Cryptography

Cryptography (or cryptology; from Greek κρυπτός kryptós, “hidden, secret”; and γράφειν graphein, “writing”, or -λογία -logia, “study”, respectively) is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). More generally, it is about constructing and analyzing protocols that block adversaries; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.

Cryptix is a cryptography software for Mac OSX.

Cryptography law

Cryptography law

 

Cryptography law

 

Issues regarding cryptography law fall into four categories :

  • Export control, which is the restriction on export of cryptography methods within a country to other countries or commercial entities. There are international export control agreements, the main one being the Wassenaar Arrangement. The Wassenaar Arrangement was created after the dissolution of COCOM (Coordinating committee for Multilateral Export Controls), which in 1989 « decontrolled password and authentication-only cryptography. »
  • Import controls, which is the restriction on using certain types of cryptography within a country.
  • Patent issues, which deal with the use of cryptography tools that are patented.
  • Search and seizure issues, on whether and under what circumstances, a person can be compelled to decrypt data files or reveal an encryption key.

 

Cryptography law in different countries

 

France. As of 2011 and since 2004, the law for trust in the digital economy (LCEN) mostly liberalized the use of cryptography. As long as cryptography is only used for authentication and integrity purposes, it can be freely used. The cryptographic key or the nationality of the entities involved in the transaction do not matter. Typical e-business websites fall under this liberalized regime. Exportation and importation of cryptographic tools to or from foreign countries must be either declared (when the other country is a member of the European Union) or requires an explicit authorization (for countries outside the EU).

 

United States. In the United States, the International Traffic in Arms Regulation restricts the export of cryptography. The export of cryptography from the United States is the transfer from the United States to another country of devices and technology related to cryptography. Export of cryptographic technology was severely restricted by U.S. law until 1992, but was gradually eased until 2000; some restrictions still remain. Since World War II, many governments, including the U.S. and its NATO allies, have regulated the export of cryptography for national security considerations, and, as late as 1992, cryptography was on the U.S. Munitions List as an Auxiliary Military Equipment. In light of the enormous impact of cryptanalysis in World War II, it was abundantly clear to these governments that denying current and potential enemies access to cryptographic systems looked to be militarily valuable. They also wished to monitor the diplomatic communications of other nations, including the many new nations that were emerging in the post-colonial period and whose position on Cold War issues was regarded as vital. Since the U.S. and U.K. had, they believed, developed more advanced cryptographic capabilities than others, the intelligence agencies in these countries had a notion that controlling all dissemination of the more effective crypto techniques might be beneficial.

The First Amendment made controlling all use of cryptography inside the U.S. difficult, but controlling access to U.S. developments by others was thought to be more practical — there were at least no constitutional impediments. Accordingly, regulations were introduced as part of munitions controls which required licenses to export cryptographic methods (and even their description); the regulations established that cryptography beyond a certain strength (defined by algorithm and length of key) would not be licensed for export except on a case-by-case basis. The expectation seems to have been that this would further national interests in reading ‘their’ communications and prevent others from reading ‘ours’. This policy was also adopted elsewhere for various reasons.

The development, and public release, of Data Encryption Standard (DES) and asymmetric key techniques in the 1970s, the rise of the Internet, and the willingness of some to risk and resist prosecution, eventually made this policy impossible to enforce, and by the late 1990s it was being relaxed in the U.S., and to some extent (e.g., France) elsewhere. As late as 1997, NSA officials in the US were concerned that the widespread use of strong encryption will frustrate their ability to provide SIGINT regarding foreign entities, including terrorist groups operating internationally. NSA officials anticipated that the American encryption software backed by an extensive infrastructure, when marketed, was likely to become a standard for international communications. In 1997, Louis Freeh, then the Director of the FBI, said For law enforcement, framing the issue is simple. In this time of dazzling telecommunications and computer technology where information can have extraordinary value, the ready availability of robust encryption is essential. No one in law enforcement disputes that. Clearly, in today’s world and more so in the future, the ability to encrypt both contemporaneous communications and stored data is a vital component of information security.

As is so often the case, however, there is another aspect to the encryption issue that if left unaddressed will have severe public safety and national security ramifications. Law enforcement is in unanimous agreement that the widespread use of robust non-key recovery encryption ultimately will devastate our ability to fight crime and prevent terrorism. Uncrackable encryption will allow drug lords, spies, terrorists and even violent gangs to communicate about their crimes and their conspiracies with impunity. We will lose one of the few remaining vulnerabilities of the worst criminals and terrorists upon which law enforcement depends to successfully investigate and often prevent the worst crimes. For this reason, the law enforcement community is unanimous in calling for a balanced solution to this problem.

Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+

Corecrypto

corecrypto

Cryptographic Libraries

The same libraries that secure iOS and OS X are available to third‑party developers to help them build advanced security features.

Security Framework

Security Framework provides interfaces for managing certificates, public and private keys, and trust policies. It supports the generation of cryptographically secure pseudorandom numbers. It also supports the storage of certificates and cryptographic keys in the keychain, which is a secure repository for sensitive user data.

Common Crypto

The Common Crypto library provides additional support for operations like symmetric encryption, hash-based message authentication codes, and digests.

corecrypto

Both Security Framework and Common Crypto rely on the corecrypto library to provide implementations of low level cryptographic primitives. This is also the library submitted for validation of compliance with U.S. Federal Information Processing Standards (FIPS) 140-2 Level 1. Although corecrypto does not directly provide programming interfaces for developers and should not be used by iOS or OS X apps, the source code is available to allow for verification of its security characteristics and correct functioning.

Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+

Cryptix

Cryptix was the first software from Rbcafe :

 

 Cryptix

 

Cryptix is a complete solution to study cryptography, encodings and ciphers.

 

  • Hide your data, encrypt your texts and documents.
  • Cryptix contains password generators
  • Cryptix contains Mnemonic password generators
  • Cryptix contains .htpasswd generator

 

Cryptix from Rbcafe :

 

Cryptix

 

Cryptix also provides :

 

  • RSA 512 bits key generator
  • Wordlist generator
  • numerous security tools

 

 

Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+

RC4

RC4

RC4_set_key, RC4 – RC4 encryption

SYNOPSIS

#include (openssl/rc4.h)

void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);

void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
unsigned char *outdata);

DESCRIPTION

This library implements the Alleged RC4 cipher, which is described for
example in Applied Cryptography. It is believed to be compatible with
RC4[TM], a proprietary cipher of RSA Security Inc.

RC4 is a stream cipher with variable key length. Typically, 128 bit
(16 byte) keys are used for strong encryption, but shorter insecure key
sizes have been widely used due to export restrictions.

RC4 consists of a key setup phase and the actual encryption or decryp-
tion phase.

RC4_set_key() sets up the RC4_KEY key using the len bytes long key at
data.

RC4() encrypts or decrypts the len bytes of data at indata using key
and places the result at outdata. Repeated RC4() calls with the same
key yield a continuous key stream.

Since RC4 is a stream cipher (the input is XORed with a pseudo-random
key stream to produce the output), decryption uses the same function
calls as encryption.

Applications should use the higher level functions EVP_EncryptInit(3)
etc. instead of calling the RC4 functions directly.

RETURN VALUES

RC4_set_key() and RC4() do not return values.

NOTE

Certain conditions have to be observed to securely use stream ciphers.
It is not permissible to perform multiple encryptions using the same
key stream.

EOF

Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+
Page 1 sur 3123
Rbcafe © 2004- | Rb Cafe 1.3 | Contacter Rbcafe | Rbcafe sur Twitter | Rbcafe sur Facebook | Politique de confidentialité