- #1
Reshma
- 749
- 6
What is encrypting in networking? What does it mean if unencrypted information is sent across the net? What are the implications if this happens?
chroot said:This site does not use encryption; it is therefore possible for someone experienced to get your password if they monitor the initial traffic between the site and your computer. It's really not worth worrying about.
- Warren
TsunamiJoe said:his reason for worrying about encryption was a fear of a third party stealing his information,
Reshma said:So what is the best way to maintain security of your account in an unencrypted site?
That might as well have been word salad; you seem to have a very poor understanding of how computers work.
TsunamiJoe said:also to help prevent being hijacked by unsecure sites don't ever say yes to those boxes that pop up asking if so and so's company can be trusted - unless your on microsoft.com and similar sites and the company of which is asking permission is microsoft
I'm not assuming it. You're making it obvious.TsunamiJoe said:how dare you assume you know my extent of computer knowlage,
I'm aware of breaking a cryptosystem via brute force, and by making use of weaknesses in the algorithm to narrow the keyspace. This is not my concern.In order to break encryption you need a hacking program to do so, I have created and tested algorythms by using hacks to brute force them, the ONLY way to break encryption is to have another program run a series of tests(not neccisarely brute forcing, occasionaly your lucky enough to know the type of algorythm being tested so that you can narrow your testing down to fewer methods) on the encryption in order to find the key to it in order to decrypt the file and read it/edit it or stop it.
I can send someone malware over plaintext email. Most malware programs are downloaded unwittingly through unsecure browsers by people who thoughtlessly press the "OK" button. The vast majority of websites don't use any encryption, and the vast majority of malware delivery doesn't involve any kind of encryption. I have no idea why you keep repeating yourself, but you're wrong.the fact you can't sent anyone malware without either a) breaking encryption or b) bypassing it, of which we are daily developing new methods to not allow said programs to merely bypass our encryption protocols
My concern is that you claim people break encryption with viruses and malware -- something that, to my knowledge, has never been done. I have yet to learn of a virus that contains within it cracking code.
That would be called bypassing the security by convincing an unsuspecting user to click on something so that you don't have to deal with the security measures otherwise, its as if you walk up to a door, and instead of burning it down, you knock on it to get the other person to open it.I can send someone malware over plaintext email. Most malware programs are downloaded unwittingly through unsecure browsers by people who thoughtlessly press the "OK" button.
Neither the filesharing program nor the calculator program uses any kind of cryptography. A cryptosystem is defined by an algorithm (DES, IDEA, RSA, TwoFish, etc.), and a set of (usually rigid) protocols by which two parties communicate securely. A cryptanalysis program examines a piece ciphertext and tries to recover the corresponding plaintext. That's breaking encryption.that when you download a file, say a calculator, somewhere along the line a virus has essentialy broken the encryption using the computers decrypting devices and hides itself in the file.
When a virus infects an executable, that's not "breaking encryption." When a trojan horse installs something in the Windows registry, that's not "breaking encryption."
That is not encryption! Machine code is definitely readable -- all you need is a table of the opcodes!TsunamiJoe said:I am in complete agreement with that statement. But what I was trying to express was, when you code something then make it an executable it is essentialy encrypted into a certain format(hexidecimal etc etc) which, personaly, I don't believe either of us can read, nor translate in efficient time.
I don't believe this is true. Please provide a reference.also most filesharing programs will essential "encrypt the stream" of data
This is a very poor analogy. How can you encrypt a stream of data without encrypting the data? That doesn't even make any sense.so that while in progress of being recieved, the data persay isn't being encrypted, but the stream is, for instance cars drive through a tunnel, the cars are the data, being completely unchanged, yet there's the tunnel which protects the cars from something falling on top of them to destroy them, malware.
How is a virus going to infect a stream of bytes going across the network? That would involve a very sophisticated attack on the TCP/IP protocol itself, which, again, I don't think has ever been done. If you think it has been done, please provide a reference.Now granted these streams are very rarely secure enough to prevent third party breakage when a person is trying to attain the information, but they are most often secure enough to prevent any computerised automatic viruses from infecting said files before they reach you.
as i said you cannot translate it efficiently, and secondly you can form a cryptographic algorithym to translate them into machine code, which is what the machine doesThat is not encryption! Machine code is definitely readable -- all you need is a table of the opcodes!
for instance when sending data through the ports, you can protect the port by not allowing access into it, which is done often through authorization strictly between machines without users knowing itThis is a very poor analogy. How can you encrypt a stream of data without encrypting the data? That doesn't even make any sense.
Could you perhaps reiterate this? But if your saying what I think you are, then its the same way that someone would intercept an encrypted message before it gets to one of the users, just its done by more or less random from a person's computer which he has initiated a program into spread a virus. But again I could just be reading that wrong, and just to declare a network to me is a connection between any 2 or more machines whether it be person to server, person to person, or sever to person.How is a virus going to infect a stream of bytes going across the network?
TsunamiJoe said:as i said you cannot translate it efficiently, and secondly you can form a cryptographic algorithym to translate them into machine code, which is what the machine does
for instance when sending data through the ports, you can protect the port by not allowing access into it, which is done often through authorization strictly between machines without users knowing it
It's not a cryptographic algorithm. In the very strictest sense, ASCII could be considered a substitution cipher (it replaces a character with a number), but it's just a representation, and is not done to protect information. Sorry, but you're using the word incorrectly. If you intend to seek formal education on the topic, you should start using (and spelling) the words properly. Arguing with me about the meaning of words is just a silly waste of both our time; I know more about this topic than do you.TsunamiJoe said:as i said you cannot translate it efficiently, and secondly you can form a cryptographic algorithym to translate them into machine code, which is what the machine does
Again, this is not encryption. You seem to think that any kind of protection mechanism is cryptography, but that's just simply not true.for instance when sending data through the ports, you can protect the port by not allowing access into it, which is done often through authorization strictly between machines without users knowing it
Viruses tack executable code onto executable programs. In order for a virus to infect a file as its bytes are being sent across the network, the virus would have to interact with both peers on the network, performing a very elaborate middle-man attack, crafting new packets with the right sequencing information to maintain contuinity for the duration of the connection.Could you perhaps reiterate this? But if your saying what I think you are, then its the same way that someone would intercept an encrypted message before it gets to one of the users, just its done by more or less random from a person's computer which he has initiated a program into spread a virus. But again I could just be reading that wrong, and just to declare a network to me is a connection between any 2 or more machines whether it be person to server, person to person, or sever to person.
I can send someone malware over plaintext email. Most malware programs are downloaded unwittingly through unsecure browsers by people who thoughtlessly press the "OK" button.
The discussion here is mainly driven by the misconception of TsunamiJoe that Security and Encryption are synonymous.Reshma said:Interesting discussion here
An 'unsecure' browser can have many interpretations. In terms of encryption at least, virtually all browsers support it when requested. Unsecure browsers are usually the ones that are not careful with what they download (or do not notify the user), including malware, or applets/add-ons that perform file processing. There are several other security measures that a good browser can take, but I am not competent enough to list them here.Reshma said:Can someone define what exactly is an 'unsecure' browser?
A virus is actually a kind of malware, that runs on a local machine and copies itself in the permanent storage. Malware also includes Troyan horses (downloadable viruses that communicate with the source machine), worms, time bombs, and others.Reshma said:What is the difference between a malware and a virus?
The answer is NO. The only role of encryption per se is to ensure privacy of exchanged messages, that should be clear to you. Viruses/Troyan horses can enter the machine regardless of whether the data is cyphertext or plaintext. Encryption as a mechanism is also useful for other security objectives (data integrity, authentication, non-repudiation).Reshma said:Since it is not possible to break encryption using viruses, that leaves me with one question: Are unencrypted sites more prone to virus?
And I've certainly never heard anyone claim that port blocking is a form of encryption.
the virus would have to interact with both peers on the network, performing a very elaborate middle-man attack,
I know more about this topic than you do.
You didn't realize you were talking about port blocking, but you were. There are no port-level cryptographic authorization schemes. You can deny connections by IP, but that's about it. Anyone can connect to an open port on another machine. Authorization using cryptography is done by a server servicing that port at the application level -- much, much higher than the port itself.TsunamiJoe said:I wasn't speaking of port blocking, but when requiring a set of passwords of which are encrypted so that they can be planely seen, except by the other communicating machine.
And where would the real packets go? Would you just use your super-laser-ray and obliterate them off the ethernet wires?This is not entirely so, when using a file sharing program, most often the program will merely know your IP, so that someone wanting access to the information being sent could merely "spoof" there IP and pretend they were one of the machines(personaly i would say that the user receiving the file would be the one to spoof, as to promote less work by the middleman in not having to get into the other persons system prior, but to instead just walk into the connect) then simultaniously send it out to the real user spoofing the senders' IP.
We're not conducting a debate. You're saying things that are wrong. I, and others, are correcting you. Whether or not it's worth doing, only you can say.I was not claiming your ignorance, I'm merely presenting another side to an arguement, and if you wish to degrade to using pety comments such as this to proove your point, then I no longer have any position in this debate anymore. It was nice, and a great debate while it was being upheld properly. I hope you, Reshma, got the answers you were seeking.
Encryption is the process of converting plain text into a code to prevent unauthorized access to sensitive information. In networking, encryption is important because it ensures that data transmitted between devices is secure and cannot be intercepted or read by anyone who is not authorized to do so.
Encryption in networking involves using algorithms to convert plain text into a code that is unreadable without a key. The key is a unique code that is used to decrypt the data and convert it back to its original form. This process ensures that even if the data is intercepted, it cannot be read without the key.
Unencrypted data in networking can have serious implications, as it can be easily intercepted and read by unauthorized parties. This can lead to sensitive information being exposed, such as personal or financial data, which can result in identity theft or financial loss. It can also compromise the security of a network and make it vulnerable to cyber attacks.
Some common methods of encryption used in networking include symmetric encryption, where the same key is used for both encryption and decryption, and asymmetric encryption, where a public key is used to encrypt data and a private key is used to decrypt it. Other methods include hashing, which converts data into a fixed-length code, and SSL/TLS, which encrypts data transmitted over the internet.
While encryption is an important security measure in networking, it can also have some drawbacks. The process of encryption and decryption can slow down data transmission, which can affect network performance. Additionally, if the key is lost or compromised, it can result in data being permanently inaccessible. Encryption also requires additional resources and can be costly to implement and maintain.