| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
IPSec
|
|
SSH
|
|
SSL
|
|
Steganography
|
|
VPN
|
|
Password Based Cryptography The following document provides a guideline for implementation of password-based (symmetric) cryptography. The goal of this guideline is to provide a relatively simple and secure implementation. The document follows the PKCS#5 v2 standard in all aspects except for the message format. The message is instead stored in XML rather then ASN.1.
By Adam Berent, 02/23/2004
|
|
Protecting Secret Keys with Personal Entropy Conventional encryption technology often requires users to protect a secret key by selecting a password or passphrase. While a good passphrase will only be known to the user, it also has the flaw that it must be remembered exactly in order to recover the secret key. As time passes, the ability to remember the passphrase fades and the user may eventually lose access to the secret key. We propose a scheme whereby a user can protect a secret key using the personal entropy" in his own life, by encrypting the passphrase using the answers to several personal questions. We designed the scheme so the user can forget answers to a subset of the questions and still recover the secret key, while an attacker must learn the answer to a large subset of the questions in order to recover the secret key.
By Carl Ellison, Chris Hall, Randy Milbert, and Bruce Schneier, 02/21/2004
|
|
Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security Encryption plays an essential role in protecting the privacy of electronic information against threats from a variety of potential attackers. In so doing, modern cryptography employs a combination of conventional or symmetric cryptographic systems for encrypting data and public key or asymmetric systems for managing the keys used by the symmetric systems.
By Matt Blaze, Whitfield Diffie, Ronald L. Rivest, Bruce Schneier, Tsutomu Shimomura, Eric Thompson, and Michael Wiener, 02/21/2004
|
|
Master-Key Cryptosytems We initiate the study of a new class of secret-key cryptosystems, called master-key cryptosystems (MKCSs), in which an authorized third party (hereinafter called "the government," although it need not literally be one) possesses a "master key" that allows efficient recovery of the cleartext without knowledge of the session key.
By Matt Blaze, Joan Feigenbaum, and F. T. Leighton, 02/21/2004
|
|
Key Iterations & Cryptographic Salts The following document discusses the use of key iterations and cryptographic salts to stop dictionary attacks in password based encryption (symmetric cryptography).
By Adam Berent, 02/21/2004
|
|
Fast Software Encryption: Designing Encryption Algorithms for Optimal Software Speed on the Intel Most encryption algorithms are designed without regard to their performance on top-of-the-line microprocessors. This paper discusses general optimization principles cryptographers should keep in mind when designing algorithms, and analyzes the performance of RC4, SEAL, RC5, Blowfish, and Khufu/Khafre on the Intel Pentium with respect to those principles.
By Bruce Schneier and Doug Whiting, 02/21/2004
|
|
Page: 1234567 8 |
