home
NEWS       BLOGS       FORUMS       NEWSLETTERS       RESEARCH       EVENTS       DIGITAL LIBRARY       CAREERS  
Network Computing Network Computing Powered by InformationWeek Business Technology Network

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |		 APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers


Web Proxy Servers, 1/e: Encryption and Authentication Security | Page 2
April 2nd, 1999

Contents

The MD5 Algorithm

MD5 is a mathematical algorithm that produces a 128-bit (16-byte) signature, or a "fingerprint," for any piece of data that the algorithm is applied to. Furthermore, any such fingerprint is with very high probability unique to that piece of data, that is, it is very hard to come up with another piece of data that would have the same MD5 signature.

MD5 signatures can be used to verify the integrity of data, that the data has not been modified or tampered with, whether intentionally or by accident.

The amount of data given to MD5 does not matter; it can be applied to a single character as well as several megabytes of data, such as an entire encyclopedia. The result is always 128 bits.

The MD5 algorithm is irreversible; given just the MD5 signature there is no way to recover the data that was used to calculate that given MD5 signature. That is, you cannot "decrypt" an MD5 signature and get back the original data.

Therefore, MD5 signatures are used such that MD5 is applied to the data that is being verified, and then the two MD5 signatures are compared to each other. If they match, the data has not been modified [1] .

There are several other algorithms, such as SHA, that perform a task similar to MD5 and that are cryptographically stronger (harder to "break").

CERTIFICATES

Public keys may be distributed freely without the risk of eavesdropping on the encrypted communication between the two parties of the secure session. However, it does not provide authentication by itself. That is, a malicious user Bob could generate his own key pair and pose as Rob, presenting his own public key as Rob’s. Mike could mistakenly trust that the public key is Rob’s and believe that he is really sending the message to Rob. Instead, he is sending it to Bob, encrypted with a key that Bob can decipher using his private key.

Certificates solve this problem. A certificate is a piece of data that associates identity with a public key. This data is digitally signed by a well-known authority, such as RSA or VeriSign.

Basically, the well-known authority has its own public and private keys, Kpublicauthority and Kprivateauthority, respectively. The private key is well guarded. The public key is well known and trusted. It may actually be built into the software.

A user wishing to get a certificate will first generate his or her key pair, Kpublicuser and Kprivateuser. The public key is sent to the certifying authority, along with the user’s information, user_info [2]. The certifying authority will calculate a hash of the user’s public key and associated information:

Digest = Hash(Kpublicuser + user_info)

The digest is then encrypted with the authority’s private key:

Signature = Kprivateauthority(Digest)

This encrypted piece of data is included as part of the issued certificate:

Certificate = { Kpublicuser + user_info + Signature }

Now, someone wishing to authenticate a user or other entity will get the entity’s public key, along with the certificate. The public key is verified by calculating the hash of the public key and other information in the certificate:

Digest1 = Hash(Kpublicuser + user_info)

Then, the encrypted signature is decrypted with the certifying authority’s well-known public key:

Digest2 = Kpublicauthority(Signature)

If the two digests Digest1 and Digest2 match, the entity’s public key is considered valid. Basically, the certifying authority testifies that the public key really belongs to the user, or other entity, indicated in the certificate.

This was a simplified overview of the theory of how certificates work. In practice, there may be subtle differences from the way outlined above.

SUMMARY

This chapter provided a brief overview of the most important aspects of public key encryption. After this, you will know the basic terminology and theory behind encryption-based security. While encryption techniques provide confidentiality, integrity, and authentication of data while it’s in the wire, there are other aspects of security that are equally important. The next chapter focuses on the aspects of making the internal network itself more secure.

Endnotes

1. With high mathematical probability. Theoretically, it is possible to have two pieces of data that yield the exact same MD5 signature. However, for practical purposes, this is extremely unlikely.

2. In this context, a "user" may actually be any entity that has a key pair, such as a secure Web server, or any party of secure communication. It is not limited to actual people.

Go Home | Page 1 | 2 | Next Chapter


Print This Page


e-mail E-mail this URL





Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch
Microsite of the Week


Powerful Information at Your Fingertips



InformationWeek Business Technology Network
InformationWeekInformationWeek 500InformationWeek 500 ConferenceInformationWeek AnalyticsInformationWeek CIO
InformationWeek EventsInformationWeek ReportsInformationWeek MagazinebMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingNo JitterPlug Into The Cloud
space
Techweb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0 ConferenceMobile Business ExpoSoftware ConferenceCSI - Computer Security Institute
Black HatGTECEnergy CampMashup CampStartup Camp
space
Light Reading Communications Network
Light ReadingLight Reading EuropeUnstrungLight Reading's Cable Digital NewsConstantinopleInternet EvolutionPyramid Research
Heavy ReadingLight Reading Live!Light Reading InsiderEthernet ExpoOptical ExpoTeleco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems & TechnologyInsurance & TechnologyWall Street & TechnologyAccelerating Wall StreetBank Systems & Technology Executive SummitBuyside Trading SummitInsurance & Technology Executive Summit
space
Microsoft Technology Network
MSDN MagazineTechNetThe Architecture Journal
space


App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |  Advertising Contacts  |   Briefing Centers
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights