Category Archives: Encryption

What is an Encryption Key? (with picture)

Posted on by

Encryption is a form of security that turns information, images, programs, or other data into unreadable cipher by applying a set of complex algorithms to the original material. These algorithms transfer the data into streams or blocks of seemingly random alphanumeric characters. An encryption key might encrypt, decrypt, or perform both functions, depending on the type of encryption software being used.

There are several types of encryption schemes, but not all are secure. Simple algorithms can be easily broken using modern computer power, and yet another point of weakness lies in the decryption method. Even the most secure algorithms will decrypt for anyone who holds the password or key.

Symmetric types of encryption schemes use a single password to serve as both encryptor and decryptor. Supplying the encryption key, one can mount the drive and work in an unencrypted state, then return the drive to cipher when finished.

The algorithms used are considered very secure, with one of this type adopted as the Advanced Encryption Standard (AES) used by the U.S. Government for storing classified and top secret information. The one weakness of symmetric encryption programs is that the single key must necessarily be shared, presenting an opportunity for it to be leaked or stolen. Part of key management involves changing the key often to improve security.

Public asymmetric encryption schemes also use highly secure algorithms with a different method of encrypting and decrypting. This software uses two keys, known as a key pair. One is the public key, and can be freely shared or given to anyone because its only job is to encrypt. The other key is the private key, and is not shared. The private key is required to decrypt anything that has been encrypted by the public key.

Asymmetric encryption software is widely used for making email and instant messaging private. Users can install one of many available encryption programs, and the program generates a key pair for the user. The encryption key, or public key of the key pair, can be sent to others who are also running a compatible encryption program.

Once another person has the public key, he or she can send encrypted messages to the owner of the public key. After a message has been encrypted, even the author cannot decrypt it. In the encryption process, the algorithms are based on the key pair, and only the private key of that specific key pair can reverse the encryption process. The mail or message is then sent to the owner of the public key.

Upon receipt of the mail, the private key will request a passphrase before decrypting. For maximum security, this passphrase should be supplied manually, but software will allow a user to store the passphrase locally so that messages can be decrypted automatically. Asymmetric encryption is considered more secure than symmetric encryption, because the key that triggers decryption is not shared.

Regardless of the type of encryption, if someone gains access to a computer, the data is only as secure as the passphrase that protects the encryption key. The best passphrases are alphanumeric and random, though these are harder to remember. If someone must pick something recognizable, he or she should avoid addresses, license plate numbers, names, pets, or other easily cracked passwords, and include numbers plus characters that are neither letters nor numbers. Most importantly, each password should be completely unique from all others in use, as adopting a single password or a "theme" on passwords vastly reduces security and increases vulnerability.

See the original post:
What is an Encryption Key? (with picture)

TrueCrypt’s cryptic warning is downright alarming

Posted on by

TrueCrypt urges users to abandon its popular disk-encryption tool.

Popular encryption program TrueCrypt released a peculiar statement on its SourceForge page, warning users about a potential vulnerability and recommending they abandon TrueCrypt.

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues," says the red text atop the page. The warning further states that the app ceased development in May, after Microsoft ended support of Windows XP. The developers recommend migrating any True Crypt-encrypted data to encrypted disks supported by users' OS.

The use of TrueCrypt had increased in recent months, thanks to Edward Snowden's endorsement. The latest build is still offered on the site, despite speculation around its legitimacy and suspicions that it may contain malware. But the statement recommends the program be used for migration purposes only.

We recommend you stick with your platform's encryption: BitLocker for Windows and FileVault for Mac. There's not enough evidence to conclude that the TrueCrypt site was hacked, nor does the message imply a damaging practice, but still we recommend that you avoid TrueCrypt for the time being.

Here are a few alternative encryption tools for backing up your disk:

Read more:
TrueCrypt's cryptic warning is downright alarming

TrueCrypt Abruptly Ceases Development: Users Puzzled Over Sudden Discontinuation Of Popular Encryption Software

Posted on by

The abrupt discontinuation of the popular open-source encryption software TrueCrypt has left its users puzzled.

Users looking to download the TrueCrypt program on Wednesday from its official website were greeted with an ominous message warning users that the encryption software was inherently insecure.

The warning message reads:

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.

Following the initial warning message posted on the TrueCrypt site were instructions for migrating data from TrueCrypt to BitLocker, an encryption solution developed by Microsoft Corp. (NASDAQ:MSFT). According to TrueCrypts page, development behind the software ceased in May as Microsoft ended its support for Windows XP.

From TrueCrypts page:

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in May after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

While alternative encryption solutions are available on Windows, Linux and Mac OSX, TrueCrypt was especially popular with users such as journalists for its hidden volume encryption feature, which created a hidden pocket of data within a standard TrueCrypt storage volume. This allowed its users some plausible deniability for that hidden data, even if they were forced to give up their password to the visible TrueCrypt encrypted storage volume.

Further adding to the mystery behind the abrupt change with TrueCrypt, the software has also been updated to provide only read-only access to data volumes created by previous versions of the encryption software.

Read the original post:
TrueCrypt Abruptly Ceases Development: Users Puzzled Over Sudden Discontinuation Of Popular Encryption Software

Sophos adds file-level encryption to mobile security software

Posted on by

Sophos has added file-level encryption to its mobile security software so that users of Android or Apple iOS devices with Sophos Mobile Control 4.0 can share encrypted files.

IT managers set up the encryption process for the mobile devices through the Sophos management console, according to Marty Ward, vice president of product marketing. This can be organized so that only certain groups of users can share encrypted files.

+ MORE ON NETWORK WORLD VMware outlines vision' for unified mobile security and management | BYOD may be SOP but it's still a headache for IT +

In addition to the new file-level encryption in Sophos Mobile Control 4.0, Sophos has also added a way to integrate Web filtering capability and a network-access control mechanism for organizations using the Sophos UTM for gateway security.

"If you have our UTM, there's the ability to check that the mobile phone is compliant," says Ward. Types of compliance checking would include checking to see if a mobile device has been jailbroken or if it's using apps that are not allowed under the company's policy. Mobile devices flagged by the network-access control mechanism can be isolated until remediation is achieved.

Sophos Mobile Control 4.0, which also includes anti-malware protection, costs $33 per user.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.

Tags sophosApplesecurityNetworkingwirelessWide Area NetworkVMware

More about AppleIDGSophosVMware

Link:
Sophos adds file-level encryption to mobile security software

County moves to require computer encryption after medical data breach

Posted on by

Following a break-in at a county health contractor's office that led to the theft of computers containing personal information about more than 342,000 patients, Los Angeles County supervisors moved to tighten protocols for protecting data.

The county already requires that workers' laptops be encrypted. The supervisors voted Tuesday to extend that policy to also encrypt all county departments computer workstation hard drives.

They also asked that county staff members develop a plan to require "all County-contracted agencies that exchange personally identifiable information and protected health information data with the County" to encrypt sensitive information on their computers as a condition of their contracts.

In February, eight computers were taken from the Torrance office ofSutherland Healthcare Solutions, a company that handles medical billing and collections for the county.

Lisa Richardson, spokeswoman for Supervisor Mark Ridley-Thomas, who proposed the new security protocols, said the Sutherland incident "alerted us to some necessary security measures."

Torrance police are investigating the break-in, along with theLos Angeles County district attorney's cybercrime team and the U.S. Secret Service, which also investigates computer crimes.

Sutherland has offered a $25,000 reward for information leading to the return of the stolen equipment or the arrest and conviction of those responsible for the theft.

The company, via a public relations firm, released images of a suspect captured by cameras. The suspect shown on film appeared to be ablack man of "unknown age and height with a thick build." He was wearing gloves, a dark sweatshirt and dark hat with white insignias, gray or blue jeans and bright blue athletic shoes. He also had an earring in his left ear and a large watch on his left wrist.

At least three lawsuits have been filed against the county and Sutherland over the incident, alleging, among other things, that the company failed to encrypt the data stored on the computers.

See the original post here:
County moves to require computer encryption after medical data breach

Former Sun Micro Execs Recall Trail-Blazing Times

Posted on by

Sun Microsystems had a knack for getting in early on big trendssometimes crazy early. Consider its embrace of encryption.

Founders of the Silicon Valley computer maker who attended a reunion over the weekend noted that Sun made an unusual bet on the data-scrambling technology in its first products, more than three decades before revelations about National Security Agency data-gathering turned the privacy safeguard into a household word.

Sun, founded in 1982 and sold to Oracle in 2010 after a long slump, made its name with desktop workstations that ran their own software and came with built-in networking capability using the then-nascent technology Ethernet. Networking was a novel addition at a time when most corporate computing was conducted on minicomputers and mainframes, used with simple terminals.

Since users of Sun workstations could exchange data, company engineers worried about protecting it.

I couldnt imagine how you could do networking without encryption, said Vinod Khosla, the Sun co-founder and venture capitalist, in a conversation with reporters during the event in Mountain View, Calif.

And not just any form of encryption. Andy Bechtolsheim, who came up with the early workstation designs as a Stanford University graduate student, said colleagues like programmer Bill Joy argued that using software to scramble data wouldnt offer enough protection.

The only approach that seemed secure enough from tampering would be to use hardware. So Sun put a socket on circuit boards in early machines to accommodate an encryption chip, even though such chips werent readily available at the time.

We put in an empty socket, where we would add the chip if it ever came, Bechtolsheim said.

Chips that could handle the crypto calculations eventually did arrive, but created another problem: U.S. regulations wouldnt let Sun export a machine with built-in encryption, Bechtolsheim says.

Few buyers of Sun workstations used the technology anyway, Khosla added, so it was eventually removed. The episode typifies the repeated tendency of Sun executives to make decisions based on a belief in what made the most sense technologically, not necessarily commercially.

Here is the original post:
Former Sun Micro Execs Recall Trail-Blazing Times

Example Of Key Generation And Encryption Using Simplified DES | Security And Cryptography Lecture – Video

Posted on by


Example Of Key Generation And Encryption Using Simplified DES | Security And Cryptography Lecture
This video video gives you explanation and Example Of Key Generation And Encryption Using Simplified DES | Security And Cryptography Lecture. This video was ...

By: Tutorial Video

See the rest here:
Example Of Key Generation And Encryption Using Simplified DES | Security And Cryptography Lecture - Video