||Intro to Encryption and random
(rough notes that need expanding)
Throughout this section I will include links to
www.wikipedia.org. They are meant to offer more detail so I don't have
to repeat what has been done there, or for a different explanation if you
"don't get it" from what I put here. I've heard the stories that
unscupulous people can put false information on Wikipedia; but that is
corrected quickly because of so many poeple looking at them. In any
case there are the reference links at the bottom of the pages.
Cast of characters
Often in explanations about cryptography names are used to help you keep
track who is doing what to who better than just "A", "B" and "C". With no
political incorrectness intended, here they are:
- Alice - A person who wants to securely store information or send it to
Bob. Usually a "good guy". She gets into trouble when she tries to
repudiate a message she sent to Bob.
- Bob - A person who wants to securely receive information sent by
Alice. Also a "good guy", except when he tries to alter a message
received from Alice.
- Eve - In most senarios the "bad guy". A person trying to get infomation
she's not supposed to have, or to change information being communicated between or
stored by Alice and Bob. Her name is derived from "eavesdropper" when
spoken; is the explanation I've read for not using a name starting with
"C". Also known as the "man-in-the-middle", though on the
the name used is "Mallory". For any of you who military, or former military,
Eve will fill in for the "Third Man".
Assumptions for the following discussion.
Not in order yet:
- Emissions Security/TEMPEST
(Wikipedia page) is a
hardware issue. An EMSEC attack is too sophisticated for average Eves to set up,
and the counter measures are beyond the abilities of average computer
users. Perhaps if someday I do a hardware encryption project I'll get into
EMSEC, for now EMSEC will not be considered. It is not one of Eve's tools to
spy on us.
- It will be assumed that Eve can
For practical, I'm assuming no keystroke capture, or serious worms/viruses. Room bugs or emsec
Rule 1 - If there isn't a reason to expose a piece of information DON'T, even if the standard
says it doesn't matter.
Rule 3 - If Eve has access to methods/random sources I'm suggesting, then she doesn't need to
attack your encryption, she can read directly off your computer. All is lost already!