This is Phil Smith III's Typepad Profile.
Join Typepad and start following Phil Smith III's activity
Join Now!
Already a member? Sign In
Phil Smith III
Mainframe Architect and System z Product Manager at Voltage Security
Recent Activity
I promised that we were done with hashes, but there’s one more set of interesting and powerful uses for them that’s worth discussing: Message Digests (MDs), Message Authentication Codes (MACs*), and Hashed Message Authentication Codes (HMACs). A Message Digest is just a hash of a message. MDs are useful to verify that the message was not accidentally damaged in transit. These were useful in the days of dialup and other technologies; with modern TCP/IP, not so much, although some websites will list an MD along with a download so that you can verify that you downloaded what you meant to... Continue reading
Posted Feb 21, 2013 at Superconductor
An occasional feature, Cryptography for Mere Mortals attempts to provide clear, accessible answers to questions about cryptography for those who are not cryptographers or mathematicians. A final (maybe!) word on hashes: Q: I see that NIST has selected a new hash algorithm, to be called “SHA-3”. Does this obsolete SHA-2? A: Not really. About five years ago, there were suggestions in the crypto community that SHA-2 might be “broken” soon: that is, that there might be ways (at least in some cases, given enough hashed data) to figure out the original values that might have been hashed. As a result,... Continue reading
Posted Nov 21, 2012 at Superconductor
An occasional feature, Cryptography for Mere Mortals attempts to provide clear, accessible answers to questions about cryptography for those who are not cryptographers or mathematicians. Q: Follow-on to Cryptography for Mere Mortals #7: How can cryptographic hashes be used to protect passwords? A: By cryptographically hashing the passwords when they’re stored, then hashing the user’s input when she tries to log on, and comparing that against the hash. This is a typical use of cryptographic hashes: to create a reference to something as a reasonably short value. You can then expose this value without exposing the original data. Thus many... Continue reading
Posted Oct 2, 2012 at Superconductor
An occasional feature, Cryptography for Mere Mortals attempts to provide clear, accessible answers to questions about cryptography for those who are not cryptographers or mathematicians. Q: The previous installment promised to talk about “hashes”. Corned beef? A: No, a cryptographic hash is something different—not quite as tasty—although it does involve chopping the input into small pieces. This installment is the first of several that present a simplified discussion of hashes and related technologies. Wikipedia says, in part: A cryptographic hash function is a hash function, that is, an algorithm that takes an arbitrary block of data and returns a fixed-size... Continue reading
Posted Aug 14, 2012 at Superconductor
Cryptography for Mere Mortals #6 An occasional feature, Cryptography for Mere Mortals attempts to provide clear, accessible answers to questions about cryptography for those who are not cryptographers or mathematicians. Q: Is it really as easy to hack into someone’s computer or a website, or to decrypt an encrypted file, as they show it in the movies? A: No, no, and no! This is worth repeating because folks don’t understand it, and get all kinds of wild ideas about passwords as a result. OK, having said that…actually the real answer is “sometimes, maybe”. But certainly not the way they do... Continue reading
Posted Jul 11, 2012 at Superconductor
An occasional feature, Cryptography for Mere Mortals attempts to provide clear, accessible answers to questions about cryptography for those who are not cryptographers or mathematicians. Q: How do we know whether a given encryption solution will produce unique results—that is, that for each unique input, a unique output will result? If, say, two SSNs both encrypt to the same value, we’ll have a huge mess on our hands! A: This is one of the reasons that a security proof is important. It’s easy to say “Sure, it’ll be unique”, but without a careful, peer-reviewed security proof, such a statement has... Continue reading
Posted May 31, 2012 at Superconductor
An occasional feature, Cryptography for Mere Mortals attempts to provide clear, accessible answers to questions about cryptography for those who are not cryptographers or mathematicians. Q: What do people mean by “Data Masking”? A: This is a confusing term, because it can mean at least two different things, both related to data protection/privacy: 1. Encrypted or tokenized data that is converted back to plaintext, but with some of the characters “masked” by characters such as “x” or “*”;for example, a Social Security number of “999-88-1234” might be returned as “XXX-XX-1234” 2. Production data that is obscured or obfuscated for testing... Continue reading
Posted Apr 20, 2012 at Superconductor
An occasional feature, Cryptography for Mere Mortals attempts to provide clear, accessible answers to questions about cryptography for those who are not cryptographers or mathematicians. Q: How does one “attack” encryption? A: Either by: 1) analyzing a large number of ciphertexts and matching plaintexts and looking for patterns, or 2) brute force—trying all the possible keys. Note that the analysis approach involves some “cheating”: it’s not particularly likely that a random attacker will have this much information to work with. But if the crypto resists analysis even under those circumstances, it’s at least as secure in a more realistic scenario.... Continue reading
Posted Feb 21, 2012 at Superconductor
An occasional feature, Cryptography for Mere Mortals attempts to provide clear, accessible answers to questions about cryptography for those who are not cryptographers or mathematicians. Q: Isn’t Format-Preserving Encryption easy to break because the output is all plaintext, so there are fewer possible ciphertexts? For example, if you encrypt a four-digit number, there are only 10,000 possibilities. A: No. The strength of the encryption is based on the key size, not the number of possible outputs. So for 128-bit AES, there are 2128 possible keys, no matter how short the input is. Certainly it is true that, since there are... Continue reading
Posted Feb 17, 2012 at Superconductor
Phil Smith III is now following The Typepad Team
Feb 8, 2012