What is encrypting?

1. Mar 28, 2005

Reshma

What is encrypting in networking? What does it mean if unencrypted information is sent across the net? What are the implications if this happens?

2. Mar 28, 2005

dduardo

Staff Emeritus
3. Mar 28, 2005

ramollari

Encrypting in networking is a difficult goal in comparison local encrypting! There are two parties that may not know each other and need to communicate in the presence of hackers that pose man-in-the middle attacks. That's why public key cryptography is essential in networks, but combined with authentication services from Key Distribution Centers like Kerberos to protect from man-in-the-middle attacks.

4. Mar 28, 2005

TsunamiJoe

basically encrypting is taking a set of data and changing it, then forming an algorythm that can change it back, giving said algorythm to the reciever so that the reciever can then decrypt the algorythm and view the data - a message M, is transfered into a ciphertext C by an encryption E, which is then sent to the user and then decrypted D - thus $$M:M->E=C$$ so that then when sent to the user $$C:C->D=M$$

if you want more information on cryptography(encryption/decryption and algorythm developement for security purposes) PM me

5. Mar 29, 2005

Reshma

Hi TsunamiJoe

I use Mozilla Firefox as my browser. What happens is, whenever I type in my login ID and password and register I get a message box saying "The information you are sending is unencrypted and could be viewed by a third party". I usually click on 'OK'. But my fear is, is there a possibility my account could be hacked if I sent unencrypted information?
P.S. I get the same message box whenever I post a thread.

6. Mar 29, 2005

chroot

Staff Emeritus
This site does not use encryption; it is therefore possible for someone experienced to get your password if they monitor the initial traffic between the site and your computer. It's really not worth worrying about.

- Warren

7. Mar 29, 2005

Reshma

Thanks. Problem solved!

8. Mar 29, 2005

ramollari

If I am not wrong it is the case that this site would need a certificate from a trusted Certification Authority in order to get a public key to be used for encrypting the information.
Encryption in a network is like a nightmare, because it is vulnerable to attacks.

9. Mar 29, 2005

dduardo

Staff Emeritus
You don't need to buy a certificate from an authority, you can create your own. The user will be prompted to accept the certificate since the it is not signed by an authority supported by the browser. Data will still be encrypted.

10. Mar 29, 2005

TsunamiJoe

yep he is completely correct (^_^) but yah there are alot of sites that arent encrypted, and most often its nothing to worry about, unless your somewhere you know you shouldnt be (^_-) - but if your worried about hacks and viruses just read articles from symantec(i love the company hate the software) about security, the most important thing to protecting yourself is personal know-how

11. Mar 29, 2005

chroot

Staff Emeritus
TsunamiJoe,

This topic (encryption) has nothing to do with malware like viruses. As far as I'm aware, Symantec is not involved in cryptography. Encryption just keeps your information private.

- Warren

12. Mar 29, 2005

TsunamiJoe

his reason for worrying about encryption was a fear of a third party stealing his information, which is something symantec does deal with, most often a third party breaks your encryption with a hack and/or a virus to bypass it, thus needing more/better encryption and additional protection against said dangers of viewing already unencrypted data. As of late alot of the viruses being massively spread are ones that are not downloaded on there own, but ones that find unencrypted sources and put there coding into that source so that when it is viewed the user without protection catches the virus, thus showing why you can merely view a website and recieve a virus due to a lack of encryption on pages and a lack of encryption between the user and the server

13. Mar 29, 2005

chroot

Staff Emeritus
TsunamiJoe,

That might as well have been word salad; you seem to have a very poor understanding of how computers work. The simple fact is that encryption and malware are two very different things, and they are only rarely related. You can't break encryption with a hack, though you can break programs which use encryption. Futhermore, an encrypted page (say, via SSL) can certainly still be used to transfer a virus. SSL encryption just encrypts the contents of HTTP traffic as it moves across the 'net; it has nothing to do with what's contained in that HTTP traffic.

- Warren

14. Mar 30, 2005

Reshma

So what is the best way to maintain security of your account in an unencrypted site?

15. Mar 30, 2005

Reshma

BTW, it is her :grumpy:

16. Mar 30, 2005

master_coda

You can't. If the website isn't particularly interested in security, there isn't really anything you can do on your end to compensate for that. Just don't entrust private information to such a site.

17. Mar 30, 2005

TsunamiJoe

how dare you assume you know my extent of computer knowlage,

In order to break encryption you need a hacking program to do so, I have created and tested algorythms by using hacks to brute force them, the ONLY way to break encryption is to have another program run a series of tests(not neccisarely brute forcing, occasionaly your lucky enough to know the type of algorythm being tested so that you can narrow your testing down to fewer methods) on the encryption in order to find the key to it in order to decrypt the file and read it/edit it or stop it. Secondly NOONE manualy breaks encryptions and most often never manualy hack through a security program, encryption and malware are polar opposites, yes, but they are always related in the fact you cant sent anyone malware without either a) breaking encryption or b) bypassing it, of which we are daily developing new methods to not allow said programs to merely bypass our encryption protocols

also to help prevent being hijacked by unsecure sites dont ever say yes to those boxes that pop up asking if so and so's company can be trusted - unless your on microsoft.com and similiar sites and the company of which is asking permission is microsoft

18. Mar 30, 2005

graphic7

I never get those boxes.

19. Mar 30, 2005

chroot

Staff Emeritus
I'm not assuming it. You're making it obvious.
I'm aware of breaking a cryptosystem via brute force, and by making use of weaknesses in the algorithm to narrow the keyspace. This is not my concern.

My concern is that you claim people break encryption with viruses and malware -- something that, to my knowledge, has never been done. I have yet to learn of a virus that contains within it cracking code.

The simple fact is that it's easier to break a program and read the message out of a memory buffer before encryption than it is to mount an attack on the cipertext itself. It's also easier to drive over to the person's house and confiscate their computer equipment. No one is writing viruses or other malware which break cryptosystems. If you believe such things exist, please provide a reference. Otherwise, please stop making such silly claims.
I can send someone malware over plaintext email. Most malware programs are downloaded unwittingly through unsecure browsers by people who thoughtlessly press the "OK" button. The vast majority of websites don't use any encryption, and the vast majority of malware delivery doesn't involve any kind of encryption. I have no idea why you keep repeating yourself, but you're wrong.

- Warren

20. Mar 30, 2005

TsunamiJoe

I've suddenly come to the conclusion that we're argueing the same side of a story, but with a misunderstanding between us.

It appears as though my interpretation of malware is much broader than your own, which is causing the confusion, I interpret malware as anything that tampers with another program. So that anything to break encryption classifies to me as malware

That would be called bypassing the security by convincing an unsuspecting user to click on something so that you dont have to deal with the security measures otherwise, its as if you walk up to a door, and instead of burning it down, you knock on it to get the other person to open it.

Most virus' such as trojan horses and less powerfull tracking codes more often bypass security by hiding itself within the code of another file, which is one of the major security issues of alot of todays filesharing programs, that when you download a file, say a calculator, somewhere along the line a virus has essentialy broken the encryption using the computers decrypting devices and hides itself in the file.

So no I'm not saying a file itself has a full encryption breaking program in itself, but most often has simple lines of code that access your own computers decryption certificates.