My second lecture of IT security course is about authentication & basic cryptography. This is an interesting topic that I ever learn. According to En.Mohd Zaki, authentication is the process by which we can verify that someone is who they claim they are. This usually involves a username and password, but can include any other method of demonstrating identity such as smart card, retina scan, voice recognition or fingerprints. En.Mohd Zaki told us that research has showed gait can also be used to show a person identity.
Due to the importance of password in authentication process, En.Mohd Zaki advice us must choose a good password. A good password characteristics include must at least 6 character, contain various combinations of characters such as combination of lower case, uppercase, numbers and special characters, avoid using words from dictionary, avoid write passwords somewhere such as handphone and must be difficult to guess. Besides that, En.Mohd Zaki also mentioned that login important account such as online banking account at public is not advisable because hacker can hack the password easily. Furthermore, he advise us not to click link to login important user account because some of the web page link are fake which imitate original web page with the purpose of getting username and password. During this lecture, I also learn how to calculate time to break a password by using formula as following:
Password population, N=rs
Probability of guessing a password= 1/N
Probability of success, P=nt/N
Where r= total number of character that can be use as password
s= number of character require
t= times
n= number of guess/times
After explanation of authentication concept, En.Mohd Zaki proceeds to cryptography concept. Cryptography can be defined as the conversion of data into a scrambled code that can be deciphered and sent across public or private network. Cryptography uses two main style of forms of encrypting data; symmetrical and asymmetrical. Symmetric encryptions also known as private key encryptions use the same key for encryption as they do for decryption. In the other hand, Asymmetric encryption which also known as public key encryption uses different encryption keys for encryption and decryption. In the case of asymmetric encryption, an end user on a network, public or private has a pair of keys; one for encryption and one for decryption. These key are labeled as public key which can be known by anyone and private key which is secret. Plaintext can be encrypted with the receiver’s public key and decrypted with the receiver’s private key where only the intended receiver holds private key for decrypting the ciphertext. However both style of encryption have their disadvantages in the form of symmetric encryption require a secure system in order to work perfectly while asymmetric encryption must guaranteeing the authenticity of each participant’s encryption key.
Symmetric Cryptography
Asymmetric Cryptography
For last section of the second lecture, En.Mohd Zaki explained to us about Caesar Cipher which I found that it is the most interesting and challenging part. Caesar Cipher is one of the earliest substitutions described by Julius Caesar in the Gallic Wars. Caesar used a ‘shift’ of 3 where each of the letters A to W is encrypted by being represented by the letter that occurs three places after it in the alphabet. En.Mohd Zaki taught us the skills to decrypt a message by using Caser Cipher. Before the end of class, En.Mohd Zakia asked us to find out the message behind the following ciphertext:
YMJ KPJQ UWNHJ BNQQ NSHWJFXJ YT WH KTZW GO SJCY BJJP
I have found out the message by using “shift” of 21. My answer is
THE FKEL PRICE WILL INCREASE TO RC FOUR BY NEXT WEEK
I like the information you have written and shared in this article about cryptography technique. It helped me in a great way as I wasn't even aware of its basic meaning and for what purpose it is used.
ReplyDeletedigital signatures