNs, or Virtual Private Networks.

For those of you who are unfamiliar with the term, a VPN is a tool that allows you to use a public internet connection in order to connect to a more secure network.

VPNs work by creating a tunnel between your public network connection and an encrypted network on a server operated by the VPN provider.

For example, if you regularly do work from your local coffee shop, you are probably aware that the public connection is incredibly insecure and leaves you vulnerable to all types of hacking.

With a VPN, you can easily solve this problem by connecting to a private network that will mask your online activities and keep your data secure.

Or, lets say that you are traveling to a country with stringent censorship laws and you notice that all of your favorite sites are restricted.

Once again, with a simple VPN setup, you can quickly regain access to these websites by connecting to a private network in your home country.

It should be noted, however, that not all VPNs are created equally.

While the best VPNs (likeExpressVPNand NordVPN) rely on an AES-256 encryption, there are a number of outdated services that still rely on PPTP and Blowfish (a long since obsolete 64-bit encryption), so be sure to do your research before selecting a provider.

In addition to the above applications, AES is used in a plethora of different softwareand applications with which you are undoubtedly familiar.

If you use any sort of master password tools like LastPass or 1Password, then you have been privy to the benefits of 256-bit AES encryption.

Have you ever played Grand Theft Auto? Well, the folks over at Rockstar developed a game engine that uses AES in order to prevent multiplayer hacking.

Oh, and lets not forget, any of you who like to send messages over WhatsApp or Facebook Messenger You guessed it! AES in action.

Hopefully, you are now beginning to realize just how integral AES in running the entire framework of modern society.

And now that you understand what it is and how its used, its time to get into the fun stuff. How this bad boy works.

The AES cipher is part of a family known as block ciphers, which are algorithms that encrypt data on a per-block basis.

These blocks which are measured in bits determine the input of plaintext and output of ciphertext. So for example, since AES is 128 bits long, for every 128 bits of plaintext, 128 bits of ciphertext are produced.

Like nearly all encryption algorithms, AES relies on the use of keys during the encryption and decryption process. Since the AES algorithm is symmetric, the same key is used for both encryption and decryption (I will talk more about what this means in a moment).

AES operates on what is known as a 4 x 4 column major order matrix of bytes. If that seems like too much of a mouthful to you, the cryptography community agrees and termed this process the state.

The key size used for this cipher specifies the number of repetitions or rounds required to put the plaintext through the cipher and convert it into ciphertext.

Heres how the cycles break down.

While longer keys provide the users with stronger encryptions, the strength comes at the cost of performance, meaning that they will take longer to encrypt.

Conversely, while the shorter keys arent as strong as the longer ones, they provide much faster encryption times for the user.

Now before we move on, I want to briefly touch on a topic that has sparked a significant amount of controversy within the cryptographic community.

As I noted earlier, AES relies on a symmetric algorithm, meaning that thekey used to encrypt information is the same one used to decrypt it. When compared to an asymmetric algorithm, which relies on a private key for decryption and a separate public key for file encryption, symmetric algorithms are often said to be less secure.

And while it is true that asymmetric encryptions do have an added layer of security because they do not require the distribution of your private key, this does not necessarily mean that they are better in every scenario.

Symmetric algorithms do not require the same computational power as asymmetric keys, making them significantly faster than their counterparts.

However, where symmetric keys fall short is within the realm of file transferring. Because they rely on the same key for encryption and decryption, symmetric algorithms require you to find a secure method of transferring the key to the desired recipient.

With asymmetric algorithms, you can safely distribute your public key to anyone and everyone without worry, because only your private key can decrypt encrypted files.

So while asymmetric algorithms are certainly better for file transfers, I wanted to point out that AES is not necessarily less secure because it relies on symmetric cryptography, it is simply limited in its application.

AES has yet to be broken in the same way that DES was back in 1999, and the largest successful brute-force attack against any block cipher was only against a 64-bit encryption (at least to public knowledge).

The majority of cryptographers agree that, with current hardware, successfully attacking the AES algorithm, even on a 128-bit key would take billions of years and is, therefore, highly improbable.

At the present moment, there isnt a single known method that would allow someone to attack and decrypt data encrypted by AES so long as the algorithm was properly implemented.

However, many of the documents leaked by Edward Snowden show that the NSA is researching whether or not something known as the tau statistic could be used to break AES.

Side Channel Attacks

Despite all of the evidence pointing to the impracticality of an AES attack with current hardware, this doesnt mean that AES is completely secure.

Side channel attacks, which are an attack based on information gained from the physical implementation of a cryptosystem, can still be exploited to attack a system encrypted with AES. These attacks are not based on weaknesses in the algorithm, but rather physical indications of a potential weakness that can be exploited to breach the system.

Here are a few common examples.

The Anthem Hacking: How AES Could Have Saved 80 Million Peoples Personal Data

During February of 2015, the database for the Anthem insurance company was hacked, compromising the personal data of over 80 million Americans.

The personal data in question included everything from the names, addresses, and social security numbers of the victims.

And while the CEO of Anthem reassured the public by stating the credit card information of their clients was not compromised, any hacker worth his salt can easily commit financial fraud with the stolen information.

While the companys spokesperson claimed that the attack was unpreventable and that they had taken every measure to ensure the security of their clients information, nearly every major data security company in the world disputed this claim, pointing out that the breach was, in fact, completely preventable.

While Anthem encrypted data in transit, they did not encrypt that same data while it was at rest. Meaning that their entire database.

So even though the attack itself might have been unpreventable, by applying a simple AES encryption to the data at rest, Anthem could have prevented the hackers from viewing their customers data.

With the increasing prevalence of cyber-attacks and the growing concerns surrounding information security, it is more important now than ever before to have a strong understanding of the systems that keep you and your personal information safe.

And hopefully, this guide has helped you gain a general understanding of one of the most important security algorithms currently in use today.

AES is here to stay and understanding not only how it works, but how you can make it work for you will help you to maximize your digital security and mitigate your vulnerability to online attacks.

If you really want to dig into AES, I consider watching the video below by Christof Paar (it goes in-depth and its interesting, too):

If you have any further questions about AES or any insights that you have gained from cryptography-related research, please feel free to comment below and I will do my best to get back to you.

Here is the original post:
What is Advanced Encryption Standard (AES): Beginner's Guide

Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.

Edward Snowden

There are two primary approaches to encryption: symmetric key and asymmetric key encryption. In symmetric key encryption, one key is used to both encrypt and decrypt the information. Symmetric key encryption is analogous to the key used to both unlock and lock the door to a house. The big drawback of this approach is that if the key is compromised, it can be used to unlock, or decrypt, all of the data it was used to secure. For this reason, asymmetric key encryption was developed to allow multiple parties to exchange encrypted data without managing the same encryption key.

In asymmetric key encryption (also called public-key encryption), two different keys are used for the encryption and decryption processes. The public key can be freely distributed since it is only used to lock the data and never to unlock it. For example, a merchant can use a public key to encrypt payment data before sending a transaction to be authorized by a payment processing company. The latter company would need to have the private key to decrypt the card data to process the payment. Asymmetric key encryption is also used to validate identity on the Internet using SSL certificates.

Regardless of what type of key is utilized, users of encryption typically practice regular key rotation in order to reduce the likelihood of a compromised key being used to decrypt all sensitive data. Rotating keys limits the amount of data thats encrypted using a single key. In the event that an encryption key is compromised, only data encrypted with that key would be vulnerable.

Until now, one of the drawbacks of encrypting data within applications is that encryption breaks application functionality such as sorting and searching. Because cipher text is in a different format from the original data, encryption may also break field validation if an application requires specific formats within fields such as payment card numbers or email addresses. New order-preserving, format-preserving, and searchable encryption schemes are making it easier for organizations to protect their information without sacrificing end user functionality within business critical applications. However, there is usually a tradeoff between application functionality and the strength of encryption.

Tokenization is the process of turning a meaningful piece of data, such as an account number, into a random string of characters called a token that has no meaningful value if breached. Tokens serve as reference to the original data, but cannot be used to guess those values. Thats because, unlike encryption, tokenization does not use a mathematical process to transform the sensitive information into the token. There is no key, or algorithm, that can be used to derive the original data for a token. Instead, tokenization uses a database, called a token vault, which stores the relationship between the sensitive value and the token. The real data in the vault is then secured, often via encryption.

The token value can be used in various applications as a substitute for the real data. If the real data needs to be retrieved for example, in the case of processing a recurring credit card payment the token is submitted to the vault and the index is used to fetch the real value for use in the authorization process. To the end user, this operation is performed seamlessly by the browser or application nearly instantaneously. Theyre likely not even aware that the data is stored in the cloud in a different format.

The advantage of tokens is that there is no mathematical relationship to the real data they represent. If they are breached, they have no meaning. No key can reverse them back to the real data values. Consideration can also be given to the design of a token to make it more useful. For example, the last four digits of a payment card number can be preserved in the token so that the tokenized number (or a portion of it) can be printed on the customers receipt so she can see a reference to her actual credit card number. The printed characters might be all asterisks plus those last four digits. In this case, the merchant only has a token, not a real card number, for security purposes.

The most common use case for tokenization is protecting payment card data so that merchants can reduce their obligations under PCI DSS. Encryption can also be used to secure account data, but because the data is still present, albeit in ciphertext format, the organization must ensure the entire technology infrastructure used to store and transmit this data is fully compliant with PCI DSS requirements. In 2011, the Payment Card Industry Security Standards Council (PCI SSC), the organization responsible for enforcing PCI DSS, issued a set of tokenization guidelines. While the guidance has not yet been added to the official PCI DSS standard, qualified PCI assessors now accept tokenization as a viable solution to meet requirements under the standard.

Increasingly, tokens are being used to secure other types of sensitive or personally identifiable information, including social security numbers, telephone numbers, email addresses, account numbers and so on. The backend systems of many organizations rely on Social Security numbers, passport numbers, and drivers license numbers as unique identifiers. Since this unique identifier is woven into these systems, its very difficult to remove them. And these identifiers are also used to access information for billing, order status, and customer service. Tokenization is now being used to protect this data to maintain the functionality of backend systems without exposing PII to attackers.

While encryption can be used to secure structured fields such as those containing payment card data and PII, it can also used to secure unstructured data in the form of long textual passages, such as paragraphs or even entire documents. Encryption is also the ideal way to secure data exchanged with third parties and protect data and validate identity online, since the other party only needs a small encryption key. SSL or Secure Sockets Layer, the foundation of sharing data securely on the Internet today, relies on encryption to create a secure tunnel between the end user and the website. Asymmetric key encryption is also an important component of SSL certificates used to validate identity.

Encryption and tokenization are both regularly used today to protect data stored in cloud services or applications. Depending on the use case, an organization may use encryption, tokenization, or a combination of both to secure different types of data and meet different regularly requirements. McAfeeCASB, for example, leveragesan irreversible one-way process to tokenize user identifying information on premises and obfuscate enterprise identity.

As more data moves to the cloud, encryption and tokenization are being used to secure data stored in cloud services. Most notably, if a government agency subpoenas the data stored in the cloud, the service provider can only turn over encrypted or tokenized information with no way to unlock the real data. The same is true is a cyber criminal gains access to data stored in a cloud service.

See the article here:
What is Tokenization vs Encryption - Benefits & Uses Cases ...

"Encryption is not authentication" is common wisdom among cryptography experts, but it is only rarely whispered among developers whom aren't also cryptography experts. This is unfortunate; a lot of design mistakes could be avoided if this information were more widely known and deeply understood. (These mistakes are painfully common in home-grown PHP cryptography classes and functions, as many of the posts on Crypto Fails demonstrates.)

The concept itself is not difficult, but there is a rich supply of detail and nuance to be found beneath the surface.

Encryption is the process of rendering a message such that it becomes unreadable without possessing the correct key. In the simple case of symmetric cryptography, the same key is used for encryption as is used for decryption. In asymmetric cryptography, it is possible to encrypt a message with a user's public key such that only possessing their private key can read it. Our white paper on PHP cryptography covers anonymous public-key encryption.

Authentication is the process of rendering a message tamper-resistant (typically within a certain very low probability, typically less than 1 divided by the number of particles in the known universe) while also proving it originated from the expected sender.

Note: When we say authenticity, we mean specifically message authenticity, not identity authenticity. That is a PKI and key management problem, which we may address in a future blog post.

In respect to the CIA triad: Encryption provides confidentiality. Authentication provides integrity.

Encryption does not provide integrity; a tampered message can (usually) still decrypt, but the result will usually be garbage. Encryption alone also does not inhibit malicious third parties from sending encrypted messages.

Authentication does not provide confidentiality; it is possible to provide tamper-resistance to a plaintext message.

A common mistake among programmers is to confuse the two. It is not uncommon to find a PHP library or framework that encrypts cookie data and then trusts it wholesale after merely decrypting it.

Message encryption without message authentication is a bad idea. Cryptography expert Moxie Marlinspike wrote about why message authentication matters (as well as the correct order of operations) in what he dubbed, The Cryptographic Doom Principle.

We previously defined encryption and specified that it provides confidentiality but not integrity or authenticity. You can tamper with an encrypted message and give the recipient garbage. But what if you could use this garbage-generating mechanism to bypass a security control? Consider the case of encrypted cookies.

The above code provides AES encryption in Cipher-Block-Chaining mode. If you pass a 32-byte string for $key, you can even claim to provide 256-bit AES encryption for your cookies and people might be misled into believing it's secure.

Let's say that, after logging into this application, you see that you receive a session cookie that looks like kHv9PAlStPZaZJHIYXzyCnuAhWdRRK7H0cNVUCwzCZ4M8fxH79xIIIbznxmiOxGQ7td8LwTzHFgwBmbqWuB+sQ==.

Let's change a byte in the first block (the initialization vector) and iteratively sending our new cookie until something changes. It should take a total of 4096 HTTP requests to attempt all possible one-byte changes to the IV. In our example above, after 2405 requests, we get a string that looks like this: kHv9PAlStPZaZZHIYXzyCnuAhWdRRK7H0cNVUCwzCZ4M8fxH79xIIIbznxmiOxGQ7td8LwTzHFgwBmbqWuB+sQ==

For comparison, only one character differs in the base64-encoded cookie (kHv9PAlStPZaZJ vs kHv9PAlStPZaZZ):

The original data we stored in this cookie was an array that looked like this:

But after merely altering a single byte in the initialization vector, we were able to rewrite our message to read:

Depending on how the underlying app is set up, you might be able to flip one bit and become and administrator. Even though your cookies are encrypted.

If you would like to reproduce our results, our encryption key was 000102030405060708090a0b0c0d0e0f (convert from hexadecimal to raw binary).

As stated above, authentication aims to provide both integrity (by which we mean significant tamper-resistance) to a message, while proving that it came from the expected source (authenticity). The typical way this is done is to calculate a keyed-Hash Message Authentication Code (HMAC for short) for the message and concatenate it with the message.

It is important that an appropriate cryptographic tool such as HMAC is used here and not just a simple hash function.

These two functions are prefixed with unsafe because they are vulnerable to a number of flaws:

To authenticate a message, you always want some sort of keyed Message Authentication Code rather than just a hash with a key.

Using a hash without a key is even worse. While a hash function can provide simple message integrity, any attacker can calculate a simple checksum or non-keyed hash of their forged message. Well-designed MACs require the attacker to know the authentication key to forge a message.

Simple integrity without authenticity (e.g. a checksum or a simple unkeyed hash) is insufficient for providing secure communications.

In cryptography, if a message is not authenticated, it offers no integrity guarantees either. Message Authentication gives you Message Integrity for free.

The only surefire way to prevent bit-rewriting attacks is to make sure that, after encrypting your information, you authenticate the encrypted message. This detail is very important! Encrypt then authenticate. Verify before decryption.

Let's revisit our encrypted cookie example, but make it a little safer. Let's also switch to CTR mode, in accordance with industry recommended best practices. Note that the encryption key and authentication key are different.

Now we're a little closer to our goal of robust symmetric authenticated encryption. There are still a few more questions left to answer, such as:

Fortunately, these questions are already answered in existing cryptography libraries. We highly recommend using an existing library instead of writing your own encryption features. For PHP developers, you should use defuse/php-encryption (or libsodium if it's available for you). If you still believe you should write your own, consider using openssl, not mcrypt.

Note: There is a narrow band of use-cases where authenticated encryption is either impractical (e.g. software-driven full disk encryption) or unnecessary (i.e. the data is never sent over the network, even by folder synchronization services such as Dropbox). If you suspect your problems or goals permit unauthenticated ciphertext, consult a professional cryptographer, because this is not a typical use-case.

If you wish to implement encrypted cookies in one of your projects, check out Halite. It has a cookie class dedicated to this use case.

If you want to reinvent this wheel yourself, you can always do something like this:

For developers without access to libsodium (i.e. you aren't allowed to install PHP extensions through PECL in production), one of our blog readers offered an example secure cookie implementation that uses defuse/php-encryption (the PHP library we recommend).

In our previous examples, we focused on building the encryption and authentication as separate components that must be used with care to avoid cryptographic doom. Specifically, we focused on AES in Cipher Block-Chaining mode (and more recently in Counter mode).

However, cryptographers have developed newer, more resilient modes of encryption that encrypt and authenticate a message in the same operation. These modes are called AEAD modes (Authenticated Encryption with Associated Data). Associated Data means whatever your application needs to authenticate, but not to encrypt.

AEAD modes are typically intended for stateful purposes, e.g. network communications where a nonce can be managed easily.

Two reliable implementations of AEAD are AES-GCM and ChaCha20-Poly1305.

In a few years, we anticipate the CAESAR competition will produce a next-generation authenticated encryption mode that we can recommend over these two.

And most importantly: Use a library with a proven record of resilience under the scrutiny of cryptography experts rather than hacking something together on your own. You'll be much better off for it.

Read the original here:
Using Encryption and Authentication Correctly (for PHP ...

A File Upload field allows users to upload files (such as PDFs and images) along with their form submission. Once an entry has been submitted, you can select the file in the entry information to view it. You can also click the download icon to download the file directly.

You can enable data encryption on your form to ensure that uploaded files are encrypted at rest.

The label will display as the title of the field or the question that is being asked on the form. You can select the icon on the right to hide the label on the form.

The types of files that can be uploaded can be restricted. For example, if you want to restrict your users to only upload PDFs, simply type in PDF. Multiple file extensions can be added, but must be separated by a comma.

The default restrictions are executable files, including: action, apk, app, bat, bin, cmd, com, command, cpl, csh, dll, exe, gadget, inf1, ins, inx, ipa, isu, job, js, jse, ksh, lnk, msc, msi, msp, mst, osx, out, paf, pif, prg, ps1, reg, rgs, run, sct, shb, shs, u3p, vb, vbe, vbs, vbscript, workflow, ws, and wsf.

100MB is the maximum size allowed for a single uploaded file.

The maximum file size can also be specified. In email notifications and confirmations, the limit for file attachments is a total of 17MB. If a file exceeds this amount, you will need to log in to your Cognito Forms account in order to view or download it.

The maximum number of files can be restricted. You cannot upload more than 20 files in a single upload field, which is the default limit.

Help text can be used to assist the user by providing additional instructions. Help text will display directly under the field.

By default, fields will always display on the form. However, you may want to hide specific fields or sections based on certain conditions such as a selected value of another field on the form.

Never Field will never display.

Requiring a field will make sure the user provides a response. When a field is required, an error message will display, and the form cannot be submitted until a value has been added to the field. Required fields are indicated by a red asterisk next to the label. By default, fields are never required.

Always Field is always required. User must provide a response in order to submit the form.

When Field is required only when specific conditions are met. After selecting this option, the Conditional Logic Builder dialog will display allowing you to select when the field is required.

Never Field is not required. This is the default behavior.

You can set a custom error message that will display under your field when specified conditions become true. The conditional logic builder will allow you to add any number of rules for validating your field. Learn more about the custom error option.

Continued here:
File Upload field - Cognito Forms Support

At Cognito Forms, were concerned about your privacy and the security of your form data. Below are the measures we take to ensure that your data is safe:

Cognito Forms uses TLS 1.2/SSL encryption and is always accessed over HTTPS 100% of the time for all users.

Cognito Forms is hosted securely on the Microsoft Azure cloud platform, which is PCI (DSS) Level 1 and HIPAA compliant. We also have a HIPAA BAA with Microsoft.

Cognito Forms is HIPAA compliant, and offers a business associate agreement for organizations seeking to securely communicate with patients via registration forms, appointment scheduling, refill requests, etc.

Access to our production environment is limited to select operations security staff, requiring two-factor authentication to deploy updates or access a secure system for limited troubleshooting.

We do not look at entry data for our customers unless requested to through an official support request. The details of our concern over data privacy are detailed in our Privacy Policy.

Customer data is carefully segregated at the lowest architectural level in Cognito Forms to ensure that data for one organization cannot be accessed by another.

We partner with PayPal, Stripe, and Square for credit card processing so that secure payment information is never transmitted or stored by Cognito Forms. We also take measures to prevent malicious scripts on sites we are embedded in from stealing this information.

The Cognito Forms architecture is unique and highly specialized for massive scale while maintaining data isolation. It does not use transitional databases and is not vulnerable to SQL injection attacks.

Production access credentials for storage and encryption tokens used to encrypt sensitive organization data are stored in an Azure credential store and are not stored within our own development environments.

All text data stored by Cognito Forms is sanitized to prevent JavaScript injection attacks, which someone might attempt to leverage by submitting JavaScript as entry data to maliciously access other entry data by compromising our customers browsers when managing entries.

Sensitive data, such as Social Security numbers and other personally identifiable information, is required to be encrypted at rest using 256-bit AES encryption. It must also be protected so that it is never emailed or otherwise transmitted in an insecure way. Any field type can be encrypted and/or protected, including uploaded files and sections.

We know that there are evolving threats to data security, and we will continue to refine our processes to ensure the safety of our customers data in Cognito Forms.

Go here to read the rest:
Data security - Cognito Forms Support