Planning Tool for Resource Integration, Synchronization, and Management
Very powerful surveillance program from NSA.
So, What is Crypto?
Study of techniques for secure communication!
Something used to convert a message to nonsense!
Example!
The simplest Example would be: Ceaser Cipher!
The Ceaser Cipher!
converts: I LOVE YOU to
C FIPY SIO
When the Key is: 20
Okay, How does it work?
Each letter is shifted by the key!
To Get it Back
Just shift in opposite direction!
Cons!
One can sit all day and try all 26 combinations!
Types of Encryption
Symmetric
Assymetric
Hybrid
Symmetric
Use same key for encryption and Decryption
Example: Ceaser Cipher!
Exchanging keys securely
Demonstration of symmetric key encryption.
Assymetric
It uses two different keys for encryption and decryption.
Which leads to:
Public Key Cryptography
Public Key Cryptography
Two Keys (A pair)
Public Key
Private Key
Public Key Cryptography
People Encrypt With Your Public Key!
You Decrypt that with your Private Key!
PGP
Pretty Good Privacy
PGP
is an Hybrid CryptoSystem.
So, GPG?
Is an free implementation of OpenPGP standard!
Demo Time!
Generating keys, (gpg --gen-keys)
Exporting keys to public key server (gpg --keyserver pgp.mit.edu --send-key [id])
Importing keys of your friends from public key server (gpg --search-keys --keyserver pgp.mit.edu "[email]") (gpg --recv-keys --keyserver pgp.mit.edu [key_id])
Encrypting a message and sending (gpg --encrypt-files)
Decrypting a received files (gpg --decrypt-files)
Signing a message
Using enigmail with thunderbird
Do's and Dont's on cryptography
Never ever try to use your own algorithm on production
Use only tested and verified encryption libraries.
Do not encrypt passwords, always hash 'em
Do not use depriciated hashing algorithm or any algorithm which is no longer accepted as a good practice such as MD5 or SHA1
Do's and Dont's on cryptography contd.
Do not store decryption key in a plain text format.
Encryption should always happen at users' end.
Always use latest version of library while developing any application.
Do not enter credit card details or other sensitive information on any application which do not run on https