Skip to main content

What Is Encryption

What is Encryption? If you read wikipedia the definitions is

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor”

In other words Encryption is the process of taking a message and changing it in such a way that with out the key (some pre shared information) it is very difficult to determine what original  message was. Most of the time encryption uses an algorithms to create the encrypted data.

algorithm is a self-contained step-by-step set of operations to be performed. – wikipedia

If you simplify down a encryption algorithm it basically takes two inputs the plain text and a key. The plain text is your message and they key is value that you what to encrypt the message with. Anyone that wants to read the message will need the key to easily decrypt the message. Depending on the algorithm used sometime they key can be the algorithm but that is considered to be extremely unsafe and isn’t done today. A algorithm will out put what they call ciphertext with is just encrypted data. The ciphertext is then reentered into the encryption algorithm and with the correct key will output the plain text again.

Encryption is used all over the place in computer security and will become crucial to understand as time goes on.

There is a lot more that could be said here but I want to keep it short we will continue to build on this as time progresses.

security, Web security

The Sad Truth about Passwords

Something that you never think about but should be at the forefront of are minds is this.

Weak passwords trump good security.

No matter how good the system is programmed or secured. No matter how many walls we put up. If we let people give away the keys then security means nothing. This goes back to the idea of security as a chain. Security is a chain of things. If you have one weak spot your whole chain will break. It only takes one problem to get into a website or company.

How does this relate to you do you ask? Well look at it this way you know that test account or that default account your using. Well that is how the hacker is going to get in. He isn’t going to create some 0 day attack to break into your website or company. He is just going to google the default account for what ever tool your using or try and guess that its admin admin.  Most hackers are lazy and are going to look for the easiest way in and for the most part today there is some user out there with a easily guessable account password. It may not even be you! But if we don’t think about it it will effect us!

Web security