Social Icons

Showing posts with label decryption. Show all posts
Showing posts with label decryption. Show all posts

Friday, August 23, 2024

Difference: Encapsulation, Decapsulation, Encryption, and Decryption

Encapsulation and Decapsulation are specifically related to ONLY sending a symmetric key to a recipient.


Encapsulation

  • A sender generates a symmetric key.
  • The sender encrypts the symmetric key using a public key of the recipient.
  • The encrypted symmetric key (ciphertext) is sent to the recipient.

Decapsulation

  • The recipient uses their private key to decrypt the ciphertext.
  • The decrypted ciphertext reveals the original symmetric key.
  • This process allows the sender and recipient to establish a shared secret key (the symmetric key) securely over a potentially insecure channel. Once the symmetric key is established, it can be used to encrypt and decrypt actual data using a symmetric encryption algorithm.

Key points to remember

  • Encapsulation and Decapsulation are essential components of Key Encapsulation Mechanisms (KEMs).
  • They are used to securely exchange symmetric keys over public channels.

Monday, June 09, 2014

Google joins the ENCRYPTION Race : End-to-End Extension

1.    After Snowden leaks,one thing that has been most sought after is privacy and encryption and there have been a horde of tools and extensions that offer u the same vide many companies.Like in the last mail I mentioned about PROTONMAIL,there is another one in the offering from the horses mouth itself...ie Google offering an extension by the name of End-to-End extension...that
means data leaving your browser will be encrypted until the message’s intended recipient decrypts it, and that similarly encrypted messages sent to you will remain that way until you decrypt them in your browser.It’s a Chrome extension intended for users who need additional security.

2.    Though it is not yet available since still in Alpha stage but as per the Google blog at http://googleonlinesecurity.blogspot.in/2014/06/making-end-to-end-encryption-easier-to.html,it is likely to be available soon for all chrome browser users as an extension.Google wants to make it harder to spy on email by encouraging maximum providers to adopt server-to-server encryption. The new tool is based on OpenPGP and is meant to be a more user-friendly encryption option than programs such as PGP, which can be difficult to configure and use.
3.   So till it releases.....no options other then to wait.....

Sunday, June 08, 2014

Encrypted Mail without being Technical : PROTONMAIL for You

1.    Often when we discuss about encrypting messages in emails we see it is generally confined to PGP extensions using Thunderbird, exchanging public keys and generating private keys and other encryption techniques incl Enigmail or installing GPG etc...but even after doing all this the whole thing is a bit complicated ....and no one likes complications....so when techies get complicated...it actually becomes kind of out of bounds for the common user anyway to use encryption in routine mails with each other.But with increasing rise in concern over security and privacy matters by the common user specially after Snowden revelations,the need has given us PROTONMAIL.

2. PROTONMAIL This new encrypted email service, called ProtonMail is a super-secure email service created in collaboration with the scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN.It offers a user-friendly experience with full “end-to-end” encryption and encrypts the data on the browser before it communicates with the server, therefore only encrypted data is stored in the email service servers. So, even if someone gains complete access to the server, it will find only the encrypted data. Moreover, there is even a “self-destruct” feature in the email service which ensures your emails are only available for a limited period of time.Isn't it interesting?....

3.  At Protonmail,the decryption uses a combination of asymmetric (RSA) and symmetric (AES) encryption.So we have two cases wherein the user sends a mail from a Protonmail account to another user with Protonmail account and the other in which he sends a mail message to a non Protonmail user....

- For Protonmail to Protonmail emails, implementation of PGP is used where  key exchange is handled. So we have all the public keys. As for the private keys, when an account is created, it is generated on the browser, then encrypted with your mailbox password (which we do not have access to). Then the encrypted private key is pushed to the server so it can push it back to user whenever he/she logins.

- For PM to Outside emails, encryption is optional. If one selects to encrypt,  it uses symmetric encryption with a password that one can set for that message. This password can be ANYTHING. It should NOT be the Mailbox password. It needs to be somehow communicates to the recipient....few useful screenshots seen below :

 This is the screen at LOGIN
 Here you LOGIN
 Here is the second password before you finally LOGIN to the user interface
 Here is as you LOGIN
 This is the screen as you compose a mail.The point to be seen is the feature for choosing to encrypt your message and the expiration time.
 This is the mail received to a non PROTONMAIL user and we see there is a mail link it refers to!!!
 Once you click that link..you get a pop up for a password
 You enter the password and you will be able to decipher the password.


Tuesday, March 25, 2014

Bullrun And Edgehill @ Secret Decryption Programs

 
1.    Most of the techies who have relied always on their favourite encryption methods to have privacy in store should be in for a shock like me if they have not heard of BULLRUN and EDGEHILL @ Secret Decryption Programs.Below I produce an unedited extract from the Snowden talk at TED last week.He was asked a question by Chris Anderson,the curator of TED and what followed is produced below :

Chris Anderson : Come here, because I want to ask you about this particular revelation. Come and take a look at this. I mean, this is a story which I think for a lot of the techies in this room is the single most shocking thing that they have heard in the last few months. It’s about a program called “Bullrun.” Can you explain what that is?
 
Snowden : So Bullrun, and this is again where we’ve got to thank the NSA for their candor, this is a program named after a Civil War battle. The British counterpart is called Edgehill, which is a U.K. civil war battle. And the reason that I believe they’re named this way is because they target our own infrastructure. They’re programs through which the NSA intentionally misleads corporate partners. They tell corporate partners that these are safe standards. They say hey, we need to work with you to secure your systems, but in reality, they’re giving bad advice to these companies that makes them degrade the security of their services. They’re building in backdoors that not only the NSA can exploit, but anyone else who has time and money to research and find it can then use to let themselves in to the world’s communications. And this is really dangerous, because if we lose a single standard, if we lose the trust of something like SSL, which was specifically targeted by the Bullrun program, we will live a less safe world overall. We won’t be able to access our banks and we won’t be able to access commerce without worrying about people monitoring those communications or subverting them for their own ends.

2.   It was always suspected for long but now the newly leaked documents by Edward Snowden, the NSA and GCHQ are said to have defeated most of the online encryption used by internet users and the likes of Microsoft, Google, Yahoo and even banks.Few important things about these two programs are bought below :

- Bullrun Is the Most Expensive Program Leaked by Snowden.The funding allocated for Bullrun in top-secret budgets dwarfs the money set aside for programs like PRISM and XKeyscore. PRISM operates on about $20 million a year, according to Snowden, while Bullrun cost $254.9 million in 2013 alone. Since 2011, Bullrun has cost more than $800 million.

- Bullrun Began 10 Years Ago

- A majority of the funding for Bullrun goes toward actively engaging tech companies in their product design. The NSA covertly influenced tech companies to insert vulnerabilities into commercial products that would allow the NSA access without consumers’ knowledge. 

- NSA and GCHQ View Encryption as a Threat(That's....incredible....)

- Edgehill started with the initial goal of decrypting the programs used by three major Internet companies, which were unnamed in Snowden’s leak, and 30 Virtual Private Networks.

- GCHQ hopes that by 2015 Edgehill will have decrypted 15 major Internet companies and 300 VPNs.

- NSA Covertly Influenced International Encryption Standards.

3.  Besides BULLRUN/EDGEHILL,the NSA and GCHQ have a number of programs for gathering different types of internet metadata few of which mentioned in Luke Harding's Book are :
   
Prism - Secret access to the servers of Google, Facebook and others.

Boundless informant - Mapping of all secret data to specific countries.

Upstream - Catch as much of the global internet traffic as it passes across the United States

Stellar Wind - liaison with US internet and telephone companies to provide metadata information.

Powered By Blogger