security blog » Certification/Security+/Basic Cryptography/Crypto Algor

Scientists launch new, ‘unbreakable’ encryption system

elamb — Thu, 09 Oct 2008 14:38:42 +0000

A new encryption system, which its creators say is unbreakable, got its first test run Wednesday in Vienna, scientists from the European Union project SECOQC announced.

digg user kinthiri explains:
Quantum cryptography is unbreakable because if any 3rd party views it that does not have the credentials and is not the intended recipient, the simple viewing of the encrypted data by that third party changes that data such that even the intended recipient can’t decrypt it. Thus they know that there is a 3rd party viewing the stream. Effectively the data self destructs if anyone attempts to intercept it or decrypt it. This is not a new phenomenon.

What is new is that its being used commercially. It had previously been used experimentally by the military in association with researchers, but this is the first time its been brought to life outside test environments and is available commercially.

The nature of quantum mechanics makes this truly unbreakable. You couldn’t even factor this using your own quantum computer, if you could even get one with enough qbits.

read more | digg story

Quantum Key Distributions (part 1)

elamb.security — Thu, 09 Aug 2007 23:04:52 +0000

The NIST has an page that talks about Quantum Key Distribution:

Quantum encryption systems use lasers to generate individual pulses of light called photons. Each photon is sent in one of two modes, either vertical/horizontal, or plus 45 degrees/minus 45 degrees. Within each mode, one orientation represents the digital value 0, and the other represents the digital value 1. To visualize how this works, imagine that each photon is a tiny envelope moving perpendicular to the ground (vertical=1), parallel to the ground (horizontal=0), tilted at 45 degrees to the right (plus 45 degrees =1) or tilted 45 degrees to the left (minus 45 degrees=0). NIST

Its almost scary how much has been done in relatively so little time in the “Information Age” and its only just the beginning.

The possibilities are unimaginable. I thought it was a bit extreme when I read an Author C. Clarke sci-fi novel called, Light of Other Days in which people can send messages directly from brain to brain (some sort of brain to brain Internet) via a device that sends messages on a subatomic level. Now it doesn’t sound so strange anymore (well, ok, its still strange but it seem possible now).

Here are some mind blowing articles about quantum entanglement:

Quantum Teleportation of data (actually it’s the instantaneous transfer of quantum states, but teleportation sounds cooler)
      The thing is that it has already being done:
      http://news.nationalgeographic.com/news/2004/08/0818_040818_teleportation.html
      http://www.research.ibm.com/quantuminfo/teleportation/
      http://www.sciam.com/article.cfm?chanID=sa006&articleID=ABBA5449-E7F2-99DF-3ACFAC15B16FEC60&colID=30
      http://techreport.com/onearticle.x/12870

Quantum Entanglement as an explanation for so called psychic phenomenon:
      Highly controversial as parapsychology is the “leprosy” of
      science. Just a hypothesis but interesting:
      http://www.deanradin.com/NewWeb/EMblurbs.html

Tags: qkd, quantum, key, distribution, crypto, cryptography

Security Certifications: DoD 8570

elamb.security — Tue, 26 Sep 2006 21:24:19 +0000

For Government workers doing any kind of computer security/information assurance, the new regulation, DOD 8570 is a very important document.

DOD 8570, Information Assurance Training, Certification and Workforce Management, requires that all government workers (active duty, govt civilian and contractors) doing security work have a security certification. The DoD is really trying to crack down on security.

Among the top security certification that you can get are the CISSP and the CISA

Getting the top certs and then further specializing could give you the edge. For example, CISSP with an CISA (auditor) would cover a lot of ground as would a CISA and an IDS/C&A/Architecture specialists. It would really kick ass to cover ALL ground. This would not be difficult. Not sure if each specialization would require further certifications.

Cost, Renown, Difficulty Comparisons:http://dmiessler.com/writing/infoseccerts/

Includes: GSEC, CISSP, CISA*note: GSEC is $800 and difficult

Security Certs and their levels according to 8570:http://taosecurity.blogspot.com/2006/01/dod-directive-8570.html

Tech level I-III & Management Level I-III*note: GSEC is Tech level II

Future Areas of IA Certification:

Certification and Accreditation

IDS and Analysts

Auditors

CND/SP members

IA architectures, engineers

NIST Slide on 8570

(slide 10)On a recent FISC slide I saw Red team (pentesting/hacking) among these future specializations.

Tags: security, certification, security+certification, cissp, cisa, ,

Store Passwords in a Secure Password Safe

elamb.security — Thu, 21 Jul 2005 23:37:48 +0000

KeePass is a free/open-source password manager or safe to help you
manage your passwords in a secure way. Put all your passwords in one
database, which is locked with one master key or a key-disk. The
databases are encrypted using the best and most secure encryption
algorithms currently known (AES and Twofish).

read more | digg story