Hacking: How Encryption Keeps Your Data Secure

With billions of people and devices connected to the internet there is an enormous amount of data being sent over the network, saved on the computers, and stored in the databases. The network and the devices allow us to conveniently take such actions with our data. Majority of this data that we have is background noise that doesn’t have much use to others but we also have sensitive data. Even if the data isn't sensitive most of us feel much more comfortable knowing the data we share is not being looked at by a third-party. Life would be easy for all of us if our data was only visible to us and any parties we have given permission to. Unfortunately all technological devices and the network are susceptible to hacking. There is security implemented at every layer of technology because every layer has ways of leaking data which allows hackers to get unauthorized access to your data. There are evildoers out in the world who want to hack you, even the U.S. government is trying to hack you (and succeeding)!

One of the major layers protection, specifically for sensitive information, is data encryption. People have tried and found ways to encrypt data for thousands of years, possibly even longer if only we could decipher the hieroglyphs… Data encryption begins with a cipher used to hide the message, or plaintext. Most early examples of ciphers come from times of war used to hide the information about an army’s strategy. Such examples are the Spartan Scytale, Caesar Cipher, and the Enigma machine. Unfortunately these ciphers were easily breakable. With the power of today’s computers cipher algorithms need to be strong so that the best possible attack is by brute force. 

A common encryption method today is using AES in CBC mode giving the data confidentiality and integrity. Confidentiality prevents unauthorized reading of your data whereas integrity prevents unauthorized writing of your data. In the case of the aforementioned encryption method, AES works by dividing your plaintext data into 128 bit blocks and encrypting each block with a key after CBC obscures the plaintext block by XORing it with the previously encrypted block. The plaintext gets XOR’d otherwise two blocks with the exact same plaintext will have equal encryption output and that gives valuable information to the attacker. Since the first block does not have a previously encrypted block to XOR with a special initialization value is used. This encryption cleverly applies XOR and special functions to completely obscure the plaintext. The attacker can only use brute force and the shortest possible key for AES is 128 bits which would take a long time to break.

*Currently taking a course on information security so most of my knowledge on cryptology is from Information Security: Principles and Practice by Mark Stamp.

Open Source: Open World

State of Linux Distros

What is open source? Open source is software made freely available to everyone in the world! The source code can be modified and distributed by anyone under the same terms as the license of the original software. Usually open source software is developed not by a company but as a collaborative project amongst the public. It’s amazing that people across the world put in their time and effort for free software to be enjoyed by everyone. There is open source software equivalent to nearly all the proprietary software, i.e. LibreOffice and OpenOffice = Microsoft Office, Thunderbird = Microsoft Outlook. Other open source software I would recommend: Wireshark, HandBrake, GIMP, phpMyAdmin, Dev-C++, Notepad++, and more with descriptions. Using open source software has saved people about $60 billion. The problem with open source is that most of them are not for a regular user, you need to have decent understanding of computers. Proprietary software has a business behind them and has money to advertise but open source software tends to be hidden and you have to know which ones are safe.

 I enjoy downloading all types of software, except viruses, and play around with them. Open source makes that much easier since I don’t have to pay. My favorite open source software are the Linux distributions. The Linux distros are nearly all open source and all the software that comes with the Linux operating systems are open source. You can hit two birds with one stone. The Linux distros are set up for different types of uses. General distros include Ubuntu and Linux Mint, multimedia centric distros include Arch Linux and ArtistX, and there are advanced distros like BackTrack. Linux is even being pushed out on mobile phones. Take a look at more options: Linux Distros. They all have interesting open source software built into them for all types of uses. I just recently installed BackTrack on my computer to mess around with it since it’s made specifically for information security. A bit complicated currently but soon I’ll get it figured out.

Agile: Software Development Done Smart

When it comes to working on projects there are a few different ways to approach them. One way to approach a project is to create a plan at the beginning and use that for the entire project. In this option there is really only one route to follow as the whole product is put together at once. An increasing option for a project is to use agile development. Agile development is more flexible as the progress is in intervals and the customer can see parts of the project come to life. This way the customer receives working software continuously and frequently. The Agile Manifesto.

How does one get started with agile development? The key to agile is the customer and developer communication. Each agile development interval is called a sprint which usually lasts two to four weeks. The sprint start with a scrum where the customer gives a relatively simple description, a “user story,” of what they want and then the developers figure out how to solve the customer’s problem. A list of what the customer wants is created and then the order in which they are implemented and what sprint they are going to be worked on are decided. During the scrum a leader is chosen as well to communicate with the customer and divide the work amongst the team members. In the following scrum meetings team members share what they worked on, will work on, and identify any blocks to progress. At the end of the spring a working, not necessarily final, product is shown to the customer and the customer can decide on any changes that need to be implemented. An interesting way to estimate the effort of a “user story” is to use a method called planning poker where the developers pick a numbered card depending on the amount of work they think is required. Then everyone shows their cards at once and discusses why they picked their number. You can test out and get a better idea of planning poker at www.planningpoker.com.