DOCSLIB.ORG

Cryptography for Dummies.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks. .Cryptography For Dummies by Chey Cobb ISBN:0764541889 John Wiley & Sons © 2004 This guide to keeping your data safe offers the latest security techniques and advice on choosing and using cryptography products. It covers terminology, specific encryption technologies, pros and cons of different implementations, and more. Table of Contents Cryptography for Dummies Introduction Part I - Crypto Basics & What You Really Need to Know Chapter 1 - A Primer on Crypto Basics Chapter 2 - Major League Algorithms Chapter 3 - Deciding What You Really Need Chapter 4 - Locks and Keys Part II - Public Key Infrastructure Chapter 5 - The PKI Primer Chapter 6 - PKI Bits and Pieces Chapter 7 - All Keyed Up! Part III - Putting Encryption Technologies to Work for You Chapter 8 - Securing E-Mail from Prying Eyes Chapter 9 - File and Storage Strategies Chapter 10 - Authentication Systems Chapter 11 - Secure E-Commerce Chapter 12 - Virtual Private Network (VPN) Encryption Chapter 13 - Wireless Encryption Basics Part IV - The Part of Tens Chapter 14 - The Ten Best Encryption Web Sites Chapter 15 - The Ten Most Commonly Misunderstood Encryption Terms Chapter 16 - Cryptography Do’s and Don’ts Chapter 17 - Ten Principles of “Cryptiquette” Chapter 18 - Ten Very Useful Encryption Products Part V - Appendixes Appendix A - Cryptographic Attacks Appendix B - Glossary Appendix C - Encryption Export Controls Index List of Figures List of Tables List of Sidebars . Thanks it. register to http://www.bisenter.com to go please ChmMagic, unregistered an by created was document This This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks. Back Cover Protect yourself and your business from online eavesdroppers—it’s easier than you think! If you were hoping for a flame-throwing watch or flying a car, we’re sorry—this isn’t James Bond’s equipment manual. Cryptography is a common-sense way to secure stuff on the Internet, and this friendly guidebook makes it easy to understand. Discover how you can protect information with keys, ciphers, PKIs, certificates, and more. Discover how to: Analyze off-the-shelf encryption products Decide what type of security you need Create and manage keys Issue digital signatures and certificates Set up SSL for e-commerce Enable wireless encryption About the Author Chey Cobb, CISSP, author of Network Security For Dummies was Chief Security Officer for a national Reconnaissance Office (NRO) overseas location. She is a nationally recognized computer security expert. This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks. Cryptography for Dummies by Chey Cobb, CISSP Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 Copyright © 2004 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, e-mail: [email protected]. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Control Number: 2003105686 ISBN: 0764541889 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 1O/QY/QR/QU/IN About the Author Chey Ewertz Cobb, CISSP, began working in computer security in 1989. Since then she has managed her own computer security consulting company, Cobb Associates, working for such clients as Apple Computers and Sun Microsystems. She later worked for the government, creating a secure network at Cape Canaveral, assisting in the security at Patrick Air Force Base, and later as a technical security officer for the National Reconnaissance Office This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks. (NRO), which is more secretive than the NSA. During her work in security, she had the opportunity to evaluate and manage cryptosystems for private industry and the U.S. Intelligence Agencies. Chey now writes books on computer security (Computer Security Handbook, 4th Edition and Network Security For Dummies), writes articles for magazines, and speaks at computer security conferences. Dedication To R. W. Ewertz, Jr. He was my role model and inspiration when things got tough. Acknowledgments First of all, let me thank Andrea Boucher and Melody Layne who saw me through thick and thin and never lost faith in me (at least they never let on that they did!). I enjoy working with them both, and any writer who has the opportunity to work with them should count himself/herself lucky! Secondly, I want to thank Dave Brussin, Ryan Upton, Josh Beneloh, Jon Callas, and Dave Del Torto for setting me on the correct path when my explanations strayed. Thanks so much for lending me your brainwork! Last, but not least, Stephen. My love, my life, and my everything. Publisher’s Acknowledgments We’re proud of this book; please send us your comments through our online registration form located at www.dummies.com/register/. Some of the people who helped bring this book to market include the following: Acquisitions, Editorial, and Media Development Project Editor: Andrea C. Boucher Acquisitions Editor: Melody Layne Technical Editor: Tim Crothers Editorial Manager: Carol Sheehan Media Development Manager: Laura VanWinkle Media Development Supervisor: Richard Graves Editorial Assistant: Amanda Foxworth Cartoons: Rich Tennant (www.the5thwave.com) Production Project Coordinator: Maridee Ennis Layout and Graphics: Joyce Haughey, Andrea Dahl, Stephanie D. Jumper, Jacque Schneider, Melanee Wolven Proofreaders: Andy Hollandbeck, Carl William Pierce, TECHBOOKS Production Services Indexer: TECHBOOKS Production Services Publishing and Editorial for Technology Dummies Richard Swadley, Vice President and Executive Group Publisher Andy Cummings, Vice President and Publisher Mary C. Corder, Editorial Director This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks . Publishing for Consumer Dummies Diane Graves Steele, Vice President and Publisher Joyce Pepple, Acquisitions Director Composition Services Gerry Fahey, Vice President of Production Services Debbie Stailey, Director of Composition Services This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks. Introduction Overview Congratulations! You’ve successfully navigated through the gazillion computer books on the bookstore shelves and finally found just what you were looking for — a book on cryptography that you can read and actually understand! Just thumb through some of the chapters here and you’ll soon realize that you don’t need a degree in advanced mathematics, nor do you need to be the world’s biggest brainiac to understand this stuff. If you have a basic understanding of computers and networking, and you have an interest in increasing your data and communications security, then this is just the book for you. What I’m talking about here is cryptography — you know, crypto, geek talk, secret coding, cypherpunk’n. If you have heard of the word cryptography, you’ll know that it is one of those subjects that many people are aware of, but very few people can actually tell you what it’s all about. Frankly, just the mention of the word cryptography scares the heck out of people — even experienced network administrators! And to be honest, a lot of the books on the subject are more suited as college textbooks than business “how-to” guides or intros to the subject, and have contributed to the atmosphere of FUD — fear, uncertainty, and doubt — about cryptography. Yep, the subject can be scary as all get-out. So, how do you decide whether or not you should use cryptography? I’ll help you answer that question with questions and checklists.
Recommended publications
  • NSA Vs. Encryption Article Written by Datto Developer Dan Fuhry First Appeared on Mspmentor.Com in November 2013

    NSA Vs. Encryption Article Written by Datto Developer Dan Fuhry First Appeared on Mspmentor.Com in November 2013

    SuccessArticle: EncryptionStory NSA vs. Encryption Article written by Datto developer Dan Fuhry first appeared on MSPmentor.com in November 2013. If you’ve been watching the news lately, there is no doubt you have heard about the National Security Agency’s (NSA) surveillance scandal. “We will stand in our firm Recent months have seen a revelation of programs commitment to protect you and that capture domestic and international traffic indiscriminately. Encrypted data gets saved for a your customers.” certain number of years, in case they ever decide to decrypt it. If this alarms you, that’s good. You should be alarmed. I was too, on a very personal level, and have actively been working on changing some long-established habits in order to protect the information that is private and personal to me. For MSPs not in the United States you should be even more alarmed. It’s not even your own government that has the encrypted data, and since you don’t have constitutional protection in the U.S., there is nothing legally standing in the NSA’s way to prevent them from using their dark magical cryptographic powers to obtain your confidential business or personal data. This is a frightening proposition indeed, which is why I want to talk about the position Datto has taken regarding the recent revelations. Before we go any further, allow me to briefly describe my role here. I’m a developer with Datto, and I designed the encryption feature for Datto SIRIS. I picked the ciphers, hash algorithm parameters, and random number generator algorithm, had them peer-reviewed, and then wrote the code.
  • Analysis of Password Cracking Methods & Applications

    Analysis of Password Cracking Methods & Applications

    The University of Akron IdeaExchange@UAkron The Dr. Gary B. and Pamela S. Williams Honors Honors Research Projects College Spring 2015 Analysis of Password Cracking Methods & Applications John A. Chester The University Of Akron, [email protected] Please take a moment to share how this work helps you through this survey. Your feedback will be important as we plan further development of our repository. Follow this and additional works at: http://ideaexchange.uakron.edu/honors_research_projects Part of the Information Security Commons Recommended Citation Chester, John A., "Analysis of Password Cracking Methods & Applications" (2015). Honors Research Projects. 7. http://ideaexchange.uakron.edu/honors_research_projects/7 This Honors Research Project is brought to you for free and open access by The Dr. Gary B. and Pamela S. Williams Honors College at IdeaExchange@UAkron, the institutional repository of The nivU ersity of Akron in Akron, Ohio, USA. It has been accepted for inclusion in Honors Research Projects by an authorized administrator of IdeaExchange@UAkron. For more information, please contact [email protected], [email protected]. Analysis of Password Cracking Methods & Applications John A. Chester The University of Akron Abstract -- This project examines the nature of password cracking and modern applications. Several applications for different platforms are studied. Different methods of cracking are explained, including dictionary attack, brute force, and rainbow tables. Password cracking across different mediums is examined. Hashing and how it affects password cracking is discussed. An implementation of two hash-based password cracking algorithms is developed, along with experimental results of their efficiency. I. Introduction Password cracking is the process of either guessing or recovering a password from stored locations or from a data transmission system [1].
  • IBM® Z/OS® Version 1 Release 12 System SSL Cryptographic Module

    IBM® Z/OS® Version 1 Release 12 System SSL Cryptographic Module

    z/OS Version 1 Release 12 System SSL Security Policy IBM® z/OS® Version 1 Release 12 System SSL Cryptographic Module FIPS 140-2 Non-Proprietary Security Policy Policy Version 1.01 IBM Systems & Technology Group System z Development Poughkeepsie, New York IBM Research Zurich Research Laboratory August 24, 2011 © Copyright International Business Machines Corporation 2011 This document may be reproduced only in its original entirety without revision. © Copyright IBM Corp. 2011 Page 1 of 31 z/OS Version 1 Release 12 System SSL Security Policy Table of Contents 1 SCOPE OF DOCUMENT .............................................................................................................................................................3 2 CRYPTOGRAPHIC MODULE SPECIFICATION...................................................................................................................4 3 CRYPTOGRAPHIC MODULE SECURITY LEVEL ...............................................................................................................5 4 PORTS AND INTERFACES ........................................................................................................................................................6 5 ROLES, SERVICES AND AUTHENTICATION.......................................................................................................................6 5.1 ROLES ......................................................................................................................................................................................6
  • Security + Encryption Standards

    Security + Encryption Standards

    Security + Encryption Standards Author: Joseph Lee Email: joseph@ ripplesoftware.ca Mobile: 778-725-3206 General Concepts Forward secrecy / perfect forward secrecy • Using a key exchange to provide a new key for each session provides improved forward secrecy because if keys are found out by an attacker, past data cannot be compromised with the keys Confusion • Cipher-text is significantly different than the original plaintext data • The property of confusion hides the relationship between the cipher-text and the key Diffusion • Is the principle that small changes in message plaintext results in large changes in the cipher-text • The idea of diffusion is to hide the relationship between the cipher-text and the plaintext Secret-algorithm • A proprietary algorithm that is not publicly disclosed • This is discouraged because it cannot be reviewed Weak / depreciated algorithms • An algorithm that can be easily "cracked" or defeated by an attacker High-resiliency • Refers to the strength of the encryption key if an attacker discovers part of the key Data-in-transit • Data sent over a network Data-at-rest • Data stored on a medium Data-in-use • Data being used by an application / computer system Out-of-band KEX • Using a medium / channel for key-exchange other than the medium the data transfer is taking place (phone, email, snail mail) In-band KEX • Using the same medium / channel for key-exchange that the data transfer is taking place Integrity • Ability to determine the message has not been altered • Hashing algorithms manage Authenticity
  • Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms

    Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms

    Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms Levent Ertaul, Manpreet Kaur, Venkata Arun Kumar R Gudise CSU East Bay, Hayward, CA, USA. [email protected], [email protected], [email protected] Abstract- With the increase in mobile wireless or data lookup. Whereas, Cryptographic hash functions are technologies, security breaches are also increasing. It has used for building blocks for HMACs which provides become critical to safeguard our sensitive information message authentication. They ensure integrity of the data from the wrongdoers. So, having strong password is that is transmitted. Collision free hash function is the one pivotal. As almost every website needs you to login and which can never have same hashes of different output. If a create a password, it’s tempting to use same password and b are inputs such that H (a) =H (b), and a ≠ b. for numerous websites like banks, shopping and social User chosen passwords shall not be used directly as networking websites. This way we are making our cryptographic keys as they have low entropy and information easily accessible to hackers. Hence, we need randomness properties [2].Password is the secret value from a strong application for password security and which the cryptographic key can be generated. Figure 1 management. In this paper, we are going to compare the shows the statics of increasing cybercrime every year. Hence performance of 3 key derivation algorithms, namely, there is a need for strong key generation algorithms which PBKDF2 (Password Based Key Derivation Function), can generate the keys which are nearly impossible for the Bcrypt and Scrypt.
  • Key Derivation Functions and Their GPU Implementation

    Key Derivation Functions and Their GPU Implementation

    MASARYK UNIVERSITY FACULTY}w¡¢£¤¥¦§¨ OF I !"#$%&'()+,-./012345<yA|NFORMATICS Key derivation functions and their GPU implementation BACHELOR’S THESIS Ondrej Mosnáˇcek Brno, Spring 2015 This work is licensed under a Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International License. https://creativecommons.org/licenses/by-nc-sa/4.0/ cbna ii Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Ondrej Mosnáˇcek Advisor: Ing. Milan Brož iii Acknowledgement I would like to thank my supervisor for his guidance and support, and also for his extensive contributions to the Cryptsetup open- source project. Next, I would like to thank my family for their support and pa- tience and also to my friends who were falling behind schedule just like me and thus helped me not to panic. Last but not least, access to computing and storage facilities owned by parties and projects contributing to the National Grid In- frastructure MetaCentrum, provided under the programme “Projects of Large Infrastructure for Research, Development, and Innovations” (LM2010005), is also greatly appreciated. v Abstract Key derivation functions are a key element of many cryptographic applications. Password-based key derivation functions are designed specifically to derive cryptographic keys from low-entropy sources (such as passwords or passphrases) and to counter brute-force and dictionary attacks. However, the most widely adopted standard for password-based key derivation, PBKDF2, as implemented in most applications, is highly susceptible to attacks using Graphics Process- ing Units (GPUs).
  • ONVIF™ Advanced Security Test Specification

    ONVIF™ Advanced Security Test Specification

    ONVIF Advanced Security Test Specification Version 17.06 ONVIF™ Advanced Security Test Specification Version 17.06 June 2017 www.onvif.org ONVIF Advanced Security Test Specification Version 17.06 © 2017 ONVIF, Inc. All rights reserved. Recipients of this document may copy, distribute, publish, or display this document so long as this copyright notice, license and disclaimer are retained with all copies of the document. No license is granted to modify this document. THIS DOCUMENT IS PROVIDED "AS IS," AND THE CORPORATION AND ITS MEMBERS AND THEIR AFFILIATES, MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OF THIS DOCUMENT ARE SUITABLE FOR ANY PURPOSE; OR THAT THE IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION OF THIS DOCUMENT, WHETHER OR NOT (1) THE CORPORATION, MEMBERS OR THEIR AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR (2) SUCH DAMAGES WERE REASONABLY FORESEEABLE, AND ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION OF THIS DOCUMENT. THE FOREGOING DISCLAIMER AND LIMITATION ON LIABILITY DO NOT APPLY TO, INVALIDATE, OR LIMIT REPRESENTATIONS AND WARRANTIES MADE BY THE MEMBERS AND THEIR RESPECTIVE AFFILIATES TO THE CORPORATION AND OTHER MEMBERS IN CERTAIN WRITTEN POLICIES OF THE CORPORATION. 2 www.onvif.org ONVIF Advanced Security Test Specification Version 17.06 REVISION HISTORY Vers.
  • Thread Commissioning White Paper

    Thread Commissioning White Paper

    July 13, 2015 This Thread Technical white paper is provided for reference purposes only. The full technical specification is available to Thread Group Members. To join and gain access, please follow this link: http://threadgroup.org/Join.aspx. If you are already a member, the full specification is available in the Thread Group Portal: http://portal.threadgroup.org. If there are questions or comments on these technical papers, please send them to [email protected]. This document and the information contained herein is provided on an “AS IS” basis and THE THREAD GROUP DISCLAIMS ALL WARRANTIES EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO (A) ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OF THIRD PARTIES (INCLUDING WITHOUT LIMITATION ANY INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENT, COPYRIGHT OR TRADEMARK RIGHTS) OR (B) ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NONINFRINGEMENT. IN NO EVENT WILL THE THREAD GROUP BE LIABLE FOR ANY LOSS OF PROFITS, LOSS OF BUSINESS, LOSS OF USE OF DATA, INTERRUPTION OF BUSINESS, OR FOR ANY OTHER DIRECT, INDIRECT, SPECIAL OR EXEMPLARY, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES OF ANY KIND, IN CONTRACT OR IN TORT, IN CONNECTION WITH THIS DOCUMENT OR THE INFORMATION CONTAINED HEREIN, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. Copyright 2015 Thread Group, Inc. All rights reserved. Thread Commissioning July 2015 Revision History Revision Date Comments 1.0 January 29, 2015 Initial Release 2.0 July 13, 2015 Public Release 1 Contents Introduction ................................................................................ 2 Terminology ................................................................................ 2 System Topology ............................................................................... 4 Degrees of Separation ..........................................................................................
  • Harden Zero Knowledge Password Proofs Against Offline Dictionary

    Harden Zero Knowledge Password Proofs Against Offline Dictionary

    Harden Zero Knowledge Password Proofs Against Offline Dictionary Attacks Gijs Van Laer Rono Dasgupta Aditya Patil [email protected] [email protected] [email protected] Matthew Green [email protected] December 12, 2016 Abstract Traditional authentication systems offer ease of use but the security they provide often proves to be inadequate. Hackers use means to gain access to company servers and steal entire databases of password hashes. These hashes are then subject to offline dictionary attacks resulting in the disclosure of millions of passwords. Such password breaches have become commonplace and have caused several major companies to face major losses. Password reuse is a common practice among users and a password breach disclosing a single password on a particular service could result in a user also losing access to their other accounts. Solutions such as multi-factor authentication add some level of security but do not completely solve the problem. There is a need to move towards stronger authentication schemes that do not compromise on ease of use, both for the user and the service provider. In this paper, we propose a novel authentication protocol that is proven hard against offline dictionary attacks. Our protocol implements a combination of a Zero Knowledge Password Proof and a sequentially memory hard hash function. In a concrete instan- tiation of the protocol, we use Schnorr's Zero Knowledge Password Proof combined with the Fiat-Shamir Heuristic for the Zero Knowledge Password Proof and scrypt for the sequentially memory hard hash function. We also describe a library implementing our protocol that we have developed along with an example web application that uses the library.
  • Troubleshoot PKCS#12 File Installation Failure with Non-FIPS Compliant PBE Algorithms

    Troubleshoot PKCS#12 File Installation Failure with Non-FIPS Compliant PBE Algorithms

    Troubleshoot PKCS#12 File Installation Failure with Non-FIPS Compliant PBE Algorithms Contents Introduction Background Information Prerequisites Requirements Components Used Problem Solution Verification Introduction This document describes how to troubleshoot the installation failure of a Public Key Cryptography Standards (PKCS)#12 file with non-Federal Information Processing Standard (FIPS) compliant Password-Based Encryption (PBE) algorithms via Cisco Firepower Management Center (FMC). It explains a procedure to identify it and to create a new compliant bundle with OpenSSL. Background Information The Cisco Firepower Threat Defense (FTD) supports compliance with FIPS 140 when you enable Common Criteria (CC) or Unified Capabilities Approved Products List (UCAP) mode on a managed device. This configuration is part of a FMC Platform Settings policy. After applied, the fips enable command appears in the show running-config output of FTD. PKCS#12 defines a file format used to bundle a private key and the respective identity certificate. There is the option to include any root or intermediate certificate that belongs to the validation chain as well. PBE algorithms protect the certificates and private key portions of the PKCS#12 file. As a result of the combination of the Message Authentication Scheme (MD2/MD5/SHA1) and the Encryption scheme (RC2/RC4/DES), there are multiple PBE algorithms but the only one that is FIPS compliant is PBE-SHA1-3DES. Note: To learn more about FIPS in Cisco products navigate to FIPS 140. Note: To learn more about the security certifications standards available for FTD and FMC navigate to the Security Certifications Compliance chapter of the FMC Configuration Guide.
  • II-2.03 Encryption Policy

    II-2.03 Encryption Policy

    II-2.03 Encryption Policy The Universities at Shady Grove Effective Date: 5/01/2019 Policy Type: IT Security Policy Section II: Data Security PUBLIC Page 1 of 4 The Universities at Shady Grove is hereinafter referred to as "USG" and the Office of Information Technology as “OIT.” 1.0 Purpose The purpose of this policy is to outline USG's standards for use of encryption technology in order to properly secure and manage appropriately its data assets. There are additional USG security policies that reference the types of data that require encryption. This policy does not cover what types of data must be encrypted, but rather how encryption is to be implemented and controlled. 2.0 Scope The scope of this policy covers all data stored on or transmitted across USG-owned, USG- managed, and USG-leased systems, devices, media, and networks. This policy also applies to all USG hired personnel, contractors, and third-party services. 3.0 Policy 3.1 Encryption Minimum Standards USG requires the use of all encryption algorithms and standards to, at a minimum, comply with the following: • NIST Special Publication 800-175B (“Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms”), • Federal Information Processing Standards (FIPS) Publication 140-2 (“Security Requirements for Cryptographic Modules”), • Or any other superseding publication, regulation, or USM/State of Maryland policy The use of proprietary encryption is expressly forbidden since it has not been subjected to public inspection and its security cannot
  • SSL Certificates Avi Networks — Technical Reference (18.1)

    SSL Certificates Avi Networks — Technical Reference (18.1)

    Page 1 of 6 SSL Certificates Avi Networks — Technical Reference (18.1) SSL Certificates view online Avi Vantage supports terminating client SSL and TLS connections at the virtual service. This requires Avi Vantage to send a certificate to clients that authenticates the site and establishes secure communications. A virtual service that handles secure connections will require both of the following: SSL/TLS profile: Determines the supported ciphers and versions. See SSL Profile. SSL certificate: A certificate is presented to clients connecting to the site. SSL certificates may also be used to present to administrators connecting to the Avi Vantage web interface or API, and also for Avi Service Engines to present to servers when SE-to-server encryption is required with client (the SE) authentication. The SSL Certifications tab on the Templates > Security page shown below supports import, export, and generation of SSL certificates or certificate requests. From this page different kinds of certificates may be created: Newly-created certificates may be either self-signed by Avi Vantage or created as a certificate signing request (CSR) that must be sent to a trusted certificate authority (CA), which then generates a trusted certificate. Creating a self-signed certificate generates both the certificate and a corresponding private key. Imported existing certificates are not valid until a matching key has been supplied. Avi Vantage supports PEM and PKCS #12 formatted certificates. Copyright © 2018 Avi Networks, Inc. Page 2 of 6 SSL Certificates Avi Networks — Technical Reference (18.1) SSL/TLS Certificates Page Select Templates > SSL/TLS Certificates to open the SSL/TLS Certificates page.