Report on Current Digital Data Securing Keyword Discovery
Self SEO Store  
SEO forum
Website templates  
Flash templates  
Articles archive
Submit your article

Register
Login

Search
XML news feeds
Free RSS news reader
Contact
Advertising  

Best hosting reviews.
Free Internet & IT Magazines.


AddThis Feed Button

Buy website traffic

Reciprocal link check PHP script

Check the websites of your link exchange partners to see if your link is still there.

Only $9.95


Alexa Rank Checker
Check Google Pagerank
Domain Typo Generator  
Google Pagerank Prediction
Google ban check  
Link Popularity Checker
Keyword Suggestion Tool
Keyword Misspelling  
Search engine ranking report
Number of pages indexed

Find IP address of a website
Find host by IP
HTTP Headers Check
International WHOIS
IP to country
Ping test
Server Status Check
What is my IP ?
Your browser details  

HTML Optimizer
HTML Source Viewer
Link Extractor
Search engine spider simulator
Meta tags Generator
Meta tags Extractor
Website speed test

Coming soon ...

Get your text ad here and attract the attention of our higly targeted audience of web professionals!

Your text ad here ?
Only $10 per month

Affiliate Marketing
Anti Spam
Blogging
Copywriting
Domain Names
Ebay Tips and Tricks
E-Books
E Commerce
Email Marketing
Google Adsense
Hardware
Internet
Internet Connections
Internet Marketing
Internet Security
Link Popularity
Newsletters
Online Promotion
Personal Tech
Podcasting
Pay Per Click
RSS
Search Engine Optimization
Search Engines
Software
Streaming Media
Traffic Building and Analysis
VoIP
Web Hosting
Web Design
Web Development
Webmaster Tips

Report on Current Digital Data Securing

Posted by Faustino Núñez Hernández on: 2005-06-23 16:55:28
Self SEO > Internet Security Articles


I write this because I notice that an explanation on certain crucial aspects of data or information securing, conveniently abstracted from other technical stuff such as encryption algorythms, seems to lack.



In other words: I think that the present article is the one you want to read when you want to know about data securing, at a local level, and when you are like me (you know, no paragraphs on 'planning your work'). Well, I know that the range on computer security includes other important issues, specially if we think of networking. Here I'm writing about key-encrypted information, so, I'm not directly or necessarily dealing with networking. Errr...

When we think of current data securing, we should think of Erica Campbell and of two basic principles (oh, God, I hate principles), but I appreciate that at this point it's important that I only mention and explain the first one:

1st principle) You have such an application level software system (you have a program) that you can use with both of two keys or passwords, to encrypt your data level software files, according to this rule: both keys allow you to encrypt the information, it's a free choice for you at every time, but once you have used one of the keys for encrypting, you cannot decrypt the secured version of the file by using this same key: you will only be able to decrypt the file by using the other password. When you choose the other password for encrypting, you will only be able to decrypt by using the first one. You never can decrypt by using the same key you used for encrypting.

I explained it to Coco (my dog) and he understood. I must admit that John Collins (my fish) could so, but he inmediately forgot.

Notice that, in this case, we just need to know that we have an application that is able to apply an algorythm for encrypting, but we need to know the details on how this algorythm works just as little as we need an explanation on how to plan our work, or as little as we need an explanation on how Julius Caesar secured his messages. Unfortunately, in many articles they pretend that the important stuff is the damn algorythm. But here we will only consider that we will trust the security of the coding application and its algorythm, and things like the security of the correspondence between the two passwords, the probability of meeting Erica Campbell, etcetera.

Now the second and last principle.

The first one has been technical (it envolved the way how the securing application was built), but the second one is not technical, it rather envolves the way we use the paranoid thing to do something good with it.

2nd Principle)...

A Sub-Principle: every person has an exclusive pair of keys or passwords for the use of the securing program. The pair of keys of a person, is always different from the pair of keys of another person.

B Sub-Principle: for every person, one of the two keys is secret and only known by this person (private key), but the other key of this person is public and everyone knows it (public key).

C Sub-Principle: Erica Campbell is delicious.

Imagine a person called P1 (don't worry about the second name) with two keys: a private one, let's name it 'V1', and a public one, let's name it 'B1'. Imagine another person called P2, with private key V2 and public Key B2. And imagine that P1 is using the securing program for sending the following message to P2: "I really love Erica".

P1 has three possibilities:

1 - To Encrypt the message by using P2's public key, B2.

2 - to Encrypt the message by using V1.

3 - to Encrypt the message by using his own public key, B1.


We could still think of P1 encrypting by V2, but it's not a possibility: P1 doesn't know V2, V2 is the secret key of P2. So I won't suggest this case as a 4th case and I won't wait for explaining it after the 3rd possibility, in spite of the fact that the 3rd possibility is another nonsense.

Let's discuss the three possibilities:

1 - P1 encrypting by using B2: in this case, P2 will be the only person in this world that will be able to decode and read the stupid message, by using V2. No one, P1 included, could decrypt the message by using B2, because B2 was used for encryption (and because of the first principle); so, it's not important if a malicious third person, who also knows B2, intercepted the message, because he couldn't read, and because P2 is a prudent person and never revealed V2.

At this point, it is interesting (or sort of) to think of B2 as the 'user name' of P2, and as the way that the rest of the world, Erica Campbell and my fish included, has to indicate that the receiver of a message is P2. So it is interesting to compare the public key with the user name of a e-mailbox, and the private key with the password of the e-mailbox; I think it's a good suggestion for your spare time (forget Erica).

This first possibility is the standard model for a 'secured send scheme'.

2 - P1 encrypting by using V1: now the message will be only decryptable by using B1.

Everyone knows B1, maybe that's the reason why this 2nd possibility does not seem to be an attractive scheme for security, but it's a good model for another thing: if people can test that the message can be decrypted with B1, then they can be sure about P1 encrypted it.

In other words, under this model, the secured thing is not the destination of the message, but the source of the message.

This is why the private key, V1, is also known as an 'electronical sign'.

The process of signing a message (that is, the process of encrypting it by using the private key) can be slow, so it is usual to build and sign a reduced version or copy of the original message, because in this case it is not important if the contents of the original message are readable. The reduced version of the original message is the 'hash', and a program for hashing should provide us the security concerning the univocal condition of the correspondence between the hash and its message. Verifying an electronical sign usually comprises the verification of the hash and the verification of the encription by using the public key.

This possibility bring us a chance to mention the concept of electronical certificate. My purpose is not to discuss it, buy I'll say a certificate is a message that a specialized Company e-signs, by using its own private key, for announcing and confirming that a certain public key belongs to a certain real person. Surely you don't know private keys from other people, but, if you consider it, neither you are sure about public keys from other people, unless they tell you directly or you have a good way to find out. Well, the business is conceived so that every one is sure about the public key of the Company of certification; this is the important thing. If you have this certainty, then you can trust what the company of certification tells and signs about other people's public key, because if you can use the public key of the company to decrypt a message that is false, then the company will have no way to say or to object that the message was not from it. A certification is a kind of reliable public key you can trust either for asking true information, or for asking a compensation. Frequently companies of certification certificate that other companies are also valid for certificating.

3 - P1 encrypting by using B1: in this case P1 will be sure that only him will access the contents of the coded data, which is a nonsense if we are considering the existence of two keys, a public one and a private one. If P1 wants to encrypt personal or private information, an only one password oriented system will be enough.






Print this article    Tell a friend

Post New Comment

This site does not allow anonymous comments. Registered members can login to participate. Registration is free and takes only a few seconds


Powered by Esselbach Storyteller CMS System Version 1.7-Free