EAS309 Cryptography and EAServer. Jason Weiss Senior Architect, Sybase OEM Engineering [email protected] August, 2003. Overview. Cryptography is something every distributed developer needs to have a basic comprehension of in today’s networked world
PowerPoint Slideshow about ' EAS309 Cryptography and EAServer' - rosa
An Image/Link below is provided (as is) to download presentation
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
The “Sun” JCA provider doesn’t offer any Cipher algorithms that would compete with the BC implementations; thus the BC ciphers will be found first
It is a known bug that if you dynamically try to register a provider into position #1 you will crash the JVM. The security architecture attempts to validate the signature of the .jar file, but since the SUN provider is no longer #1, the new provider is, endless loop results in stack overflow and ultimate JVM crash.
Imagine an email, constant with From:, To:, Subject: and other headers
If we didn’t apply a feedback mode to hide this information, over time an attacker could attempt to assemble a library (especially if the same key was used over and over) and begin to identify patterns in the ciphertext
NOT more important as the Cipher algorithm
The Cipher is still more important
Feedback Modes algorithms should be relatively simple; all they need to do is hide text patterns, not encrypt them
Electronic Cookbook Mode (ECB)
No tie from one block to another; e.g. database records could be decrypted on a per record basis, not whole table
An attacker could introduce blocks from previously intercepted messages, thus scrambling the real message and causing chaos!
Cipher Block Chaining
Each cipher block is dependent upon the previous block to successfully decrypt it. The use of an Initialization Vector (IV) primes the process. The IV doesn’t have to be protected; can be sent in the clear
Recommended feedback mode for any encryption data that might be transmitted over a wire
People are in the custody chain, and people are neither perfect nor machines
Cryptography can be a double-edge sword
If you encrypt a message using a symmetric cipher and you forgot the key, the same encryption that was supposed to keep others out is now keeping you out!
JCA uses a Key Store to hold symmetric keys, asymmetric key pairs, and digital certificates
NOTE: The default key store “JKS” doesn’t work correctly with symmetric keys, but other providers like “BKS” do. If you need to manage symmetric keys, be sure to use a 3rd party provider’s key store format