conversion from Zola to Weblorg

1 files changed, 0 insertions, 167 deletions

diff --git a/content/blog/2020-02-09-cryptography-basics.md b/content/blog/2020-02-09-cryptography-basics.md
deleted file mode 100644
index 6e55809..0000000
--- a/content/blog/2020-02-09-cryptography-basics.md
+++ /dev/null
@@ -1,167 +0,0 @@
-+++
-date = 2020-02-09
-title = "Cryptography Basics"
-description = ""
-draft = false
-+++
-
-# Similar Article Available
-
-If you haven't already, feel free to read my post on [AES
-Encryption](../aes-encryption/).
-
-# What is Cryptography?
-
-In layman's terms, cryptography is a process that can change data from a
-readable format into an unreadable format (and vice-versa) through a series of
-processes and secrets. More technically, this is the Internet Security
-Glossary's definition:
-
-> [Cryptography is] the mathematical science that deals with transforming data
-> to render its meaning unintelligible (i.e., to hide its semantic content),
-> prevent its undetected alteration, or prevent its unauthorized use. If the
-> transformation is reversible, cryptography also deals with restoring encrypted
-> data to an intelligible form.
->
-> -   [Internet Security Glossary (2000)](https://tools.ietf.org/html/rfc2828)
-
-Cryptography cannot offer protection against the loss of data; it simply offers
-encryption methods to protect data at-rest and data in-traffic. At a high-level,
-encrypted is when plaintext data is encrypted to ciphertext (a secure form of
-text that cannot be understood unless decrypted back to plaintext). The
-encryption process is completed through the use of a mathematical function that
-utilizes one or more values called keys to encrypt or decrypt the data.
-
-# Key Elements of Cryptographic Systems
-
-To create or evaluate a cryptographic system, you need to know the essential
-pieces to the system:
-
--   **Encryption Algorithm (Primitive):** A mathematical process that encrypts
-    and decrypts data.
--   **Encryption Key:** A string of bits used within the encryption algorithm as
-    the secret that allows successful encryption or decryption of data.
--   **Key Length (Size):** The maximum number of bits within the encryption key.
-    It's important to remember that key size is regulated in many countries.
--   **Message Digest:** A smaller, fixed-size bit string version of the original
-    message. This is practically infeasible to reverse, which is why it's
-    commonly used to verify integrity.
-
-# Symmetric Systems (Secret Key Cryptography)
-
-Symmetric cryptography utilizes a secret, bidirectional key to perform both
-encryption and decryption of the data. The most common implementation of
-symmetric cryptography is the Advanced Encryption Standard, which uses keys that
-are 128 bits to 256 bits in size. This standard came after the National
-Institute of Standards and Technology (NIST) decided to retire the Data
-Encryption Standard (DES) in 2001.
-
-Since brute force attacks strongly correlate with key length, the 56-bit key
-length of DES was considered insecure after it was publicly broken in under 24
-hours. However, there is a modern implementation of DES called Triple DES where
-the DES method is applied three times to each data block.
-
-The main advantages to symmetric systems are the ease of use, since only one key
-is required for both encryption and decryption, and the simplicity of the
-algorithms. This helps with bulk data encryption that may unnecessarily waste
-time and power using asymmetric systems.
-
-However, symmetric systems have disadvantages to keep in mind. Since the key is
-private, it can be difficult to safely distribute keys to communication
-partners. Additionally, the key cannot be used to sign messages since it's
-necessary to keep the key private.
-
-# Asymmetric Systems (Public Key Cryptography)
-
-Asymmetric cryptography utilizes two keys within the system: a secret key that
-is privately-held and a public key that can be distributed freely. The
-interesting aspect of asymmetric cryptography is that either key can be used to
-encrypt the data, there's no rule that dictates which key must be used for
-encryption. Once one key is used to encrypt the data, only the other key can be
-used to decrypt the data. This means that if the private key encrypts the data,
-only the public key can decrypt the data.
-
-An advantage of this system is that if you successfully decrypt data using one
-of the keys, you can be sure of the sender since only the other key could have
-encrypted the data.
-
-One of the major implementations of an asymmetric system is a digital signature.
-A digital signature can be generated using the sender's private key, or a
-one-way hash function and is used to provide assurance for the integrity and
-authenticity of the message. A couple common message digest algorithms are
-SHA-256 and SHA-512, which securely compress data and produce a 128-bit message
-digest.
-
-It should be noted that man-in-the-middle attacks are one of the risks with
-digital signatures and public keys. To combat this, applications often use a
-public key infrastructure (PKI) to independently authenticate the validity of
-signatures and keys.
-
-Due to the large key size and [inefficient mathematical
-functions](https://crypto.stackexchange.com/a/591) of asymmetric encryption,
-elliptical curve cryptography (ECC) is often used to increase security while
-using fewer resources.
-
-# Applications of Cryptographic Systems
-
-There are quite a few implementations of cryptographic systems around the world.
-Here are a few popular examples:
-
-**Transport Layer Security (TLS):** One of the most famous cryptographic
-solutions created is TLS, a session-layered or connection-layered internet
-protocol that allows for secure communications between browsers and servers.
-Using handshakes, peer negotiation, and authentication allows TLS to prevent
-eavesdropping and malicious transformation of data. The major reason for TLS
-popularity is that a major vulnerability was found in the SSL protocol in 2014.
-Instead of SSL, TLS can be used with HTTP to form HTTPS and is the preferred
-method for modern web development due to its increased security.
-
-**Secure Hypertext Transfer Protocol (HTTPS):** An application layer protocol
-that allows for secure transport of data between servers and web clients. One of
-the unique parts of HTTPS is that it uses a secured port number instead of the
-default web port address.
-
-**Virtual Private Network (VPN):** VPNs are made to securely extend a private
-network across public networks by utilizing an encrypted layered tunneling
-protocol paired with an authentication method, such as usernames and passwords.
-This technology originally allowed remote employees to access their company's
-data but have evolved into one of the top choices for anyone who wishes to mask
-their sensitive personal data.
-
-**Internet Protocol Security (IPSec):** This protocol suite facilitates
-communication between two or more hosts or subnets by authenticating and
-encrypting the data packets. IPSec is used in a lot of VPNs to establish the VPN
-connection through the transport and tunnel mode encryption methods. IPSec
-encrypts just the data portion of packets in the transport methods, but it
-encrypts both the data and headers in the tunnel method (introducing an
-additional header for authentication).
-
-**Secure Shell (SSH):** SSH is another network protocol used to protect network
-services by authenticating users through a secure channel. This protocol is
-often used for command-line (shell) functions such as remote shell commands,
-logins, and file transfers.
-
-**Kerberos:** Developed by MIT, Kerberos is a computer-network authentication
-protocol that works on the basis of tickets to allow nodes communicating over a
-non-secure network to prove their identity to one another securely. This is most
-commonly used in business environments when used as the authentication and
-encryption method for Windows Active Directory (AD).
-
-# Cybersecurity Controls
-
-If you're someone who needs solutions on how to control risks associated with
-utilizing a crytograhpic system, start with a few basic controls:
-
--   **Policies:** A policy on the use of cryptographic controls for protection
-    of information is implemented and is in accordance with organizational
-    objectives.
--   **Key management:** A policy on the use, protection and lifetime of
-    cryptographic keys is implemented through the entire application lifecycle.
--   **Key size:** The organization has researched the optimal key size for their
-    purposes, considering national laws, required processing power, and
-    longevity of the solution.
--   **Algorithm selection:** Implemented algorithms are sufficiently appropriate
-    for the business of the organization, robust, and align with recommended
-    guidelines.
--   **Protocol configuration:** Protocols have been reviewed and configured
-    suitable to the purpose of the business.