|
Linux Security: Kinds of Encryption |
|
|
This is an excerpt from "A Practical Guide to Red Hat Linux 8".
An interview with
the author is available here.
Security is a major part of the foundation of any system that is not totally cut off from other
machines and users. Some aspects of security have a place even on isolated machines. Examples are periodic system backups, BIOS or power-on passwords, and self-locking screensavers.
A system that is connected to the outside world requires other mechanisms to
secure it: tools to check files (tripwire), audit tools (tiger/cops), secure
access methods (kerberos/ssh), services that monitor logs and machine states
(swatch/watcher), packet-filtering and routing tools
(ipfwadm/iptables/ipchains), and more.
System security has many
dimensions. The security of your system as a whole depends on the security of
individual components, such as your e-mail, files, network, login and remote
access policies, as well as the physical security of the host itself. These
dimensions frequently overlap, and their borders are not always static or clear.
For instance, e-mail security is affected by the security of files and your
network. If the medium (the network) over which you send and receive your e-mail
is not secure, you must take extra steps to ensure the security of your
messages. If you save your secure e-mail into a file on your local system, you
rely on the filesystem and host access policies for file security. A failure in
any one of these areas can start a domino effect, diminishing reliability and
integrity in other areas and potentially compromising system security as a
whole.
This short appendix cannot cover all the facets of system security
but does provide an overview of the complexity of setting up and maintaining a
secure system. This appendix provides some specifics, concepts, guidelines to
consider, and many pointers to security resources.
Other Sources of
System Security Information
Depending on how important system
security is to you, you may want to purchase one or more of the books dedicated
to system security, read from some of the Internet sites that are dedicated to
security, or hire someone who is an expert in the field. Do not rely on this
appendix as your sole source of information on system
security.
Encryption
One of the building blocks of security
is encryption, which provides a means of scrambling data for secure transmission
to other parties. In cryptographic terms, the data or message to be encrypted is
referred to as plaintext, and the resulting encrypted block of text as
ciphertext. A number of processes exist for converting plaintext into ciphertext
through the use of keys, which are essentially random numbers of a specified
length used to lock and unlock data. This conversion is achieved by applying the
keys to the plaintext by following a set of mathematical instructions, referred
to as the encryption algorithm.
Developing and analyzing strong
encryption software is extremely difficult. There are many nuances and standards
governing encryption algorithms, and a background in mathematics is requisite.
Also, unless an algorithm has undergone public scrutiny for a significant period
of time, it is generally not considered secure; it is often impossible to know
that an algorithm is completely secure but possible to know that one is not
secure. Time is the best test of an algorithm. Also, a solid algorithm does not
guarantee an effective encryption mechanism, as the fallibility of an encryption
scheme frequently lies in problems with implementation and
distribution.
An encryption algorithm uses a key that is a certain number
of bits long. Each bit you add to the length of a key effectively doubles the
key space (the number of combinations allowed by the number of bits in the key-2
to the power of the length of the key in bits) [a 2-bit key would have a key
space of 4 (2^2), a 3-bit key would have a key space of 8 (2^3), and so on.] and
means that it will take twice as long for an attacker to decrypt your message
(assuming that there are no inherent weaknesses or vulnerabilities to exploit in
the scheme). However, it is a mistake to compare algorithms based only on the
number of bits used. An algorithm that uses a 64-bit key can be more secure than
an algorithm that uses a 128-bit key.
The two primary classifications of
encryption schemes are public key encryption and symmetric key encryption.
Public key encryption, also called asymmetric encryption, uses two keys: a
public key and a private key; these keys are uniquely associated with a specific
individual user. Symmetric key encryption, also called symmetric encryption, or
secret key encryption, uses one key that you and the person you are
communicating with (hereafter, referred to as your friend ) share as a secret.
Public key algorithm keys typically have a length of 512 bits to 2,048 bits,
whereas symmetric key algorithms use keys in the range of 64 bits to 512
bits.
When you are choosing an encryption scheme, realize that security
comes at a price. There is usually a trade-off between resilience of the
cryptosystem and ease of administration.
Source: Help Net Security
|
|
|
 |
| "Linux Security: Kinds of Encryption" | Login/Create an Account | 0 comments |
|
| | The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
