Cryptography The Basics




In this text I'll talk about encryption, what is it, Pretty Good Privacy (PGP), ways that someone can read your encrypted files etc. Every hacker or paranoid should use encryption and keep the other from reading their files.The encryption is very important thing and I'll talk about how can
someone break and decrypt your files here...!


So now let me tell about Encryption and how it works now.

The Encryption is very old.Even Julius Caesar used it when he was sending messages because he didn't trust to his messengers.You see encryption is everywhere,when you watch some spy film you see there's always a computer with encrypted files or some film about hackers when the feds busted the hacker and they see all of the hacker's files are encrypted. When you have simple .txt file that you can read this is called "plain text". But when you use encryption and encrypt the file it will become unreadable by the time you don't enter the password.This text is called cipher text. The process of converting a cipher text into plain text is called decryption...
Here's a little summary:

Plain text ==>Encryption==>Ciphertext==>Descryption==>Plaintext



About the Cryptography and PGP

Cryptography is science that use the mathematics to encrypt and decrypt data.This science let you keep your files and documents safe even on insecure networks like the Internet. The cryptography can be weak and strong.The best is of course the strong one. Even when you use all the computers in the world and they're doing billion operations in second you'll just need BILLIONS of years to encrypt strong encryption.

PGP (Pretty Good Privacy) is maybe the best encryption program to encrypt your files and documents, that work in this way:

When you encrypt one file with PGP,PGP first compress the file.This saves you disk space and modem transmission. Then it creates a session key. This session key works with a very secure and fast confidential encryption algorithm to encrypt the file.Then the session key is encrypted with the
recipient's public key. PGP ask you for pass phrase not for password.This is more secure against the dictionary attacks when someone tries to use all the words in a dictionary to get your password.When you use pass phrase you can enter a whole phrase with upper and lowercase letters with numeric and
punctuation characters.



So let's look at the Ways of breaking the encryption

PGP has been written for people that want their files encrypted for people that want privacy.
When you send an e-mail it can be read from other people if you use PGP only the person for who
is the message will be able to read it. Now you know many things about PGP and the encryption but you may like to know can someone break it and read your private texts and files.In fact if you use all the computers in the world to decrypt a simple PGP message they'll need long times the. You see this is the BEST the encryption is so strong noone can break it. The people that program it has done their work now everything depends on you.


a-Bad pass phrases

The algorithm is unbreakable but they're other ways to decrypt the text and read it. One of the biggest mistakes when someone writes his/her pass phrase is that the pass phrase is something like : "Jessi" "I love you" and such lame phrases.Other one are the name of some friend or something like that. This is not good because this is pass phrase not password make it longer put numbers and other characters in it.The longer your pass phrase is the harder it will be guessed but put whole sentences even one that doesn't make sense just think in this way:
Someone is brute-forcing thousands of pass phrases from a dictionary therefore my pass phrase
should be someone that is not there in the dictionary something very stupid like:

"Je$$!_!_l0v3_U,w!11_U_m@rRy_m3"

Did you get that...?
 my sentence was  "Jessi I love u, will u marry me"

This is easy to remember because it's funny and there are only a few numbers and you may use
upper and lowercase characters in it. I hope you know will put some very good pass phrase and be sure noon will know it.
Another mistake is that you may write the pass phase on a paper and if someone find it you'll loose
it and he/she will be able to read your encrypted files, so be aware of that...!





b-Not deleted files

Another big security problem is how most of the operating systems delete files.So when you encrypt
the file you delete the plain text and of course leave the encrypted one. But the system doesn't actually delete the file. It just mark those blocks of the disk deleted and free. Someone may run a disk recovery program and still see all the files but in plain text. Even when you're writing your text file with a word editor it can create some temporary copies of it.When you close it these files are deleted but as I told you they're still somewhere on your computer. PGP has tool called PGP Secure Wipe that complete removes all deleted files from your computer by overwriting them. In this way you'll only have the encrypted files on your computer.


c-Viruses and Trojans

Another dangerous security problem are the viruses and the Trojans. So when you infect with a
trojan the attacker may run a key logger on your system.
*Note
A key logger is a program that captures all keystrokes pressed by you then saves them on your
hard drive or send them to the attacker, so after the attacker run it he/she will be able to see everything you have written on your computer and of course with your PGP pass phrase.
There are also a viruses designed to do this.Simpy record your pass phrase and send it back to the
attacker.


d-Fake Version of PGP

Another security problem is the PGP source that is available so someone can make a fake copy of it that is recording your pass phase and sending it back to the attacker. The program will look real and it will work but it may also have functions you even don't know about. A way of defending of these security problems is to use a trojan and a virus scanner.You should also be sure your computer is clean from viruses and trojans when you install PGP and also be sure you get PGP from Network Associates Inc. not from some other pages.

So now I hope you understand that PGP can't be braked but if you use it wisely and be sure
your pass phrase is good one,you're not infected with viruses or trojans and you're using the
real version of PGP you'll be secure.

Comments

Popular Posts